Skip to main content

Help us improve the Digital Marketplace - send your feedback

ATKINSRÉALIS UK LIMITED

CIRRUSlocate™ Gazetteer Service

CIRRUSlocate™ is a geographical index, providing a flexible, secure, automated and fast directory of all Great Britain’s addresses, properties and land areas. It also supports local candidate records. Using the best open source software, CIRRUSlocate™ lowers the cost of ownership for a geographical index.

Features

  • Support for applications using British National Grid coordinate reference system.
  • Support for applications using World Geodetic (WGS84) coordinate reference system.
  • Search for closest addresses to a location.
  • Search for complete address details using free text.
  • Search for complete address details using a UPRN.
  • Retrieves complete address details and, optionally, all its descendants.
  • Local candidate records not in national dataset can be managed.

Benefits

  • Provides Open API Specification for easier integration to business systems.
  • Gazetteer data in the right format at the right time.
  • Mobile - access to business address data on the move.
  • Open Source – integrates best of breed components.
  • Low cost of ownership through open source and cloud.
  • Scalable to meet variable user demands.
  • Resilient – multiple nodes, automatic restart after failover.
  • High performance – through best of breed components and infrastructure.

Pricing

£21,000 to £35,000 an instance

  • Education pricing available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ccs@atkinsrealis.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

3 8 3 0 9 2 0 4 9 6 8 5 1 6 7

Contact

ATKINSRÉALIS UK LIMITED Martin Yeoman
Telephone: +44 1372 75 2023
Email: ccs@atkinsrealis.com

Service scope

Software add-on or extension
No
Cloud deployment model
Private cloud
Service constraints
No
System requirements
  • A modern, standards compliant web browser.
  • Client-side API.

User support

Email or online ticketing support
Email or online ticketing
Support response times
Business Day, Monday - Friday:
• A – Critical, respond in 2 working hours, providing circumvention instructions where possible or fix within 1 working day.
• B – Major, respond in 4 working hours, providing circumvention instructions where possible or fix within 2 working days.
• C – Functional failure, respond in 8 working hours, providing circumvention instructions where possible or fix within 7 working days.
• D – Intermittent failure, respond in 8 working hours, providing circumvention instructions where possible or fix within 15 working days.
• E – Minor, fix included in next appropriate release.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Standard Support is available during 08:00 – 18:00 hours, Monday to Friday (not English Public Holidays). Incidents may be logged via the web, telephone, or email during these times. Additionally, Incidents may be logged via the web outside of these hours, but they will not be progressed until the next working day. Software fixes will be progressed during these hours, and a release made available in line with the Customers agreement. 7 days per week – see Standard Hours, the addition being able to log and receive responses to Incidents during the additional hours. Please note that we operate a Restoration of Service (RoS) approach to support on the additional days e.g., Saturday, Sunday and English public holidays – See below for RoS definition. 24/7 - see 7 days per week, the addition being able to log and receive responses on a 24/7 basis. Restoration of Service (RoS) – during extended hours of support the aim is to get the Customer operational as soon as possible. Software fixes will not be provided during the additional hours of support. Incidents remain the responsibility of the Technical Support team throughout the life cycle.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Data restoration and migration are not part of this service by default. Both of these options can be purchased separately. AtkinsRéalis is able to migrate existing client data such as Candidate Records or User Defined Records into CIRRUSlocate™ so that they are available for the Gazetteer searches. The price of this service is dependent upon the amount and variety of legacy data to be migrated and will be determined during a clarification exercise prior to the commissioning of any work.
Service documentation
Yes
Documentation formats
HTML
End-of-contract data extraction
A standard database backup of any candidate record data will be made available to the client upon termination of the service.
End-of-contract process
Once the contract has ended the account will be removed from the service and any local candidate records destroyed.

Using the service

Web browser interface
Yes
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
No
Designed for use on mobile devices
No
Service interface
Yes
User support accessibility
None or don’t know
Description of service interface
The service makes data available for consumption by client API’s so not applicable.
Accessibility standards
None or don’t know
Description of accessibility
None, this is not an interactive service with a GUI. It is an API service used to search for addresses and intended for integration into other business systems through interface programming.
Accessibility testing
This is not an interactive service with a GUI. It is an API service used to search for addresses and intended for integration into other business systems through interface programming.
API
Yes
What users can and can't do using the API
We can provide customisation to enable the use of CIRRUSlocate™ with client applications. This is done through the creation of “System Connectors” that encapsulate the business logic to be applied to gazetteer search results.
API documentation
Yes
API documentation formats
  • Open API (also known as Swagger)
  • HTML
API sandbox or test environment
No
Customisation available
Yes
Description of customisation
We can provide customisation to enable the use of CIRRUSlocate™ with client applications. This is done through the creation of “System Connectors” that encapsulate the business logic to be applied to gazetteer search results.

Scaling

Independence of resources
We use a Private Cloud platform that has been scaled by our service provider to support a very large customer base. Each on-boarded customer is allocated virtual servers for the service to run on, these virtual servers have an allocation of resources dedicated to them and so users are not impacted by the demands of other users.

Analytics

Service usage metrics
No

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2019
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Managed by a third party
Penetration testing frequency
Never
Protecting data at rest
Physical access control, complying with another standard
Data sanitisation process
Yes
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
The service provided, uses address data from AddressBase Premium. There should be no requirement to export the data from CIRRUSlocate™. Should an export of the local candidate data be required, this can be requested separately.
Data export formats
Other
Other data export formats
  • Esri File Geodatabase
  • Esri Shapefile
  • MapInfo TAB files
  • Most other GIS formats
Data import formats
  • CSV
  • Other
Other data import formats
  • Esri File Geodatabase
  • Esri Shapefile
  • MapInfo TAB files
  • Most other GIS formats

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
Other
Other protection within supplier network
Data is stored in a PostgreSQL database with security enabled, the database holds the information for the service and is not accessible from other systems. Access controls in place prevent users from accessing the database. Access to the data by AtkinsRéalis staff is strictly controlled. Staff from our service provider only have access to servers in order to provide support and maintenance, they do not have access to the information held within the databases. Physical access is tightly controlled within the data centre, no member of staff has access without appropriate permissions, once logged on they cannot access the databases.

Availability and resilience

Guaranteed availability
Our service provides 99% uptime during the agreed hours of service.
Approach to resilience
We utilise a Private Cloud environment built using the Virtuozzo Cloud Management platform. It provides an environment that is: - Scalable through auto-scaling (up and out) - Highly available through automatic failover and full active-active High Availability The system is deployed across a multi-node environment ensuring that node failures do not bring the system down, the cloud management platform continually balances load across nodes and moves running services across nodes when issues are detected.
Outage reporting
Real-time server monitoring provides alerts to our Cloud providers when services have failed, these outages are then reported to our clients through the Technical Support helpdesk.

Identity and authentication

User authentication needed
Yes
User authentication
2-factor authentication
Access restrictions in management interfaces and support channels
The provision of privileged user accounts and accounts for sensitive services requires additional approval by our corporate IT’s security team. This team determines which type of administration account is to be created for the requestor depending on the access required and where the requestor is based. Privileged users have a separate account for carrying out administrative tasks and do not use generic or system created accounts for interactive logon.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
No audit information available
Access to supplier activity audit information
No audit information available
How long system logs are stored for
Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
Lloyd's Register Quality Assurance Limited
ISO/IEC 27001 accreditation date
06/04/2024
What the ISO/IEC 27001 doesn’t cover
N/A
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
Yes
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
Cyber Essentials and Cyber Essentials PLUS Certified.
Information security policies and processes
The Chief Executive Officer is ultimately accountable for data protection and privacy compliance. Our Project Performance and Risk Oversight function is responsible for creating and taking a strategic view of all areas of information governance, ownership and risk. This function supports and drives a Governance agenda across the organisation and provides the Governance and Ethics Committee, Executive Committee and CEO with the assurance that effective information governance controls and assurance are in place.
The office of the Chief Information Security Officer is responsible for developing and implementing our information security programme. The CISO reports directly to a member of the Executive Committee.
Our annual Code of Conduct training is mandated to all staff and emphasises the importance of information security and data privacy. Additionally, on-line cyber security and data security training is mandated to staff as part of the on-boarding process, with annual refreshers.
AtkinsRéalis is committed to increasing alignment with and certification to ISO 27001 and we are in the process of expanding the scope of certification. ISO 27001 is a key element of our cyber security strategy, and it is our intention that the majority or all of the business will be certified by the end of 2025.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Servers and end point devices are controlled using Group Policy to ensure standard configuration, enforce firewall rules, prevent modifications to security configuration and control installation of software. We engage a 3rd party to review each operating system build during the release process.
Our formal Change Management process ensures significant changes to our IT systems are undertaken in a controlled manner with relevant notification and approvals. Adherence to the Change Management processes protects all parties involved, minimises risk, ensures appropriate back-out plans are in place, highlights scheduling clashes and ensures that changes are only made after the consideration of likely impacts.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Our vulnerability and patch management policies sets out processes for managing application and network technical vulnerabilities. Vulnerabilities are identified from vendor notifications, other alert mechanisms and intelligence from our Cyber Security Operations Centre team; advisories will be reviewed and based on the level of severity and exposure a security update or other mechanism will be planned and scheduled. This will be largely guided by the base CVSS score but will not be exclusively driven by it. Planning will also consider any significant “temporal” factors. For example, vulnerabilities which are under active exploitation will be prioritised and expedited.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Security alerts from different systems are sent to a SIEM and monitored, reviewed, and actioned on an ongoing basis. We have firewalls and intrusion prevention systems protecting our networks where they connect with the Internet. Security gateways inspect incoming traffic for malicious code. Internet gateways are configured to detect and block attempts to link to ‘Command & Control’ devices on the Internet. Malware related alerts from corporate end-point devices are sent to a centralised logging and management system.
The Cyber Security Operations Centre team investigates any information breaches caused by the organisation and takes appropriate steps to remedy the incident.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Our online reporting system 'MyQSSE' is used to report all security incidents. It is the responsibility of all individuals employed by our organisation, or those who work on our controlled premises, to report all security incidents including ‘vulnerabilities’.
The corporate IT Incident Management process is designed to restore normal service operation as quickly as possible minimising the adverse impact on business operations and ensuring that the best possible levels of service quality and availability are maintained. In support of this aim, we have developed a Cyber/Information Security Incident Management Process for significant cyber / information security incidents.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Social Value

Social Value

Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

Fighting climate change

AtkinsRéalis are committed to achieving social value on everything we deliver. Everything we do supports our goal of delivering outstanding project outcomes for our clients, but also ensuring that we leave a legacy for our client and their stakeholders, whether it be environmental, social, or economic. As a global organisation working on the world’s biggest Infrastructure, Transport and Energy programmes we always work to ensure that climate change is considered. Tailored commitments will be agreed through the buying process.
Sustainability is at the heart of AtkinsRéalis purpose - engineering a better future for our planet and its people. As an organisation we have signed up to the United Nations Framework Convention on Climate Change's (UNFCCC) Race to Zero global campaign and signed the Business Ambition for 1.5oC commitments. We have signed The Climate Pledge, working towards net zero by 2030 and are in the process of setting science-based targets.
We support clients in safeguarding what we do today to enhance the environment and protect future generations from harm, this is fundamental to AtkinsRéalis’ sustainability policy and Sustainable Business Strategy.
We have a series of approaches that we use through the delivery of our cloud projects, including:
• Considering whole life carbon when designing systems and assets to minimise carbon.
• Utilising a variety of tools (appropriate to the sector and client) to assess whole life carbon from embodied to in-life to end of life.
• Raising awareness about climate change to stakeholders of the projects to ensure clear understanding.

Tackling economic inequality

AtkinsRéalis are committed to achieving social value on everything we deliver. Everything we do supports our goal of delivering outstanding project outcomes for our clients but also ensuring that we leave a legacy for our client and their stakeholders, whether it be environmental, social, or economic. Tailored commitments will be agreed through the buying process.
We are committed to creating a healthy future for communities and the wider economy. We do this through creating new businesses, jobs and skills and working with supply chain partners to create capacity and resilience.
We recognise some of the digital and cyber skills shortages facing the UK and are actively participating and promoting careers from school age children through to lifelong training. This is often delivered through STEM outreach schemes such as Governors for Schools programme and CyberFirst. This can include upskilling activities delivered by some of our highly skilled professionals ranging from interview and job preparation (e.g., CV support, Mock interviews) through to technical training (e.g., cyber security, digital skillset, STEM-based careers, supply chain engagement). We promote our full-time opportunities to priority groups based on the area of operation. (e.g., people living in regionally and nationally deprived areas /disabled people/ people who are underrepresented in the industry including Women, BAME, LGBT+ etc.).
We understand the opportunities a diverse supply chain can bring to complement our overall solution we are providing to our clients, such as innovation, improved productivity, novel or new technologies or niche skillsets. As a large organisation we have a large network of approved suppliers from diverse backgrounds including small and medium enterprises that we can utilise as required. These suppliers go through our due diligence process to ensure they meet our standards (i.e. around cyber security) and we are working with suppliers who share our values.

Equal opportunity

AtkinsRéalis are committed to achieving social value on everything we deliver. Everything we do supports our goal of delivering outstanding project outcomes for our clients but also ensuring that we leave a legacy for our client and their stakeholders, whether it be environmental, social, or economic. Tailored commitments will be agreed through the buying process.
We have achieved the platinum standard on Cleared Assured Accreditation and are well positioned in its advocacy of ED&I practices. We are committed to creating an inclusive, collaborative culture for all of its employees and sub-contractors and feeding back value directly to our clients.
AtkinsRéalis is a member of Inclusive Employers, a national network of businesses committed to building inclusive workplaces. Our processes have enabled us to create inclusive and diverse teams that will benefit clients with better performance, diversity of thinking and enhanced creativity. We are committed to cultivating a thriving diverse and inclusive work environment, where differences are valued and respected, and all staff are valued, supported, and treated fairly.
Equal opportunity is fundamental to how AtkinsRéalis operates. From the moment a candidate applies to a vacancy of ours, we assess how we can best ensure equality. With this in mind, we are committed to ensuring that we select and recruit the best people for each role based on their ability to do the job, in line with the needs of the business, irrespective of the candidates’ gender identity, marital status, disability, sexual orientation, health, age, race, nationality, religion, employment status, or membership or non-membership of a trade union. We pursue this commitment by having clear and concise procedures and guidelines for HR and line managers to ensure policies are fully understood and implemented.

Wellbeing

AtkinsRéalis are committed to achieving social value on everything we deliver. Everything we do supports our goal of delivering outstanding project outcomes for our clients but also ensuring that we leave a legacy for our client and their stakeholders, whether it be environmental, social, or economic. Tailored commitments will be agreed through the buying process.
We are passionately committed to changing the way we think about, and deal with mental/ physical health and wellbeing in the workplace. Without a happy, healthy, and energised team we wouldn’t be able to serve our clients in the innovative way we want to and make substantive change like cloud transformation possible. We live by our own values and ensure these are embedded in our delivery. When undertaking our work, we ensure all stakeholders have a safe and open dialogue to talk about health and wellbeing and access appropriate support.
We consider ourselves long term partners with communities, upskilling people and enabling wellbeing benefits over the long term. This can include:
• Partnering with local groups and charities to invest in community wellbeing appropriate to the services being delivered.
• Training our staff to deliver inclusive design in every piece of work to account for those with accessibility issues.
• Designing with users'’ wellbeing in mind. (Implementing user centered design principles and co-designing with the stakeholders who will use cloud technology.
• Engaging with stakeholders; to raise awareness to address specific wellbeing agendas, such as mental health.

Pricing

Price
£21,000 to £35,000 an instance
Discount for educational organisations
Yes
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ccs@atkinsrealis.com. Tell them what format you need. It will help if you say what assistive technology you use.