IBI Group UK Ltd

CurbIQ: Digital Traffic Order Solution (D-TRO) by Arcadis

CurbIQ is a cloud-based solution for digitising and managing kerbside, road, and parking regulations. It centralises all types of digital Traffic Regulation Orders (permanent, temporary, experimental, special events, off-street) within a single GIS platform, streamlining the drafting, consultation, and approval processes while ensuring compliance with the DfT’s D-TRO data requirements.

Features

• Digital Traffic Regulation Order Management: drafting, consultation, and approval
• Centralised management of every type of TRO: permanent, temporary, experimental
• Digitisation of static and moving TROs/TMOs and TTROs
• Comprehensive, dynamic, interactive, and customisable map-based visualisation tool
• Create, amend, revoke, consolidate traffic orders and bulk updates
• Export of map tiles and traffic order schedules: PDF, GIS-compatible
• Public facing platform: sharing TROs and conducting public consultation
• Standardised database in DfT’s D-TRO, CDS, APDS, CurbLR standards
• APIs for sharing data with external parties and DfT
• Efficient paper-based TRO digitisation, on-street data collection, data correction

Benefits

• Simple and fast data migration between from legacy systems
• Cloud-based software accessible through web browsers
• Real-time data integration: parking payment, sensors, cameras, LPR, EV
• Dashboards to track changes and analyse historical kerbside utilisation
• Project and scenario tools for efficient planning and collaboration
• Customisable base maps: OS MasterMap, MapBox, Esri, Google Satellite
• Summary stats to track kerbside and sustainability goals
• Additional datasets: signs, parking, EV, bus, bikeshare, traffic infrastructure
• Software integration: asset management systems, permits, enforcement, National Street Gazetteer
• Unlimited access to online tutorials and quick customer service

£400 a licence a month

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at uk_intelbd@arcadis.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

368317180091722

Contact

Gareth Bower
0141 331 4500
uk_intelbd@arcadis.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: N/A
• System requirements: A modern browser is required for the CurbIQ web platform

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Monday-Friday 4 AM - 10 PM (BST)
• User can manage status and priority of support tickets: No
• Phone support: No
• Web chat support: No
• Onsite support: No
• Support levels: Monday - Friday 4:00am-10:00pm (BST) unless otherwise stated. We provide email support, phone/video call support (if previously agreed and scheduled), and technical support
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Clients are given user guides and documentation for each of the CurbIQ modules. as well as live tutorials. They are also provided with online video tutorials.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Users can export their newly generated data directly through the Curb Manager tool. ; Users receive complete kerbside data from CurbIQ staff when the contract ends.
• End-of-contract process: Each of the CurbIQ modules comes at a different cost. Users can decide which modules are applicable to them and pay a subscription rate accordingly.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The user interface adapts to the dimensions of the mobile device used.
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: CurbIQ is available as a web application.
• Accessibility standards: None or don’t know
• Description of accessibility: CurbIQ is accessible through a web application.
• Accessibility testing: No interface testing with users of assistive technologies has been specifically carried out.
• API: Yes
• What users can and can't do using the API: Users need to contact CurbIQ staff to set up and use the API. This API can disseminate kerb regulation data to third party mobility companies.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • PDF
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: Users can contact CurbIQ staff for backend or front end customisation of kerbside regulations and data display. ; Users can edit their language preferences.; CurbIQ can be integrated and work with existing or legacy municipal software.

Scaling

• Independence of resources: Our systems are hosted on AWS cloud and auto-scaling of hardware resources can be enabled to accommodate varying user demands.

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: Less than once a year
• Penetration testing approach: In-house
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Users can export their map-based data as bylaw PDFs, Excels, or standardised GeoJSON file format.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • PDF
  • GeoJSON
• Data import formats: Other
• Other data import formats:
  • GeoJSON
  • PDF
  • Excel

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: 99.9% up time is guaranteed.
• Approach to resilience: CurbIQ’s cloud hosting platform is hosted by a series of redundant servers and network devices in a cloud configuration. Computing resources are pooled and can be moved from one process to another, preventing loss of service and performance degradation and maintaining room for upgrades and expansion. Architected with redundancy at various levels and with a watch dog monitoring system, the solution detects unscheduled events that threaten to disrupt service can be repaired without the public users ever encountering problems or noticing a degradation of the level of service. IBI Group provides full redundancy, deduplication and data offloading to the Cloud for archiving and records keeping. The backups are constantly monitored for reliability and performance, and DR infrastructure is routinely tested. All backup processes are automated to ensure timely operation and are generally performed during low utilisation periods. Routine maintenance is carried out to verify the proper working order of all systems. During this time, non-service impacting updates are performed, network equipment is refreshed, and new hardware is installed, as needed. In addition, all backups and restores are verified.
• Outage reporting: Our performance monitoring software tracks system health of applications, servers, the network and disruptions to data feeds in real time. It can also email alerts to designated support staff if system health deteriorates.

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: Users are provided with unique credential information.
• Access restriction testing frequency: At least every 6 months
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: Cyber Security (Vulnerability Assessment & Penetration Testing)

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: IBI secures Personal Data as a Data Controller or Data Processor through a series of security measures that include physical security such as restricted areas or registration of visitors, technological security maintained by a dedicated information technology team, through the use of robust systems and reliable service providers, and organisational measures such as due diligence in transferring Personal Data to specific service providers for reasons of specific service delivery relating to such Personal Data.
• Information security policies and processes: IBI has appointed its General Counsel (GC) as Data Protection Officer (DPO) to ensure compliance with data protection laws. As DPO, the GC reports directly to the CEO and monitors compliance with obligations in relation to data protection according to the processes IBI has adopted in compliance with these obligations. The Director of Information Technology (DIT) ensures implementation of the Data Security Policy while managers ensure compliance by employees. The CEO requires regular status reports on compliance and board members hold management responsible for compliance.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: There is no change management. This is a COTS product.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: IBI Group utilises a Security Threat and Risk Assessment to identify expectations and establish a security baseline; controls are in place to prevent misuse of data and access to the solution. We perform periodic self-assessments, vulnerability testing, patch analysis, test and confirm that controls are working correctly to prevent network intrusion detection, sharing information with the personnel involved on a regular basis. We perform independent assessments as needed. When a non-compliance process is identified, we will determine the root cause, assess the threat, document the risks and develop plans for corrective actions and report appropriately.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Daily analysis of server (System, security etc.) logs is performed. Dedicated support personnel are trained to identify potential compromises and when these are identified they are thoroughly investigated. As a general principal a security in-depth policy is adopted where the seriousness of the security incidents is treated as critical until such time as it is proven otherwise.
• Incident management type: Supplier-defined controls
• Incident management approach: Following an incident, within 48 hours of issue resolution the team creates an after-action report (AAR). This report includes the following information: • Time of occurrence and resolution; • Issue chronology; • Issue resolution; and, • Interim and permanent steps in place for future avoidance or mitigation of the issue.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Equal opportunity

  Fighting climate change

  Informed users looking for parking and better planning can help reduce congestion in cities and in turn reduce GHG emissions. CurbIQ looks to provide software that can enable cities to solve both of these issues.

  Covid-19 recovery

  CurbIQ has been used by several municipalities to plan and implement complete streets, kerbside patios, and temporary loading zones to accommodate changes in the kerbside from pandemic restriction

  Equal opportunity

  Having a better understanding of the kerbside can help cities make more equitable decisions to make kerbside space benefit all users.

Pricing

• Price: £400 a licence a month
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Users can trial out CurbIQ products in a small neighbourhood or urban corridor for 3 months to get an understanding of the product and see its value. Contact CurbIQ for more information.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at uk_intelbd@arcadis.com. Tell them what format you need. It will help if you say what assistive technology you use.