IBI Group UK Ltd


The IBI DATEX II Receiver allows organisations to consume different types of transport data in a DATEX II format for use within their existing operations and systems from multiple sources. Data includes supported types of traffic information including incidents, roadworks, journey times; all types of both static and dynamic data.


  • Processes DATEX II version 1.0 publications
  • Database storage configured to Buyer requirements
  • Automatic processing of incoming data
  • Includes automatic error and service availability monitoring


  • Receive publications from multiple sources
  • All service updates take place via configuration files
  • Runs unattended 24/7


£2500 per licence per year

Service documents


G-Cloud 11

Service ID

8 1 2 9 3 2 3 1 9 1 9 0 0 2 8


IBI Group UK Ltd

Duncan Elder

0141 331 4500


Service scope

Service scope
Software add-on or extension No
Cloud deployment model Hybrid cloud
Service constraints Users will be informed of any downtime/maintenance in advance, and all maintenance activities that could result in service degradation or unavailability will be undertaken outside of the normal working day, 8:30am-5:30pm. The service will be operable outside of these hours, when maintenance is not taking place.
System requirements
  • Web Browser
  • FTP client if access to raw files required

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Critical fault; within 1hr. Non critical fault, no workaround; 8hrs. With workaround; 24hrs. Minor defect; 48hrs.

Response times do not include weekend support.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support No
Support levels Email and telephone support is provided during office hours. Issues are generally triaged by a maintenance manager who will ensure that they are reported to the correct team for resolution. A technical account manager oversees customer support as standard.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started The onboarding process should be completed within six weeks, depending on how many publication sources and publication types the buyer wishes to configure.

The process will begin with a service initiation meeting with the customer to confirm the various elements of configuration that will be required and to review the customer's data and available interfaces. Should the customer wish to move storage of the source data to the Cloud, this can be accommodated.

No personal data, other than the login data necessary to access the service will be stored. Password data will be encrypted.
Service documentation No
End-of-contract data extraction The DATEXII Receiver does not store any personal or client-specific data other than configuration and user login data. All configuration data, user accounts and client-specific DATEX II Receiver files will be purged within one month of notification that the subsciption will not be renewed or one month following the end of the subscription period.
End-of-contract process If storage of customer data sets in the cloud has been requested these data sets will be made available to the customer within one month of the notification that the subscription will not be renewed and up to three months following the end of the subscription period as previously indicated.

There will be no additional costs to the customer for data cleansing.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices No
Service interface No
Customisation available Yes
Description of customisation Configuring the publication sources and the types of publications to be consumed.


Independence of resources Each client has their own DATEX II Receiver hosted in a separate cloud environment. The DATEX Receiver application will only download publications when changes have been made by the publication source.


Service usage metrics No


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations Yes
Datacentre security standards Managed by a third party
Penetration testing frequency At least every 6 months
Penetration testing approach In-house
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach XML publication files and database exports
Data export formats
  • CSV
  • Other
Other data export formats
  • Raw DATEX II publication files are provided in XML format
  • SQL Data exports are also available
Data import formats Other
Other data import formats No user upload - publications are all sourced externally

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability 99.9% up time is guaranteed during office hours. There is no standard SLA for the DATEX II Receiver service, but one can be agreed with the customer if required.
Approach to resilience DATEX II services run in the Cloud on Virtual Instances. Data centre suppliers used, such as Azure are committed to resilience and up-time via SLAs.
Outage reporting The IBI DATEX II Receiver includes a Log File Monitor application that emails the support team if there are any application exceptions thrown or application outages.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels There is no user access to management interfaces.
Access restriction testing frequency At least every 6 months
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information No audit information available
Access to supplier activity audit information No audit information available
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security No
Security governance certified Yes
Security governance standards Other
Other security governance standards Cyber Essentials Plus
Information security policies and processes Data protection processes are always followed. Personal information is encrypted if stored. Access is restricted by specific roles so that users can only view data that they have been authorised for.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Changes to components are tracked via a ticketing system. Only product owners can create the tickets and assign them to the development teams. Tickets can only be closed off after changes have undergone rigorous quality management checks in a dedicated test environment and have passed a series of functional and security checks within the staging environment.
Vulnerability management type Supplier-defined controls
Vulnerability management approach On a monthly basis a large cross section of device and daemon logs are processed in depth using both automated tools and extensive direct human analysis. Each of the major systems are tracked for upstream security notices using normal mechanisms.

On top of this key staff monitor the general CVE security feeds for points of interest along with summaries from other contacts (e.g. Qualsys security roundup).

Non-aggressive high level pen testing is performed twice annually and proactive security testing of new assets is a key stage of any deployment.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Daily analysis of server (System, security etc.) and firewall logs is performed. Dedicated support personnel are trained to identify potential compromises and when these are identified they are thoroughly investigated.

As a general principal a security in-depth policy is adopted where the seriousness of the security incidents is treated as critical until such time as it is proven otherwise.
Incident management type Supplier-defined controls
Incident management approach Daily system maintenance checks are carried out. Service availability monitored by a third party service and email and text alerts sent out when services are unresponsive.
Incidents are reported by email or phone and recorded in our ticketing system.
If requested monthly performance reports can be provided.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No


Price £2500 per licence per year
Discount for educational organisations No
Free trial available No

Service documents

Return to top ↑