An integrated cloud-based service providing a complete solution to managing traffic orders and on-street parking infrastructure. It assists specialist users through the whole life cycle and legal process, from the initial scheme design, generation of legal documents, public consultation, on street deployment, to meeting the wider objective of sharing information.
- Incorporates ParkMap, the UK’s leading traffic order management application
- Designed for ease of use by Order Makers
- Optimized and accurate input tools, which comply with TSRGD
- Comprehensive training and support service specific to traffic orders
- Fully managed, resilient, and secure ISO 27001 environment
- Regular system, software, and hardware upgrades and replacements
- Environment attuned providing optimum performance for ParkMap
- Blend of open and propriatory technologies
- Scalable - accommodates any increase in number of users
- Fully supported environment – maintained and monitored by experienced technicians
- Manages the whole life cycle of traffic orders
- Enables generation of high quality data, which underpins revenue
- Centralised service enabling better cross departmental working
- ingle system for managing all aspects of traffic orders
- Efficient data entry tools e.g. signs to TSRGD 2016
- Generation of high quality and consistent statutory documents
- Seamless methods of public engagement and consultation
- Transparency, information sharing with residents, councillors, police, fire services
- Cost effective, built by blending open and proprietary technologies
£128.04 to £2487.39 per person per month
- Education pricing available
|Software add-on or extension||No|
|Cloud deployment model||Private cloud|
|Service constraints||The service is built to work in a Microsoft Window based environment.|
|Email or online ticketing support||Email or online ticketing|
|Support response times||Emails can be send to the support team 24 hours a day, 7 days a week. Emails are dealt with within the first available core hour (Mon to Fri, 9am to 5.30pm)|
|User can manage status and priority of support tickets||No|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
All support queries are chanelled through the support team and are dealt with at the appropriate escalation levels starting with First Line Support -> Support Team Manager -> Product Managers -> Director Level staff.
Support related costs are included in the price regardless of which level the issues are being handled at.
Each client is assigned a technical project manager for the implementation stage, up until user acceptance testing is completed.
Thereafter, the project is assigned to the hosted services support and management team.
|Support available to third parties||Yes|
Onboarding and offboarding
Training is provided to users at the commencement of the contract. Various training courses are delivered to users depending on level of user ranging from a entry level training course, advanced user course and administration level course.
Training can be delivered either a) at Buchanan Computing office in Hammersmith London, or b) onsite at client offices or c) remotely.
Hard copy training manuals and exercises are provided to delegates that attend a training course.
User guides / helps files are provided and are accessible by users through the file menu.
|Other documentation formats||
|End-of-contract data extraction||At the end of the contract and including at anytime during the contract, designated users are able to export data in standard formats such as MapInfo Tab, MapInfo Midmif, ESRI Shp files. These exports can be saved local networks or on specified FTP sites. These exports can then be imported by other systems for use elsewhere.|
One month prior to the end of the contract, users will be notified that the contract will be coming to an end. Designated users will be advised to carry out an export and copy all data that has been generated during the contract to local networks or FTP site. At the end of the contract date, all user logins will be deactivated.
Other associated such as base-mapping and address gazetteers will be provided back to the client in the standard/native format.
There are no additional costs for supplying the data to the client at the end of the contract into the above mentioned standard formats. Costs may apply if the client requires data to be provided in the other formats.
Using the service
|Web browser interface||Yes|
|Application to install||Yes|
|Compatible operating systems||Windows|
|Designed for use on mobile devices||No|
|Accessibility standards||WCAG 2.0 AAA|
|Description of customisation||
Designated users, such as a supervisor or system administrator are able to customise the core element of the solution relating to traffic orders and make adaptations to meet the requirement of the clients.
Areas that can be customised are:
-being to add user defined fields to restrictions and inventory items such as 'Tariff charge'
-print templates, adding corporate logo, scale bars, legend location and north arrow
-restriction types, schedule numbers and the way these are represented on the map in terms of style and colour
These customisations will then be made available to all other users of the system.
|Independence of resources||
The system is built with scalability in mind. At the onset of any contract, an assessment is carried out on the number of users and more than sufficient hardware and software is assigned, including sufficient excess.
The processing and memory demand on the system is continuously monitored and when certain thresholds are reached, decisions are taken to increase capacity. These include a variety of measures such as installing additional RAM and/or hard disk space.
The turnaround time is short due to close physical location of the servers and with the specialist technical staff having pre-qualified access.
|Service usage metrics||Yes|
Quarterly reports can be provided upon request and the report contains the following metrics:
-Maintenance carried out during reporting period
-Scheduled and planned future maintenance
-Availability of service
|Reporting types||Reports on request|
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||Up to Security Clearance (SC)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||No|
|Datacentre security standards||Supplier-defined controls|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||In-house|
|Protecting data at rest||Physical access control, complying with another standard|
|Data sanitisation process||Yes|
|Data sanitisation type||Explicit overwriting of storage before reallocation|
|Equipment disposal approach||Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001|
Data importing and exporting
|Data export approach||At the end of the contract and including at anytime during the contract, designated users are able to export data in standard formats such as MapInfo Tab, MapInfo Midmif, ESRI Shp files. These exports can be saved local networks or on specified FTP sites. These exports can then be imported by other systems for use elsewhere.|
|Data export formats||
|Other data export formats||
|Data import formats||Other|
|Other data import formats||
|Data protection between buyer and supplier networks||IPsec or TLS VPN gateway|
|Data protection within supplier network||IPsec or TLS VPN gateway|
Availability and resilience
Availability is measured as a percentage of the total time in a service period: Service Availability % = (((MP - SD)*100)/MP) where MP = Total number of minutes (derived from Service Core hours), excluding permitted maintenance, within the relevant Service period; and SD = Total number of minutes of Service Downtime, excluding permitted maintenance, in the relevant Service period.
4 days of planned maintenance allowed per year.
Service core hours for Citrix solution - 08:00 to 18:00 from Monday to Friday, excluding bank holidays.
Availability levels will be determined separately for Citrix systems; they will be by calendar months, based upon all accountable downtime (excluding plan maintenance periods). If the levels of availability during the Services Core Hours (eg 08:00am to 18:00pm hosted service, and 9:00 – 17:30 for the Support Desk) for a calendar quarter are below 98%, then a Service Credit shall be payable for a degraded services using calculation below where 1 (one) point equals 1% of the quarters contract value for the support and hosting services:
.> 98.00% O points; 97.00% to 97.99% 1 point; 96.00% to 96.99% 2 points, < 96% 3 Points, then 1 further Point for every other full hour of service unavailability.
|Approach to resilience||
He resilient design of the system is deemed confidential and is available upon request, and as commercial-in-confidence.
Generally, Single points of potential failures have been overcome, with a high degree of dual failsafes such as: Power and comms, firewalls, switches, and servers, allowing for at least two VMs to be provided for each client on different physical hosts. Support desk has back up communication routes in order to protect against any potential loss of their service.
|Outage reporting||Service outages are reported to designated users of the service by, a) email alerts, b) telephone call and if required c) on the company website.|
Identity and authentication
|User authentication needed||Yes|
|User authentication||Username or password|
|Access restrictions in management interfaces and support channels||
For simple support questions through telephone support, the caller needs to provide a name and this is checked against a named user list.
For support requests that are deemed more sensitive, the request must be sent by email and from a client originating email domain.
|Access restriction testing frequency||At least once a year|
|Management access authentication||Username or password|
Audit information for users
|Access to user activity audit information||Users contact the support team to get audit information|
|How long user audit data is stored for||User-defined|
|Access to supplier activity audit information||Users contact the support team to get audit information|
|How long supplier audit data is stored for||At least 12 months|
|How long system logs are stored for||At least 12 months|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||SGS United Kingdom Limited|
|ISO/IEC 27001 accreditation date||20/12/2017|
|What the ISO/IEC 27001 doesn’t cover||End user IT infrastructure|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||No|
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||ISO/IEC 27001|
|Information security policies and processes||
An information security policy is in place, and is available for inspection upon request. It details:
- information provision
-use, disclosure and publication
-retention, review and deletion
-baseline security for data processing personnel
-information security organisation
-assets classification and control
-physical and environmental security
-system access controls
-business continuity planning
The governance structure relating to information security within BC has been implemented and is in place.
Information security is governed through a company hierarchy (Managing Director, ICT and Support manager, Hosting Manager). It is the responsibility of the ICT and Support Manager to draft these policies and manage their deployment. They are reviewed by relevant directors and managers.
All staff are responsible for being aware of the policy and working within its guidelines.
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||
Change control procedures are in place regarding changes to the service which is a managed process for carrying out software updates and security patches:
• Application Software: Planned updates agreed with the customer.
• Operating System Patches: regularly / automatically downloaded. Then reviewed prioritised and if appropriate, installed.
• Quarterly maintenance schedule. Issued annually and agreed with client.
Internal software changes are carried out in-house, with version control and audit trail. Changes tracked to source code.
Hardware configuration is held in-house and updated when required.
Software changes and updates are tested in house prior to ‘going live’.
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||
The managed and considered process for carrying out software updates and security patches:
• Software: Planned updates, as agreed with the customer.
• Operating System Patches: regularly / automatically downloaded. Then reviewed prioritised and if appropriate, installed.
Scheduled tasks are set at regular intervals to assess latest available security updates. These include Microsoft 'patch Tuesday' releases, Cisco security updates, Dell firmware updates and the Citrix site latest hotfixes. Depending on the nature of the updates available these are scheduled and prioritised accordingly.
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||
Protection from untrusted networks by standard boundary controls consistwith perimeter network and intrusion detection systems -Via DMZ controlled access.
All critical infrastructure is monitored using Nagios. Staff alerted as incident occurs and during the working week round the clock coverage is available so that incidents can be address immediately.
Controls protect against malware and viruses. Kaspersky Endpoint Security for Windows installed on every server. Configured to monitor and scan for viruses, worms, Trojans, malicious tools, malware and auto-diallers. Virus definition files are updated every 2 hours. Suspicious/infected files are quarantined and reports are available detailing instances of detection, attack etc.
|Incident management type||Supplier-defined controls|
|Incident management approach||
There are pre-defined and documented processes to deal with common incidents and these include client notification and escalation stages.
Users report incidents by contacting the first line support team either by email or telephone. Alternative contact details (mobile number) are made available in the unlikely event of a complete email service or telephone exchange failure.
Incident reports are provided as part of quarterly reports, available upon request.
|Approach to secure software development best practice||Conforms to a recognised standard, but self-assessed|
Public sector networks
|Connection to public sector networks||No|
|Price||£128.04 to £2487.39 per person per month|
|Discount for educational organisations||Yes|
|Free trial available||Yes|
|Description of free trial||
A demonstration site that can be made available to interested clients for the purposes of trialling most elements of the service.
It includes sample data with pre-configured restrictions, dummy legal documents and print templates.
Typically limited to one week and up to 3 concurrent evaluators.
|Link to free trial||Available upon request|
|Pricing document||View uploaded document|
|Service definition document||View uploaded document|
|Terms and conditions document||View uploaded document|