ROADMAP by Arcadis IBI Group
ROADMAP allows road authorities to automate
the process of planning, applying and managing
the approvals of road and highway closures and
keeping travellers informed of associated impacts
and delays.
Features
- Paperless centralised repository
- Tracks closures by individual lanes, sidewalks, doors and driveways
- Calculates closure costs
- Conflict detection and Links related closures
- Generates future and historical reports
- Generates future and historical reports
- On-line access for external contractors
- Offered as a hosted solution, on a fee-forservice basis
- RESTful APIs used for all data interfaces
- Built-in alerts and thresholds
Benefits
- Fully customisable per client installation
- Increased accuracy of road closure information
- Reduced permit processing costs
- More timely and accurate information to contractors and travellers
- Customised reports for senior management
- Customised reports for senior management
- View your data on the move via tablet and mobile
- More informed closure approval decisions
- User management system provided as standard
Pricing
£48.50 an instance a year
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
4 2 2 9 7 4 7 7 8 2 7 0 1 7 5
Contact
IBI Group UK Ltd
Gareth Bower
Telephone: 0141 331 4500
Email: uk_intelbd@arcadis.com
Service scope
- Software add-on or extension
- No
- Cloud deployment model
-
- Public cloud
- Private cloud
- Service constraints
-
Any maintenance activities that might result in service degradation or unavailability will be undertaken outside of normal working hours.
Buyers will be informed by email one week in advance of any planned maintenance or downtime. - System requirements
-
- Client machines require modern web browsers
- Client browser must be JavaScript enabled
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- Questions submitted via e-mail or telephone will be responded to during weekday business hours (9 am to 5 pm). Critical faults raised will b eresponded to within 1 hour. Non-critical faults will be responded to within 1 working day. Response times do not included weekends.
- User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- WCAG 2.1 AA or EN 301 549
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), 7 days a week
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
- First level e-mail and telephone support is provided during office hours (9 am to 5 pm). Issues raised by customers are triaged by the first line support team and reported to the relevant support teams for resolution. A technical account manager oversees the customer arrangements, ensuring updates and communication on all support items.
- Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- Onsite training is provided as part of the onboarding process
- Service documentation
- Yes
- Documentation formats
- End-of-contract data extraction
- A copy of the full database export is provided at the end of the contract.
- End-of-contract process
- We provide the client with a digital copy of all their data and files. All proprietary data residing on our servers will be deleted.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Application to install
- Yes
- Compatible operating systems
-
- Android
- IOS
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
-
The ROADMAP mobile app provides real-time auditing and data collection, including:
• Capture of geotagged content including timestamped photos
• Metadata generated and embedded in captured data, ensuring there is an audit trail
•Centralised authentication ensuring only those with permissions
can access and submit reports
•Functionality to interface with the back-end database application
• Designed with large buttons, and minimal clicks for ease of use in the field
• Features online and offline reporting for resiliency to intermittent mobile communications
•Built from native mobile app technology,compatible with all modern iOS and Android devices (phones and tablets) - Service interface
- Yes
- User support accessibility
- WCAG 2.1 AA or EN 301 549
- Description of service interface
-
ROADMAP is accessed through a responsive, browser-based interface. The mobile application is accessed via either a mobile phone or tablet
device running either Android or iOS. - Accessibility standards
- WCAG 2.1 AA or EN 301 549
- Accessibility testing
- Interface testing has been undertaken in-house.
- API
- Yes
- What users can and can't do using the API
- Users can request road closure information via the API.
- API documentation
- Yes
- API documentation formats
- HTML
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
- Customers can configure mapping data for local geographic area, configure reports, road closure permit validation check list, UI skin and logos.
Scaling
- Independence of resources
- The ROADMAP API spins up a new instance per request and each instance runs in its own application pool. IIS handles the application pool management using available resources on the server. The server can be clustered so that it scales.
Analytics
- Service usage metrics
- No
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Developed Vetting (DV)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
-
- United Kingdom
- European Economic Area (EEA)
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Supplier-defined controls
- Penetration testing frequency
- At least every 6 months
- Penetration testing approach
- In-house
- Protecting data at rest
- Physical access control, complying with CSA CCM v3.0
- Data sanitisation process
- Yes
- Data sanitisation type
- Explicit overwriting of storage before reallocation
- Equipment disposal approach
- In-house destruction process
Data importing and exporting
- Data export approach
- We will assist with any data export requirements that the users may have.
- Data export formats
- CSV
- Data import formats
- CSV
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- TLS (version 1.2 or above)
- Other
- Other protection between networks
- Secure role-based logins.
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- Other
- Other protection within supplier network
- Secure role-based logins.
Availability and resilience
- Guaranteed availability
-
99.9% up time is guaranteed during office hours. There is no standard SLA for the ROADMAP service, but one can be agreed with the Buyer if
required. - Approach to resilience
-
ROADMAP services run in the Cloud on Virtual Instances. Data centre suppliers used, such as Azure are committed to resilience and up-time via
SLAs. - Outage reporting
- Email alerts are used to report system outages.
Identity and authentication
- User authentication needed
- Yes
- User authentication
- Public key authentication (including by TLS client certificate)
- Access restrictions in management interfaces and support channels
- Secure role-based logins
- Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- 2-factor authentication
- Username or password
Audit information for users
- Access to user activity audit information
- Users contact the support team to get audit information
- How long user audit data is stored for
- At least 12 months
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- DNV
- ISO/IEC 27001 accreditation date
- 27/02/2024
- What the ISO/IEC 27001 doesn’t cover
- No exclusions
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- Yes
- Who accredited the PCI DSS certification
- MNP LLP
- PCI DSS accreditation date
- 01/09/2023
- What the PCI DSS doesn’t cover
- None
- Cyber essentials
- Yes
- Cyber essentials plus
- Yes
- Other security certifications
- Yes
- Any other security certifications
- SOC2
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
-
- ISO/IEC 27001
- Other
- Other security governance standards
- We secure Personal Data as a Data Controller or Data Processor through compliance with the Cyber essentials Plus, ISO 27001 Standard, SOC2 Reporting and PCI-DSS compliance. These standards are regularly audited and are the basis for the controls we have when handling client data (Product dependant)
- Information security policies and processes
-
Our IS Global Policies cover the following:
Information Classification;
Information Sharing & Handling Rules;
Acceptable Use;
Asset Management;
Change Management;
Physical Access Control;
Human Resource Security;
Mobile Device Security
Operational security
- Configuration and change management standard
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Configuration and change management approach
-
We have centralised registers for our hardware and software assets and these are management through a Change Advisory Board, which meets regulary to manage change and advise on the risk of new asset introduction.
These procedures are in compliance with ISO27001:2022 and SOC2 - Vulnerability management type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Vulnerability management approach
-
Our Change Advisory Board classifies:
Normal – Enhancements/other planned changes in line with product roadmaps
Standard – Routine updates to keep systems/products healthy, e.g. patching vulnerabilities with Medium, Low/Very Low classification
Emergency Outage – Changes in response to direct issues affecting a platform/product from operating in line with client expectations.
Emergency Imminent – an emergent known threat that could bring disruption to systems/products, e.g. zero-day vulnerabilities.
Emergency Scheduled – Important changes that can be implemented per schedule but have a high/critical classification.
Threats assessed by the CAB board and implementation and testing requirements set along with timelines for deployment. - Protective monitoring type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Protective monitoring approach
-
Intrusion detection monitoring systems and tools are in place both at the hardware and software levels and these trigger upon detection.
We take the necessary steps to comply with the local information security office in the domains we operate and notify accordingly.
We operate monitoring services 24/7/365 and have remote teams ready to act upon detection and carry out the appropriate actions to minimise disruption following disaster recovery plans as appropriate. We conform to ISO27001:2022 - Incident management type
- Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
- Incident management approach
-
Employees comply with the Arcadis General Business Principles and the full suite of data protection policies.
Most incidents are reported through monitoring tools but employees are comppelled to report any incidents to their immediate line manager and through our tech services organisation. Incident management takes over from there and reporting is in line with best practice and compliance with local regulatory laws and ISO27001:2022.
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Public sector networks
- Connection to public sector networks
- No
Social Value
- Social Value
-
Social Value
- Fighting climate change
- Covid-19 recovery
- Equal opportunity
Fighting climate change
Users can access data remotely without having to make car journeys to be on site each time to check the status of road closures, thus reducing carbon emissions from car journeys.Covid-19 recovery
Arcadis-IBI Group are supporting a mixed return to office. Those employee's effected by COVID-19 with regard to short and long term recoveries both physically and mentally. No one is being forced to come back to the office environment when they are settled in working from home. With several of our own local staff moving further afield, remote work is seen as the new normal from us.Equal opportunity
Arcadis-IBI Group is committed to creating a culture where everyone has an equal opportunity to grow, develop, succeed and be their truest self. We hold each other accountable to create and contribute to an inclusive culture, which includes a focus on increasing gender representation and diversity across the entire organisation. In 2022 IBI launched the Diversity, Inclusion and Belonging (DIB) Scholarship which rewards students who self-identify as Black with a $5,000 scholarship at six partner universities across Canada and the United States. This scholarship is one of many IBI Group programs aimed at increasing internal gender representation and diversity and in turn fostering an environment where everyone is encouraged to be themselves and achieve a sense of belonging. In 2023 Arcadis-IBI group launched a scholarship programme for indigenous students across Canada in collaboration with Indspire.
Pricing
- Price
- £48.50 an instance a year
- Discount for educational organisations
- No
- Free trial available
- No