FLOWBIRD SMART CITY UK LIMITED

Flowbird Mobility Hub

The Flowbird Mobility Hub is a kerb side management platform.
Our customers can aggregate data from various mobility providers in order to have consolidated reports and analytical data.

Features

• Management of Mobility Assets
• Deliver Tariffs and Rights Management
• Overall Management of Mobility Transactions
• Payment Gateway
• Remote Customer Access
• Ability to Share Mobility Asset Data
• Reporting and Analytics for all Connected Mobility Assets
• EVCI and Parking Analytics
• Integrator of Third Party Solutions

Benefits

• Utilising data for Intelligent Guidance to Available Spaces and Enforcement
• Optimise Mobility Infrastructure Usage
• A Single back office Management Solution for Mobility Assets
• Single Point of Access to All Mobility Management Solutions
• Access Level Management
• Single User Interface to Manage Tariffs to all Mobility Assets
• Management of Mobility Assets - EVCI/parking/transportation
• Utilises analytical data to inform future mobility/transportation planning

£240.00 a licence a year

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at uk-tenders@flowbird.group. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

297233497701389

Contact

Amy Reed
07979694186
uk-tenders@flowbird.group

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: Planned maintenance is scheduled at regular intervals however this is scheduled at times that cause the least disruption. ; The service will be delivered in SaaS.
• System requirements:
  • All Mobility providers will require integration to the Mobility Hub
  • All users will have an individual log in ID
  • All authorised users would require a web connected PC

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: Recognition of receipt of all queries raised within two hours, seven days a week.; Flowbird prioritise all calls received from customers and apply the necessary resolution timeframe.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Yes, at an extra cost
• Web chat support availability: 24 hours, 7 days a week
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: Flowbird uses an industry recognised web chat solution, we undertake two customer feedback surveys per annum on our solution and undertake enhancements inline with the feedback received.; All Flowbird solutions go through an accessibility audit by an external expert partner. This ensures that our solutions are complaint with current accessibility standards.
• Onsite support: Yes, at extra cost
• Support levels: The support levels you provide; Level 1: Hosted Service with maintenance updates; Level 2: Level 1 + Online Support and Remote Fix; Level 3: Level 2 + Onsite Support; ; How much the different support levels you provide cost:; Dependent upon the scope of the service and the mobility infrastructure, assets and the number of third parties interfaced with the solution.; ; Whether you provide a technical account manager or cloud support engineer; Flowbird provide both technical account management and cloud support engineers in our data centres available to support our customers.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Flowbird will provide training manuals and documentation.; Training is a combination of onsite and online training.; Web tutorials are also available.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: When a contract ends, the customer can make a request to Flowbird to receive an extract of their data. Flowbird will provide this reversibility service at the request of the customer.
• End-of-contract process: There will be various options for the set up of the contract. ; ; Contracts can be inclusive of the cost associated with a level of extract reversibility if the customer so wishes. ; ; In the instance that this cost has not been included as part of the initial contract, a cost will be levied for this service.; ; If the customer requires data to be retained by Flowbird for a set period following termination, confirm at implementation stage the associated price would be included within the solution price.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: The user will see a portal detailing the available service options selected by the local authority/operator. This will include; reports, graphics, analytics, maps and configuration tools.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: Flowbird undertake two customer feedback surveys per annum on our solution and undertake enhancements inline with the feedback received.; All Flowbird solutions go through an accessibility audit by an external expert partner. This ensures that our solutions are complaint with current accessibility standards.
• API: Yes
• What users can and can't do using the API: How users can set up the service through the API; -API are accessible using certificates provided by Flowbird ; -API give access to all configuration data, allowing Mobility Asset to fully configure the service, if authorized in the certificate; ; how users can make changes through the API; -All data can be modified via the API, if authorized in the certificate; ; any limitations to how users can set up or make changes through the API; -All operations to the Mobility Hub are controlled via the individual API certificates.; -Access levels are dependent on the applicable APIs certificate.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • PDF
  • Other
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: What can be customised:; 1. Mobility assets; 2. Tariff and Rights; 3. Reports ; ; How users can customise; 1. Via the user interface; 2. Via the API; ; Who can customise; 1. User of the system who has the correct access rights; 2. Flowbird upon customer request

Scaling

• Independence of resources: The solution is based on micro services architecture, KUBERNETES clustering, and stateless services.; ; KUBERNETES has built in load balancing and automated scalability features which ensures that users are not affected by the requests from other users.

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest: Other
• Other data at rest protection approach: Certified with ISO 27001
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Users export their data via requests on the API or via Flowbird's service desk if there is a specific requirement for export.
• Data export formats:
  • CSV
  • Other
• Other data export formats: Json through APIs
• Data import formats: Other
• Other data import formats: Json through APIs

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Internal KPI for solution uptime is 99.9% ; ; SLA's will be agreed with each individual contracting customer, penalties against each SLA will also be discussed and agreed in the contract.
• Approach to resilience: Available on request.
• Outage reporting: The Mobility Hub will report planned maintenance and outages via e-mail to our customers.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: Each user has individual access rights following the "need-to-know" and least privilege principles.; An administrator of the system is able to define and modify user rights and access levels.; A periodic review of users' rights is implemented.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: Between 1 month and 6 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Between 1 month and 6 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSi
• ISO/IEC 27001 accreditation date: 14/07/2023
• What the ISO/IEC 27001 doesn’t cover: All areas of the system are covered.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: Security Standards Council
• PCI DSS accreditation date: 25/11/2023
• What the PCI DSS doesn’t cover: All solutions outside of the PCI environment.
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: Security organised according to ISO 27001 standard (but not certified)
• Information security policies and processes: ISSP = information system security policy; Documentary corpus about cyber security (one policy for each chapter of ISO 27001); Operational processes following each policy

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: *** cf. C.Longet ***
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Self testing with RAPID 7 or QUALYS tool, for company solutions not exposed to the internet; ; External testing SERENETY, for assets exposed to the internet
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: How you identify potential compromises; -Potential compromises are identified with internal tools (QUALYS, SENTINELONE, SPLUNK).; ; how you respond when you find a potential compromise; - A dedicated team (SOC) receive and manage alerts to identify and remedy to potential compromise; - This team is also responsible for incident management; ; how quickly you respond to incidents; - Average leadtime to engage actions is less than one working day
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Incident management policy complies with ISO 27035; ; A dedicated team (SOC) is in charge of incident management ; ; All incidents are logged in REMEDY tool

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Fighting climate change

  Fighting climate change

  The solution enables the management and monitoring of all mobility solutions in a city, enabling the reduction of driving and dwell times contributing to a reduction of a cities carbon footprint. The solution will provide the city with analytical data to inform future transportation and EVCI requirements.

Pricing

• Price: £240.00 a licence a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: The free trial will be time limited with functionalities agreed between the customer and Flowbird.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at uk-tenders@flowbird.group. Tell them what format you need. It will help if you say what assistive technology you use.