YOU. SMART. THING. LIMITED

Travel Assistant

You. Smart. Thing. are the leading online journey planning platform signposting visitors to destinations, venues and events. YST help organisations measure, manage and report their Scope 3 emissions to reach net zero targets. YST provide personalised travel plans with last mile routing that is accessible, sustainable and promotes active travel

Features

• Personalised real-time travel advice, tailored to travel preferences
• Customised last mile curation providing accessible and sustainable routes
• Multi-modal, integrated travel including mobility operators, EV and bespoke transport
• Back-office online dashboard for set-up, operation and analytics
• Real-time messaging capability via text, email and social media
• Travellers can request disability assistance via in-built module
• GDPR-compliant data capture including modal split, CO2 emissions and calories
• Itinerary planning with integration of timed events or appointments
• Easily integrated/ embedded in websites, social media or CRM systems
• Fully managed customer support via dedicated Customer Success Team

Benefits

• Enables effective management of travel demand, people-flow and mode optimisation
• Increases modal-shift to active, sustainable travel whilst improving air quality
• Measure and manage Scope 3 emissions to reach net zero
• Digital signposting to/ around destinations reducing queries on front-line staff
• Allows destination operators to capture and maintain the visitor relationship
• Improves equality, diversity and inclusion giving confidence and travel assurance
• Improves operational efficiency and reduces costs
• Easy to embed, web-based with nothing to download or install
• Cost effective to set-up and maintain, free for travellers use
• Available on desktops, mobile devices and smartphones

£1,400.00 to £96,000.00 a licence a year

• Education pricing available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Simon.Grieve@YouSmartThing.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

292944833049969

Contact

Simon Grieve
07768 696896
Simon.Grieve@YouSmartThing.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: None
• System requirements:
  • Web browser access
  • Internet access

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We aim to provide an initial response to all questions within 4 hours. Depending on category, the issue is then handled in line with our standard service level agreement.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: The system has been tested with an external panel of pan-disability users including assistive technology users
• Onsite support: Yes, at extra cost
• Support levels: A manned service help-desk is provided during business hours, moving to 24/7 ticket-based support thereafter. Response KPIs are monitored for 3 escalation levels: Standard, within 72 hours; Urgent, within 24 hours; Critical, within 12 hours with immediate response within business hours. We aim to resolve all queries with 24 hours of responding. ; Our standard business hours support package is included in our baseline fees, whilst additional hours and service levels, and a dedicated technical account manager, are available at additional cost.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: You. Smart. Thing. are a UK-based, dedicated team wholly focused on our Travel Assistant journey planner product. We will offer our customers dedicated support throughout the project, but in particular across the go-live, actively monitoring usage and uptake. In particular we would expect to support the customer very closely in the early months of the deployment around promoting the service to local venues and events, to drive adoption within the reasons people travel, at the point of need for travel advice. Typically, we would facilitate two workshops with the customer during the inception phase of the project, the first validating the scope of the solution and the brief set by the customer, the second reviewing the provisioning of this scope. We would expect at least one representative of the customer who has decision making responsibility for the project and subject matter expertise within the domain to attend these workshops. Typically these might be customer roles such as Transport Strategy Manager, Transport Innovation Manger, Event Manger or Places Coordinator.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: All data is available through an API and can be extracted at any point, including at the contract end.
• End-of-contract process: Included in the contract is access to the API for data extraction. Extra cost would be incurred if the customer requires bespoke reports or data formats.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The system has a responsive web design, with all features available on both mobile and desktop channels.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: There are three service interfaces; 1) the consumer user interface 2) the dashboard portal management user interface 3) the API interface.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: Accessibility sits at the heart of everything the YST team delivers, with regular accessibility audits being undertaken to ensure access for all. The Travel Assistant is complaint to the WC3 AA standard for web-based services, with images and buttons tagged with natural language descriptions for screen-reader identification. Extended audio and sign-language AAA compliance can be implemented to support targeted service roll-out to visually and hearing-impaired audiences.; The Travel Assistant platform integrates with a variety of accessible communication channels, such as telephone and SMS - technologies that elderly people and people with cognitive impairments are more comfortable engaging with. Deployments can include optional interactive DPPP compliant mobile Travel Assistant help-points, designed for use in foyers, where queueing is expected or on station platforms.
• API: Yes
• What users can and can't do using the API: All features of the service are available through the API as well as through the consumer and management user interfaces. Access to the API is managed through role based security, which limits certain API users from making changes or configurations.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: The service allows management users to customise a rich set of parameters through data configuration including; Travel Assistant, Venues, Events, Access Points and Modal Preference configurations. Management user portal access to configuration customisations is managed through role based security.

Scaling

• Independence of resources: We test our multi-tenant service to ensure that multiple users do not affect performance and response times. Our scale-out policy provisions additional hardware if significant spikes in usage occur, to ensure continuous availability to all users.

Analytics

• Service usage metrics: Yes
• Metrics types: Service metrics include; sign-in activity, sign-up activity, venues, venue type, events, event types, routes, modes, visitor carbon emissions and calorie count per journey, numbers and timings of journeys, modal split per venue, modal split per event, average journey time per mode per venue, delays, notifications.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Data can be exported from the system using the Management Dashboard Portal or via an API for users with appropriate role based authority.
• Data export formats:
  • CSV
  • Other
• Other data export formats: JSON
• Data import formats:
  • CSV
  • Other
• Other data import formats: JSON

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: You. Smart. Thing. can confirm that the system we provide will be available 99% of the time, 365 days of the year. If down time exceeds this in any contract year, the pro-rata license fee payment applicable for the excess down time will be applied as a service credit to the subsequent license period. ; ; Excluding scheduled maintenance, our system availability was 100% across our contracts.
• Approach to resilience: We use a load-balanced active-active design pattern to ensure that there are always multiple instances of any service component available.
• Outage reporting: Service outages are automatically reported through our API, which can expose these to our secure dashboard or email alerts.

Identity and authentication

• User authentication needed: No
• Access restrictions in management interfaces and support channels: Management interfaces and support channels use OAuth and OpenID with JSON Web Tokens (JWT) for managing access restrictions. JSON Web Tokens are an open, industry standard RFC 7519 method for representing claims securely between two parties.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Alcumus ISOQAR
• ISO/IEC 27001 accreditation date: 30/09/2019
• What the ISO/IEC 27001 doesn’t cover: Scope of registration is for the provision of software design and development, hosting and support utilising third party hosting and IT support in accordance with the Statement of Applicability.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: You. Smart. Thing. recognises the importance of information security to ensure business continuity and minimise business damage by preventing and reducing the impact of security breaches. This policy is led by the CEO to protect the company’s information assets from all threats whether internal or external, deliberate or accidental. A business management system is written, implemented, reviewed and continually improved to support this policy. It is the policy of the company to ensure that:; Information will be protected against unauthorised access; Confidentiality of information will be assured;Integrity of information will be maintained; Information will be available as required by the business processes; Regulatory, legislative and contractual security requirements will be met; Business continuity plans will be produced, maintained and tested; Information security training will be available to staff; A framework is provided for establishing and reviewing objectives. All breaches of security, whether actual or suspected, will be reported to, and investigated by the CEO. It is the responsibility of the CEO to provide guidance on the implementation of this policy. It is the responsibility of all staff to adhere to this policy.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All software changes to all platform components are tracked through rigorous configuration management. Every source code change is tracked against a requirement or support ticket within the source code repository, and before that change can be included in a software build it must pass a suite of automated unit tests in addition to approval from two developer peer reviews, including a full assessment for potential security impacts. Change management processes, as defined within our ISO9001 accredited quality management system, are routinely used to ensure application upgrades, patching and maintenance are always communicated in advance through release notes.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: During development, the You. Smart. Thing. development team take various measures and follow best practices to mitigate many security risks common to web applications. Upon delivery, there will be no known critical nor high-risk security vulnerabilities present in the software.; You. Smart. Thing. has previous experience with numerous penetration test exercises and reports by third party security experts. Patches and updates are deployed promptly. ; The development team being familiar with the risks and remediation of each security risk in the OWASP Top 10 and have requested to receive the latest cyber threat information from the National Cyber Security Centre.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: You. Smart. Thing. have confidence that the Travel Assistant service generates adequate audit events to support effective identification of suspicious activity. These events are reported to a dashboard enabling them to be analysed to identify potential compromises or inappropriate use of the service. Appropriate remedial actions are alerted to service managers for resolution. Resolutions can include patches, updates, or software fixes. Response to incidents are managed through our service desk and addressed according to our SLA response times depending on the severity of the incident.
• Incident management type: Supplier-defined controls
• Incident management approach: As defined in our Business Continuity Plan, which forms part of our Quality Management system that has been certified to ISO 27001, the Travel Assistant system has been developed with the operational business processes Recovery Point Objectives and Recovery Time Objectives for each pre-defined process in response to identified potential incidents. Issues are reported through our online service desk portal. Critical incidents can also be reported by phone to our helpdesk. Incident reports are documented within the online service desk portal. For critical incidents we will also provide a documented incident report including a root cause analysis.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Covid-19 recovery:

  Covid-19 recovery

  The You. Smart. Thing. Travel Assistant is a solution for destinations and transport network stakeholders that facilitates safer travel for the UK’s pandemic recovery. Stakeholders can manage infrastructure and services proactively by receiving travel demand forecasts, influencing modes of travel used, predicting congestion, re-routing in real-time, adding or removing capacity, and generating rich data for a holistic insight. ; Rationed loading and journey staggering can be achieved through a unique Travel Plan allocation feature, limiting the number of options offered by time of day, transport mode, or service operator. Travellers register their trip in advance using the Travel Assistant and receive a uniquely numbered Travel Plan via text or email. Discretionary checks may be made by transport staff or civic officers, or a more formal boarding-pass system can be operated. ; In turn, travellers can select safer, sustainable, less crowded journey options in accordance with their travel preferences, get personalised travel plans, and receive dynamic route updates. The service is free-to-use, simple-to-access, secure, and endorsed by trusted regional operators and the UK government. ; The existing Travel Assistant application programming interface (API) has the capability to expose all data-points captured by the Travel Assistant throughout the recovery lifecycle. Previous trial deployments have allowed us to refine data capture, analysis and visualisation methodology around sector specific key performance indicators. A combination of quantitative API based data and qualitative survey data can be applied to deliver ongoing impact assessment and reporting on the following objectives. ; - Switch to walking and cycling ; - Reduced use of private cars ; - Ability to get to the workplace ; - Time to get to the workplace ; - Availability of parking ; - Impact on the cost of travelling ; - Environmental impact and reduced GHG emissions ; - Impact of adequate travel provision on mental health and well-being ; - Accessibility support and routing
• Equal opportunity:

  Equal opportunity

  The You. Smart. Thing. Travel Assistant was originally developed to include the special assistance needs of disabled people, funded by the Department for Transport through the Rail Safety Standards Board. It includes the default option for service-users to apply the following filters to planned trips, either as part of a stored profile or on an ad-hoc basis, for each journey query: ; ; - I require step free access ; - I’ll have a guide dog with me ; - I’ll have heavy luggage with me ; - I’ll need a place to park my bicycle ; - Number of adults / children ; ; Recommended routes are updated in accordance with these preferences (and accessibility preferences are configurable if additional options are required, e.g. “I’ll have a chaperone with me”). To ensure key recommended routes are accessible we provide a route and venue audit service in partnership with leading accessibility consultants Goss Consultancy Limited.; ; Travel Assistant also has the option to enable a ‘Request Assistance’ feature in line with the recommended journey step information for specific critical services destinations. This enables a service-user’s assistance request to be forwarded to staff en-route (e.g. train operator staff) or staff at the destination. Request assistance configurations can be added and defined after the service’s initial deployment, dependent on the availability of regional staff to provide assistance. ; ; Additionally, the system can be integrated into call centre applications, supporting manual interactions and advice offered by phone if required.
• Wellbeing:

  Wellbeing

  The Travel Assistant 'Active Mobility' feature combines sustainable travel planning with a highly personalised wellbeing itinerary planner. Designed in conjunction with community groups across the age spectrum, GP’s, Clinical Commissioning Groups, ‘social prescription’ experts, and Local Authorities, it sees the Department for Transport’s ‘Gear Change’ policy put into action where it is needed most. ; Annual costs per patient for the top 5% of users of primary and secondary health care are over 20 times higher than all other patients (The Health Foundation). This group is overwhelmingly made up of senior citizens. The most common complaints are loneliness and depression, diabetes, lung, and heart disease. Medical research shows these can be delayed, and in many cases could be avoided, through changes to lifestyle and diet. ; To harness the benefits of active mobility, improve quality of life and reduce health and social care costs, it is paramount that we return to those with the most to gain, the necessary assurances they need to travel locally with confidence. ; The Active Mobility feature tracks the wellbeing of participants. Partners aim to define and determine the scalability of an active travel social prescription service, to areas with wider inequalities, and as a fiscal stimulus. It will calculate achievable net cost savings in health, through reductions in medication and hospitalisation, and social care, through reductions to domiciliary care requirements. ; Building on peer-to-peer wellbeing initiatives whilst addressing digital inclusion and data sharing challenges, the Active Mobility feature qualifies the concept of recommending and connecting ‘travel companions’ using personalised active travel itineraries, comprising high streets and community hubs. Tailored walks, cycling (where possible) and public transport routes are put together, algorithmically matched to patients’ conditions and shared via local GP’s as ‘trusted routes to trusted places’, providing viable active travel options to patients.

Pricing

• Price: £1,400.00 to £96,000.00 a licence a year
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Simon.Grieve@YouSmartThing.com. Tell them what format you need. It will help if you say what assistive technology you use.