Provadis

Service scope

Software add-on or extension: No
Cloud deployment model: Public cloud
Service constraints: N/A
System requirements: General modern computer operating system (Windows, OSX, Linux, etc)

Internet connection and general modern web browser (IE, Chrome, etc)

SFTP client and ability to generate OpenSSH public SSH key

User support

Email or online ticketing support: Email or online ticketing
Support response times: Pivigo provides its standard Incident Management support service Monday to Friday (excluding UK Public Holidays) between 08.00 and 18.00. Response times are between 1 hour and 8 hours depending upon urgency and impact.
User can manage status and priority of support tickets: Yes
Online ticketing support accessibility: None or don’t know
Phone support: No
Web chat support: No
Onsite support: No
Support levels: For each of our clients we provide access to a named Customer Success Manager who works with the client to perform account management duties both at a project/technical level as well as a customer service and commercial level.
We provide standard Incident Management support service Monday to Friday (excluding UK Public Holidays) between 08.00 and 18.00.
Our response and resolution times are as follows:
P1 1 hour response and 24 hour mean-time-to-recovery
P2 2 hour response and 48 hour mean-time-to-recovery
P3 3 hour response and 3 day mean-time-to-recovery
Priority is determined by an Urgency over Impact matrix whereby:
P1 Urgency High and Impact High
P2 Urgency Low and Impact High
P2 Urgency High and Impact Low
P3 Urgency Low and Impact Low
Support available to third parties: No

Onboarding and offboarding

Getting started: In all projects delivered by Pivigo, the Buyer plays a critical role throughout the solution design and delivery processes. In short, our goal is to ensure that our solutions meet the unique requirements of the user, so understanding how the user will consume the product is a critical part of the process. Before we build your solution our on-boarding team will sit down with the Buyer to understand the business case: the challenges we aim to address and the strategic goals driving the requirement. Our data scientists will put the supporting data through a stringent health-check to ensure that it is fit-for-purpose for the modelling tasks ahead.
Service documentation: Yes
Documentation formats: HTML

ODF

PDF
End-of-contract data extraction: Any data not auto-pruned will be returned or destroyed in a manner agreed with the user and evidence of said actions documented.
End-of-contract process: The user shall immediately cease to access the Pivigo Cloud (if applicable) and cease all use of the AI Solution, and Pivigo shall be entitled to delete the instance or tenant or configuration of the AI Solution and Partner Content and any Outputs where the same are hosted on a Partner Cloud Environment.

Evidence of Pivigo's close-down process including data deletion, provided to the user upon request.

Using the service

Web browser interface: Yes
Supported browsers: Internet Explorer 11

Microsoft Edge

Firefox

Chrome

Safari

Opera
Application to install: No
Designed for use on mobile devices: No
Service interface: No
User support accessibility: None or don’t know
API: No
Customisation available: Yes
Description of customisation: Users can customise the look and feel, as well as some data fields and outputs

Scaling

Independence of resources: Pivigo ensures that users are not affected by other users of our platform by provisioning dedicated compute resource for each environment used by our clients. As such each of our client’s services are logically distinct from each other and within the client service the ‘staging’ and ‘production’ environments are similarly distinct. We also deploy all services into multi-availability zone Cloud regions and configure load balancing to distribute load according to demand.

Analytics

Service usage metrics: Yes
Metrics types: Availability, n tickets, accuracy
Reporting types: Regular reports

Resellers

Supplier type: Not a reseller

Staff security

Staff security clearance: Other security clearance
Government security clearance: Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations: Yes
Data storage and processing locations: United Kingdom
User control over data storage and processing locations: Yes
Datacentre security standards: Supplier-defined controls
Penetration testing frequency: At least once a year
Penetration testing approach: In-house
Protecting data at rest: Encryption of all physical media
Data sanitisation process: Yes
Data sanitisation type: Deleted data can’t be directly accessed
Equipment disposal approach: A third-party destruction service

Data importing and exporting

Data export approach: The user can export their data through their SFTP port.
Data export formats: CSV

Other
Other data export formats: JSON
Data import formats: CSV

Other
Other data import formats: JSON

Data-in-transit protection

Data protection between buyer and supplier networks: TLS (version 1.2 or above)
Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability: Subject to, and expressly excluding downtime due to maintenance, if the Actual Uptime Percentage for an AI Solution (made available through Pivigo Cloud) in any Service Month is lower than 99.5%, Pivigo will credit the Partner an amount equal to the monthly Charges paid by the Partner for that AI Solution in the Service Month multiplied by a percentage equal to the difference between the Availability Service Level and the Actual Uptime Percentage for that Service Month and capped at 15%. e.g. If the Actual Uptime Percentage is 98.5, the Service Credit will be 1% of the monthly Charges paid for the subscription to the relevant AI Solution.
Approach to resilience: All of our customer deployments take advantage of multi-availability zone locations and also load balancing in the Cloud. Should the service fail in one of the availability zones traffic is routed to the remaining deployment and as necessary the service is auto-scaled to ensure service demand can be maintained. In addition the deployments themselves take advantage of 'infrastructure-as-code' which also allows us to redeploy into additional Cloud regions should there be a more persistent issues within the current Cloud region.
Outage reporting: Email alerts

Identity and authentication

User authentication needed: Yes
User authentication: Username or password
Access restrictions in management interfaces and support channels: Access to the system is typically restricted to the customer's public IP address and where interactive login is required secured with a username and password.

The accounts used to connect via SCP/SFTP are provisioned as part of the service initiation process - including the inclusion of the SSH public key as well as IP whitelists.
Access restriction testing frequency: At least once a year
Management access authentication: Username or password

Audit information for users

Access to user activity audit information: Users contact the support team to get audit information
How long user audit data is stored for: Between 1 month and 6 months
Access to supplier activity audit information: Users contact the support team to get audit information
How long supplier audit data is stored for: Between 1 month and 6 months
How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification: No
ISO 28000:2007 certification: No
CSA STAR certification: No
PCI certification: No
Cyber essentials: No
Cyber essentials plus: No
Other security certifications: No

Security governance

Named board-level person responsible for service security: Yes
Security governance certified: No
Security governance approach: We follow industry best-practice including least access / privilege, white-listing and encryption
Information security policies and processes: Escalation of an incident would be conducted via the Customer Success Manager allocated to the customer's account. In the event of a security incident (deemed a P1) our senior management team is also raised to coordinate the investigation, remedial actions and also conduct a post-mortem (including a Root Cause Analysis) - the primary aim being to identify what process changes are required to avoid future occurrences as well as ensure our response is robust and ensures the client’s interests are maintained.

Operational security

Configuration and change management standard: Supplier-defined controls
Configuration and change management approach: The entirety of the service is 'as code' and is provisioned using a CI/CD pipeline. As the service has two AWS accounts the pipeline's merge policy acts to keep the environment's configuration and source code in lock step with one another - where a change is first tested in a staging branch, deployed to the staging environment before being merged in to the production branch and deployed to production. In order to merge changes into upper branches a peer review is conducted. In addition all releases are packaged as Docker images, which are scanned prior to deployment for known vulnerabilities.
Vulnerability management type: Supplier-defined controls
Vulnerability management approach: All software published to the service is originated from our private git repositories and compiled as Docker images on a per environment basis. These are subject to vulnerability scans when being pushed into deployment.
Protective monitoring type: Supplier-defined controls
Protective monitoring approach: All of our customer’s cloud instances (configured as exclusive accounts on our cloud platform) are configured to ship logs for any suspected or malicious activity detected in the service. These are a wide range of triggers that are designed to alert of unusual activity and cover scenarios such as:

Denial of service
Network port sweep
Port probing
Password brute force
Root credential usage
Policy disabling

Logs of these events are centralised in a separate operations account whereby upon the receipt of abnormal behaviour we would investigate and either triage the symptom, close a vulnerability or implement a temporary workaround.
Incident management type: Supplier-defined controls
Incident management approach: All service endpoints are monitored and in the event of an availability check reporting as down we would raise a ticket and investigate. In addition we provide customers of the service a customer service and ticket portal where they can also raise incidents in the event the service is unavailable.

Our standard SLA Incident Management support service Monday to Friday (excluding UK Public Holidays) between 08.00 and 18.00

Our incident prioritisation matrix is available in our SLA.

Escalation of an incident would be conducted via the Customer Success Manager allocated to the customer's account.

Secure development

Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks: No

Equal opportunity: Equal opportunity

In the past decade we have seen a seismic change in how humans consume information and technology. One of the most transformative ways this has been realised is in the democratisation of geolocation information. Indeed, for many, real-time information about where we are on the globe – everything from traffic updates to public transport information to the local spread of a deadly virus – is literally at our fingertips. As highlighted in a blog from the Geospatial Commission in late 2021, location data has become “fundamentally embedded in our daily lives.” It is essential to the provision of information products and services. The Commission itself is looking at measuring the economic, social and environmental value of location data, both within government and the private sector. While this value will be challenging to quantify, it’s clear there is great value in enabling more people to have access to these products and services.

Pivigo’s Provadis is an AI product that helps to drive the accessibility of this value. It contains a set of features that act as building blocks to provide bespoke location intelligence solutions. Provadis offers deep insights and predictive intelligence across time and space using a range of data-driven geospatial models.

By combining modular functionalities such as data gathering, machine learning and layered visualisations, Provadis can be used to tackle complex challenges, such as identifying optimal sites for commercial / industrial facilities or location optimisation for facilities such as electric vehicle charging stations, retail locations or other operations. The knock-on effects of these initiatives will include improved operational efficiency, reduced energy consumption for delivery and increased adoption of more environmentally friendly forms of vehicle fuel. Ultimately, this will result in positive impacts on the economic, social and environmental wellbeing of individuals across the UK.

Pricing

Price: £5,000 a unit a month
Discount for educational organisations: Yes
Free trial available: No

Features

Benefits

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Pricing

Service documents

Can we store analytics cookies on your device?

Provadis

Features

Benefits

Pricing

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Social Value

Pricing

Service documents