ATKINSRÉALIS UK LIMITED

CIRRUSlocate™ Gazetteer Service

CIRRUSlocate™ is a geographical index, providing a flexible, secure, automated and fast directory of all Great Britain’s addresses, properties and land areas. It also supports local candidate records. Using the best open source software, CIRRUSlocate™ lowers the cost of ownership for a geographical index.

Features

• Support for applications using British National Grid coordinate reference system.
• Support for applications using World Geodetic (WGS84) coordinate reference system.
• Search for closest addresses to a location.
• Search for complete address details using free text.
• Search for complete address details using a UPRN.
• Retrieves complete address details and, optionally, all its descendants.
• Local candidate records not in national dataset can be managed.

Benefits

• Provides Open API Specification for easier integration to business systems.
• Gazetteer data in the right format at the right time.
• Mobile - access to business address data on the move.
• Open Source – integrates best of breed components.
• Low cost of ownership through open source and cloud.
• Scalable to meet variable user demands.
• Resilient – multiple nodes, automatic restart after failover.
• High performance – through best of breed components and infrastructure.

£21,000 to £35,000 an instance

• Education pricing available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ccs@atkinsrealis.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

383092049685167

Contact

Martin Yeoman
+44 1372 75 2023
ccs@atkinsrealis.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: No
• System requirements:
  • A modern, standards compliant web browser.
  • Client-side API.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Business Day, Monday - Friday: ; • A – Critical, respond in 2 working hours, providing circumvention instructions where possible or fix within 1 working day. ; • B – Major, respond in 4 working hours, providing circumvention instructions where possible or fix within 2 working days. ; • C – Functional failure, respond in 8 working hours, providing circumvention instructions where possible or fix within 7 working days.; • D – Intermittent failure, respond in 8 working hours, providing circumvention instructions where possible or fix within 15 working days.; • E – Minor, fix included in next appropriate release.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Standard Support is available during 08:00 – 18:00 hours, Monday to Friday (not English Public Holidays). Incidents may be logged via the web, telephone, or email during these times. Additionally, Incidents may be logged via the web outside of these hours, but they will not be progressed until the next working day. Software fixes will be progressed during these hours, and a release made available in line with the Customers agreement. 7 days per week – see Standard Hours, the addition being able to log and receive responses to Incidents during the additional hours. Please note that we operate a Restoration of Service (RoS) approach to support on the additional days e.g., Saturday, Sunday and English public holidays – See below for RoS definition. 24/7 - see 7 days per week, the addition being able to log and receive responses on a 24/7 basis. Restoration of Service (RoS) – during extended hours of support the aim is to get the Customer operational as soon as possible. Software fixes will not be provided during the additional hours of support. Incidents remain the responsibility of the Technical Support team throughout the life cycle.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Data restoration and migration are not part of this service by default. Both of these options can be purchased separately. AtkinsRéalis is able to migrate existing client data such as Candidate Records or User Defined Records into CIRRUSlocate™ so that they are available for the Gazetteer searches. The price of this service is dependent upon the amount and variety of legacy data to be migrated and will be determined during a clarification exercise prior to the commissioning of any work.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: A standard database backup of any candidate record data will be made available to the client upon termination of the service.
• End-of-contract process: Once the contract has ended the account will be removed from the service and any local candidate records destroyed.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: The service makes data available for consumption by client API’s so not applicable.
• Accessibility standards: None or don’t know
• Description of accessibility: None, this is not an interactive service with a GUI. It is an API service used to search for addresses and intended for integration into other business systems through interface programming.
• Accessibility testing: This is not an interactive service with a GUI. It is an API service used to search for addresses and intended for integration into other business systems through interface programming.
• API: Yes
• What users can and can't do using the API: We can provide customisation to enable the use of CIRRUSlocate™ with client applications. This is done through the creation of “System Connectors” that encapsulate the business logic to be applied to gazetteer search results.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: We can provide customisation to enable the use of CIRRUSlocate™ with client applications. This is done through the creation of “System Connectors” that encapsulate the business logic to be applied to gazetteer search results.

Scaling

• Independence of resources: We use a Private Cloud platform that has been scaled by our service provider to support a very large customer base. Each on-boarded customer is allocated virtual servers for the service to run on, these virtual servers have an allocation of resources dedicated to them and so users are not impacted by the demands of other users.

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: Never
• Protecting data at rest: Physical access control, complying with another standard
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: The service provided, uses address data from AddressBase Premium. There should be no requirement to export the data from CIRRUSlocate™. Should an export of the local candidate data be required, this can be requested separately.
• Data export formats: Other
• Other data export formats:
  • Esri File Geodatabase
  • Esri Shapefile
  • MapInfo TAB files
  • Most other GIS formats
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • Esri File Geodatabase
  • Esri Shapefile
  • MapInfo TAB files
  • Most other GIS formats

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: Other
• Other protection within supplier network: Data is stored in a PostgreSQL database with security enabled, the database holds the information for the service and is not accessible from other systems. Access controls in place prevent users from accessing the database. Access to the data by AtkinsRéalis staff is strictly controlled. Staff from our service provider only have access to servers in order to provide support and maintenance, they do not have access to the information held within the databases. Physical access is tightly controlled within the data centre, no member of staff has access without appropriate permissions, once logged on they cannot access the databases.

Availability and resilience

• Guaranteed availability: Our service provides 99% uptime during the agreed hours of service.
• Approach to resilience: We utilise a Private Cloud environment built using the Virtuozzo Cloud Management platform. It provides an environment that is: - Scalable through auto-scaling (up and out) - Highly available through automatic failover and full active-active High Availability The system is deployed across a multi-node environment ensuring that node failures do not bring the system down, the cloud management platform continually balances load across nodes and moves running services across nodes when issues are detected.
• Outage reporting: Real-time server monitoring provides alerts to our Cloud providers when services have failed, these outages are then reported to our clients through the Technical Support helpdesk.

Identity and authentication

• User authentication needed: Yes
• User authentication: 2-factor authentication
• Access restrictions in management interfaces and support channels: The provision of privileged user accounts and accounts for sensitive services requires additional approval by our corporate IT’s security team. This team determines which type of administration account is to be created for the requestor depending on the access required and where the requestor is based. Privileged users have a separate account for carrying out administrative tasks and do not use generic or system created accounts for interactive logon.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: No audit information available
• Access to supplier activity audit information: No audit information available
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Lloyd's Register Quality Assurance Limited
• ISO/IEC 27001 accreditation date: 06/04/2024
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: Cyber Essentials and Cyber Essentials PLUS Certified.
• Information security policies and processes: The Chief Executive Officer is ultimately accountable for data protection and privacy compliance. Our Project Performance and Risk Oversight function is responsible for creating and taking a strategic view of all areas of information governance, ownership and risk. This function supports and drives a Governance agenda across the organisation and provides the Governance and Ethics Committee, Executive Committee and CEO with the assurance that effective information governance controls and assurance are in place.; The office of the Chief Information Security Officer is responsible for developing and implementing our information security programme. The CISO reports directly to a member of the Executive Committee. ; Our annual Code of Conduct training is mandated to all staff and emphasises the importance of information security and data privacy. Additionally, on-line cyber security and data security training is mandated to staff as part of the on-boarding process, with annual refreshers.; AtkinsRéalis is committed to increasing alignment with and certification to ISO 27001 and we are in the process of expanding the scope of certification. ISO 27001 is a key element of our cyber security strategy, and it is our intention that the majority or all of the business will be certified by the end of 2025.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Servers and end point devices are controlled using Group Policy to ensure standard configuration, enforce firewall rules, prevent modifications to security configuration and control installation of software. We engage a 3rd party to review each operating system build during the release process.; Our formal Change Management process ensures significant changes to our IT systems are undertaken in a controlled manner with relevant notification and approvals. Adherence to the Change Management processes protects all parties involved, minimises risk, ensures appropriate back-out plans are in place, highlights scheduling clashes and ensures that changes are only made after the consideration of likely impacts.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Our vulnerability and patch management policies sets out processes for managing application and network technical vulnerabilities. Vulnerabilities are identified from vendor notifications, other alert mechanisms and intelligence from our Cyber Security Operations Centre team; advisories will be reviewed and based on the level of severity and exposure a security update or other mechanism will be planned and scheduled. This will be largely guided by the base CVSS score but will not be exclusively driven by it. Planning will also consider any significant “temporal” factors. For example, vulnerabilities which are under active exploitation will be prioritised and expedited.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Security alerts from different systems are sent to a SIEM and monitored, reviewed, and actioned on an ongoing basis. We have firewalls and intrusion prevention systems protecting our networks where they connect with the Internet. Security gateways inspect incoming traffic for malicious code. Internet gateways are configured to detect and block attempts to link to ‘Command & Control’ devices on the Internet. Malware related alerts from corporate end-point devices are sent to a centralised logging and management system.; The Cyber Security Operations Centre team investigates any information breaches caused by the organisation and takes appropriate steps to remedy the incident.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Our online reporting system 'MyQSSE' is used to report all security incidents. It is the responsibility of all individuals employed by our organisation, or those who work on our controlled premises, to report all security incidents including ‘vulnerabilities’. ; The corporate IT Incident Management process is designed to restore normal service operation as quickly as possible minimising the adverse impact on business operations and ensuring that the best possible levels of service quality and availability are maintained. In support of this aim, we have developed a Cyber/Information Security Incident Management Process for significant cyber / information security incidents.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  AtkinsRéalis are committed to achieving social value on everything we deliver. Everything we do supports our goal of delivering outstanding project outcomes for our clients, but also ensuring that we leave a legacy for our client and their stakeholders, whether it be environmental, social, or economic. As a global organisation working on the world’s biggest Infrastructure, Transport and Energy programmes we always work to ensure that climate change is considered. Tailored commitments will be agreed through the buying process.; Sustainability is at the heart of AtkinsRéalis purpose - engineering a better future for our planet and its people. As an organisation we have signed up to the United Nations Framework Convention on Climate Change's (UNFCCC) Race to Zero global campaign and signed the Business Ambition for 1.5oC commitments. We have signed The Climate Pledge, working towards net zero by 2030 and are in the process of setting science-based targets. ; We support clients in safeguarding what we do today to enhance the environment and protect future generations from harm, this is fundamental to AtkinsRéalis’ sustainability policy and Sustainable Business Strategy. ; We have a series of approaches that we use through the delivery of our cloud projects, including:; • Considering whole life carbon when designing systems and assets to minimise carbon.; • Utilising a variety of tools (appropriate to the sector and client) to assess whole life carbon from embodied to in-life to end of life.; • Raising awareness about climate change to stakeholders of the projects to ensure clear understanding.

  Tackling economic inequality

  AtkinsRéalis are committed to achieving social value on everything we deliver. Everything we do supports our goal of delivering outstanding project outcomes for our clients but also ensuring that we leave a legacy for our client and their stakeholders, whether it be environmental, social, or economic. Tailored commitments will be agreed through the buying process.; We are committed to creating a healthy future for communities and the wider economy. We do this through creating new businesses, jobs and skills and working with supply chain partners to create capacity and resilience.; We recognise some of the digital and cyber skills shortages facing the UK and are actively participating and promoting careers from school age children through to lifelong training. This is often delivered through STEM outreach schemes such as Governors for Schools programme and CyberFirst. This can include upskilling activities delivered by some of our highly skilled professionals ranging from interview and job preparation (e.g., CV support, Mock interviews) through to technical training (e.g., cyber security, digital skillset, STEM-based careers, supply chain engagement). We promote our full-time opportunities to priority groups based on the area of operation. (e.g., people living in regionally and nationally deprived areas /disabled people/ people who are underrepresented in the industry including Women, BAME, LGBT+ etc.).; We understand the opportunities a diverse supply chain can bring to complement our overall solution we are providing to our clients, such as innovation, improved productivity, novel or new technologies or niche skillsets. As a large organisation we have a large network of approved suppliers from diverse backgrounds including small and medium enterprises that we can utilise as required. These suppliers go through our due diligence process to ensure they meet our standards (i.e. around cyber security) and we are working with suppliers who share our values.

  Equal opportunity

  AtkinsRéalis are committed to achieving social value on everything we deliver. Everything we do supports our goal of delivering outstanding project outcomes for our clients but also ensuring that we leave a legacy for our client and their stakeholders, whether it be environmental, social, or economic. Tailored commitments will be agreed through the buying process.; We have achieved the platinum standard on Cleared Assured Accreditation and are well positioned in its advocacy of ED&I practices. We are committed to creating an inclusive, collaborative culture for all of its employees and sub-contractors and feeding back value directly to our clients. ; AtkinsRéalis is a member of Inclusive Employers, a national network of businesses committed to building inclusive workplaces. Our processes have enabled us to create inclusive and diverse teams that will benefit clients with better performance, diversity of thinking and enhanced creativity. We are committed to cultivating a thriving diverse and inclusive work environment, where differences are valued and respected, and all staff are valued, supported, and treated fairly. ; Equal opportunity is fundamental to how AtkinsRéalis operates. From the moment a candidate applies to a vacancy of ours, we assess how we can best ensure equality. With this in mind, we are committed to ensuring that we select and recruit the best people for each role based on their ability to do the job, in line with the needs of the business, irrespective of the candidates’ gender identity, marital status, disability, sexual orientation, health, age, race, nationality, religion, employment status, or membership or non-membership of a trade union. We pursue this commitment by having clear and concise procedures and guidelines for HR and line managers to ensure policies are fully understood and implemented.

  Wellbeing

  AtkinsRéalis are committed to achieving social value on everything we deliver. Everything we do supports our goal of delivering outstanding project outcomes for our clients but also ensuring that we leave a legacy for our client and their stakeholders, whether it be environmental, social, or economic. Tailored commitments will be agreed through the buying process.; We are passionately committed to changing the way we think about, and deal with mental/ physical health and wellbeing in the workplace. Without a happy, healthy, and energised team we wouldn’t be able to serve our clients in the innovative way we want to and make substantive change like cloud transformation possible. We live by our own values and ensure these are embedded in our delivery. When undertaking our work, we ensure all stakeholders have a safe and open dialogue to talk about health and wellbeing and access appropriate support. ; We consider ourselves long term partners with communities, upskilling people and enabling wellbeing benefits over the long term. This can include:; • Partnering with local groups and charities to invest in community wellbeing appropriate to the services being delivered. ; • Training our staff to deliver inclusive design in every piece of work to account for those with accessibility issues. ; • Designing with users'’ wellbeing in mind. (Implementing user centered design principles and co-designing with the stakeholders who will use cloud technology. ; • Engaging with stakeholders; to raise awareness to address specific wellbeing agendas, such as mental health.

Pricing

• Price: £21,000 to £35,000 an instance
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ccs@atkinsrealis.com. Tell them what format you need. It will help if you say what assistive technology you use.