ATKINSRÉALIS UK LIMITED

CIRRUSlocate™ Gazetteer Service

CIRRUSlocate™ is a geographical index, providing a flexible, secure, automated and fast directory of all Great Britain’s addresses, properties and land areas. It also supports local candidate records. Using the best open source software, CIRRUSlocate™ lowers the cost of ownership for a geographical index.

Features

• Gazetteer range – focussing the number of records returned
• Find Address (full) from British National Grid location
• Support for applications using British National Grid reference format
• Support for applications using Word Geodetic reference format
• Search for complete address details using free text
• Search for complete address details using a UPRN
• Search for Address and all decedents (Full) by UPRN
• Retrieves complete address details and all its descendants
• Records not included in the national dataset can be managed

Benefits

• Flexible OpenAPI standard - service consumed as customer requires
• Gazetteer data in the right format at the right time
• Mobile - access to business address data on the move
• Open Source – integrates best of breed components
• Low cost of ownership through open source and cloud
• Scalable to meet variable user demands
• Resilient – multiple nodes, automatic restart after failover
• High performance – through best of breed components and infrastructure

£14,300 to £23,100 a licence a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ccs@atkinsrealis.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

366001137532208

Contact

Martin Yeoman
+44 1372 75 2023
ccs@atkinsrealis.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: No
• System requirements:
  • A modern, standards compliant web browser
  • Client side API

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: Business Day, Monday - Friday: ; ; • A – Critical, respond in 2 working hours, providing circumvention instructions where possible or fix within 1 working day ; • B – Major, respond in 4 working hours, providing circumvention instructions where possible or fix within 2 working days ; • C – Functional failure, respond in 8 working hours, providing circumvention instructions where possible or fix within 7 working days ; • D – Intermittent failure, respond in 8 working hours, providing circumvention instructions where possible or fix within 15 working days; • E – Minor, fix included in next appropriate release.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Standard Support - available during 08:00 – 18:00 hours, Monday to Friday (not English Public Holidays). Incidents may be logged via the web, telephone or email during these times. Additionally, Incidents may be logged via the web outside of these hours, but they will not be progressed until the next working day. Software fixes will be progressed during these hours, and a release made available in line with the Customers agreement. 7 days per week – see Standard Hours, the addition being able to log and receive responses to Incidents during the additional hours. Please note that we operate a Restoration of Service (RoS) approach to support on the additional days e.g. Saturday, Sunday and English public holidays – See below for RoS definition. 24/7 - see 7 days per week, the addition being able to log and receive responses on a 24/7 basis. Restoration of Service (RoS) – during extended hours of support the aim is to get the Customer operational as soon as possible. Software fixes will not be provided during the additional hours of support. Incidents remain the responsibility of the Technical Support team throughout the life cycle.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Data restoration and migration are not part of this service by default. Both of these options can be purchased separately. Atkins is able to migrate existing client data such as Candidate Records or User Defined Records into CIRRUSlocate™ so that they are available for the Gazetteer searches. The price of this service is dependent upon the amount and variety of legacy data to be migrated and will be determined during a clarification exercise prior to the commissioning of any work.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: A standard database backup of any candidate record data will be made available to the client upon termination of the service.
• End-of-contract process: Once the contract has ended the account will be removed from the service and any local candidate records destroyed.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: Not applicable.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: We can provide customisation to enable the use of CIRRUSlocate with client applications, This is done through the creation of “System Connectors” that encapsulate the business logic to be applied to gazetteer search results.

Scaling

• Independence of resources: We use a Private Cloud platform that has been scaled by our service provider to support a very large customer base. Each on-boarded customer is allocated virtual servers for the service to run on, these virtual servers have an allocation of resources dedicated to them and so users are not impacted by the demands of other users.

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: Never
• Protecting data at rest: Physical access control, complying with another standard
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: The service provided, uses address data from AddressBase Premium. There should be no requirement to export the data from CIRRUSlocate™. Should an export of the local candidate data be required, this can be requested separately.
• Data export formats: Other
• Other data export formats:
  • Esri File Geodatabase
  • Esri Shapefile
  • MapInfo TAB files
  • Most other GIS formats
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • Esri File Geodatabase
  • Esri Shapefile
  • MapInfo TAB files
  • Most other GIS formats

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network: Other
• Other protection within supplier network: Data is stored in a PostgreSQL database with security enabled, the database holds the information for the service and is not accessible from other systems. Access controls in place prevent users from accessing the database. Access to the data by Atkins staff is strictly controlled. Staff from our service provider only have access to servers in order to provide support and maintenance, they do not have access to the information held within the databases. Physical access is tightly controlled within the data centre, no member of staff has access without appropriate permissions, once logged on they cannot access the databases.

Availability and resilience

• Guaranteed availability: Our service provides 99% uptime during the agreed hours of service.
• Approach to resilience: We utilise a Private Cloud environment built using the OnApp Cloud Management platform. It provides an environment that is: - Scalable through auto-scaling (up and out) - Highly available through automatic failover and full active-active High Availability The system is deployed across a multi-node environment ensuring that node failures do not bring the system down, the cloud management platform continually balances load across nodes and moves running services across nodes when issues are detected.
• Outage reporting: Real-time server monitoring provides alerts to our Cloud providers when services have failed, these outages are then reported to our clients through the Technical Support helpdesk.

Identity and authentication

• User authentication needed: No
• Access restrictions in management interfaces and support channels: Access to the service API will be via a client service. The client service will need to provide the necessary authentication, i.e. through an API key.
• Access restriction testing frequency: At least once a year
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: No audit information available
• Access to supplier activity audit information: No audit information available
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Lloyd’s Register Quality Assurance Limited
• ISO/IEC 27001 accreditation date: 16/06/2010
• What the ISO/IEC 27001 doesn’t cover: It excludes information handled within client specific secure environments that operate under more stringent security controls and A.14.2.4 Restrictions on changes to software packages.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Atkins Aerospace, Defence, Security and Technology (ADS&T) holds ISO 27001 and all our UK businesses are independently certified as achieving the ISO 9001:2008 quality management standard. Atkins follows a Business Management System (BMS) approach that brings together all of our business processes in one place. The BMS assures our clients through the certification of ISO 9001, OHSAS 18001 and ISO 14001, and forms a key part of the Atkins Governance Framework, which also includes our Group Policy Statements and Code of Conduct. BMS is key part of our governance process, translating the Group controls into a set of core processes that are applicable across the business.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Configuration control is performed using source code management and version numbering. Our change management process is invoked whenever a change to the system is required. A change management plan is created, including identification of risks and associated mitigation. Software changes are managed in accordance with TickITplus accredited quality framework and taken through rigorous testing cycles. Before installing in the live environment, a rollback plan is formulated and any required downtime agreed. The changes are installed in live environment and checks performed to ascertain the change was successful. Where problems arise the rollback plan is initiated restoring system to baseline state.
• Vulnerability management type: Undisclosed
• Vulnerability management approach: None
• Protective monitoring type: Undisclosed
• Protective monitoring approach: Atkins shall provide:; • 24 / 7 / 365 monitoring of server availability and performance with a restart option should the server fail out of hours; • Threshold monitoring to ensure potential problems are detected and addressed before they become critical; • Failover at any time of the day or night in the event of complete server failure; • Secure off site data backup; • Disaster Recovery procedures and management Business hours support services for non-critical incidents.
• Incident management type: Supplier-defined controls
• Incident management approach: Service failure severity types: ; Priority 1, Critical: The problem is stopping all work on the system.; Priority 2, Major: The problem is preventing the operation of a major sub-system or a group of users. ; Priority 3, Functional failure: The problem is affecting a particular function for a significant/high number of users.; Priority 4, Intermittent failure: The problem is affecting a particular function for a minority number of users. Is intermittent and impact to operation is low.; Priority 5, Minor: Minor issue. Very low impact to users or the problem is cosmetic.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  Atkins is committed to fighting climate change as evidenced through becoming carbon neutral in 2021 as we drive our carbon emissions down to our net zero target by 2030. We have signed up to science based targets to reduce our own emissions through the global Race to Zero initiative. ; Our commitment does not stop here; we are supporting our clients to meet their environmental reduction targets too. That is why we are upskilling our staff to understand the environmental impact of decisions, and to use these as considerations throughout the delivery lifecycle to provide better solutions for our clients. We will work hand in glove with our clients, helping provide awareness of the climate impact of the decisions that could be made such as circular economy opportunities. ; The CIRRUS suite of tools are cloud hosted to minimise their environmental impact. Accurate information systems also reduce the need for site visits.; Atkins is also committed to creating a healthy workplace and we do this through our board-sponsored Health and Wellbeing Steering Committee. We’ve taken a data-led approach to developing our health and wellbeing framework which is focussed around physical, mental and financial wellbeing. Our industry-leading plans encompass a diverse range of initiatives and campaigns, such as mental health first aiders and volunteering days.

Pricing

• Price: £14,300 to £23,100 a licence a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: A free trial for a small geographic area can be requested and would be subject to discussion and agreement.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ccs@atkinsrealis.com. Tell them what format you need. It will help if you say what assistive technology you use.