CPC Project Services Ltd

Operation Platform One

One platform to integrate disparate systems to provide actionable information in high demand operational environments.

Features

• Whole Railway Data Integration
• Real-time service status indication including delays and passenger loading
• Operational Support
• Stranded Train Management
• Railway Simplifier Generation
• Rail Fleet Overview
• Crew Tracking
• Rolling stock Data Integration and visualisation

Benefits

• Streamlined access to operational data in time critical environment
• Customer focussed decision making based on live data
• Decision making based on accurate information
• Workload reduction leading to efficiencies and improved quality of service
• Continuous maintenance planning and optimisation
• Human resource management improvement for efficiencies and improved performance
• Optimised decision making to support disruption management

£2,000 a unit a year

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at g-cloud@cpcprojectservices.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

225743907943262

Contact

Lera Serieux
02075394750
g-cloud@cpcprojectservices.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: OP1 is a data integrator and analysis tool. It is only limited by the data available to it. If existing data sources are not available, OP1-Edge can provide a data logging platform to acquire necessary information. The service is access via a modern web browser which supports web assembly.
• System requirements:
  • A modern browser which supports Web Assembly
  • An internet connection

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: 24hr initial response. Resolution time varies depending on the issue. Support is provided Mon-Fri 08:00 – 17:00 excluding English statutory holidays.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Yes, at an extra cost
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: We use Microsoft Teams for Web Chat. Microsoft strives to meet WCAG accessibility standards, specifically aiming for conformance with WCAG levels A and AA criteria. Microsoft evaluates its products against these guidelines. See https://www.microsoft.com/en-us/trust-center/compliance/accessibility.
• Web chat accessibility testing: No testing completed to date, we can undertake this in response to customer request and need.
• Onsite support: No
• Support levels: We typically provide support Mon-Fri during office hours as a core part of our service offer througout the duration of projects. If required we can provide additional support outside of these hours. We provide an account manager and engineering support.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Initial guidance is given to a user champion (train the trainer).; User manual is available.; Software is built in an intuitive way using icons and tool tips to naturally guide users through the interface.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Actions to be carried out at the end of the contract and associated their costs are discussed and agreed prior to contract commencement.
• End-of-contract process: Actions to be carried out at the end of the contract and associated their costs are discussed and agreed prior to contract commencement.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: API Access allows users to read only access to their data sets.
• API documentation: Yes
• API documentation formats: HTML
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: There are multiple modules and features which can be enabled given that the requisite data sets are available.

Scaling

• Independence of resources: CPC uses distributed serverless architecture (Azure Service Bus, Storage Accounts and InfluxDB) which enables us to decouple backend infrastructure from frontend, allowing our applications to automatically scale to meet user demand.; ; We prioritize scalability when selecting architecture components, assessing service specifications. Those specifications include guarantees from the service supplier (Microsoft) around availability and uptime guarantees.; ; Additionally, in respect of software architecture, we consider the scenario that operations from multiple users will happen concurrently. We utilise safe, scalable locking and ordering mechanisms where applicable in order to ensure that the system as a whole remains congruent even under high user load.

Analytics

• Service usage metrics: Yes
• Metrics types: Real time message count and simultaneous network connection count are available.
• Reporting types: Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest: Physical access control, complying with another standard
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: On request.
• Data export formats: Other
• Other data export formats: JSON
• Data import formats: Other
• Other data import formats:
  • CSV
  • ODF
  • JSON
  • XML

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: SLAs and Uptime at different levels are available and can be discussed as part of the service specification.
• Approach to resilience: We have confidence in our services thanks to a combination of careful architectural choices (e.g. serverless, protocols, data modelling, etc.) and solid software engineering practices.; ; We select services based on their ability to scale as well as their uptime guarantees, keeping things distributed and as simple as possible when considered as an isolated component of the wider ecosystem. Well defined data models, APIs and protocols help here.; ; Our code is written in a strongly typed language (C#) allowing for strict static analysis to be enabled. We also unit test what we can and integration test more complex interactions between components.
• Outage reporting: Planned maintenance is communicated with the client. OP1 indicates within the application if there has been a partial or complete loss of service.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
• Access restrictions in management interfaces and support channels: Access is restricted using Azure Entra ID.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: Between 1 month and 6 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Between 1 month and 6 months
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: We have security essentials plus accreditation and are working towards ISO 27001 certification in the near future.
• Information security policies and processes: We have security essentials plus accreditation and are working towards ISO 27001 certification in the near future.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Our source code is managed using GitHub, a cloud-based Git repository service operated by Microsoft, following industry and GitHub-idiomatic best practices:; ; Separation of concerns: code bases are scoped and maintained in discrete Git repositories; Continuous Integration (CI) including unit tests, integration tests and dependency vulnerability checks (daily cron schedule); Continuous Delivery (CD): automated release processes; Secure programming practices: both in terms of architecture but also by using the tools to protect us (C# static analysis, warnings-as-errors, etc.); Issue tracking (e.g. feature, bug, etc.): categorised story creation, conversation and state management; Pull requests: peer review; Individual user identities: audit / blame
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Threat assessment is often bespoke, analysed case by case. Priority is to assess the risk of sensitive data leaking into public domain by known or potential attack vectors.; ; To deploy patches we maintain CD workflows for our code repositories, allowing us to rapidly release (from cloud-based, ephemeral runners) new software versions. Releases managed using SemVer-based versioning, changelogs, peer review, CI, Git tags and package repositories (e.g. NuGet, Debian, etc.).; ; We actively listen for news of potential threats, growing our skills and knowledge, monitoring news and external releases. We care about the software we produce, working openly and with integrity.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We conduct daily vulnerability checks (e.g. via CVE Program) on third-party dependencies in our continuous integration (CI) workflows, promptly addressing any identified issues, often within hours. Our focus on security extends to proactive monitoring of technology advancements and architectural changes, integrating them into our systems to enhance security by design. This includes updates like new .NET SDKs and service protocol changes. We prioritize these improvements alongside feature development, ensuring our applications and support libraries remain robust and secure. Fixes are propagated through our codebases, resulting in timely releases for both backend services and frontend websites.
• Incident management type: Supplier-defined controls
• Incident management approach: 1. Incidents reported to CPC IT are then classed into categories like Break / Fix - which has an 1 Hour Response.; ; 2. Alert trends are reviewed in monthly service meeting review and are actioned accordingly.; ; 3. Incident Reports generated via ATP or third party teams for any Critical Outages / Events which logs the incident in detail, and how it was resolved and any preventative measures put in place.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  CPC is committed to achieving net zero emissions by 2050, if not before, our SME targets have been verified by the Science Based Target initiative (SBTi). We have been a carbon neutral business since 2021, annually using the Carbon Neutral Britain methodology and DEFRA Greenhouse gas reporting. ; ; Employee Network: As well as complying with our ISO14001 environmental management system, to monitor and reduce our carbon reduction activity, our Climate Action Group: ; ; Raise awareness of key climate updates/changes, educate and promote best practices through the use of ‘monthly moments’ and newsletters ; ; Implement companywide initiatives, Recycling Week, Climate Quiz and Save the Bees ; ; Provide Skills Share Session on ‘climate’ topics to influence behaviour change and to benefit project delivery (delivered by employee and guest speakers) ; ; Track and analyse companywide environmental performance on projects ; ; Measuring and Taking Action: Our PPN06/21 compliant Carbon Reduction Plan sets out our emissions, reduction targets (near and long-term), as well as our performance against these targets. We are proud to report that following a review of Scope 1 & 2 emissions they have reduced by 54% from our baseline year, largely due to change in travel behaviour. We have, and continue to take action to reduce waste through promoting recycling, eliminating single use plastics, reduced energy usage through efficient printing, sensor lighting and auto turn off of IT. We also consult with our suppliers and landlords on their carbon reduction practices to positively influence behaviours. ; ; Supporting Clients: CPC actively supports its clients in reaching Net Zero targets through a focus on sustainability leadership and management from the outset of our projects. We invest time upfront to understand the clients’ sustainability goals and aspirations and assist them in developing a bespoke strategy, tailored to their specific requirements, and drive progress through the management of environmental trackers and reports.

  Covid-19 recovery

  We outline in our answers to ‘Fighting Climate Change’, ‘Tackling Economic Inequality’, ‘Equal Opportunity’ and ‘Wellbeing’ how we support individuals and the environment to recover from the effects of Covid-19.

  Tackling economic inequality

  CPC is committed to tackling economic inequality; developing skills to support the future needs of industry is a key priority for CPC. We have designed our Volunteering Programme around ‘developing skills for the future’ and ‘promoting our profession’. ; ; In collaboration with our clients, we plan and agree at the outset how we can help tackle economic inequality in their communities and implement/monitor this through the project lifecycle. ; ; Local Recruitment: We plan to grow, so provide new employment opportunities for local people across the regions. ; ; Inspiring the Future: CPC partners with the ‘Inspiring the future’ charity, which connects CPC volunteers with schools and colleges across the country, informing children of the different careers in construction and the range of opportunities available. Engagement includes; Careers Advice, Day in my Life and Mock Interviews. We use this vehicle to connect with education establishments in local communities, reaching deprived areas and empowering children from all backgrounds. ; ; Developing Skills in Science, Technology, Engineering and Maths: Our employees are encouraged to join the STEM Ambassador Programme to help students improve attainment in these key subjects. By supporting local schools/colleges with STEM workshops we aim to making learning fun through interactive tasks. ; ; Apprenticeships: We provide apprenticeships to develop skills from the local area, resulting in recognised qualifications. Advertising in local colleges and job centres to recruit individuals local to our offices/projects. ; ; Work Experience/T-Level Placements: We offer paid work experience for local people, offering exposure to the industry, career guidance and developing core skills. Each year we welcome individuals from secondary schools and universities local to our offices/projects, providing both administrative and site-based learning. ; ; Internal Processes: We support each employee to achieve their aspirations. Our embedded training and development programme includes:; ; Bi-Annual Appraisal System ; ; Graduate Training ; ; Skills Share Sessions ; ; Mentoring ; ; Chartership Support Networks ; ; Leadership Programme for aspiring leaders

  Equal opportunity

  CPC is committed to creating an inclusive and diverse working environment where everyone is respected and treated equally. We are a committed member of ‘Inclusive Employers’ using their resources to embed an equitable culture. ; ; Training: To support our EDI policy all employees must complete Equality on Diversity training, which includes education on protected characteristics, when joining CPC and then every 2 years. Those in management positions must also complete an Unconscious Bias course. ; ; Recruitment: To ensure there is no barrier to employment we have removed personal information from CV’s before sending them to hiring managers to avoid unconscious bias. We ensure that opportunities with CPC, a Living Wage employer, are accessible using media sources available to all demographics. ; ; Agile Working: Our Agile Working Policy offers an opportunity to create a more diverse workforce, supporting employees from different demographics across all job levels. It can also help close the gender gap by creating more flexibility for individuals with childcare issues, particularly where we are looking to increase under represented groups in male dominated industries such as the technology sector. ; ; Process Adjustments: CPC takes a proactive approach to ensure equal opportunities for all individuals including those with varying abilities by offering reasonable adjustments in both recruitment processes and daily life. Neurodiverse individuals, encompassing conditions like ADHD, Autism, and Dyslexia, receive extended exam and learning times. We consider flexible working options prior to retirement, ensure succession planning is age neutral. ; ; Employee Network: Our Network of Equality and Diversity (NEDI) actively work to educate staff and challenge discriminatory assumptions of individuals with different abilities and neurodiverse conditions. The group awareness on key topics and support awareness days, such as; International Women’s Day, Black History Month, Pride, and arrange webinars, featuring speakers like Wendy Smith, a former Paralympian Basketball Champion.

  Wellbeing

  CPC has a comprehensive programme of wellbeing initiatives to support our employees in achieving and maintaining better health and wellbeing outcomes. ; ; Employee Network: Our Health and Wellbeing Group was established to support the 4 pillars of wellbeing: Physical, Emotional, Mental and Spiritual. This is achieved through the creation of a yearly calendar which comprises of activities, awareness days, quizzes, coffee mornings, runs/walks, webinars, talks and charity events. We produce a quarterly ‘Healthy Minds’ Newsletter, and ‘Monthly Moments’ which are shared at team meetings to reinforce policies and generate discussion on the subject of Health, Safety and Wellbeing. ; ; Policies: CPC’s wellbeing policies span a wide range of topics: mental health and wellbeing, menopause, fatigue management, stress management, flexible and agile working. A recent addition to the office environment has been the implementation of a ‘reflection room’, a quiet space for employees and visitors. ; ; Support Programme: includes; ; ; Comprehensive Employee Assistance Programme ; ; 24-hr stress counselling helpline ; ; Mental Health First Aiders , who hold weekly Time–to–Talk sessions ; ; Private healthcare ; ; Gym discounts ; ; Cycle to work scheme ; ; Support/resources through our corporate charity partner; Mental Health UK ; ; Engagement: Every November we conduct a staff survey to anonymously obtain feedback on ‘Life at CPC’. We sought feedback on our approach to Good Health & Wellbeing to determine any improvements / additional communication needed to raise awareness or provide support. In our Nov-23 employee survey, 93.5% agreed that CPC provides enough support and resource on mental health and wellbeing. ; ; Project Teams: We also like to foster a positive approach to wellbeing within our external project teams. This includes sharing our ‘Monthly Moments’ in project meetings to create a culture of support. We have also arranged wellbeing walks, these walk and talks are a good way to hold a meeting away from a screen.

Pricing

• Price: £2,000 a unit a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at g-cloud@cpcprojectservices.com. Tell them what format you need. It will help if you say what assistive technology you use.