GRM MAPPING LIMITED

Interactive touch-screen kiosk journey planning software

Development and maintenance of bespoke online interactive touch-screen journey planning maps and resources for local authorities including public transport routes, times and fares and local walking and cycling route and information. Ability to provide as standalone or as part of a supplied kiosk solution and hosted entirely in-house.

Features

• Multi-modal real time journey planning
• Visualisation of geographic area and suggested routes
• Detailed place and address search
• Visualisation of public transport schedules
• Customisation of user location and search parameters
• Real time bus location and traffic conditions
• Ability to save journey itinerary results
• Inclusion of specific infrastructure e.g. cycle parking
• Zoomable display set to specified geographic boundaries

Benefits

• Use as software within a new or existing installation
• Ability to zoom in on current location
• Ability to blend multiple API sources into results
• Ability to visually display road closures
• One stop portal for all local public transport modes
• Ability to alter user behaviour
• Ability to export and adapt data for internal client use
• Better use and visulisation of existing local authority data
• Ability to focus on safe home to school transport
• Ability to adapt touch screen for users with impaired mobility

£4,000.00 a licence a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at enquiries@grmmapping.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

179693937842610

Contact

Mark Knowler
020 8242 6169
enquiries@grmmapping.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: None
• System requirements:
  • Understanding of geographic area required
  • Understanding of internal data sources available
  • Understanding of key contacts in maintaining site accuracy
  • Understanding of physical location of touch-screen

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: An initial response to issues raised within one hour Mondays to Fridays office hours and a commitment to monitor contact and respond as quickly as appropriate outside of these times.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Our commitment to all clients is to acknowledge and initially respond to issues and questions within one hour of contact on Mondays to Fridays 0900-1700hrs. Outside of these times we would regularly monitor any contact and respond as soon as is required or appropriate. The cost of support would be included within the contract price and would initially involve a nominated technical account manager.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: The key buyer representatives would be fully involved throughout the design and commissioning stages to ensure full transparency on data sources and accuracy and to be able to confidently navigate the site and promote it to public end users. User documentation and online training would be included as standard.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: As the software uses only publicly-available open data and operates in real time, there would be no data to extract when the contract ends. Any user or performance logs and analytics would be available up to the end of the contract.
• End-of-contract process: The contract would include full maintenance, processing and support for the software until the specified end of contract and this is included within the price quoted. Any additional work required to hand over to a new supplier, or to extend temporarily until a new solution is live would be an additional cost.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: No
• User support accessibility: WCAG 2.1 A
• API: No
• Customisation available: Yes
• Description of customisation: The buyer may customise the user interface and mapping in terms of visual palette, geo-referenced data scope and content and in determining which specific data sources are used for journey planning. This would be identified during the start-up phase prior to the public site going live.; ; End users may also customise their results by using their location services settings to return the most appropriate and timely responses to their queries ad also by sorting their journey results by key criteria including journey time, number of changes, cost, number of steps and CO2 emissions,

Scaling

• Independence of resources: The entire product is hosted on our own dedicated web server, and as such the number of individual users or tasks being performed will not affect the performance experienced.

Analytics

• Service usage metrics: Yes
• Metrics types: We provide a Web Log Analysis Report on all live sites to the buyer monthly or quarterly. This includes analysis of website activity including number of hits, page views, unique visitors and bandwidth usage.
• Reporting types: Regular reports

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest: Physical access control, complying with CSA CCM v3.0
• Data sanitisation process: No
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: The exporting of data is limited purely to the end public user retaining the results of their journey query, and there is no need for any separate export by the buyer organisation themselves.
• Data export formats: Other
• Other data export formats: PDF
• Data import formats: Other
• Other data import formats: XML

Data-in-transit protection

• Data protection between buyer and supplier networks: Private network or public sector network
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Our SLAs are tailored to each client, and would describe the roles and responsibilities of all parties and stakeholders. As a standard, we guarantee 100% uptime of all software products within the core hours required by any client, and the scheduling of any planned maintenance or upgrades to take place outside of these hours. ; ; Any disruption to service, planned or otherwise, would be responded to within one hour of discovery or contact by the client during our office hours, and on agreed timescales during out-of-hours periods. Escalation procedures and compensation for failure to meet key performance targets would be agreed with the client at beginning of contract and regularly reviewed during the contract lifetime.
• Approach to resilience: Detailed information on the location, functions and resilience of our datacentre setup is available on request.
• Outage reporting: We have 24/7 access to a public dashboard for our datacentre operation which provides real-time indication of any service outage or security threat. This is then passed on to the end client within the terms of the Service Level Agreement, and updates towards resolution provided at frequent and timely intervals agreed with the client.

Identity and authentication

• User authentication needed: No
• Access restrictions in management interfaces and support channels: We utilise Role-Based Access Control (RBAC) to restrict access to management interfaces and support channels based on internal and external users' roles, responsibilities, and privileges.
• Access restriction testing frequency: At least once a year
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users receive audit information on a regular basis
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: We have conducted a comprehensive risk assessment to identify potential security risks and vulnerabilities, including evaluating the likelihood and impact of cyber attacks and data breaches. Based on this, we have clear and concise security policies and procedures on access control, data protection, incident response, and compliance.; ; We maintain a robust incident response plan to mitigate security incidents when they might occur. This establishes clear roles and responsibilities and defines escalation procedures.; ; We regularly review and update our security policies and procedures, investing in new technologies and staying informed about emerging security trends and best practices
• Information security policies and processes: Our nominated Director oversees and ensures compliance with our security policies and processes which are tailored to ensure our bespoke software solutions remain secure and compliant at all times for ourselves, our clients and end users.; ; We maintain and regularly review our Access Control Policy, Data Protection Policy, Incident Response Policy, Network and Physical Access Security Policies and Compliance Policy. ; ; The latter is regularly reviewed and ensures that the organisation complies with relevant laws, regulations, and industry standards related to information security and privacy. It includes procedures for conducting regular compliance assessments, audits, and reporting requirements to demonstrate adherence to legal and regulatory obligations.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: We maintain an inventory of all hardware, software, and network devices deployed within our workflows. This includes servers, workstations, routers, switches, firewalls, storage devices, and software applications. We regularly audit and review these configurations to ensure compliance with our security and resilience policies. ; ; Within our formal processes for reviewing and approving change requests for IT systems and infrastructure, we obtain formal approval from relevant stakeholders before implementing changes with a guarantee to maintain the highest standards on security and availability. After implementing changes, post-implementation reviews evaluate their success, which enables us to extend any specific improvements to other clients.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Together with our dedicated server supplier, we conduct regular vulnerability assessments to identify weaknesses, misconfigurations, and security vulnerabilities across our IT infrastructure. We use automated scanning tools to detect vulnerabilities and security misconfigurations.; ; We actively implement a patch management process to address identified software and hardware vulnerabilities in a timely manner. This involves regularly applying security patches and updates provided by software vendors to reduce the risk of cyber attack.; ; We constantly monitor new vulnerabilities, emerging threats and changes to our IT environment. This includes monitoring security advisories and vendor announcements for information about new vulnerabilities and potential security risks.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Our continuous real-time monitoring processes collect and analyse security data for signs of unauthorised access, malware infections, data breaches, and other security incidents.; ; Within our agreed Service Level Agreement with our dedicated datacentre supplier and our clients, we have clear incident response procedures to respond to security incidents detected through protective monitoring within the shortest possible timeframe.
• Incident management type: Supplier-defined controls
• Incident management approach: Once an incident is detected, it is classified into categories such as malware infections, unauthorised access, data breaches, denial-of-service attacks, or system outages. Users will be able to report such concerns directly through our established direct communication channels.; ; Once the incident is contained, a detailed investigation is conducted to determine the root cause, impact, and scope of the incident. Recovery is then undertaken to restore affected systems and data to a secure state.; ; Throughout the process, stakeholders are kept informed about the incident, its impact, and the ongoing response efforts as part of our Service Level Agreement.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Wellbeing

  Fighting climate change

  The promotion of, and easy access to, detailed real-time journey planning results that can be sorted by the mode with the lowest predicted CO2 emissions (for example highlighting walking and cycling over car usage).

  Covid-19 recovery

  The ability to promote the Government's £2 maximum bus fare cap and other Bus Service Improvement Plan projects in promoting the bus as a sustainable travel choice and to aid in returning usage to pre-pandemic levels.

  Tackling economic inequality

  The ability to break down perceived barriers in access to employment for those reliant on public transport, both in terms of availability and cost.

  Wellbeing

  The promotion of walking and cycling as sustainable, healthy modes of travel both for work and leisure purposes, and the ability to compare number of steps and calories used across all modes for any particular journey.

Pricing

• Price: £4,000.00 a licence a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at enquiries@grmmapping.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.