thinkWhere Limited

Location Centre (Cloud GIS)

Location Centre is an innovative Software as a Service (SaaS) platform built using Open Source technologies. Provides an enterprise GIS solution for data sharing to support decision making, offering feature rich internet/intranet GIS capabilities, OGC-compliant data services and a spatial datastore. Underpinned by professional services for data management and support.


  • Extensive suite of online GIS tools and features
  • Online solution - access anywhere, anytime – 24/7
  • INSPIRE compliant metadata
  • Easy to use and intuitive graphical user interface
  • Access a maintained portfolio of GB Commercial and Opendata products
  • Web Services using OGC data standards (WFS, WMS, WMTS)
  • Support, Knowledge Base and Training courses available
  • Full control over administrative rights / permissions
  • Built in administration and reporting tools
  • Automated business data updates


  • Share spatial data across your organisation for effective decision making
  • Easily create and publish fully responsive web maps and reports
  • Scalable and flexible
  • Easy to deploy
  • Reduce costs and risks to your organisation
  • Built using modern Open Source technologies and open standards
  • Complete, managed data, software and infrastructure services
  • Continuous product and service improvements (via product roadmap)
  • ISO certified supplier


£5500 to £40000 per unit per year

  • Free trial available

Service documents

G-Cloud 11


thinkWhere Limited

Alan Moore

01786 476060

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints ThinkWhere will carry out planned maintenance on a regular basis. Where possible, maintenance will be performed outwith the period of Service Desk availability listed above and we will inform the customer with details of the planned maintenance and timescales for completion with a minimum of 5 working days notice.

Unplanned maintenance will be immediately communicated to the customer along with the action to be taken and an impact assessment where required.
System requirements Not applicable

User support

User support
Email or online ticketing support Email or online ticketing
Support response times ThinkWhere provide a monitored Service Desk available from 08:30 to 17:30 Monday to Friday with the exception of Christmas Day, Boxing Day and New Year’s Day public holidays. Our target response time in within 1 hour during these times. A case number and a priority will be allocated to the call by a member of our Service Desk team. Target resolution timescales are set relative to priority as detailed in our Service Level Agreement.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels ThinkWhere will provide a monitored Service Desk to support users for the duration of the contract. Requests for support can be logged by any of the nominated support contacts with the Service Desk as follows:

A fixed number of named support contacts can be specified by the customer and these users will be provided with accounts for the thinkWhere support portal. These named administrators will provide first line support for Location Centre users within the organisation. Where the administrators cannot resolve a request for support, they will then log the request with the thinkWhere Service Desk. Calls are managed using the thinkWhere support portal through which Administrators can raise and track service requests.

The Service Desk is available from 08:30 to 17:30 Monday to Friday with the exception of Christmas Day, Boxing Day and New Year’s Day public holidays.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started We provide Location Centre User Training, Location Centre Administrator Training and Location Centre Train the Trainer Training to allow customers to undertake training in-house. We provide user-documentation online within the Location Centre site and also provide news and maintenance updates as required through the site.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction It is the customer's responsibility to ensure they have a copy of the data prior to the contract ending. As Location Centre is simply taking a copy of the data provided originally by the customer, and is not updated in any way, copies should already exist at the customer site. There is also a tool for extracting data from the system.
End-of-contract process We will arrange for your access to the services to be removed upon expiry. A formal Service Desk cancellation process ensures any relevant user information is removed from the service and all user data is deleted in line with GDPR. All customer data is purged and destroyed and the service instance removed. If a customer requires any of their data to be returned, off boarding costs will be agreed on a case by case basis according to customer preferences.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices No
Accessibility standards None or don’t know
Description of accessibility Where possible the user interface conforms to W3C AAA accessibility guidelines. The visual nature of map content and the style of map data outwith thinkWhere’s control mean some conformance to the AAA standard may not be possible. This is in line with W3C guidance which states that “it is not recommended that Level AAA conformance be required as a general policy for entire sites because it is not possible to satisfy all Level AAA Success Criteria for some content”.
Accessibility testing N/a
What users can and can't do using the API Using Location Centre we deliver fast and secure industry standard data services through WMS and WFS APIs for the Ordnance Survey suite of data products, your business data layers and other 3rd party data.

Location Centre Data Services allow you to leverage the value of the data held in the Location Centre platform, giving you the flexibility to serve your data to a range of clients including desktop GIS applications, internal systems or custom web mapping applications.
API documentation No
API sandbox or test environment No
Customisation available Yes
Description of customisation Individual customer branding can be applied. Customer can define symbology to be used and create and save maps. The creation of bespoke My Location Reports and Flexmaps is possible by those with administrator rights / permissions. Administrator also has control over data permissions/roles. Automated business data updates can be configured for required datasets.


Independence of resources ThinkWhere monitor the Location Centre infrastructure in real-time to ensure a performant user experience. We work closely with our hosting provider to proactively manage the infrastructure to cope with demand.

We provide monthly reports on customer usage levels and performance.

Longer term usage and performance trends inform infrastructure management.


Service usage metrics Yes
Metrics types Service management reports are provided detailing support calls, system availability, maintenance periods, data usage, web GIS usage and frequently viewed layers etc.
Reporting types Regular reports


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach There is a data export tool within the system which outputs data in a number of formats.
Data export formats
  • CSV
  • Other
Other data export formats
  • Shapefile
  • MapInfo Tab
  • KML
  • Autocad DXF
Data import formats
  • CSV
  • Other
Other data import formats
  • Shapefile
  • MapInfo MIF/MID
  • MapInfo Tab
  • KML
  • Autocad DXF

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Other
Other protection between networks Software controlled IP checks are in place for organisations who wish to limit access to their Location Centre sites. HTTPS in an option for Location Centre sites.
Data protection within supplier network Other
Other protection within supplier network Hosting infrastructure provided by Pulsant UK provides security groups which are applied to all servers in the network.

Availability and resilience

Availability and resilience
Guaranteed availability Uptime availability is >99.5%.
Approach to resilience Location Centre is hosted with infrastructure provider Pulsant UK, employing the Private Enterprise Cloud. Nightly and full weekly backup procedures are in place as well as VM imaging meaning we have resilience fail-over to separate hardware and potentially other data centres if required.
Outage reporting Online 24/7 real-time monitoring systems are implemented upon Location Centre to instantly notify thinkWhere staff in the unlikely event of unforeseen downtime. Any downtime is then communicated to customers via email.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels Various roles with associated privileges exist within Location Centre meaning any internal management functions can be restricted to appropriate users. Access to the thinkWhere support desk is restricted via username and password.
Access restriction testing frequency At least every 6 months
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users receive audit information on a regular basis
How long supplier audit data is stored for Between 1 month and 6 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications
  • Our hosting partner Pulsant UK hold IS027001 and CSA Star
  • CyberEssentials

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes We have a comprehensive Information Security Policy in place across the company. The policy has been written in alignment with the overall requirements of ISO27001. Our policy applies to all employees and agents of any external organisation who in any way support or access any of the thinkWhere systems. The operation of the policy applies to the control of all information managed by the company and it sets out clear roles and responsibilities for management and staff to ensure compliant working practices are followed. There are clear monitoring and reporting lines as well as processes for escalation and handling any policy breach.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach ThinkWhere have appointed personnel to deal with configuration management. All aspects of the thinkWhere infrastructure are overseen by our configuration manager to ensure component technology versions and security patches are updated and applied as required.

With regards change management thinkWhere use a continuous integration pipeline with unit and integration tests to ensure production services are never adversely impacted by code or system updates.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Hosting infrastructure provider Pulsant UK are responsible to update the Location Centre operating systems. thinkWhere's internal configuration manager ensures hosted software versions and patches are updated / applied as appropriate.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Hosting partner Pulsant UK proactively monitor infrastructure health and provide real-time notifications to thinkWhere staff if resources exceed agreed thresholds.

thinkWhere also employ a number of monitoring solutions across the technology stack such as Pingdom, as well as transactional monitoring of all activity. Active alerts are setup to email the thinkWhere team if unusual activity patterns are detected or errors are found in the system. If notified the thinkWhere incident management process begins with the dedicated incident management team.
Incident management type Supplier-defined controls
Incident management approach Online 24/7 real-time monitoring systems are implemented upon Location Centre to instantly notify thinkWhere staff in the unlikely event of unforeseen downtime. Additionally, thinkWhere provide customers with phone, email and online service desk support. When an incident is raised a standard incident response is initiated, including incident review, prioritisation and assignment of a dedicated incident response team. Updates on incident status are provided to customers via email, phone or service desk.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No


Price £5500 to £40000 per unit per year
Discount for educational organisations No
Free trial available Yes
Description of free trial A month's free trial access to Location Centre can be requested via

Service documents

pdf document: Pricing document pdf document: Skills Framework for the Information Age rate card pdf document: Service definition document pdf document: Terms and conditions
Service documents
Return to top ↑