R2P Systems UK Ltd


WebTrack is an vehicle allocation and route planning and optimisation tool tailor-made specifically for the public transport, tourist transport and logistics industries. WebTrack provides you with an overview and more professional administration, freeing up time. manual tasks are performed automatically, reducing administration costs.


  • Optimise routes
  • Plan vehicle requirements
  • Driver duties
  • Web and mobile friendly
  • Allocate journeys to drivers with self-regulation of working times
  • Integration to fleet management and tracking systems
  • Integration with finance systems


  • Prepare quotes based on time and distance estimates of journeys
  • Discreet
  • Send quotes and generate automatic order confirmations
  • Ensure the right information and jobs reach the right drivers
  • Reporting options for drivers
  • Invoice customers on the basis of correct information


£2000 per instance per year

Service documents


G-Cloud 11

Service ID

8 7 9 7 4 7 2 4 9 9 0 7 8 9 1


R2P Systems UK Ltd

Carl McFarlane

01293 887308


Service scope

Software add-on or extension
Cloud deployment model
Private cloud
Service constraints
System requirements
Browser based, works on any platform

User support

Email or online ticketing support
Email or online ticketing
Support response times
Usually within the hour, 9am - 5pm, Monday - Friday.
User can manage status and priority of support tickets
Online ticketing support accessibility
None or don’t know
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Yes, at extra cost
Support levels
Support availability:
Working days by call;
24/7 by email;
Standard support response times: 8 Business Hours Account Manager with monthly performance reporting.
Support available to third parties

Onboarding and offboarding

Getting started
We will create a new instance of the system and can assist the buyer if required through the process of obtaining data feeds and configuring the system to use them. Training can be provided by webcast or onsite if required. If https or VPNs to secure the data connections are a requirement then r2p will set these up for the user.
Service documentation
Documentation formats
  • HTML
  • ODF
  • PDF
End-of-contract data extraction
Data is able to be exported in a range of data formats using the reporting tools by the buyer.
End-of-contract process
We will cease to accept incoming live data feeds and allow a period of time for the buyer to export their data.

Using the service

Web browser interface
Supported browsers
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
The public facing services are provided with fully responsive design. Some management functionality is most effectively carried out using a desktop or laptop as the volume of information presented on a screen is significant.
Service interface
What users can and can't do using the API
Allows access to the live processed data and to the historical data. Initial system setup required desktop access. Once configured all data can be imported or exported using the API.
API documentation
API documentation formats
  • HTML
  • ODF
  • PDF
API sandbox or test environment
Customisation available
Description of customisation
The data reporting tools allow custom reports and dashboards to be created by authorised users. Support for customised format data feeds for incoming and outgoing date is possible by r2p engineers.


Independence of resources
Each customer instance operates within its own virtual machine and managed bandwidth.


Service usage metrics
Metrics types
Typical metrics used are:
Volume of incoming data;
Quality of incoming Data;
Volume of data requests from API;
Volume of Requests from website;
System latency.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
Protecting data at rest
Physical access control, complying with another standard
Data sanitisation process
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
The reporting tools enable the export of data is in a range of formats and criteria.
Data export formats
  • CSV
  • Other
Other data export formats
Bespoke to be agreed with buyer
Data import formats
  • CSV
  • Other
Other data import formats
Bespoke to be agreed with buyer

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection within supplier network
Use of firewalls and layer 3 switched network communications with subnetting.

Availability and resilience

Guaranteed availability
Faults shall be classified and addressed as: Critical - Any fault affecting the provision of information to more than one feed (e.g. server fault, general communications fault) - within eight (8) hours. This will be defined as not being met where either: (i) Resolution takes longer than eight (8) hours, or (ii) Resolution takes less than eight (8) hours but the System becomes unavailable again within 1 working day from the time of resolution. Important - Any faults affecting the provision of information to a single feed - within three (3) working days. This will be defined as not being met where either: (i) Resolution takes longer than three (3) working days, or (ii) Resolution takes less than three (3) working days but the System becomes unavailable again within one (1) working day from the time of resolution. Standard offered SLA is 99% availability. Refunds based on service credits against future month charges where Critical Faults not resolved in agreed times at rate of 3% per full day of service unavailable beyond SLA.
Approach to resilience
Details available on request.
Outage reporting
WebTrack has significant self monitoring capability
Visual and/or audio alerts are issued within WebTrack for the attention of user at the same time as the calls are automatically raised within the Fault Management System and e-mail and or text notifications sent to pre-defined personnel.
This is augmented by technical support monitoring.
System includes a dashboard presenting the status of all incoming and outgoing data feeds.

Identity and authentication

User authentication needed
User authentication
Username or password
Access restrictions in management interfaces and support channels
Permissions are managed through groups. Groups control what menu's and data is available to the user.
Access restriction testing frequency
At least once a year
Management access authentication
2-factor authentication

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
How long system logs are stored for

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications
Any other security certifications
Cyber Essentials

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
Other security governance standards
Cyber Essentials
Information security policies and processes
The Managing Director has overall responsibility for Information security and governance. The General Manager has day to day oversight and is responsible for deliver of the information organisational policies. General Manager is a board member. Included in induction process. Awareness and update briefings held. Regular testing of compliance and reviews of system configuration take place.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Our configuration and change management forms part of our ISO9001 certification. All elements of software and infrastructure are under configuration management. software is fully version controlled with ability for roll back. Our Fault Management system is used to track all changes to implemented systems and manage the processes, customer access to the FMS allow for full visibility of a systems history. Before sign off, all changes are reviewed for governance, security, operational and functionality.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
We undertake constant review of trade press and news statements for any threats to core IT systems, membership of transport trade groups for domain specific awareness. Security forms part of regular customer reviews to enable customer specific threats to be identified. Security updates to operating system and related components including off the shelf software are configured to automatically install. The information governance process includes risk assessment of security threats.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Regular reviews of system usage incl user logins, system automatically reports above defined levels of increased system use. Any potential or actual compromise becomes a critical incident with immediate response with customer and Director involvement. Critical incident management is available 24/7. If feasible first response is to make system inaccessible, leaving it running for any forensic analysis that may be needed.
Incident management type
Supplier-defined controls
Incident management approach
The FMS provides a controlled framework for the identification, recording, progressing, closing and analysis of faults enabling rapid reporting of standard incident types. Faults can be reported by telephone (via a dedicated Customer Support line which will be answered by Customer Support personnel and not an automated voice system), email or web interface. The FMS allows the Service Manager or authorised personnel to view status of all tickets – open or closed – with the ability to drill down to details. Changes to ticket status will be notified by automated email.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks


£2000 per instance per year
Discount for educational organisations
Free trial available

Service documents

Return to top ↑