Skip to main content

Help us improve the Digital Marketplace - send your feedback

Trapeze Group UK Ltd

NRT&H

Fully managed RTPI and AVL solution for Local Authorities in UK and Ireland. Includes Data Management, Traffic Light Priority, Digital Display Maintenance, Business Intelligence KPI Dashboard, On Board Units, Content Management System, TfL API, Open API, SIRI feeds

Features

  • Common database shared with NOVUS FX
  • Data Management service
  • Traffic Light Priority
  • Digital Display Maintenance
  • KPI Dashboard
  • On Board Units
  • Content Management System
  • TfL API
  • Open API
  • SIRI feeds

Benefits

  • Single data entry reduces mistakes: common database with NOVUS FX

Pricing

£100,000.00 an instance

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@trapezegroup.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

2 7 5 5 8 8 0 8 9 6 7 7 9 0 5

Contact

Trapeze Group UK Ltd Colin Urquhart
Telephone: 07384241680
Email: tenders@trapezegroup.com

Service scope

Software add-on or extension
No
Cloud deployment model
Private cloud
Service constraints
No
System requirements
Modern browser

User support

Email or online ticketing support
Email or online ticketing
Support response times
Calls and emails are acknowledged immediately. Best practice SLAs apply.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Standard support service (no extra cost, with account manager and support engineers):
Priority Level 1 Resolution time (days) 2
A reported problem in the Software, or one of its necessary components, has caused the Software to cease function or has caused a complete system shutdown. The incident may result in a downtime and prohibit the Trapeze Customer from carrying on procedures crucial to the operations are immediately addressed.

Priority Level 2 Resolution time (days) 3
A reported problem in the Software or one of its necessary components has caused a serious disruption of a major business function and cannot be temporarily solved by an alternative method or 'work around'.

Priority Level 3 Resolution time (days) 5
A reported problem or query in the Software, or one of its necessary components, which cannot be temporarily solved by an alternative method or 'work around'.

Priority Level 2 Resolution time (days) 5
A reported problem, question, desire, request, etc. which is not included in the definitions of Priority 1-3 and demands less immediate attention than said priorities.

Priority Level 5 Resolution time (days) Next upgrade
A problem of cosmetic nature that may be corrected in the next release of the software.
Support available to third parties
No

Onboarding and offboarding

Getting started
User guides and training, online self-service portal
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
Export into standard data exchange formats such as TXC & NaPTAN files or data migration is available as a separate service
End-of-contract process
Standard functionality enables data export. Once the contract has ended, access to the browser-based system is revoked.

Using the service

Web browser interface
No
Application to install
No
Designed for use on mobile devices
No
Service interface
No
User support accessibility
WCAG 2.1 AA or EN 301 549
API
No
Customisation available
Yes
Description of customisation
Select language. Modify screen layout. Change styling. Screen panels and available functionality can be defined for individuals or groups of users.

Scaling

Independence of resources
Capacity is designated in order to provide service to the required number of users

Analytics

Service usage metrics
Yes
Metrics types
Availability, response times, application logs include usage
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
None

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with another standard
  • Other
Other data at rest protection approach
Firewalls
Data encryptionWhite listing client sites;
Role base access controls by support staff;
All your backed-up data is automatically encrypted when stored in the cloud using Azure Storage encryption, which helps you meet your security and compliance commitments. This data at rest is encrypted using 256-bit AES encryption, one of the strongest block ciphers available, and is FIPS 140-2 compliant.
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Data is exported in standard formats (TXC, ATCO-CIF, NaPTAN XML). Alternatively, all data can be exported in flat file format such as .csv.
Data export formats
  • CSV
  • Other
Other data export formats
  • TransXChange - TXC
  • ATCO-CIF
  • NaPTAN
  • GIS Shape files
Data import formats
  • CSV
  • Other
Other data import formats
  • TransXChange - TXC
  • ATCO-CIF
  • NaPTAN
  • GIS Shape files

Data-in-transit protection

Data protection between buyer and supplier networks
  • Legacy SSL and TLS (under version 1.2)
  • Other
Other protection between networks
Within Azure we have client separation through resource groups that include localised virtual networks.
Data protection within supplier network
  • IPsec or TLS VPN gateway
  • Other
Other protection within supplier network
Access lists on VLAN
Firewalls
Network scanning for vulnerabilities

Availability and resilience

Guaranteed availability
Minimum is 99.5 but can go up to 99.9 at customer request under separate agreement.
Approach to resilience
Failover lines
Failover firewalls
Resilient switches
Outage reporting
All servers are monitored 24/7 with email and text alerts if there is an outage. Run via Uptrends which tests accessibility globally.

Identity and authentication

User authentication needed
Yes
User authentication
Username or password
Access restrictions in management interfaces and support channels
The system holds its own passwords which are fully encrypted within the database. The password policy is enforceable and includes reset & expiry features. Superusers can reset passwords.

Unsuccessful logins result in lockouts. There is full login audit. Admin passwords can be regularly changed.
Access restriction testing frequency
At least once a year
Management access authentication
Dedicated link (for example VPN)

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
Alcumus ISOQAR
ISO/IEC 27001 accreditation date
23/08/2019
What the ISO/IEC 27001 doesn’t cover
Scope covers all activities involving client data, not internal systems.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
No
Cyber essentials plus
No
Other security certifications
Yes
Any other security certifications
ISO 9001:2015

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
It is the policy of Trapeze Group UK Ltd to ensure:
>Confidentiality of information is maintained
>Integrity of information through protection from unauthorised modification
>Availability of information to authorized users when needed
>Information is protected against unauthorised access
>Information is not disclosed to unauthorized persons through deliberate or careless action
>Regulatory and legislative requirements will be met
>Business continuity plans are produced, maintained and tested as far as practically possible
>Information security training is given to all Employees maintaining the hosting centre environment
>All breaches of information security and suspected weaknesses are reported and investigated

Induction and ongoing training via an audited on-line course ensure awareness of GDPR and security. There is an appointed Data Protection Officer. responsibility for adherence to policy lies at board level.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
We manage change through our ITSM tool following the ITIL defined process. The Service Desk Manager working with the IT Manager ensures that the underlying infrastructure is managed using industry best practice procedures to prevent adverse impacts on security.

In order for changes to progress smoothly, a planning stage includes:
• Identification of issues
• Scope definition
• Gap analysis
• Estimating
• Timeframes
• Resourcing
• Success criteria
Once the change has been defined, often working with you to fully understand the what and why, the plan is shared and explained to all stakeholders.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
We ensure up to date patching is applied to both the OS and the application.

We use an industry standard tool for confirming known vulnerabilities are identified and addressed.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Alienvault scans IP ranges on different ports to probe for vulnerabilities. A risk analysis is followed by appropriate counter measures. Any incident identified is immediately assessed and, if deemed to be major, the major incident policy is invoked. Incident Management and Incident Response teams are convened. Initial investigation leads to assessment of implications. Communications with clients are maintained. Once the root cause is identified, mitigated by a permanent solution and symptoms and side effects have been resolved, the incident is closed and a lessons learned phase follows.
Incident management type
Supplier-defined controls
Incident management approach
We work within ISO27001 / ITIL frameworks. An incident is anything out-of-the-normal occurring that negatively affects us or one of our customers.

Users can report incidents via web portal, email or phone.

Major incidents are dealt with by two teams: The Response Team ensure that all necessary remedial actions are taken as quickly and effectively as possible; the Management Team allows the Response Team to focus on fixing the incident whilst they take strategic decisions, ensure resourcing for the Response Team and deal with external communications. Incident Management is an iterative process: Preparation > Identification > Response > Lessons Learned

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
No

Social Value

Fighting climate change

Fighting climate change

Trapeze has taken the step to minimise its effect on Climate and has partnered with Ecologi to plant 1080 trees globally including in the UK each month to offset our company and employees' Carbon footprint.
Tackling economic inequality

Tackling economic inequality

Trapeze is in the process of signing up for and becoming an accredited Living Wage employer.
Equal opportunity

Equal opportunity

Trapeze Group UK is a founding member of the Inclusive Tech Alliance (ITA) which was launched to improve diversity within the tech sector. The Inclusive Tech Alliance (ITA) has been set up in response new research by agency Inclusive Boards that will show the sector is significantly lagging behind others on diversity within senior leadership. (https://www.inclusivetechalliance.co.uk)
Wellbeing

Wellbeing

As a company dedicated to the welfare of our staff, Trapeze has implemented and dedicated resources to the wellbeing of our staff which includes a Healthy Minds programme to support staff wellbeing.
The company has a Healthy Minds programme that is run by our HR, this includes the distribution of our Healthy Minds newsletters to all staff every quarter.

Pricing

Price
£100,000.00 an instance
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@trapezegroup.com. Tell them what format you need. It will help if you say what assistive technology you use.