Jacobs U.K. Limited

Travel Service Optimisation (TSO)

A system built by Jacobs to deliver meaningful savings for Councils/Authorities to address the spiralling cost of Education Transport Provision.
TSO enables clients to plan services efficiently using routing optimisation and a unique shareability index, creating travel groups based on an understanding of demand, rather than supply driven transport allocation.


  • Data capture into a highly flexible and configurable database
  • Data available to all parties with user access control
  • Output Viewer allowing “on the fly” transport contract amendments
  • GIS functionality to visualise transport service contracts
  • Tabular representation of transport service contracts
  • Dashboard demonstrating various metrics of service contracts
  • Fully hosted web service and centrally stored data
  • Established software and continually developing
  • GDPR compliant with pupil anonymisation
  • Capability to vary pupil travelling times and drop/pick ups


  • Reduction of transport contracts and vehicles thereby reducing overall cost
  • Allows better management of pupil churn throughout school terms
  • Will reduce the number of Passenger Assistants required
  • Shareability Matrix delivers larger pupil groups and thus cheaper provision
  • Allows Clients to control tendering effectively thus widening the market
  • Increases transparency for pupil and transport contractor management
  • Configurable, adaptable and scalable database
  • Defines responsibility and accountability for tasks and actions
  • Enables quick retrieval of data


£100000 to £1500000 per unit

Service documents

G-Cloud 11


Jacobs U.K. Limited

Simon Jackson



Service scope

Service scope
Software add-on or extension No
Cloud deployment model Hybrid cloud
Service constraints TSO is provided as a fully hosted web service. Users can access the tool via a web browser on a PC or tablet.
System requirements Access to any web browser

User support

User support
Email or online ticketing support No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Technical helpdesk support is provided during office hours. Support can range from basic telephone helpdesk support through to administrative assistance with running the tool and on site support. These are configurable depending on client requirements. A dedicated project manager is allocated who will oversee the implementation and delivery of TSO.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started During the mobilisation phase we tailor and configure TSO to client requirements and geographies, including road networks and speeds. User training can be delivered onsite, online or a combination of both. The tools have online documentation and user help and we also provide user guidance in the form of process mapping and guidance notes where required.
Service documentation No
End-of-contract data extraction Data is typically downloaded onto an encrypted disc. Data consists of 2 CSV files, one provides traval route grouping details and the other a list of encoded polylines that can be used to visualise the travel group routes.
End-of-contract process The demobilisation of TSO is included in the price of contract. This consists of a download and export of all data held within the tool and is delivered via an encrypted disc or via SFTP transfer (whichever is preferred).

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices No
Service interface No
Customisation available Yes
Description of customisation Terminology, client branding before implementation.


Independence of resources A dedicated level of support is agreed with customers during the proposal phase and this is detailed within the scope. All clients are hosted in separate physical databases and servers are continually monitored to ensure that resource levels are adequate.


Service usage metrics Yes
Metrics types We're able to report user activity, e.g. logins, recent activity, etc.
Reporting types Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach In-house
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach In-house destruction process

Data importing and exporting

Data importing and exporting
Data export approach Users can export travel group data into Excel directly from the web site. Technical support is available should a mass download of data be required in a particular format.
Data export formats
  • CSV
  • Other
Other data export formats XLSX
Data import formats
  • CSV
  • Other
Other data import formats XLSX

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability TSO has guaranteed availability 24/7 365 days a year with the exception of scheduled downtime during out of office hours to run updates.
Approach to resilience Details are available on request.
Outage reporting We use an automated monitoring service to continually ensure our services are operational. In the event of any downtime or glitch the technical support team are notified by SMS and email.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels TSO has an admin interface accessed by the Jacobs support desk that enables full control of user. User access can be locked upon request by the client or if there is no user activity for a specified period of time (6 months) then the user account is automatically locked.
Access restriction testing frequency At least once a year
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach The leadership and management of Jacobs is totally committed to achieving this goal through total Security Management, ensuring compliance with UK Government requirements, the HMG Security Policy Framework, Contracting Authority instructions and any specific Contract requirements outlined in Security Aspects Letters.
Information security policies and processes Jacobs offer integrated and truly secure enterprise-capable solutions that span the cybersecurity lifecycle. We are a market leader in cyber security offering the full breadth of security services. We offer a complete suite of cyber capabilities that range from holistic enterprise lifecycle security and secure business transformation, to threat assessment, risk management, security architecture, audit, review & penetrating testing, SOC and incident response (CIR). Because our services are engineered to align with the cybersecurity standards of our clients and market regulations (from the National Institute of Standards and Technology (NIST) to the Office of Nuclear Regulation and Ministry of Defence), the client is completely free choose the engagement model and service level that aligns with their needs. In particular, the Jacobs Cybernet secure network solution has been certified for use up to UK Official Sensitive and the highest Defence Cyber Protection Partnership level (usually reserved only for Secret). We also have a number of certified Secret networks across the UK

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach When a change is required/requested it is reviewed by the technical director before being sent to the development team for implementation. Changes are reviewed for their impact to existing configuration, how they might affect users and potential security implications. Change requests are stored in a central change request database for long term reference.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Depending on severity security patches are rolled out to live systems monthly, if a serious vulnerability is found a patch would be implemented as soon as possible.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Penetration testing is routinely carried out by us against our systems. Any findings are reviewed by the technical director and responded to by the TSO security team.
Incident management type Supplier-defined controls
Incident management approach In the event of an incident the TSO support team will often be the first point of contact. They will go through a pre-defined check list and determine if they can resolve the issue, if not they will contact the technical support team to follow up with the user. For a serious issue, such as a prolonged server outage, the TSO disaster plan will come in effect. After the incident is resolved a downtime post-mortem will be carried out to establish the exact cause and what can be done in future to avoid a repeat situation.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No


Price £100000 to £1500000 per unit
Discount for educational organisations No
Free trial available No

Service documents

pdf document: Pricing document pdf document: Terms and conditions pdf document: Modern Slavery statement
Service documents
Return to top ↑