A fully managed robust, reliable and secure wireless data network for Smart Cities and Internet of Things projects.
Low Powered Wide Area Network (LPWAN) - using LoRaWAN network technology.
Hosted in the UK, running your own private instance of The Things Network - proven in 400+ cities around the world.
- Robust, reliable wireless data network - proven in 400 cities
- Scalable - the same technology supports a global network
- Hosted in Tier 4 UK data centres
- Device transmits data with AES 128-bit encryption
- Secure data access - you control who has access
- Powerful API
- Management console
- Gateway range typically 1km to 10km
- Bi-directional communication between devices and network server
- Low power devices last several years between changing batteries
- Ideal for developing your Smart City initiatives
- Works inside buildings and outside - roads, parks, waterways
- Engage with local business / hack spaces on IoT projects
- Develop projects with other local authorities, organisations
- Fast implementation - cover your area in 6 weeks
- All your data remains in the UK
- You control who has access to your LoRaWAN network
- You control who can have access to your data
- 24x7 active support community, plus office hours helpdesk
- Full training and hands on workshops to get you started
£3700 per instance per quarter
- Education pricing available
LoRaWAN is designed for large numbers of devices sending very small amounts of data - ideal for sensors that for example measure air quality, warn of rising water levels or stress fractures, protect expensive equipment, or send alerts.
It is NOT suitable for sending images, sound recordings or continuous data streams.
Each gateway specced to support maximum 3000 devices
|Email or online ticketing support||Yes, at extra cost|
|Support response times||
Response (a meaningful response) within 4 hours, Mon-Fri 9am-5pm
A very active 24x7 support community is available at no charge, but no service level is offered.
|User can manage status and priority of support tickets||Yes|
|Online ticketing support accessibility||WCAG 2.0 AA or EN 301 549|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
Basic level: Access to 24x7 online support community. No service level, but a very active and helpful group.
Standard level: Online helpdesk, staffed Mon-Fri 9am-5pm. Meaningful response guaranteed within 4 hours. Support contract comes with 25 hours of support time. You can buy additional packs of 10 or 25 hours.
Enhanced level: You can buy live support for specific times at £150/hour normal working hours, or £225/hour outside of normal working hours.
Standard and Enhanced levels provide access to third line support from The Things Industries staff - the development team who provide the network server software.
|Support available to third parties||No|
Onboarding and offboarding
We provide onsite training for network administrators
We provide hands-on workshops to de-mystify the Internet of Things - within a few hours they will have built a device with simple sensors and be sending data to an application on the internet,
We provide executive briefings, and workshops to develop a strategy for introducing the Internet of Things and Smart City initiatives
|End-of-contract data extraction||
We can export all application and device details to a JSON or CSV file.
We will destroy the client's network server once the contract has ended. Nevertheless we would encourage the client to change encryption keys once they have left.
All sensor data passes through our gateways and servers, and onto the clients' database and application servers, so there is none to extract.
You will grant us access to collect our LoRaWAN gateways, or we will agree a reasonable fee to transfer gateway ownership to yourselves.
We will provide you datafiles from your instance of the network server containing your application and device data.
If you want us to liaise with a new service provider you may buy consultant days from us.
Once the contract has ended we will destroy your instance of the network server.
Using the service
|Web browser interface||Yes|
|Using the web interface||
The management console allows the network administrator to:
Register gateways as part of the network
Update gateway details (e.g. location)
Remove gateways from the network
Register applications (for example "flood early warning system")
Update application details (including encryption keys)
Register devices (the "things") allowed to send/receive data for a specific application
Update device details (name, location, encryption keys, etc)
Unregister devices from an application
View data being sent/received by device or application or gateway
|Web interface accessibility standard||WCAG 2.0 A|
|Web interface accessibility testing||
Navigation and usage testing through keyboard only.
Identified some issues (lack of visual cues in some areas) which have been reported to the dev team to be scheduled into the product roadmap.
|What users can and can't do using the API||
Sensor data is available through MQTT - full documentation is provided.
Pre-built integrations are also available for:
IBM Watson IoT
|API automation tools||OpenStack|
|API documentation formats||
|Command line interface||Yes|
|Command line interface compatibility||
|Using the command line interface||The CLI does everything the web console does, but from the command line.|
|Independence of resources||
We offer an entry level package for experimentation, development and small trials which runs on a shared server.
Clients are required to take a dedicated instance of the network server for live implementations.
|Infrastructure or application metrics||Yes|
|Reporting types||Regular reports|
|Supplier type||Reseller providing extra features and support|
|Organisation whose services are being resold||The Things Industries|
|Staff security clearance||Staff screening not performed|
|Government security clearance||Up to Security Clearance (SC)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||Yes|
|Datacentre security standards||Managed by a third party|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider|
|Protecting data at rest||
|Data sanitisation process||No|
|Equipment disposal approach||A third-party destruction service|
Backup and recovery
|Backup and recovery||Yes|
|What’s backed up||
|Backup controls||Not applicable. The network server is automatically backed up|
|Datacentre setup||Multiple datacentres with disaster recovery|
|Scheduling backups||Supplier controls the whole backup schedule|
|Backup recovery||Users contact the support team|
|Data protection between buyer and supplier networks||
|Other protection between networks||
Standard - data is encrypted using AES 128 bit encryption - you control the keys.
Enhanced - if required we can set up a virtual private cloud for you in our data centre at additional cost.
|Data protection within supplier network||Other|
|Other protection within supplier network||
A data packet uses 3 encryption keys:
One to access to the network itself (AES 128-bit)
One to access a specific application (AES 128-bit)
One to encrypt your data (AES 128-bit by default, but you can change this)
Availability and resilience
Network server availability: 99.9%
Individual gateway availability 99.5% (excludes failure in client's provision of power and internet connection)
Refund for service failure is deducted from the following year's invoice (or refunded at the end of contract if it is the last year).
Amount is a proportion of the fee, equivalent to 5x the gap in service delivered to service level, up to a maximum of one twelfth (ie a month's) fee. For example if the outage is 1 hour below the service level then the refund is equivalent to 5 hours.
|Approach to resilience||Available on request. We use a Tier 4 datacentre based in the UK, or if you prefer we can use AWS, Azure, or your own datacentre.|
|Outage reporting||Email alerts|
Identity and authentication
|Access restrictions in management interfaces and support channels||
Management interfaces - we are responsible for allocating user accounts to the management console. Users are required to enter a password (8+ chars, mixed case, numbers and special chars)
Enhanced - if required we can restrict access by creating a VPN for the client
Access to support is either client servicedesk to our servicedesk, or named personnel.
|Access restriction testing frequency||At least once a year|
|Management access authentication||
|Devices users manage the service through||
Audit information for users
|Access to user activity audit information||Users contact the support team to get audit information|
|How long user audit data is stored for||Between 6 months and 12 months|
|Access to supplier activity audit information||Users contact the support team to get audit information|
|How long supplier audit data is stored for||Between 6 months and 12 months|
|How long system logs are stored for||Between 6 months and 12 months|
Standards and certifications
|ISO/IEC 27001 certification||No|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security accreditations||Yes|
|Any other security accreditations||The data centre is ISO27001 and ISO9001 accredited|
|Named board-level person responsible for service security||Yes|
|Security governance accreditation||No|
|Security governance approach||
1. All servers to be hosted in ISO27001 accredited datacentres
2. All datacentres to be based in the UK
3. Datacentres contracted to carry out security updates, patching, and proactive monitoring of threats
4. All breaches to be notified to director
5. Director to notify customers in the event of a breach
|Information security policies and processes||
All sensor data is encrypted as previously described
If a potential breach is discovered, the person discovering it (data centre staff, client, our staff) log a call on the service desk, which notifies the director.
The director controls the investigation and informs all potentially affected clients of the issue.
Clients are kept advised of progress and action they may need to take (e.g. refresh encryption keys) until the issue is resolved.
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||
The components of our service are LoRaWAN gateways, network server, helpdesk.
We maintain an asset register and maintenance log for each client. The gateways are asset tagged and installed at client sites. Should one become faulty, it is recorded through the helpdesk, and either repaired or replaced. The asset register and maintenance log is updated to reflect the change.
The network server is a Virtual Machine in a datacentre, maintained by the datacentre. We record reports of all changes (eg patches, OS updates)
We conduct penetration tests annually or prior to releasing a new version of the network server.
|Vulnerability management type||Undisclosed|
|Vulnerability management approach||
Data is transmitted via LoRaWAN gateways, through the network server to the clients application. The network server doesn't keep data.
The network server is hosted by a Tier 4 UK datacentre, which is contracted to provide patches, updates and proactively monitor threats.
The gateways are installed at client sites. They check daily for updates from a central hub, and we have the option to push an update to a gateway.
Unlike wifi enabled IoT devices, LPWAN devices make unsuitable hosts of DDOS attacks. Clients should nevertheless consider the implications of someone tampering with them to create misleading data.
|Protective monitoring type||Undisclosed|
|Protective monitoring approach||We run protective monitoring software (SIEM) to protect our network servers. Details are available on request.|
|Incident management type||Undisclosed|
|Incident management approach||
If an incident occurs we follow a process to identify, contain, eradicate, recover, and learn lessons to prevent future incidents.
Incidents may be spotted by datacentre staff who monitor our network servers, client staff, or our own people. In all cases incidents are logged and tracked through our servicedesk. A director is notified and takes responsibility for resolving the incident and advising potentially affected clients, through to resolution and subsequent action plan.
|Approach to secure software development best practice||Supplier-defined process|
Separation between users
|Virtualisation technology used to keep applications and users sharing the same infrastructure apart||Yes|
|Who implements virtualisation||Supplier|
|Virtualisation technologies used||Hyper-V|
|How shared infrastructure is kept separate||Each client has their own instance of the network server in a VM. There is an option to create a private virtual private cloud if required.|
|Price||£3700 per instance per quarter|
|Discount for educational organisations||Yes|
|Free trial available||No|
|Pricing document||View uploaded document|
|Skills Framework for the Information Age rate card||View uploaded document|
|Service definition document||View uploaded document|
|Terms and conditions document||View uploaded document|