JMW provide a secure cloud hosting service for our Traffic and Transport products.
- Real Time Reporting
- Secure Remote Access
- Real Time Analysis
- Remote access to historical data
- Publish Real Time Information
- Back office reporting sytem
- Transport Compliance Reports
- Assistance to help reduce carbon footprint
£600.00 per user
- Free trial available
JMW Systems Ltd
|Email or online ticketing support||Email or online ticketing|
|Support response times||Same Day Response|
|User can manage status and priority of support tickets||Yes|
|Online ticketing support accessibility||WCAG 2.0 A|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
|Onsite support||Onsite support|
JMW provide a support and service desk that can be contacted through email, phone and the electronic ticketing system linked through our hosted web-based software.
Engineer onsite support is provided throughout the UK.
Each customer has a dedicated account manager.
|Support available to third parties||Yes|
Onboarding and offboarding
|Getting started||JMW provide user manuals and training.|
|End-of-contract data extraction||JMW provide the customers data as agreed.|
|End-of-contract process||JMW would provide the client all related data stored on the customer database at the end of a contract is required at no extra cost.|
Using the service
|Web browser interface||Yes|
|Using the web interface||
Each user is provided with a secure username and password.
Access levels are dependant on requirements, the access level determines the ability to make changes through the web interface.
|Web interface accessibility standard||WCAG 2.0 A|
|Web interface accessibility testing||Our software supports our DDA compliant products including RNIB technology.|
|Command line interface||No|
|Independence of resources||
This is controlled through different access levels agreed at the start of the contract.
Each customer has their own dedicated server.
|Infrastructure or application metrics||No|
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||None|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||No|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||In-house|
|Protecting data at rest||Physical access control, complying with another standard|
|Data sanitisation process||No|
|Equipment disposal approach||A third-party destruction service|
Backup and recovery
|Backup and recovery||Yes|
|What’s backed up||
|Backup controls||JMW provide this service as standard to all customers.|
|Datacentre setup||Multiple datacentres with disaster recovery|
|Scheduling backups||Supplier controls the whole backup schedule|
|Data protection between buyer and supplier networks||Private network or public sector network|
|Data protection within supplier network||IPsec or TLS VPN gateway|
Availability and resilience
JMW have the following SLA's in place:
Urgent faults will have an engineer on site within a two hour period, working to either resolve the urgent fault or to downgrade to a less urgent fault within six hours and providing a complete repair within 48 hours.
Less Urgent faults would be repaired within 48 hours.
|Approach to resilience||Information is available on request.|
|Outage reporting||Should an outage occur JMW will issue an email from the service desk detailing the cause of the problem and details of when the issue will be resolved.|
Identity and authentication
|Access restrictions in management interfaces and support channels||
All users have a pre-agreed access to the web based system appropriate to their user level.
Reports are available on the system to monitor individual usage.
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||
|Devices users manage the service through||Directly from any device which may also be used for normal business (for example web browsing or viewing external email)|
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||User-defined|
|Access to supplier activity audit information||Users receive audit information on a regular basis|
|How long supplier audit data is stored for||User-defined|
|How long system logs are stored for||User-defined|
Standards and certifications
|ISO/IEC 27001 certification||No|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security accreditations||No|
|Named board-level person responsible for service security||No|
|Security governance accreditation||Yes|
|Security governance standards||Other|
|Other security governance standards||JMW use Amazon Web Services and other suppliers which use an ISO 27001 compliant platform.|
|Information security policies and processes||
JMW are accredited to ISO 9001:2008 and ISO 14001:2004.
We are audited externally once a year and internally each quarter to ensure we follow our policies and procedures. As part of our employee induction all new staff are trained on these policies and procedures and an annual review is completed.
Policies and procedures are available on request.
|Configuration and change management standard||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Configuration and change management approach||JMW are accredited to ISO 9001:2008 and ISO 14001:2004, as part of this we are audited on our design and development process which is record on our various platforms including but not limited to JIRA and Confluence. Further information is available on request.|
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||
JMW assess threats on a case by case basis taking into account the type of threat, the level of threat and how it affects our software and hardware infrastructure.
Patches are typically deployed on a time scale based on the level of threat. Known high vulnerabilities are patched within a few days and medium risk vulnerabilities within 10 days and low risk vulnerabilities within a month.
Information on threats typically comes from AWS, software vendor notifications and security message boards.
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||
JMW regularly view detailed logs of access and attempted access.
All access to servers is blocked, only allowing access to the website via the standard port.
As part of our quality assurance JMW respond instantly and put a plan in place immediately based on the level of threat.
|Incident management type||Supplier-defined controls|
|Incident management approach||
JMW have pre-defined processes in place through agreed SLA's with third party suppliers.
Users are able to report incidents through the web based ticketing system. JMW have a help desk available to assist any incidents.
JMW provide incident reports through communicate with users via the ticketing system and also provide communication via email dependant on the incident.
|Approach to secure software development best practice||Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)|
Separation between users
|Virtualisation technology used to keep applications and users sharing the same infrastructure apart||No|
|Price||£600.00 per user|
|Discount for educational organisations||No|
|Free trial available||Yes|
|Description of free trial||JMW have a demo system which users can have access to, user manuals are also provided via a link on the system. More information is available on request.|
|Pricing document||View uploaded document|
|Terms and conditions document||View uploaded document|