GISMO Managed Service Cloud Software
GISMO (GIS Mapping Online) is a GIS service in the Cloud, managed by ODCGIS on behalf of clients who don’t have an inhouse GIS capability. Clients are able to access the GIS to view their data spatially and can take advantage of the many benefits GIS offers.
Features
- Geographical and mapping solutions
- GIS managed services tailored to your exact requirements
- Real-time reporting
- Remote Access
- Managing data and associated attributes
- Easy access to large volumes of data of geographical features
- Capture data and view open data
- Ordnance Survey and Land Registry Mapping
- Access to ONS Open data and other demographic data
- Bespoke reports from your data
Benefits
- GIS Managed Service saving your time with ODCGIS experts
- Know exactly where your properties are, what land you own
- Publish content from multiple sources
- Efficiently record data in the field
- Cost savings of 10%-15% on grounds maintenance contracts
- Swift, accurate data analysis
- Better decision making on locations, routing, developments etc
- Improved communication between departments and with tenants
- Expertise in GIS Data Capture
- Cost savings resulting from greater efficiency
Pricing
£150 to £500 a licence a year
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
1 3 9 2 7 1 7 2 2 4 0 7 4 4 2
Contact
Oxford Data Consultancy (ODCGIS LIMITED)
Alan Smith
Telephone: +447957806497
Email: alan@odc.co.uk
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Private cloud
- Service constraints
- GISMO Feature Storage set at 1,400,000 (more can be purchased in the unlikely event it is required)
- System requirements
-
- Concurrent Viewer licences required to View GIS
- Concurrent Contributor licences required to add limited data
- Concurrent Mobile licences required to View GIS in the field
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- The email is constantly monitored so we will endeavour to respond immediately and to resolve any issue as quickly as is practically viable.
- User can manage status and priority of support tickets
- No
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
- Support is at one level through a Managed Service which comes at 4 levels: Bronze; Silver; Gold & Platinum. Each level has an increasing number of days, the number is set dependent on the size of the organisation. Pricing varies and is agreed after discussion with the buyer. More information in the Pricing Document. We have a team of experienced GIS Officers who are contactable during normal working hours. In addition the buyer will have an experienced Account Manager who is contactable through Mobile or Email.
- Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- ODCGIS will set the maps up to the specification agreed and provide bespoke training. Training can be tailored to each department as required and can be carried out either online through Teams or with an Onsite session. Documentation is also supplied.
- Service documentation
- Yes
- Documentation formats
- End-of-contract data extraction
- All client data can be supplied in whatever format is requested. There is no charge to do this.
- End-of-contract process
- If the client wishes to cancel a contract, they only need to inform us of their decision and to let us know what they want to do with their data. The data will be supplied in the format requested and at no charge.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Opera
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- Bespoke forms can be set up for use on the mobile to make it easier to record information.
- Service interface
- No
- User support accessibility
- None or don’t know
- API
- No
- Customisation available
- Yes
- Description of customisation
- Users can request specific maps to be created or to request changes to be made. These are carried out by ODCGIS to protect the integrity of the data.
Scaling
- Independence of resources
- We have a proven system with sufficient resources to respond to routine tasks within 5 working days. Urgent requests can be slotted in for earlier completion when required.
Analytics
- Service usage metrics
- Yes
- Metrics types
- Time is logged against each task requested and a breakdown is supplied every month.
- Reporting types
- Regular reports
Resellers
- Supplier type
- Reseller providing extra features and support
- Organisation whose services are being resold
- GIS Cloud
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Baseline Personnel Security Standard (BPSS)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- Another external penetration testing organisation
- Protecting data at rest
-
- Physical access control, complying with CSA CCM v3.0
- Physical access control, complying with SSAE-16 / ISAE 3402
- Data sanitisation process
- No
- Equipment disposal approach
- In-house destruction process
Data importing and exporting
- Data export approach
- Clients can export csv files from selections. If they require shape files or similar they send a request.
- Data export formats
-
- CSV
- Other
- Other data export formats
-
- SHP
- TAB
- KMZ
- XLS
- SQL
- Data import formats
-
- CSV
- Other
- Other data import formats
-
- SHP
- TAB
- XLS
- KMZ
- SQL
Data-in-transit protection
- Data protection between buyer and supplier networks
- TLS (version 1.2 or above)
- Data protection within supplier network
- IPsec or TLS VPN gateway
Availability and resilience
- Guaranteed availability
- Our SLA can be supplied on request. We shall use reasonable efforts to cure the defect in the Software (or media), or re-perform the nonconforming Services, or reload back-up copies of the Software affected by the Harmful Code; or replace the Software (or media) with software that materially conforms to the specifications in the Documentation; or terminate the Software license and provide a pro rata refund of the fees that Customer has already paid relating to the defective Software or Services.
- Approach to resilience
-
We have multiple instances of production servers running at all times. There is a hot-standby
replica of the database, ready to take over if needed. Everything is backed up daily.
Everything runs on AWS, including backups - Outage reporting
- Email alerts
Identity and authentication
- User authentication needed
- Yes
- User authentication
- Username or password
- Access restrictions in management interfaces and support channels
- We can password protect areas as requested by buyer.
- Access restriction testing frequency
- At least once a year
- Management access authentication
- Username or password
Audit information for users
- Access to user activity audit information
- Users receive audit information on a regular basis
- How long user audit data is stored for
- At least 12 months
- Access to supplier activity audit information
- Users receive audit information on a regular basis
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- No
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- No
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- No
- Security governance approach
- We have an internal process for prioritising fixes related to security and have implemented QA measures before releasing new updates to minimise the risk of new potential risks.
- Information security policies and processes
- Critical severity issues are handled by the incident response team consisting of the information Security Contact in concert with whomever management designates on a case by case basis (legal contact, specific developers, etc). Information security contact will convene an incident response team meeting whose agenda will be: • Investigating and enumerating indicators of the security incident • Updating incident timeline • Impact assessment and mitigation actions • Root cause analysis The Designated Information Security Contact will report these and any other relevant information to the management. Incident response team will reconvene at regular intervals, determined according to the urgency of the specific incident, until the incident is fully analysed, assessed, mitigated, and resolved. If the incident impacts client data, contact with the impacted client is made as immediately as practical to the designated contacts. Incident update timeframes to the client will be set in the first contact and aligned to the client requirements, severity, location/time zone and any other factors appropriate to either party.
Operational security
- Configuration and change management standard
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Configuration and change management approach
- GIS Cloud developers run virtual machine on the desktop making it possible to run GIS Cloud in an environment resembling the production environment ensuring there are minimum differences between development and production environments. The code versioning system in use is git. The git servers are located in GIS Cloud HQ, controlled by the frontend system “gitolite” allowing hosting on a central server, with fine-grained access control. Updates, new features, bug fixes or hotfixes are tested and verified before release by the QA team. The build and ticketing system allows for a streamlined, robust and secure process of testing product updates.
- Vulnerability management type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Vulnerability management approach
- Periodically we perform penetration and vulnerability scanning using Burp Suite by PortSwigger. Burp Suite is a Java based Web Penetration Testing framework, an industry standard suite of tools used by information security professionals to identify vulnerabilities and verify attack vectors for web-based applications. Individual HTTP requests can be paused, manipulated and replayed back to the web server for targeted analysis of parameter specific injection points. Injection points are specified for manual and automated fuzzing attacks to discover potentially unintended application behaviours, crashes and error messages. GIS Cloud has successfully undergone security review by 3rd party Vendors.
- Protective monitoring type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Protective monitoring approach
- AWS uses proprietary techniques to mitigate and contain DoS/DDoS attacks to the AWS platform. These are additional methods in use to defend the servers: OS-level firewall (iptables); ModSecurity - an open source, cross-platform web application firewall (WAF) module; Snort - Network Intrusion Detection System (NIDS) Wherever possible, protection systems are set up with monitoring and alert thresholds that immediately notify the GIS Cloud systems administrators of all critical incidents. Suspicious behaviour is logged and reported on a weekly basis.
- Incident management type
- Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
- Incident management approach
- When a security breach or potential breach is uncovered, an email must be sent to abuse@giscloud.com to register the breach. Incidents are categorized thus: • Low severity: for suspicious behaviour that is not verified and which has been not been deemed worthy of an emergency response. • High severity: for issues where the threat is real, but there is no record of it having been exploited by malicious actors. • Critical severity: for issues where there's record of active exploitation. Incident reports are supplied by email.
Secure development
- Approach to secure software development best practice
- Conforms to a recognised standard, but self-assessed
Public sector networks
- Connection to public sector networks
- No
Social Value
- Social Value
-
Social Value
- Fighting climate change
- Covid-19 recovery
- Tackling economic inequality
- Equal opportunity
- Wellbeing
Fighting climate change
Land use and grounds maintenance data captured into your GIS can be used to calculate your carbon consumption as part of your drive to achieve carbon net zero. The results can be used as part of your SHIFT response. The SHIFT Assessment is a sustainability standard specifically designed for the housing sector. It serves as an independent assessment and accreditation scheme that demonstrates organisations are delivering against challenging science based environmental targets.
We have taken the decision to encourage staff to work from home when at all possible to reduce carbon footprint. Clients using our service save travel time (and thus carbon emissions) as the number of site visits is reduced as information can be viewed through the GIS.Covid-19 recovery
When the Coronavirus outbreak first started, it was clear that contingency plans should be put in place in the event of home working. This included mapping drive time areas from staff postcodes to assist with business planning. Since the lockdowns and the rise in home working, having spatial data accessible online has cut down on travelling, particularly on site visits enabling swifter responses to issues as they arise.
Initially, throughout the first 2 years of the COVID-19 crisis we published a daily map with data from ONS to track the level of outbreaks and offered it for free to all social housing organisations. They were able to plot all their properties along with staff residences to plan for business continuation.Tackling economic inequality
Our pricing is competitively set by passing on savings to our social housing clients achieved by efficient working. We also have an active plan to ensure clients get the maximum ROI so they can pass on benefits to their tenants.Equal opportunity
We have an Equal Opportunities Policy which we can share with any potential buyer.Wellbeing
GIS allows staff to work in a less stressful environment as more information is available at their fingertips. They will be able to do their jobs quicker, for example being able to answer queries or complaints efficiently reducing potential animosity from tenants.
Pricing
- Price
- £150 to £500 a licence a year
- Discount for educational organisations
- No
- Free trial available
- Yes
- Description of free trial
- We will set up a trial website, populate with buyers data and give a presentation if required. Normally this is for one month which can be extended on request.