Plan✕ is a self-service digital planning guide to make planning simpler. Visitors to a Council’s planning website are guided through a series of questions, checking their proposed project against relevant policy to see where it complies or clashes. Planning officers maintain the guides via an editor interface.
- Simple, seamless interface for end users (applicants and their agents)
- Works on desktop computers and mobile devices
- Allows sharing of results via existing email and submission forms
- Can integrate data from any source with an open API
- Themed for your council identity
- Simple, intuitive editor interface for content management by planners
- Pre-written national policy guides (eg GPDO) included, maintained by others
- Team permissions structure
- Admin interface for domain admin
- Policy analytics
- Makes planning information dramatically simpler and more transparent for applicants
- Reduces the volume of telephone and email enquiries
- Automates the assessment of small and householder projects
- Generates an agenda for pre-application meetings
- Lets planning officers spend less time processing small applications
- Reduces number of applications that need to be refused
- Gives planning authorities easy control over their guides
- Policy analytics allow planning authorities to understand demand better
- Feedback reveals where improvements to guidelines are needed
- Reduces need for many reports on small applications
£15000 to £26000 per instance per year
Open Systems Lab
|Software add-on or extension||No|
|Cloud deployment model||Public cloud|
|Service constraints||The range of planning services PlanX can support varies, depending on the availability of data (eg GIS data) that is in a digital, structured format.|
|System requirements||Any modern web browser (Chrome, Safari, Edge, Firefox, IE11+)|
|Email or online ticketing support||No|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
Every customer is assigned an account manager who can be contacted by admins at any time during business hours. We seek to respond to admins queries as quickly as possible, normally within 24 hours or less. Users and editors can report any issues via the public and editor interfaces 24/7.
Additional support services such as training, co-writing and planning information and data auditing are available for an additional cost (see pricing).
|Support available to third parties||Yes|
Onboarding and offboarding
We provide a complete range of services to fully support the on-boarding process, to make it as simple as possible for Councils to prepare their planning guides for launch. This begins with initially understanding your particular needs and priorities, as well as any potential implementation or adoption barriers. It can then include:
1. Planning Information review / cleanup.
2. Planning conditions review
3. Adding conditions and Article 4 directions to your guides
5. Co-writing of planning guides
6. Pre-launch testing
(see pricing document for more detail).
|Other documentation formats||
|End-of-contract data extraction||Admins will be able export much of the data relating to their Plan✕ domain in a structured format (eg .csv). In the case of data that is available but cannot be exported automatically, they can request this data, and it will be made available to them. If a Customer needs a hard copy of data there will be an on-cost for appropriately secure (Courier) delivery of the loaded media to the customer's nominated premises. This will be agreed with the Customer.|
|End-of-contract process||A Council can request to terminate their Plan✕ subscription at any point in line with the termination terms, by notifying their Account Manager by email.|
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||
Public users will have the same experience on mobile and desktop.
Although the editor interface used by planning authorities will work on mobile device to some extent, but its design is not optimised for them. The editor interface is primarily designed for use on desktop devices.
|What users can and can't do using the API||
PlanX has a REST API that will allow users to:
- Send and receive data to and from PlanX guides.
Access to the API will be rate-limited.
Some functionality may be restricted if it would affect users security or privacy.
|API documentation formats||HTML|
|API sandbox or test environment||No|
|Description of customisation||
Admins can customise their PlanX instance with their brand colour and logo, to provide end users with a clear, seamless experience.
The content of all guides can be edited by editors within the constraints of the editor.
If they wish, customers can build their own front-end interface, operating the PlanX service via its API.
|Independence of resources||Plan✕ procures hosting from AWS (or equivalent) which can scale in response to spikes in user demand. Most hosted mapping data services can also scale to meet demand, however in the unlikely event that demand spikes beyond the scaling capacity of these services, Plan✕ can continue to function independently without these services until demand normalises again.|
|Service usage metrics||Yes|
– Number of users
– User activity through flows (revealing, for example, the most common enquiry types, and which areas of guidance / policy are proving to be key barriers to users)
– Users devices (desktop or mobile)
|Reporting types||Regular reports|
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||None|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||
|User control over data storage and processing locations||No|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||In-house|
|Protecting data at rest||Physical access control, complying with CSA CCM v3.0|
|Data sanitisation process||Yes|
|Data sanitisation type||
|Equipment disposal approach||Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001|
Data importing and exporting
|Data export approach||Some or all data will be available by means of an export button within the interface. Any data that is not available for direct export can be requested.|
|Data export formats||CSV|
|Data import formats||CSV|
|Data protection between buyer and supplier networks||TLS (version 1.2 or above)|
|Data protection within supplier network||TLS (version 1.2 or above)|
Availability and resilience
|Guaranteed availability||The services is hosted on AWS, Google or Azure Cloud and directly benefits from their availability and resilience.|
|Approach to resilience||The weakest link in Plan✕ is where data is being pulled in from a customer or third party host (such as OS or a Council GIS data publishing platform). These are separated, so Plan✕ is designed to continue to function without that third party data. Previous enquiries will remain stable.|
|Outage reporting||From time to time, a planned outage may be required. Customers will be notified of any planned outages by email in advance, and such outages will be timed to minimise disruption. In the event of any unplanned outage, the Customer will be informed as quickly as possible.|
Identity and authentication
|User authentication needed||No|
|Access restrictions in management interfaces and support channels||
The Plan✕ editor uses role-based access control for admins and editors. Users will be authenticated using federated identities (e.g. OAuth 2.0) if possible, a username and password system will be provided as a fallback. Attempts to circumvent these restrictions (e.g. via the API) would return an error and the request will be logged.
Third party support channels used by OSL enforce industry standard authentication and require two-factor authentication whenever possible.
An access log is kept centrally, detailing permission levels. Management access by OSL staff is controlled by company Directors. Access to the servers is monitored using third party application services.
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||At least 12 months|
|Access to supplier activity audit information||No audit information available|
|How long system logs are stored for||At least 12 months|
Standards and certifications
|ISO/IEC 27001 certification||No|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||No|
|Named board-level person responsible for service security||Yes|
|Security governance certified||No|
|Security governance approach||The Plan✕ tech lead is tasked with ensuring OSL security policies are complied with.|
|Information security policies and processes||The CEO is a Director of OSL and is ultimately responsible for ensuring policies and processes are well-designed and followed. Directors receive a report from the Plan✕ tech lead at Board Meetings. OSL maintains a risk register and issue identification and escalation process. Company procedures are regularly reviewed to ensure best practice compliance.|
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||Whenever possible OSL provisions and manages infrastructure with code using services (such as Terraform). Configurations are stored in a Git repository so we can track changes in version control. All code deployments must pass a suite of Continuous Integration Tests before going live. We tag each build as part of the deployment process.|
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||OSL uses an automated service to constantly monitor for threats and identify attacks immediately. Whenever possible we intend to keep all dependencies up to date using an automated service (such as Dependabot).|
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||OSL uses monitoring tools to help identify potential compromises with reports on server activity and email alerts. All code deployments must pass a suite of Automated Tests before going live.|
|Incident management type||Supplier-defined controls|
|Incident management approach||A risk log is maintained and mitigation actions are captured. Incidents are checked against this log to ensure we are constantly learning to prevent reoccurence. Many incidents may be automatically detected and logged. Customers can report incidents via their Account Manager or through an issue report.|
|Approach to secure software development best practice||Conforms to a recognised standard, but self-assessed|
Public sector networks
|Connection to public sector networks||No|
|Price||£15000 to £26000 per instance per year|
|Discount for educational organisations||No|
|Free trial available||No|