Causeway Technologies Limited

Buchanan Cloud Services Traffic & Highways

Cloud-based solutions designed to simplify and enhance the processes relating to traffic and highway personnel. The services below allow users to carry out traffic sign and structure design, road marking design, inventory management and WebGIS/Open source solutions

Features

• Traffic sign face design
• Traffic sign structure and foundation design
• Optimized and accurate input tools, which comply with TSRGD
• Traffic road marking design
• Map based Inventory management
• WebGIS solutions
• Comprehensive training and support service
• Regular system, software, and hardware upgrades and replacements
• Fully managed, resilient, and secure ISO 27001 environment
• Open source cloud-based QGIS

Benefits

• Manages the process of sign design wind loading structural work
• Enables generation of high quality data, which underpins revenue
• Centralised service enabling better cross departmental working
• Single system for managing aspects of traffic and highways work
• Efficient data entry tools e.g. signs to TSRGD 2016
• Generation of high quality and consistent statutory documents
• Transparency, information sharing with residents, councillors, police, fire services
• Cost effective, built by blending open and proprietary technologies
• Open-source cloud-based QGIS services
• No requirement for a CAD licence

£100 to £2,800 a user a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@buchanancomputing.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

425858836713272

Contact

Sales
02088463220
sales@buchanancomputing.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: Although the service is built to work primarily in a Microsoft Window based environment, it can be accessed via other platforms, such as Android. However, there may be individual applications licencing restraints.
• System requirements:
  • • Citrix Work space App - latest recommended version installed
  • Internet browers - Microsoft Edge, Firefox, Safari, Chrome etc.
  • Security certificate - DomainSSL SHA-256-G2

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Initial response is with an automatically-generated ticket number and requests are then prioritised and responded to in accordance with our SLA response times, which range from 30 minutes to 2 working days. Normally, response times are faster. Support desk core hours are 09:00 to 17:30 Monday to Friday (excluding bank holidays), during which time you can call the first line support team.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: All support queries (phone, email, online) are chanelled through the support team and are dealt with at the appropriate escalation levels starting with First Line Support -> Support Team Manager -> Product Managers -> Director Level staff. Support related costs are included in the price regardless of which level the issues are being handled at. Each client is assigned a technical project manager for the implementation stage, up until user acceptance testing is completed. Thereafter, the project is assigned to the hosted services support and management team.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Training is provided to users at the commencement of the contract. Various training courses are delivered to users depending on level of user ranging from a entry level training course, advanced user course and administration level course.; ; Training can be delivered either a) at Buchanan Computing office in Hammersmith London, or b) onsite at client offices or c) remotely.; ; Hard copy training manuals and exercises are provided to delegates that attend a training course.; ; User guides / helps files are provided and are accessible by users through the file menu.
• Service documentation: Yes
• Documentation formats:
  • PDF
  • Other
• Other documentation formats: CHM
• End-of-contract data extraction: At the end of the contract and including at anytime during the contract, designated users are able to export data in standard formats such as MapInfo Tab, MapInfo Midmif, ESRI Shp files. These exports can be saved to local networks or on specified FTP or SFTP sites. These exports can then be imported by other systems for use elsewhere.
• End-of-contract process: One month prior to the end of the contract, users will be notified that the contract will be coming to an end. Designated users will be advised to carry out an export and copy all data that has been generated during the contract to local networks or FTP/SFTP site. At the end of the contract date, all user logins will be deactivated. Other associated data such as base-mapping and address gazetteers will be provided back to the client in the standard/native format. There are no additional costs for supplying the data to the client at the end of the contract into the above mentioned standard formats. Costs may apply if the client requires data to be provided in the other formats.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • Linux or Unix
  • MacOS
  • Windows
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Mobile service is for disseminating data, and as such is read-only, with very limited editing abilities.
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: Yes
• What users can and can't do using the API: Users can select a traffic order data for publication to the web service, from which it can be accessed via an open restful API.
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Designated users, such as a supervisor or system administrator are able to customise the core element of the solution relating to traffic orders and make adaptations to meet the requirement of the clients. Areas that can be customised are: -being able to add user defined fields to restrictions and inventory items such as 'Tariff charge' -print templates, adding corporate logo, scale bars, legend location and north arrow -restriction types, schedule numbers and the way these are represented on the map in terms of style and colour These customisations will then be made available to all other users of the system.

Scaling

• Independence of resources: The system is built with scalability in mind. An assessment is carried out on the number of users, and more than sufficient hardware and software is assigned, including sufficient excess to handle short term spikes and peak periods of use. The processing and memory demand on the system is continuously monitored and when certain thresholds are reached, decisions are taken to increase capacity. These include a variety of measures such as installing additional RAM and/or hard disk space. The turnaround time is short due to close physical location of the servers and with the specialist technical staff having pre-qualified access.

Analytics

• Service usage metrics: Yes
• Metrics types: The system administrator(s) can identify system users along with full audit capabilities on users’ activities when using the system. The supplier can supplement this and provide Quarterly reports upon request, containing the following metrics: -Support incidents -Service credits -Maintenance carried out during reporting period -Scheduled and planned future maintenance -Availability of service
• Reporting types: Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: At the end of the contract and including at anytime during the contract, designated users are able to export data in standard formats such as MapInfo Tab, MapInfo Midmif, ESRI Shp files. These exports can be saved local networks or on specified FTP sites. These exports can then be imported by other systems for use elsewhere.
• Data export formats:
  • CSV
  • ODF
  • Other
• Other data export formats:
  • MapInfo Table ( .tab )
  • MapInfo Interchange Format ( .mid/mif )
  • AutoCAD ( .dxf )
  • Delimited Text ( .txt )
  • ESRI Shapefile (,shp)
  • APDS
  • D-TRO
  • GeoPackage ( .gpkg )
  • GeoJSON ( .geojson)
  • Other off-the-shelf are available on request
• Data import formats: Other
• Other data import formats:
  • MapInfo Table ( .tab )
  • ESRI Shapefile ( .shp )
  • MapInfo Interchange Format ( .mid/mif )
  • GeoJSON
  • KML
  • API

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: "Availability is measured as a percentage of the total time in a service period: Service Availability % = (((MP - SD)*100)/MP) where MP = Total number of minutes (derived from Service Core hours), excluding permitted maintenance, within the relevant Service period; and SD = Total number of minutes of Service Downtime, excluding permitted maintenance, in the relevant Service period. ; ; The Support service is available 24/7 via an online portal. During office hours’ (its core hours) 09:00 to 17:30 Monday to Friday, excluding bank holidays, users have direct access to our skilled support team via the support portal, emails and telephone. Users can email the support team outside of these hours, these requests are then processed at the beginning of the next working day. In addition, all users have 24/7 access to the support portal and knowledge base, which are a self-service way of obtaining answers to queries.; Availability levels shall be measured across a calendar month with all downtime included in the calculation (with a minimum availability level no lower than 99%). ; ; If the levels of availability on the agreed Services across the calendar quarter are below 99%, then a Service Credit shall be payable for a degraded Services.
• Approach to resilience: The resilient design of the system is deemed confidential and is available upon request, and as commercial-in-confidence. The system has been set up with levels of resilience and duplication to reflect the non-mission critical nature of the systems. Firewall threat detection detects activity that may be related to different types of attacks. When a rate limit is exceeded, a system log message is generated. Network is via DMZ controlled access. Access is controlled and restricted. All critical power (technical load on the data floor) is protected by A+B power paths which are fed by a Riello UPS system. There are also onsite generators that will provide a further 36 hours of autonomous power and can also be refuelled “on the fly” with additional diesel. A full building black out test is conducted once per month where mains electricity is cut off to the building allowing the UPS and generators to take the critical IT load for an hour.
• Outage reporting: Service outages are reported to designated users of the service by, a) email alerts, b) telephone call and if required c) on the company website.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: Online support portal is accessed via registered users. For simple support questions through telephone support, the caller needs to provide a name and this is checked against a named user list.; ; For support requests that are deemed more sensitive, the request must be sent by email and from a client originating email domain.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: NQA Certification Limited
• ISO/IEC 27001 accreditation date: 25/04/2022
• What the ISO/IEC 27001 doesn’t cover: End user IT infrastructure
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: ISO27001

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: An information security policy is in place, and is available for inspection upon request. It details: - information provision - use, disclosure and publication - data protection - confidentiality - retention, review and deletion Security - baseline security for data processing personnel - information security organisation - assets classification and control - personnel security - physical and environmental security - system access controls - business continuity planning The governance structure relating to information security within BC has been implemented and is in place. Information security is governed through a company hierarchy (Managing Director, ICT and Support Manager, Hosting Manager). It is the responsibility of the ICT and Support Manager to draft these policies and manage their deployment. They are reviewed by relevant directors and managers. All staff are responsible for being aware of the policy and working within its guidelines.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: "Change control procedures are in place regarding any alterations or changes to the infrastructure or applications. There is a managed and considered process for carrying out software updates and security patches.; Operating System Patches: regularly / automatically downloaded. Then reviewed prioritised and if appropriate, installed. ; Quarterly maintenance schedule. Issued annually and agreed with client. ; All software changes to BC’s own applications are done so in accordance with our Software development standards. These are all carried out in-house and with Version control software.; All patches and updates are installed in a timely manner according to their relevance and severity.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: "Vulnerability management is outlined in our Vulnerability Management Process and Procedure document, including:; AppCheck scans run weekly on external facing sites. All newly deployed virtual instances include Kaspersky for Servers agent, centrally managed using Kaspersky Security Centre. Vulnerability reports are run weekly. All web servers have ClamAv and RKHunter deployed to block threats and vulnerabilities. External penetration testing conducted annually. Application whitelisting is deployed using Applocker ensuring only specific executables are allowed to run. Network separation for management traffic. Restrictive file shares to relevant groups.; Traffweb has additional checks and measures centred on OWASP top 10 Web application security risks.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: "Protection from untrusted networks by standard boundary controls consist with perimeter network and intrusion and threat detection systems -Via DMZ controlled access. ; All critical infrastructure is monitored using Nagios. Controls protect against malware and viruses. Kaspersky Endpoint Security for Windows installed on every server. Configured to monitor and scan for viruses, worms, Trojans, malicious tools, malware and auto-diallers. Virus definition files are updated every 2 hours. Suspicious/infected files are quarantined. Staff are automatically alerted as incident occurs, for immediate action. Extensive auditing is built into the software to record certain activity such as data edit.
• Incident management type: Supplier-defined controls
• Incident management approach: "Buchanan have established policies and procedures for responding to potential incidents. These define the types of events that must be managed via the incident response process and classifies them based on severity. In the event of an incident, affected customers will be informed via email from our support team. Incident response procedures are tested and updated at least annually.; The Terms of Our Service level agreement require us to report security issues which are identified as High, Medium or Low levels.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Buchanan Computing takes responsibility for its actions and endeavours to achieve a positive impact through its activities on the environment, customers, employees, and the public, including future generations. ; ; We provide professional services, whose main direct impact on the environment is limited to office work, printing and the cloud services we provide. Through our environmental policy and purchasing policy, we aim to reduce our impact on the environment, including reduction in our Carbon emissions. Power used to power our office and cloud services all comes from 100% renewal able green energy. In addition, zero percent of waste produced within our office building, ends up in Landfill. We are actively recycling and repurpose redundant equipment, such as IT equipment. ; Buchanan Computing purpose is to build applications and services that have a positive impact on the natural and social environment, and help local authorities achieve their environmental and social value goals, including: ; ; • Directly, by reducing road collisions, providing clear navigation aids and optimal designs for the most efficient safer use of the road space. ; ; • Indirectly, by bringing a set of benefits to residents and local businesses, such as reducing congestion, making safer streets, and lowering emissions; ; We have championed the use of API services, to be used in order to reduce the need for unnecessary data replication. We estimate that data is commonly replicated over 100 times. If by using APIs and webservices, the power required for holding these replicated versions was removed, it would make a significant reduction in the country’s power consumption requirements, and help the UK achieve its NetZero goal .

  Covid-19 recovery

  Numerous measures have been taken to enable the Company to operate fully as well as to support staff and clients during the Covid-19 pandemic and the on-going recovery. These include operational changes to enable Hybrid working (Home and Office), replacement of staff desktop computers with laptops (which are recycled), installation of software and hardware to support secure and functional remote working, installation of a dedicated meeting booth in the office. The Pandemic is continually monitored and further actions will be taken if necessary.

  Tackling economic inequality

  As part of our Social Values policy we are committed to helping our customers reach their Social Values goals, by contributing towards local issues by improving economic, social and environmental well-being within their local area.

  Equal opportunity

  Buchanan Computing is an equal opportunities employer. The first aim of our policy is to ensure that no job applicant or employee receives less favourable treatment on the ground of race, colour, nationality, ethnic or national origins, religious beliefs, sex, marital status, and sexual orientation, or is disadvantaged by conditions or requirements which are not essential to the performance of the job. There will be no discrimination against persons with disabilities who have the necessary attributes for a post.; ; The second aim is to ensure that we have a diverse workforce that reflects the make-up of its catchment area, and to offer employment opportunities and work experience to local people whenever possible.; ; To ensure that such direct or indirect discrimination is not occurring, recruitment and other employment decisions will be regularly monitored to ensure that they are not adversely and unjustifiably affecting the opportunities of persons from any of these groups. Selection criteria and procedures will be frequently reviewed to ensure that individuals are selected, promoted and treated solely on the basis of their relevant merits and abilities.

  Wellbeing

  Buchanan Computing is committed to a holistic approach to the wellbeing of all employees, including physical and mental wellbeing. Examples of our current approaches and include:; ; • Everyone has a clear growth framework and we support our employees with the appropriate learning and development plan to achieve their goals; • We operate an honest, flexible working model so that employees do not have to sacrifice on their personal commitments ; • Generous annual leave provision to ensure appropriate R&R; • Access to Occupational Health Services when needed. ; • Access to lifestyle breaks of up to 6 months; ; The Company’s Policy is to provide and maintain safe and healthy working conditions, equipment and systems of work for all its employees, and to provide such information, training and supervision as they need for this purpose. The Company also accepts its responsibility for the health and safety of other people insofar as they are affected by the Company’s activities.; ; Health and safety matters in the Company’s office are regulated under the Health and Safety at Work Act 1974, the Workplace (Health Safety and Welfare) Regulations 1992, the Electricity at Work Regulations 1989, the Display Screen Equipment Regulations 1992 and other rules and regulations. The Company’s procedures and organisation for Health and Safety are designed to fulfil these requirements and more generally to ensure safe and healthy working conditions in the Company’s offices.; ; Health and safety requirements and procedures also apply to site and survey work and to staff located in the offices of clients or other organisations from time to time. The specific requirements and procedures will vary according to the circumstances but in every case, they will conform to Government guidance, standards and/or best practice.

Pricing

• Price: £100 to £2,800 a user a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: A demonstration site that can be made available to interested clients for the purposes of trialling most elements of the service. It includes sample data with pre-configured restrictions, dummy legal documents and print templates. Typically limited to one week and up to 3 concurrent evaluators.
• Link to free trial: Available upon request

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@buchanancomputing.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.