Skip to main content

Help us improve the Digital Marketplace - send your feedback

PAX Systems Ltd

Pax-CM

PaxCM is our cloud-based school contract and passenger transport management system. Built specifically for SEND transport and Mainstream passenger transport departments in a LA to deliver safe and efficient home to school transport. A modern, integrated passenger transport software supporting operational management, financial outcomes as-well-as integrations with other software systems.

Features

  • Contract Route Management
  • Customer Management
  • School & Establishment Management
  • Supplier Management
  • Reporting
  • Financial Management & Reporting
  • Admissions Data Import
  • API with QRoutes Route Planning software
  • Driver & Assistant Record Management
  • Automated Customer Processes

Benefits

  • Designed specifically for Passenger Transport Services in a Council
  • Quick and easy to import data for system set-up
  • Modular system to meet Council service and budget requirements
  • Designed to integrate with other Council systems and software
  • API with QRoutes for route planning
  • Hosted in an accredited ISO27001 UK datacentre
  • Improves operational efficiency
  • Comprehensive financial forecasting with in depth analysis
  • Intuitive and easy to use
  • Saves on contract route costs

Pricing

£17,000.00 to £35,750.00 a unit a year

  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at phil.dyson@paxsystems.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

1 5 8 2 8 8 6 1 9 4 0 9 0 4 8

Contact

PAX Systems Ltd Phil Dyson
Telephone: 07973703165
Email: phil.dyson@paxsystems.co.uk

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
Pax CM has full integration into the 'QRoutes' scheduling system to enable seamless route planning and optimisation.
Cloud deployment model
Public cloud
Service constraints
No
System requirements
  • Stable connection to public internet
  • A modern browser with latest updates applied
  • Software to view/edit csv, docx, xlsx and pdf files

User support

Email or online ticketing support
Email or online ticketing
Support response times
During business hours and where any further support is required issues will be prioritised based on severity.

Priority 1 response is immediate.
Priority 2 response is within 16 hours.
Priority 3 response is 24 hours.

During weekend and public holiday hours response to critical issues will be immediate and all other non-critical issues will be actioned on the next working day.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Onsite support
Support levels
Pax CM support is included as part of the annual subscription fee. This includes:
- unlimited online and phone support.
- standard system configuration.
- initial start-up training package.

All support between the customer and Pax Systems is overseen by a technical account manager.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Pax Systems, under the terms of the contract, will support the system configuration and migration of all current data from existing systems and deliver an implementation project to move Council’s to the live Pax-QR environment.
Pax Systems will work with the Local Authority to configure the user rights, secure access or single sign-on, configure reference data, migrate the data from existing systems, train users and provide training material prior to going live.
Thereafter help desk Support is provided to users via telephone, email and an online support ticket system
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
All data can be extracted directly from Pax CM by an end user with administrative rights, in csv format .

Pictures and documents can be extracted as well.
End-of-contract process
Pax Systems, at the end of the contract, will support the Council to moving to a new software service by advising on the export of all the static data in a .csv format and data items such as pictures and documents can be exported directly to disc. For an additional cost the Pax-QR environment and data can be retained for up to a further 30 days to support any Council post-contract queries.

All Council data will be securely destroyed between 30 and 120 days after the contract has ended. A copy of the back-end database and written confirmation that Pax no longer retains any customer data, login credentials or any other sensitive details relating to the customer, will be provided at no cost.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
None
Service interface
Yes
User support accessibility
None or don’t know
Description of service interface
Our service interface is the web application front end. From this application the configuration and security can be managed by a system administrator.
Accessibility standards
None or don’t know
Description of accessibility
Pax CM incorporates a number of facilities to support identified system accessibility requirements, such as colour scheme, fonts and font size.

Pax will continue to work with customers to identify any further accessibility requirements and any required works will be undertaken as part of the annual subscription cost.
Accessibility testing
Our interface testing includes setting up colour schemes and font sizes that will improve the accessibility for visually impaired users.
API
Yes
What users can and can't do using the API
School Admissions API - Users can setup the service through this API which allows the import of new year pupil data from an education admissions system.

Reporting API – An API to allow access to the system data and enable connectivity from third party BI tools.

Pass Printing API – allows the pass details of customers in Pax CM to be sent to pass printing organisations and printing confirmations to be received back.
API documentation
Yes
API documentation formats
PDF
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
Reference Data -
Users can customise the contents of all drop down fields.

Dynamic Attributes -
The system also provides functionality to allow the creation of dynamic (user defined) attributes. This feature can be restricted to authorised users.

Letters -
Along with a standard set of letter templates the system also provides the functionality to create bespoke letter templates. This template functionality is available within the core system and is available for authorised users.

Reports -
Along with a standard set of reports, the majority of reporting data is also available in a CSV or Excel xlsx format. The system also provides functionality to access the system data directly to enable the creation of reports through organisational Business Intelligence tools.

Bespoke development can be requested by the buyer.

Scaling

Independence of resources
Each customer has a dedicated and isolated environment.

Within each customer environment the resource requirements are baselined on an assessment of typical usage, however, resources are allocated dynamically and scale up as necessary to match any demand.

Analytics

Service usage metrics
Yes
Metrics types
Pax provides the following periodic service metrics on a monthly basis:

- Time spent per user per day
- System up-time statistics
- Number of new, closed and outstanding support calls
Reporting types
Regular reports

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
System User reporting - Data can be exported from Pax CM to Excel from multiple screens. This allows users to view data on screen and then export the selected data into Excel .

Export for route planning - contract and customer data can be selected and exported directly into the 'QRoutes' system for route optimisation and scheduling.
Data export formats
  • CSV
  • Other
Other data export formats
Docx
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
Pax Systems uses commercially reasonable endeavours to make the service available for the agreed work pattern with the customer. Outside of the agreed work pattern the system can still be made available to users at short notice.

All planned maintenance will be scheduled out of hours and communicated in advance.
Approach to resilience
Available on request
Outage reporting
We report any outages to all system users by email.

All planned outages are scheduled outside of agreed work patterns.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password
  • Other
Other user authentication
Preference for Single Sign ON or System access can optionally be set to be restricted to be from within the customers local network domain. Local and remote users (via VPN) must therefore login to their network domain before they can login to Pax CM. Login attempts from IP address ranges other than those configured in the system will be denied access.
Access restrictions in management interfaces and support channels
Access to management interfaces and support channels is restricted to be from within the customers local network domain.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password
  • Other
Description of management access authentication
System access can optionally be set to be restricted to be from within the customers local network domain. Local and remote users (via VPN) must therefore login to their network domain before they can login to Pax CM. Login attempts from IP address ranges other than those configured in the system will be denied access.

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users receive audit information on a regular basis
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
Yes
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
Other
Other security governance standards
Cyber Essentials
Cyber Essentials Plus
Information security policies and processes
Pax Systems has a Cyber Security Framework created to specifically control and direct our approach to information and cyber security risk. We align our security framework with the National Cyber Security Centres 14 Cloud Security Principles framework to manage risk and response with policies in place providing clarity on the processes, procedures, roles and responsibilities for risk and sets out how risks are managed.

We have a Chief Information Officer at board level with responsibility and oversight of our data and system security and a second Director at board level responsible for ensuring controls are in place for all Information Security policies and procedures.

Our IT risk management controls provides key management information about the status and performance of our information security management. It combines important metrics about assets, risk assessments, security incidents and documentation status to provide system-wide visibility of Pax Systems information security health.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
We have the relevant policy, procedures and systems in place to ensure our security governance.

Software changes and change requests are managed through JIRA and deployed to a test server for review and acceptance testing prior to regression testing and deployment to live.

Configuration register is used for the product environment services which include deployment checklist during the setup of services, pre go-live check before switching on public (internet connected) services and performing vulnerability risk assessments of live services.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
We have a process for continuous monitoring of all critical elements of our SaaS infrastructure. This identifies any new configuration issue or vulnerability that could potentially cause a security risk.

Vulnerability identified through a daily feed from vuldb.com are assessed, then recorded in Jira, risk assessed to establish the immediate threat posed, vulnerability type and which software components are potentially affected.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Our protective monitoring processes includes third party penetration testing, pro-active patching of the SaaS environment and software, based on a daily feed of newly identified vulnerabilities from a vulnerability intelligence service.

Additionally we subscribe to services that alert us if any system account credentials are compromised.

We have internal logging alerts to monitor user access and identify unexpected activity.

The hosting provider has dedicated monitoring that supports the hosted environment and detect hardware issues and critical faults with the PaaS Platform.

Our response is determined by the potential risk that are exposed by the incident.
Incident management type
Supplier-defined controls
Incident management approach
There are pre-defined processes in our Business Continuity and Disaster Recovery Plan for handling common incident types (data incidents, system failure, performance issues, denial of service attacks, ransomware attacks, zero day critical vulnerabilities)

Our risk management software includes a security incident module which supports management and progress tracking of security incidents from initial reporting, through investigation and remedial actions to final closure, reports and lessons learnt.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Social Value

Social Value

Social Value

Fighting climate change

Fighting climate change

Reduction in volume of vehicles required to deliver pupil transport service for local authority statutory services.

Pricing

Price
£17,000.00 to £35,750.00 a unit a year
Discount for educational organisations
No
Free trial available
Yes
Description of free trial
A pre-configured version of the software is available for a short period to evaluate the system.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at phil.dyson@paxsystems.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.