Skip to main content

Help us improve the Digital Marketplace - send your feedback

Oxford Data Consultancy (ODCGIS LIMITED)

GISMO Managed Service Cloud Software

GISMO (GIS Mapping Online) is a GIS service in the Cloud, managed by ODCGIS on behalf of clients who don’t have an inhouse GIS capability. Clients are able to access the GIS to view their data spatially and can take advantage of the many benefits GIS offers.

Features

  • Geographical and mapping solutions
  • GIS managed services tailored to your exact requirements
  • Real-time reporting
  • Remote Access
  • Managing data and associated attributes
  • Easy access to large volumes of data of geographical features
  • Capture data and view open data
  • Ordnance Survey and Land Registry Mapping
  • Access to ONS Open data and other demographic data
  • Bespoke reports from your data

Benefits

  • GIS Managed Service saving your time with ODCGIS experts
  • Know exactly where your properties are, what land you own
  • Publish content from multiple sources
  • Efficiently record data in the field
  • Cost savings of 10%-15% on grounds maintenance contracts
  • Swift, accurate data analysis
  • Better decision making on locations, routing, developments etc
  • Improved communication between departments and with tenants
  • Expertise in GIS Data Capture
  • Cost savings resulting from greater efficiency

Pricing

£150 to £500 a licence a year

  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at alan@odc.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

1 3 9 2 7 1 7 2 2 4 0 7 4 4 2

Contact

Oxford Data Consultancy (ODCGIS LIMITED) Alan Smith
Telephone: +447957806497
Email: alan@odc.co.uk

Service scope

Software add-on or extension
No
Cloud deployment model
Private cloud
Service constraints
GISMO Feature Storage set at 1,400,000 (more can be purchased in the unlikely event it is required)
System requirements
  • Concurrent Viewer licences required to View GIS
  • Concurrent Contributor licences required to add limited data
  • Concurrent Mobile licences required to View GIS in the field

User support

Email or online ticketing support
Email or online ticketing
Support response times
The email is constantly monitored so we will endeavour to respond immediately and to resolve any issue as quickly as is practically viable.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Support is at one level through a Managed Service which comes at 4 levels: Bronze; Silver; Gold & Platinum. Each level has an increasing number of days, the number is set dependent on the size of the organisation. Pricing varies and is agreed after discussion with the buyer. More information in the Pricing Document. We have a team of experienced GIS Officers who are contactable during normal working hours. In addition the buyer will have an experienced Account Manager who is contactable through Mobile or Email.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
ODCGIS will set the maps up to the specification agreed and provide bespoke training. Training can be tailored to each department as required and can be carried out either online through Teams or with an Onsite session. Documentation is also supplied.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
All client data can be supplied in whatever format is requested. There is no charge to do this.
End-of-contract process
If the client wishes to cancel a contract, they only need to inform us of their decision and to let us know what they want to do with their data. The data will be supplied in the format requested and at no charge.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Bespoke forms can be set up for use on the mobile to make it easier to record information.
Service interface
No
User support accessibility
None or don’t know
API
No
Customisation available
Yes
Description of customisation
Users can request specific maps to be created or to request changes to be made. These are carried out by ODCGIS to protect the integrity of the data.

Scaling

Independence of resources
We have a proven system with sufficient resources to respond to routine tasks within 5 working days. Urgent requests can be slotted in for earlier completion when required.

Analytics

Service usage metrics
Yes
Metrics types
Time is logged against each task requested and a breakdown is supplied every month.
Reporting types
Regular reports

Resellers

Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
GIS Cloud

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process
No
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
Clients can export csv files from selections. If they require shape files or similar they send a request.
Data export formats
  • CSV
  • Other
Other data export formats
  • SHP
  • TAB
  • KMZ
  • XLS
  • SQL
Data import formats
  • CSV
  • Other
Other data import formats
  • SHP
  • TAB
  • XLS
  • KMZ
  • SQL

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
Our SLA can be supplied on request. We shall use reasonable efforts to cure the defect in the Software (or media), or re-perform the nonconforming Services, or reload back-up copies of the Software affected by the Harmful Code; or replace the Software (or media) with software that materially conforms to the specifications in the Documentation; or terminate the Software license and provide a pro rata refund of the fees that Customer has already paid relating to the defective Software or Services.
Approach to resilience
We have multiple instances of production servers running at all times. There is a hot-standby
replica of the database, ready to take over if needed. Everything is backed up daily.
Everything runs on AWS, including backups
Outage reporting
Email alerts

Identity and authentication

User authentication needed
Yes
User authentication
Username or password
Access restrictions in management interfaces and support channels
We can password protect areas as requested by buyer.
Access restriction testing frequency
At least once a year
Management access authentication
Username or password

Audit information for users

Access to user activity audit information
Users receive audit information on a regular basis
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users receive audit information on a regular basis
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
No
Security governance approach
We have an internal process for prioritising fixes related to security and have implemented QA measures before releasing new updates to minimise the risk of new potential risks.
Information security policies and processes
Critical severity issues are handled by the incident response team consisting of the information Security Contact in concert with whomever management designates on a case by case basis (legal contact, specific developers, etc). Information security contact will convene an incident response team meeting whose agenda will be: • Investigating and enumerating indicators of the security incident • Updating incident timeline • Impact assessment and mitigation actions • Root cause analysis The Designated Information Security Contact will report these and any other relevant information to the management. Incident response team will reconvene at regular intervals, determined according to the urgency of the specific incident, until the incident is fully analysed, assessed, mitigated, and resolved. If the incident impacts client data, contact with the impacted client is made as immediately as practical to the designated contacts. Incident update timeframes to the client will be set in the first contact and aligned to the client requirements, severity, location/time zone and any other factors appropriate to either party.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
GIS Cloud developers run virtual machine on the desktop making it possible to run GIS Cloud in an environment resembling the production environment ensuring there are minimum differences between development and production environments. The code versioning system in use is git. The git servers are located in GIS Cloud HQ, controlled by the frontend system “gitolite” allowing hosting on a central server, with fine-grained access control. Updates, new features, bug fixes or hotfixes are tested and verified before release by the QA team. The build and ticketing system allows for a streamlined, robust and secure process of testing product updates.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Periodically we perform penetration and vulnerability scanning using Burp Suite by PortSwigger. Burp Suite is a Java based Web Penetration Testing framework, an industry standard suite of tools used by information security professionals to identify vulnerabilities and verify attack vectors for web-based applications. Individual HTTP requests can be paused, manipulated and replayed back to the web server for targeted analysis of parameter specific injection points. Injection points are specified for manual and automated fuzzing attacks to discover potentially unintended application behaviours, crashes and error messages. GIS Cloud has successfully undergone security review by 3rd party Vendors.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
AWS uses proprietary techniques to mitigate and contain DoS/DDoS attacks to the AWS platform. These are additional methods in use to defend the servers: OS-level firewall (iptables); ModSecurity - an open source, cross-platform web application firewall (WAF) module; Snort - Network Intrusion Detection System (NIDS) Wherever possible, protection systems are set up with monitoring and alert thresholds that immediately notify the GIS Cloud systems administrators of all critical incidents. Suspicious behaviour is logged and reported on a weekly basis.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
When a security breach or potential breach is uncovered, an email must be sent to abuse@giscloud.com to register the breach. Incidents are categorized thus: • Low severity: for suspicious behaviour that is not verified and which has been not been deemed worthy of an emergency response. • High severity: for issues where the threat is real, but there is no record of it having been exploited by malicious actors. • Critical severity: for issues where there's record of active exploitation. Incident reports are supplied by email.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Social Value

Social Value

Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

Fighting climate change

Land use and grounds maintenance data captured into your GIS can be used to calculate your carbon consumption as part of your drive to achieve carbon net zero. The results can be used as part of your SHIFT response. The SHIFT Assessment is a sustainability standard specifically designed for the housing sector. It serves as an independent assessment and accreditation scheme that demonstrates organisations are delivering against challenging science based environmental targets.

We have taken the decision to encourage staff to work from home when at all possible to reduce carbon footprint. Clients using our service save travel time (and thus carbon emissions) as the number of site visits is reduced as information can be viewed through the GIS.

Covid-19 recovery

When the Coronavirus outbreak first started, it was clear that contingency plans should be put in place in the event of home working. This included mapping drive time areas from staff postcodes to assist with business planning. Since the lockdowns and the rise in home working, having spatial data accessible online has cut down on travelling, particularly on site visits enabling swifter responses to issues as they arise.

Initially, throughout the first 2 years of the COVID-19 crisis we published a daily map with data from ONS to track the level of outbreaks and offered it for free to all social housing organisations. They were able to plot all their properties along with staff residences to plan for business continuation.

Tackling economic inequality

Our pricing is competitively set by passing on savings to our social housing clients achieved by efficient working. We also have an active plan to ensure clients get the maximum ROI so they can pass on benefits to their tenants.

Equal opportunity

We have an Equal Opportunities Policy which we can share with any potential buyer.

Wellbeing

GIS allows staff to work in a less stressful environment as more information is available at their fingertips. They will be able to do their jobs quicker, for example being able to answer queries or complaints efficiently reducing potential animosity from tenants.

Pricing

Price
£150 to £500 a licence a year
Discount for educational organisations
No
Free trial available
Yes
Description of free trial
We will set up a trial website, populate with buyers data and give a presentation if required. Normally this is for one month which can be extended on request.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at alan@odc.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.