TRL Limited

iMAAP Cloud: Crash Data Analysis & Road Safety Management Solution

iMAAP from TRL is the most widely used cloud solution for road crash data analysis, evaluation and road safety management system across the world. Designed for police forces, local authorities and highway authorities, iMAAP helps road safety professionals reduce the number and severity of crashes and casualties.


  • The most widely adopted off-the-shelf road safety management solution globally
  • Produced by UK’s Transport Research Laboratory (TRL) Road Safety Experts
  • Identify problems based on in-depth analyses of crash data
  • Establish measurable, realistic road safety goals based on identified problems
  • Established track record of global implementations for improving road safety
  • Flexible, user-configurable crash data forms compatible with CRASH/NICHE formats
  • Supports multiple, map providers to render Geospatial(GIS) data
  • Comprehensive, advanced road safety analysis capabilities based on road-safety research
  • High-performance, secure web-application fully supported by roadsafety/software team.
  • Responsive web application which works on all popular mobile devices/smartphones/tablets/browsers


  • Identify problems based on in-depth analyses of crash data
  • Establish safety goals to implement road safety countermeasures
  • Assist with the formulation of strategy, target setting/performance monitoring
  • Comprehensive spatial analysis and the identification of hazardous locations(blackspots/hotspots)
  • Designed/developed by road safety experts based on roadsafety research.
  • Helps clients to produce practical, real world, road safety benefits
  • Links to iRAP and road asset management systems
  • Provide stakeholders with reliable access to quality data/reporting
  • Simple, web-based solution accessible to browsers and mobile devices
  • Produce analysis, insights for economic benefits of remediation works


£20,000 an instance a year

  • Education pricing available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 12

Service ID

9 5 1 1 6 9 4 1 3 0 2 4 5 5 9


TRL Limited Subu Kamal
Telephone: 01344 379743

Service scope

Software add-on or extension
Cloud deployment model
Private cloud
Service constraints
IMAAP is subject to planned maintenance schedules administered by TRL which will be informed in at least one week in advance.
System requirements
  • IE11+, Firefox, Chrome, Safari, or Opera web browser
  • Standard internet browsers

User support

Email or online ticketing support
Email or online ticketing
Support response times
As per the Service Level Agreement detailed in our Terms and conditions our Support Team's working hours will be from 0900 hours UK Time to 1600 hours UK Time from Monday to Friday. Saturday and Sunday will not be considered as working days, along with the annual public holidays.
User can manage status and priority of support tickets
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Yes, at extra cost
Support levels
All support queries are routed through the support team and are dealt with at the appropriate escalation levels starting with First Line Support > Support Team > Product Managers > Director Level staff.

Support related costs are included in the price regardless of which level the issues are being handled at.

Each client is assigned a project manager for the implementation stage, up until user acceptance testing is completed.

Thereafter, the project is assigned to the services support team.
Support available to third parties

Onboarding and offboarding

Getting started
A combination of on-site and online training is provided for iMAAP onboarding. Training documentation is provided and a dynamic searchable user guide is available from within the application.
Service documentation
Documentation formats
End-of-contract data extraction
At the end of the contract and including at any time during the contract, authorized users are able to export data in standard formats.
End-of-contract process
Users will be intimated through designated emails that their contract is coming to an end one month before the contract expiry date. Designated users will be advised to carry out an export and copy all data that has been generated during the contract. At the end of the contract date, all user logins will be deactivated. Costs may apply if the client requires data to be provided in unsupported formats.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
User interface will be automatically optimized for mobile devices since iMAAP is a responsive web application. In some user interfaces, the amount of data displayed will be optimized for best viewing in mobile devices.
Service interface
Customisation available


Independence of resources
IMAAP is hosted on Amazon Web Services (AWS). When there is a demand, when the application automatically scales with the auto-scaling features offered by AWS.
The scaling is determined based on CPU usage, memory usage, network throughput and other key parameters that could affect the application performance.


Service usage metrics
Metrics types
System usage, Browser usage, Feature Usage, date and time based usage, device type, device usage, user based metrics.
These are provided through Usage Statistics Module within iMAAP for authorized users.
Reporting types
  • Real-time dashboards
  • Regular reports


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Encryption of all physical media
  • Other
Other data at rest protection approach
IMAAP is hosted in AWS. AWS ensures the industry standard data at rest compliance for its services. Application data and assets are strongly encrypted and stored at any point of time.
Data sanitisation process
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
There is an export module in the iMAAP software which helps users to export data any time to CSV and standard formats.
Data export formats
  • CSV
  • Other
Other data export formats
  • Excel
  • PDF
  • Text
Data import formats
  • CSV
  • Other
Other data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
For scheduled maintenance, we shall inform the client at least 2 weeks in advance for a maintenance downtime of one hour.

The service is normally available 24x7. The service is intended to be available except during scheduled and unscheduled maintenance windows.
Approach to resilience
Application is hosted in multiple AWS zones in the UK. Further information available on request.
Outage reporting
Email alerts

Identity and authentication

User authentication needed
User authentication
Username or password
Access restrictions in management interfaces and support channels
IMAAP follows a role-based authentication and authorization to manage its resources.
Access restriction testing frequency
At least every 6 months
Management access authentication
Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
NQA Certification Limited, LU5 5ZX
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
No exclusions in the TRL statement of applicability.
Below are covered:
The provision of research, consultancy, expert advice, project management services and software development in connection with transport; the environment; sustainability; natural resources and waste management in accordance with the Statement of Applicability dated 18/05/2017
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications
Any other security certifications
  • ISO 27001
  • Cyber Essentials

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes
TRL is committed to maintaining and continually improving an Information Security Management System (ISMS) that satisfies applicable requirements and is certified to the international standard ISO/IEC 27001:2013.

The objectives of the ISMS policy are to establish and maintain the security and confidentiality of information systems, applications & networks owned or held by TRL within which:
· Members of staff are aware of their roles, responsibilities and accountability and fully comply with the relevant legislation;
· Information assets under the control are adequately protected against unauthorised access;
· Information assets and supporting business processes, systems and applications, will be protected by implementing appropriate controls to preserve their confidentiality, integrity and availability;
· Risks to information assets will be actively identified and assessed to identify controls that reduce risks to an acceptable level;
· Confidentiality of information is protected;
· Third parties with access to information assets under the control of TRL will be assessed to ensure they meet the necessary information security requirements;
· Business continuity plans are in place and will be tested periodically;
· Actual or suspected information security breaches are identified, analysed and investigated;
· Information security objectives are monitored and reviewed annually at the Management Review Meeting;

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Configuration management of source and documents is done by Git processes. Change management process subscribes to ISO standards.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Conduct regular vulnerability checks, penetration tests and audits. Patches are deployed as hot fixes as soon as possible as a response to any vulnerability detected.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Provocatively observe for unusual network traffic using AWS tools. Constantly monitor audit logs and access logs for suspicious activities. Adequate measures as suggested by in-house security experts will be taken based on the nature of compromise. All incidents will be dealt immediately.
Incident management type
Supplier-defined controls
Incident management approach
Predefined processes and procedures for InfoSec events and incidents.
The event or security incident is recorded, investigated and corrective / improvement actions are identified including the root cause.
Infosec incidents, events and weaknesses are reported via the helpdesk, in person to the IT, Compliance or the Senior Management team.
Any actual or suspected incident is promptly reported within 24 hours providing key details.
All incidents requires an in depth investigation to establish the facts and to determine what went wrong and how to prevent the issue reoccurring. An Internal Investigation Form is completed and issued to the CEO and FD.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks


£20,000 an instance a year
Discount for educational organisations
Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.