Symology Ltd

Symology Insight for Street Lighting (Cloud Edition)

The Insight for Street Lighting solution provides a spatially enabled system for the management of Street Lighting and other electrical assets, including compliance with CSS/CIPFA/HAMFIG Asset Valuation, Risk Assessment in accordance with TR22, and Unmetered Supply Extract in accordance with BSCP520.


  • Sophisticated user-definable lifecycle Asset Management facilities
  • Embedded GIS/Mapping facilities based on ESRI technology
  • Mobile Working capability with real-time communications with central system
  • Comprehensive facilities for recording Inspections/Condition Surveys of any type
  • Risk Assessment Condition Indicator facilities in accordance with TR22
  • Facilities for maintenance of Elexon Charge Codes
  • Unmetered Supply Extract functionality in accordance with BSCP520
  • Pre-built Asset definitions in accordance with Well Lit Highways CoP
  • Interfaces available for integrating with corporate systems including CMS
  • Comprehensive Reporting Facilities


  • Integrated solution removes need & cost for numerous separate systems
  • Provides accurate, timely, reliable, valid, complete and secure data
  • Streamlines end-to-end workflow providing lean, efficient business processes
  • Supports and informs management, budgeting and engineering decisions
  • Increases efficiency by enabling mobile working
  • Potential to allow channel shift efficiency savings to be realised
  • Intuitive user interface with common look and feel minimises training
  • Supports both a pro-active and re-active maintenance approach
  • Data can be extract and analysed without technical assistance
  • Enables prediction of energy usage & CO2 emissions


£1292 to £1386 per user per year

Service documents


G-Cloud 11

Service ID

9 6 8 3 4 7 4 5 7 0 5 8 9 8 5


Symology Ltd

Stuart Marshall

01925 377905

Service scope

Software add-on or extension
Cloud deployment model
Private cloud
Service constraints
A nightly planned maintenance window of 30 minutes scheduled between 21:00 and 24:00.
System requirements
The Insight Mobile software requires Windows tablet

User support

Email or online ticketing support
Email or online ticketing
Support response times
Response times are based on the helpdesk hours and are dependant on priority.

Priority 1 -> 1 hour
Priority 2 -> 1 hour
Priority 3 -> 24 hours
Priority 4 -> 24 hours
User can manage status and priority of support tickets
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Yes, at extra cost
Support levels
Symology offer a single level of high quality support to all our customers which has resulted in us retaining our extensive customer base for many years.

Symology’s helpdesk is able to offer both technical and functional support during standard office hours Monday to Friday. Manned support outside of the standard support time can be made available at an additional charge as required. Symology also provide a designated Account Manager who is a product consultant and is available during office hours for escalation of issues. Symology also include a Customer Service Portal (Fault Management System) which provides a web interface that allows customers to create or review Insight support cases at any time. It also allows customers to;
• Search and browse the Insight product knowledgebase.
• Log new support case's, specifying a priority.
• Check on the status of existing cases (including those opened by phone or email).
• Add comments and attachments to existing cases.
• A detailed Customer Service Portal User Guide is available to users on logging in to the portal.
Support available to third parties

Onboarding and offboarding

Getting started
Symology provide Introduction to Insight training videos, available via the customer only area of the Symology website. It is pre-requisite of attending a training course that end users have familiarised themselves with these videos.

During an implementation key personnel will gain a detailed understanding of the functionality within Insight (and the options available), and they will fully understand how the business processes are merged with the system functionality.

Standard/bespoke training courses can then be delivered using the customer’s data and be tailored, as far as possible, to match the business processes that have been agreed during the implementation.

Symology will liaise with the key “champion users” in each business area prior to the training courses in order to finalise the agenda/content of each course. Once the content is agreed, Symology would prepare the course content and associated documentation.

Users will be able to access the test environment following their training in order to gain further familiarity with the system prior to go-live.

Following each phase of the project going live, Symology will provide “drop-in surgeries”. End Users will be able to attend these, and raise any queries that have arisen since they started using the system.
Service documentation
Documentation formats
End-of-contract data extraction
Upon expiry or termination of the contract Symology will make all data available in XML format for input into any new system. Symology’s own schema will be utilised. This data will be available via FTP for three months from the termination/expiry of the contract. Following this three month period the customer's data will be removed. Any configuration parameters will only be relevant to the Symology Insight solution and therefore will not benefit the transition away from Symology. These parameters can be provided at part of the XML files. Symology are happy to work with customers to transition the service away from Insight within what we deem reasonable levels. We have a number of customers who have returned to Symology following the maintaining of good relations at the expiry of contracts.
End-of-contract process
Upon expiry or termination of the contract Symology will make all data available in XML format for input into any new system. Symology’s own schema will be utilised. This data will be available via FTP for three months from the termination/expiry of the contract. Following this three month period all customer data will be removed. Symology will develop a detailed exit management plan. Any configuration parameters will only be relevant to the Symology Insight solution and therefore will not benefit the transition away from Symology. These parameters can be provided at part of the XML files. Symology are happy to work with any customer to transition the service away from Insight within what we deem reasonable levels. We have a number of customers who returned to be Symology following the maintaining of good relations at the expiry of contracts. Any requirements beyond these can be provided at additional costs.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
Insight Mobile is designed for multi-disciplined inspectors. The solution offers inspectors the functionality to complete and prompt inspections/condition surveys, record defects, collect/record asset information, record status updates, attach photographs, send Street Works start/stop notices and record works details(completed/labour/plant/materials). It is designed to work without the requirement for an 'always-on' connection. Mobile mapping facilities allow users to select/update records as well as plot points/lines/polygons. GPS tracking facilities include the ability to trace the routes that inspectors have been taking. A planned route facility allows the inspector/gang to optimise the route and coordinate different activities to ensure maximum efficiency when on-site.
Service interface
What users can and can't do using the API
Insight offers a range of Web Services (XML/SOAP) Interfaces to interface with corporate systems. Symology's Web Portal solutions, including Report It, also utilise direct interfaces. These Interface solutions are designed to allow other applications to interface directly with the various Insight modules. The aim of the Direct Interface is to receive data from "trusted sources" which can be recorded directly into the Insight database, without any form of review by an Insight user.

Typically Direct Interfaces are used to call Insight which operates as a specialist back-office product. They can be plugged in to from a corporate product, or used as an alternative to the main Insight interface, for performing the actions available to the interface.

The Direct Interfaces operate by providing a component interface to the relevant Insight module, whereby elements of the Insight application logic can be called by external applications.

Direct Interfaces are currently available for Customer Service, Asset Register, Licences, Street Works and Street Gazetteer.
API documentation
API documentation formats
  • PDF
  • Other
API sandbox or test environment
Customisation available
Description of customisation
Insight offers users considerable customisation. The web portal by which Insight is accessed will be customised in line with the customers visual identity guidelines as standard.

All screens can be controlled (no access, read-only access, update access) by permissions. Facilities are also provided on a user-by-user basis to change the font sizes used throughout the system and to change colour schemes.

Update/Enquiry dashboard grids can be customised considerably including what data is displayed. Highlighting options also allow business rules to be created to change the visualisation of the data.

Insight has an Additional Fields facility allowing users to create fields within each module to store data that may not be catered for elsewhere. These fields can be many formats and can be grouped as required. They can also be passed to Insight Mobile and made read-only if required.

Insight has extensive and customisable workflow capabilities. This is aimed at marrying a customers business processes with the Insight solution to ensure the maximum benefits are returned.

Insight's online help system can also be customised in accordance with a customers business processes.


Independence of resources
Our Managed Service infrastructure is designed specifically for the Insight solution and its performance is continually monitored. Regular performance reports are reviewed by our dedicated Managed Service team against predetermined intervention levels for areas including but not limited to capacity (35%) and load usage (80% for sixty seconds). This guarantees we have the capacity to absorb any unexpected additional requirements. Our customers are hosted on the same logical network using a combination of network firewalls and application restrictions to prevent any ‘cross-talk’ security issues.


Service usage metrics


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
Physical access control, complying with another standard
Data sanitisation process
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
Users can export data in CSV or XML format very quickly and easily from the 'File' menu within Insight. Users select the data required to export by means of the vast array of definable enquiry data grids and then simply export to file. This file would automatically be made available via the customer web portal where it can be downloaded. Complete data sets will be provided to a customer, in a fixed XML format, on contract end/termination.
Data export formats
  • CSV
  • Other
Other data export formats
  • XML
Data import formats
  • CSV
  • Other
Other data import formats
  • XML

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
  • Other
Other protection between networks
Often the level of protection is dictated by the authority customer however we always recommend customers use encrypted traffic. Symology do not support SSL 1, 2 or 3. Secure FTP traffic is permitted although support for weak algorithms has been removed.
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection within supplier network

Availability and resilience

Guaranteed availability
Symology's Managed Service has been in operation since 2006. The standard availability target is 99% and is measured between the hours of 08:30 and 17:30 although since 2006 we have actually achieved 99.8%. The Service period is 3 months. In the unlikely event that the availability falls below the target service level in any service period, the customer shall be granted a service credit against the fees for that service period. 98% -> 5%, 97% -> 10%, 96% -> 15%, 95% and below -> 20%.
Approach to resilience
Symology operate a dual hosting model offering an active/passive approach resulting in an extremely high level of resilience when it comes to business continuity and disaster recovery. Our hosting sites are Gyron, based in Hemel Hempstead and Virtus (provided by CoreTx), based in Slough. Both are Tier 3 data centres with ISO27001 accreditation. Half our customers use Gyron and the other half use Virtus as their active service. Each customer's solution is then mirrored every hour to the passive service be it Gyron or Virtus. All hardware is replicated exactly at the two sites. Further information is available on request.
Outage reporting
Service outages and availability are reported by means of a public Service Status website providing a transparent view of the availability of the Symology Hosted Services. In addition, availability is continually monitored and customer Account Managers are informed of any outages, be it planned or otherwise, that need communicating with affected customers.

Identity and authentication

User authentication needed
User authentication
Username or password
Access restrictions in management interfaces and support channels
Management interface and support access is controlled by means of group permissions including but not limited to Domain Administrators, Technical Implementation Consultants, Account Managers and Support Consultants. All access is audited and internal accreditation is required to gain access. Access is also controlled by IP address filtering ensuring those approved have access.
Access restriction testing frequency
At least once a year
Management access authentication
Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
ASCB with QMS International carrying out the regular auditing
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
We are fully covered.
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications
Any other security certifications
Cyber Essentials Plus

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes
In additional to ISO27001 and Cyber Essentials Plus accreditations, Symology adhere to our own internal Information Security Management System. All of the components of this ISMS are periodically and systematically reviewed by both internal and external audit procedures. A nominated member of staff has been appointed by Symology’s Managing Director to be responsible for the control of all matters relating to the implementation, control and continuing audit of these procedures which are adopted and practised by all Symology employees.

Symology has adopted the process approach for developing, implementing and improving the effectiveness of its ISMS by committing to understanding business information security requirements and the need to establish policy and objectives for information security, implementing and operating controls in the context of managing the overall business risk, monitoring and reviewing the performance and effectiveness of the ISMS, continual improvement based on objective measures, communicating throughout Symology the importance of meeting all relevant statutory and regulatory requirements specifically related to its business activities and ensuring that adequate resources are determined and provided to monitor and maintain the ISMS.

Due to its secure nature, access to Symology's ISMS policy will only be made available to customers visiting our head office.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
All changes pass through a centralised, controlled approvals process which is audited. Records are retained indefinitely. Software changes pass through a PQT/QA process which also includes security testing. External-facing software is tested by two separate third parties.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Potential threats are assessed by a combination of security device monitoring and regular log reviews. Following our Cyber Essentials Plus certification requirements, our patches are rolled out within 14 days of release. We are subscribed to a number of security information services whose role it is to inform us of emerging threats. Once informed the relevance of the threat is assessed and if relevant the scope of the threat is assessed and then the mitigation is planned and documented to help monitor the progress of mitigation. The potential impact is assessed to help prioritise the mitigation effort.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Potential compromises tend to be identified by alerts generated by hardware and software security devices including but not limited to our firewalls and intrusion detection/protection devices once they have assessed the issue as warranting investigation. Logs are also monitored by a third party log monitoring tool. Once alerted, a priority service case is raised to track investigation of the issue. If there is a concern about security or the monitoring or it will be tracked back to its source and any necessary remediation of software, services or procedure will be investigated.
Incident management type
Supplier-defined controls
Incident management approach
Incident notifications come from system monitors, log monitoring or report from an individual. A priority service case is raised and stakeholders are automatically alerted. An investigation will be immediately launched to assess the source, scope and severity of the incident. Once the immediate threat has been resolved, work will be undertaken to assess the extent of the incident, trace the source and identify necessary steps to eliminate any residual effects. The response will be examined to highlight if anything could have been done differently to detect the incident sooner, reduce its impact or improve communications to the relevant parties.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks


£1292 to £1386 per user per year
Discount for educational organisations
Free trial available

Service documents

Return to top ↑