Fujitsu Services Limited

Fujitsu PAYG and Account Based Ticketing

Fujitsu is a leader in smart ticketing across rail, buses, trams and other transport and modes. Our solution provides PAYG ABT back-office services that can scale from a single small operator to city-wide multi-operator, multi-modal scheme. We support a range of travel tokens, pre-pay and post-pay accounts.

Features

• Support for a wide range of travel tokens – barcode/ITSO/EMV.
• Pre-pay (e-purse) and Post-Pay (PAYG) accounts
• Scalable from single operators to large multimodal, multi-operator scheme
• Flexible rolling capping (of any duration) and best value tickets
• An inclusive ABT offer supporting the unbanked and concessionary groups
• Simple rules-based configuration
• Full compliance with rail and bus ticketing standards
• Open APIs for ease of integration
• Cloud hosted for rapid deployment
• Mobility as a Service (MaaS) ready

Benefits

• Simple access for citizens to public transport services
• No purchasing decision to make ahead of travel
• Best value ticketing with rolling caps of any duration
• Fully inclusive of non-banked customers with prepayment account options
• Configuring wide-ranging of concessions and entitlements to increase patronage
• Supports travel tokens from mobile barcodes, ITSO smartcards to EMV
• Fast deployment due to business rule and cloud stored pricing
• Already integrated with Ticketer Bus ETMs
• Protecting revenue through flexible rules to block/unblock services
• Integrate validators, web/apps and information reporting systems with APIs

£0.00 a unit

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at government.frameworks@fujitsu.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

349827604370803

Contact

Sam Skinner
07867829234
government.frameworks@fujitsu.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Our PAYG and ABT solution is built on our Actora transport management platform. It provides a range of services for digital ticketing, customer management and payment services. The platform is integrated with our range of HOPS and CMS solutions providing customers with a modern micro-service approach to transport operations management.
• Cloud deployment model: Public cloud
• Service constraints: N/A
• System requirements: N/A

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Varies depending on support arrangements
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Service and support can be tailored to your requirements. We provide service managers and a range of skilled engineers that work alongside our service desk. Service level agreements are defined and can include 24x7 service cover.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We provide a range of consultantive and deployment services depending on the customer need/requirements. We provide training and documentation along with a staging environment for testing and experimentation.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
  • Other
• Other documentation formats:
  • Training material in the form of MS Office documents
  • Videos to explain features of the service
• End-of-contract data extraction: Our APIs are available for customers to use to extract data, or we can provide a tailored data dump.
• End-of-contract process: We would hope to extend services in line with ongoing/future requirements. Services can then be tailored and adapted as necessary. If a customer choses to leave and stop using our services we will close the scheme and after a period of time securely remove the data from our service.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The mobile application is designed as a B2C companion app for end customers using the ABT services. It is available on iOS and Android and can be white labelled.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: Customers interact with our service through a web portal where a scheme is administered to define business rules, products and mode/service definitions. Customers can also access our service desk through a web interface. All interactions use standard web browsers and are accessible from any internet connected device.
• Accessibility standards: None or don’t know
• Description of accessibility: Industry Standard Web interface
• Accessibility testing: None
• API: Yes
• What users can and can't do using the API: Our customers, and their partners, can access all our back office services via APIs. This can include integration of the PAYG/ABT services into a mobile app or web service for customers, or for reporting puposes.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Customers are given a secured scheme on our platform that can be customised with their own business rules, products, services and usage/payment tokens. Customisation is controlled through the admin features accessed through the web portal.

Scaling

• Independence of resources: Our system is deployed on the Microsoft Azure Cloud using a micro-service architecture. Each service runs on it's own set of virtual machines that can be scaled both in terms is performance and number as demand is placed on them. We also separate the computationally expensive back office features from services that customers interact with.

Analytics

• Service usage metrics: Yes
• Metrics types: Through an API
• Reporting types:
  • API access
  • Real-time dashboards
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: No
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Our APIs are available for customers to use to extract data, or we can provide a tailored data dump.
• Data export formats: CSV
• Data import formats: Other
• Other data import formats: N/A

Data-in-transit protection

• Data protection between buyer and supplier networks: Other
• Other protection between networks: N/A
• Data protection within supplier network: Other
• Other protection within supplier network: N/A

Availability and resilience

• Guaranteed availability: Our services are designed to be always available with upgrades to the micro-services performed without system outages. Service Level Agreements are available to can be tailored to customers' requirements, which can include refunds/penalties for outages and availability target failures.
• Approach to resilience: Available on request
• Outage reporting: Outages are reported to our service desk and engineers via dashboards and alerts which include email, slack channel updates and text messages.

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: Access is via the following: ; - Fujitsu issued SSL certificate ; - Fujitsu issued User name and password ; - Support is provided to licenced customers via the Fujitsu Service Desk which operates 7 days per week
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Bureau Veritas
• ISO/IEC 27001 accreditation date: 06/01/2022
• What the ISO/IEC 27001 doesn’t cover: Anything that is not included within the scope of the ISO 27001 certification is not covered.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: The Fujitsu Group places ICT as our core business. Our corporate vision is to contribute to creating a safe, pleasant, networked society, we work to ensure and improve the level of information security throughout the Group.; In April 2016, we established the Fujitsu Group Information Security Policy in order to share this vision and encourage action by each employee. ; ; Complete text of the Fujitsu Group Information Security Policy (Global Security Policy); https://www.fujitsu.com/global/imagesgig5/InformationSecurityPolicy_en.pdf; ; Fujitsu Group appointed a Chief Information Security Officer (CISO) under the authority of the Risk Management and Compliance Committee to further strengthen security measures in the Group. Moreover, in aiming to strengthen our global information security governance we have appointed Regional CISOs around the world.; ; Regional CISOs report to the CISO on information security measures implemented by security teams at each group company. The CISO periodically reports to the Risk Management and Compliance Committee on the status of information security measures, and also makes additional reports whenever necessary.; ; To prevent information leaks, instead of simply informing our employees of the various rules and regulations, it is important to raise the security awareness and skill level of each individual employee. The Fujitsu Group holds information management training for employees.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Fujitsu and the client will record configuration changes on the in-scope devices or; applications via an agreed change control process. Change events include: outage; (network), service infrastructure modification (relating to the client), client; configurations and modifications etc.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Management responsibilities and procedures are in place to ensure a quick, effective, and orderly response to information security incidents.; ; Fujitsu has a hierarchical Information Security Organisation with a documented Incident Response and Forensic Investigation plan.; ; Information security incidents and events are reported through appropriate and defined management channels. All employees, contractors and third-party users of information systems/services are required to note and report any observed or suspected weaknesses in systems/services.; ; Security Incidents are logged on a restricted access platform which generates notification to management team. All incidents are compiled and periodically trend analysed for discussion at the monthly Security meeting.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: The service is monitored using a comprehensive suite of industry leading monitoring tools. All service components and the supporting infrastructure are monitored, any deviations from the standard baseline will generate alerts that are triaged, investigated, and resolved as appropriate. ; A data compromise occurs when there is a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to data processed. A data breach is foremost a Security Incident and would be managed in accordance with the defined Security Incident Management process.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Management responsibilities and procedures are in place to ensure a quick, effective, and orderly response to information security incidents.; ; Fujitsu has a hierarchical Information Security Organisation with a documented Incident Response and Forensic Investigation plan.; ; Information security incidents and events are reported through appropriate and defined management channels. All employees, contractors and third-party users of information systems/services are required to note and report any observed or suspected weaknesses in systems/services.; ; Security Incidents are logged on a restricted access platform which generates notification to management team. All incidents are compiled and periodically trend analysed for discussion at the monthly Security meeting.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Fujitsu operates a Dual Delivery approach to Social Value (SV). Our Responsible Business Programme, developed on the principles of the Public Sector (SV Act 2013) delivers our corporate employee and community programme. Running parallel to the corporate programme, we deliver bespoke client-facing SV programmes within each call off contract. Programmes are fully aligned to the requirements of PPN06/20. Using our co-creation process, we undertake both local and national initiatives, jointly developed with clients and partners, that ensure Economic, Social and Environmental benefit to communities.

  Covid-19 recovery

  Fujitsu operates a Dual Delivery approach to Social Value (SV). Our Responsible Business Programme, developed on the principles of the Public Sector (SV Act 2013) delivers our corporate employee and community programme. Running parallel to the corporate programme, we deliver bespoke client-facing SV programmes within each call off contract. Programmes are fully aligned to the requirements of PPN06/20. Using our co-creation process, we undertake both local and national initiatives, jointly developed with clients and partners, that ensure Economic, Social and Environmental benefit to communities.

  Tackling economic inequality

  Fujitsu operates a Dual Delivery approach to Social Value (SV). Our Responsible Business Programme, developed on the principles of the Public Sector (SV Act 2013) delivers our corporate employee and community programme. Running parallel to the corporate programme, we deliver bespoke client-facing SV programmes within each call off contract. Programmes are fully aligned to the requirements of PPN06/20. Using our co-creation process, we undertake both local and national initiatives, jointly developed with clients and partners, that ensure Economic, Social and Environmental benefit to communities.

  Equal opportunity

  Fujitsu operates a Dual Delivery approach to Social Value (SV). Our Responsible Business Programme, developed on the principles of the Public Sector (SV Act 2013) delivers our corporate employee and community programme. Running parallel to the corporate programme, we deliver bespoke client-facing SV programmes within each call off contract. Programmes are fully aligned to the requirements of PPN06/20. Using our co-creation process, we undertake both local and national initiatives, jointly developed with clients and partners, that ensure Economic, Social and Environmental benefit to communities.

  Wellbeing

  Fujitsu operates a Dual Delivery approach to Social Value (SV). Our Responsible Business Programme, developed on the principles of the Public Sector (SV Act 2013) delivers our corporate employee and community programme. Running parallel to the corporate programme, we deliver bespoke client-facing SV programmes within each call off contract. Programmes are fully aligned to the requirements of PPN06/20. Using our co-creation process, we undertake both local and national initiatives, jointly developed with clients and partners, that ensure Economic, Social and Environmental benefit to communities.

Pricing

• Price: £0.00 a unit
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at government.frameworks@fujitsu.com. Tell them what format you need. It will help if you say what assistive technology you use.