DDS

MTC Transport Planning System

Comprehensive home to school and social care transport planning system.

Features

• Comprehensive database of passengers, contracts, staff, suppliers, establishments, vehicles
• Configurable , interactive mapping visualisation using variety of map sources
• Advanced routing engine - bulk planning and day to day
• Full financial module including integration with your finance system
• Supplier invoice checking and sign-off
• Contract and supplier management including incident management
• Mainstream eligibility module including safe walking routes
• Comprehensive reporting including self-serve report design
• Mobile Driver/PA App for live comms with vehicles
• RESTful API for third party system integration

Benefits

• Reduce the cost of your service through route optimisation
• Maintain the cost effectiveness throughout the year
• Monitor your current and projected spend
• Intuitive, easy to learn user interface
• Extensive configuration to fit your specific business processes
• Workflow tool to keep track of team tasks
• API to seamlessly integrate with your other key systems

£20,000 a unit a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at jaustin@ddswireless.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

236580827442323

Contact

Jason Austin
01993 886704
jaustin@ddswireless.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: None
• System requirements:
  • Current or recent (last two major) browser version
  • MS Word (for mailmerge template creation only)

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: P1 (Urgent): Response 1 business hour, Target Resolution within 4 business hours; P2 (High): Response 1 business hour, Target Resolution within 1 working day; P3 (Medium): Response 8 business hours, Target Resolution within 5 working days; P4 (Low): Response 5 working days, Target Resolution within 1 month; ; Business Hours: 0830-1700 Mon-Fri; 24/7 Emergency support
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: We only have one, comprehensive level of support, the cost of which is built into the annual licence charge. This provides unlimited email/telephone support queries.; Every customer has a dedicated account manager who will work with you throughout the initial project and beyond to ensure you are getting the most out of the system and to manage any issues. This involves regular (2-3 times per year) onsite visits.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We provide onsite training and recently, due to current circumstances, have begun to develop trainer led online versions of training. Training is provided as part of the initial project and can be added to, at cost, as required.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Within the cost of the contract, data will be provided in standard industry format: either flattened CSV files or Oracle database dump; Alternative formatting or filtering of data may incur additional charges.
• End-of-contract process: At the end of the contract access to the system will be automatically revoked. We will work with you to understand how you wish your data to be provided and then supply this to you. At an agreed time, and within 30 days of the end of the contract, all data held by us will be securely deleted.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Chrome
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The main system is not suited to mobile devices. However, our companion smartphone apps (driver/PA) are specifically designed for mobile devices.
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: Virtually all data within the system is available via our secure REST API. This includes both reading and writing (via controlled methods).; Also, certain features within the system can also be accessed via the API, such as eligibility tools (eg, link your parent application site to the eligibility tool to get online result of transport eligibility).
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Users can customise their UI, in particular how things appear on the mapping system - including colours, icons, font sizes; More generally, the whole system is very customisable to fit with your own business processes.; Bespoke customisations are looked at on an individual basis and will either feed into our R&D process for future delivery or may be developed at cost.

Scaling

• Independence of resources: We run multiple application servers that load balance between them to ensure users do not adversely effect others. Load on servers is monitored.

Analytics

• Service usage metrics: Yes
• Metrics types: All access to the system is audited. We work with you during the project to understand what, if any, regular usage reports you require.
• Reporting types:
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: Less than once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest: Physical access control, complying with another standard
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Much of the data in the system can be exported (Excel,CSV) by the user through standard and customisable reports. To export large volumes of data (eg, at contract end), it is more usual for us to work with you and provide this data for you.
• Data export formats:
  • CSV
  • Other
• Other data export formats: XML (certain data only)
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: Data encryption where appropriate

Availability and resilience

• Guaranteed availability: Our RPO is 24 hours and our RTO is 8 hours.; Target availability (excluding planned maintenance) is 99% per quarter.; Wherever possible we aim to complete planned maintenance outside of core hours (Mon-Fri, 0800-1700).
• Approach to resilience: We have never failed to meet our target uptime .; We run multiple resilient servers to ensure any one failure does not adversely effect our users. We maintain backup hardware in the case of failure.; Further information on how we address resilience is available from us.
• Outage reporting: Various elements of our hosting infrastructure are monitored, either automatically or manually, to alert us to any potential issue.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: There are no management interfaces per se.; The application itself has a comprehensive security system allowing end users to control which users have access to which parts of the system.; API is secured using either certificate exchange or secured API keys.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: We are in the process of obtaining Cyber Essentials accreditation for our hosting environment.
• Information security policies and processes: Policies are defined and staff made aware of relating to access to systems and data. Our general approach is that employees have the least level of access required to perform their duties.; All staff attend mandatory IT security training every year.; A named Chief Security Officer is ultimately responsible for ensuring policies are adhered to.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All changes - both software and hardware - are tested before being deployed to customers. Every change is also logged and rollbacks available.; We design our software from the start with security in mind.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Annual penetration testing is performed - this includes assessment not just of our infrastructure but also applications to ensure authorised bad actors are not able to 'move sideways' within our infrastructure.; Security patches are monitored for and deployed as appropriate (within 14 days for all high-risk or critical).
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Our security systems monitor for and report on any potential issues, alerting us to them quickly.; Any identified incidents would be responded to immediately and notified in accordance with GDPR.
• Incident management type: Supplier-defined controls
• Incident management approach: Policies are in place to ensure employees know exactly what to do in the even of various incidents.; Our policies define that any and all incidents are reported to our CSO.; If appropriate (eg, data breach) incidents are reported to users in a timely manner.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Wellbeing:

  Wellbeing

  Improve community integration: ; DDS has always worked closely with its community of users. It has continually engaged with them to truly understand their needs and the needs of their own users and customers, utilising this synergy to further improve its products and services. Through the Covid crisis we worked with existing customers free of charge to utilise the features in the system to assist them in delivering Covid related assistance (eg, distribution of PPE, food supplies) despite the system not being designed for such use. Through additional contracts we will continue this close relationship with new and existing users through regular face to face meetings, community user groups and by facilitating discussion/contact with other users in other local authorities.

Pricing

• Price: £20,000 a unit a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at jaustin@ddswireless.com. Tell them what format you need. It will help if you say what assistive technology you use.