Astun Technology Ltd

iShare in the Cloud

iShare in the Cloud is a hosted managed Enterprise Geographic Information System (GIS) for the public sector.

It removes the costs and complexity of managing your Geographic Information infrastructure (servers, networks, bandwidth) allowing GI managers and analysts to focus on delivering Geographic Intelligence to staff and citizens reducing interaction costs.

Features

  • Spatial Data Warehouse
  • Intranet GIS including editing and spatial querying for internal users
  • Internet GIS public facing mapping portal
  • Enterprise metadata (INSPIRE compliant)
  • Web services API for rapid deployment of custom mapping
  • OGC WMS and WFS services
  • Ordnance Survey base mapping (PSMA & OpenData)
  • Local Admin Console for ETL of data from back office
  • Full enterprise, intranet GIS only or public facing only deployment
  • Shared Service Pricing available on request

Benefits

  • Internet GIS for public access promotes channel shift
  • Intranet GIS reduces desktop usage
  • Spatial Data Warehouse provides master data management
  • API aids embedding spatial information within web applications
  • Frees managers from costs and complexity of managing GI infrastructure
  • Allows GI managers to focus on delivering Geographic Intelligence
  • Used by over 60 Public Sector organisations
  • Built on Open Source and Open Standards
  • Fully managed service reduces lifetime costs of ownership
  • Discounted Shared Service Pricing

Pricing

£7200 to £38000 per licence per year

  • Education pricing available
  • Free trial available

Service documents

G-Cloud 11

979222418938476

Astun Technology Ltd

Mike Saunt

01372 744009

mikesaunt@astuntechnology.com

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints Most planned maintenance will be undertaken without interrupting service availability however in the event that this is not possible downtime will be scheduled and agreed with the customer in advance.
System requirements
  • On-premise installation of administrative console (Studio) for data ETL
  • Remote desktop connection to hosted Studio for system management
  • Connectivity via VPN or IP Restriction
  • ADFS (or similar) preferred
  • Appropriate sub-domain and site certificates
  • Remote access for support

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Users can log support tickets 24/7.

Astun provide the support service during normal working hours, which are between 0900 and 1700 GMT, Monday to Friday, excluding Bank Holidays.

The response times for calls logged by the customer are set out in the accompanying Astun Digital Services Terms & Conditions document.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels IShare in the Cloud Application Support is included within an iShare in the Cloud Open Enterprise Agreement.

Astun provide the following iShare in the Cloud Support as standard:
1. Advice on maintaining iShare in the Cloud.
2. Access to official iShare in the Cloud and community forums.
3. Advice on configuring and extending iShare in the Cloud.
4. Instructions on how to remedy common faults.
5. Resolution of issues related directly to a serious flaw in iShare in the Cloud.
6. The Customer may obtain iShare in the Cloud Application support by logging a request on Astun’s Support Portal.

First line support is provided via a permanently staffed Service Desk with second and third line support by consultancy and development teams for fault diagnosis and resolution. Customer access to web based Service Desk provides real time ticket management and correspondence on all customer tickets.

For support conditions, support processes, the service level agreement and escalation procedures are detailed in the accompanying document - Astun Digital Services Terms & Conditions
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started On receipt of a purchase order Astun Technology will: Issue Project Initiation Documents and host kick off call / meeting; Set up iShare in the Cloud servers within customer Virtual Private Cloud; Configure iShare in the Cloud with access to ADS background mapping and gazetteer; Liaise with customer on integration (ADFS etc); Commence delivery of additional configuration and consultancy services.

Astun provide onsite training for administrators and user documentation.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction In the event that the customer terminates the service they can download their data from the service in a standard geographic file format (MapInfo tab or ESRI shp) or as a database export/backup.
End-of-contract process On receipt of a written request to terminate the iShare in the Cloud service and subject to there being no unpaid charges outstanding, Astun will delete the hosted environment including all servers, datasets, user details and customer specific configuration stored within iShare in the Cloud.

Any further "Off-boarding" assistance is chargeable in accordance with Astun's SFIA rate card.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service All public facing elements of the service have been implemented using responsive design to optimise the user experience on mobile devices.
Accessibility standards WCAG 2.1 AA or EN 301 549
Accessibility testing A formal accessibility review was carried out by RNIB against WCAG 2.0 AA of the My Haringey (iShare Maps) implementation, plus one of their pages with an embedded map and lookup (iShare API) in 2018. Following this review, a number of minor issues were addressed in the core product to ensure that the system was fully compliant and accessible for people using screen readers and other assistive devices. Whilst formal testing has not been undertaken against WCAG 2.1 AA, we believe the solution is compliant.
API Yes
What users can and can't do using the API IShare offers developers APIs and Developer Tools that give them the opportunity to utilise the power of iShare within their websites, including:

1. Embedded Maps:

iShare allows a developer to embed interactive and static web maps within a web page with full control over map size, centre, zoom and layers displayed e.g to display schools and libraries around a user’s location on an education page.

2. LocalInfo:

iShare allows a developer to embed textual content based upon a spatial search e.g. Bin Collection day, Council Tax charge, elected members or nearest planning applications within the relevant service page.

3. Address Searching:

Astun supply two different Web Services which allow customers to perform Address Searches on any web page.
API documentation Yes
API documentation formats
  • HTML
  • Other
API sandbox or test environment No
Customisation available Yes
Description of customisation System Administrators have full control over the data that appears with the different iShare interfaces and can customise the way it is presented to end users, both textually and cartographically.

The styling of all public facing elements of the service can be customised in accordance with your organisations branding.

Print Templates in iShare GIS (intranet) can be customised in accordance with your organisations branding.

Initial customisation is normally undertaken by Astun Technology as part of the initial implementation.

Post implementation, customisation of the solution is normally undertaken by the customers system administrators and their web team.

Scaling

Scaling
Independence of resources Customers have their own dedicated virtual private cloud.

Analytics

Analytics
Service usage metrics Yes
Metrics types Customers can obtain metrics using Google Analytics.

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations European Economic Area (EEA)
User control over data storage and processing locations Yes
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach The administration console (iShare Studio) can be used to export data in a wide variety of formats.
Data export formats
  • CSV
  • Other
Other data export formats
  • All common data formats as supported by GDAL/OGR
  • OGC Web Services
Data import formats
  • CSV
  • Other
Other data import formats
  • All common data formats as supported by GDAL/OGR
  • OGC Web Services

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability IShare in the Cloud is hosted on a high availability cloud infrastructure with a failover backup hosted in a different geographic region for maximum resilience.

Internal availability testing indicates availability in excess of 99.6%

Response times for map rendering are typically less than 1 second at the server.

The services are continually monitored with automated messages sent to several staff in the event of a deterioration or failure.
Approach to resilience IShare in the Cloud is hosted within the Amazon Web Services environment (AWS).

The entire cloud environment is backed up to a second geographic availability zone to provide additional resilience in the unlikely event that the primary availability zone becomes unavailable.
Outage reporting Astun set up a series of alarms to monitor the customer's cloud service. These alarms are triggered if any pre-set limits to system resources are reached (e.g. disk space). This enables Astun to address the majority of issues before any potential outage.

We also use our GeoHealth check system to monitor servers and ensure they are up and working.

The customer is informed of any potential problems by email or phone.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels Access to management interfaces are restricted to login in via remote desktop over a dedicated VPN between customer network estate and the virtual private cloud environment dedicated to the customer. Access by Astun is also over VPN.
Access restriction testing frequency At least every 6 months
Management access authentication Dedicated link (for example VPN)

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications Cyber Essentials

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach We are currently working towards ISO 27001.
Information security policies and processes We are currently working towards ISO 27001. Operational customer data is stored or processed within iShare in the Cloud. Information assurance accreditation has not yet been sought for iShare in the Cloud, however we consider that iShare in the Cloud would be classified as BIL0 or BIL1, users should make appropriate decisions regarding what data to deploy within iShare in the Cloud. Integration with back office systems can support the dynamic spatialisation of data sets that are not hosted within the iShare SDW for added security.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Changes to all Astun components are managed and tracked through their lifetime via a centralised bug-tracking, issue-tracking and project-management software application (JIRA) and associated private code repository (BitBucket) managed under source control. The software is built through a repeatable build process and after passing formally defined test cases is tagged to a specific version number at the point of release. Only released software is deployed to the customer virtual private cloud environments. Potential security impacts are assessed via a process of peer review.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Information on potential threats is continuously assessed through review of key online resources (release notes, security articles etc) for all third party components (operating systems, databases, frameworks etc). Penetration testing of the full system (including Astun components) is undertaken by independent third parties on all significant software releases. Whilst patch releases are routinely issued on a monthly basis, key security vulnerabilities are patched and released as soon as Astun become aware of them, irrespective of the stage in the release cycle.
Protective monitoring type Supplier-defined controls
Protective monitoring approach All cloud servers are set up with alarms that monitor key system resources on the server itself allowing the detection of compromises such as denial of service attacks. In addition external monitoring services are set up to make routine periodic requests to the servers (typically every 15 mins), to check that they remain responsive, and send out alerts if any servers are unavailable. Incidents are responded to as soon as we become aware of them. Logging is enabled on the servers to provide an audit trail of potential compromises for subsequent investigation.
Incident management type Supplier-defined controls
Incident management approach Security related incidents are categorised as a Priority 1 within our Service Desk system, and allocated to third line support personnel (developer) for immediate investigation and resolution. Users are able to report such incidents via the Service Desk (phone, email and web form), which is routinely monitored throughout the working day by first line support staff. Contemporaneous notes are taken during the incident and recorded against the service desk ticket, which provides a detailed report of the incident itself. Key performance indicators are also published from the Service Desk System and routinely reviewed by management on a weekly basis.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £7200 to £38000 per licence per year
Discount for educational organisations Yes
Free trial available Yes
Description of free trial The scope of the trial will be by agreement.

The customer may be required to pay for the services required to set up the trial.

Service documents

pdf document: Pricing document pdf document: Skills Framework for the Information Age rate card pdf document: Service definition document pdf document: Terms and conditions
Service documents
Return to top ↑