CPC Project Services Ltd

OP1 Data Vault

Our data engineering and hosting solution offers a suite of services tailored specifically for each client, enabling efficient integration and analysis of data from disparate sources. We empower our clients to leverage their data assets effectively. Facilitating informed decisions, enhancing operational efficiency, and ultimately, delivering better value and outcomes.

Features

• Whole Railway Data Integration
• Operational Support
• Stranded Train Management
• Railway Simplifier Generation
• Rail Fleet Overview
• Crew Tracking
• Rolling Stock Data Integration and Visualisation

Benefits

• Efficient data transformation, cleansing, and storage for insightful analysis.
• Seamless integration for comprehensive analysis across diverse data sources.
• Scalable infrastructure ensuring secure and accessible data processing capabilities.
• Compliance with regulatory requirements, mitigating legal and reputational risks.

£2,000 a unit a year

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at g-cloud@cpcprojectservices.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

446535416909439

Contact

Lera Serieux
02075394750
g-cloud@cpcprojectservices.com

Service scope

• Service constraints: No.
• System requirements:
  • Internet Access
  • Compatible Web Browser
  • Software Licence
  • Internet Enabled Devices
  • Data input

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Response times are subject to each clients SLA with CPC.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: No
• Web chat support: Yes, at an extra cost
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: We use Microsoft Teams for Web Chat. Microsoft strives to meet WCAG accessibility standards, specifically aiming for conformance with WCAG levels A and AA criteria. Microsoft evaluates its products against these guidelines. See https://www.microsoft.com/en-us/trust-center/compliance/accessibility.
• Web chat accessibility testing: No testing completed to date, we can undertake this in response to customer request and need.
• Onsite support: No
• Support levels: CPC provide a support and service desk that can be contacted through email and the electronic ticketing system linked through our hosted web-based software.; ; Each customer has a dedicated account manager.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Initial guidance is given to a user champion (train the trainer). User manual is available. Solutions are built in an intuitive way using icons and tool tips to naturally guide users through the interface.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Actions to be carried out at the end of the contract and associated their costs are discussed and agreed prior to contract commencement.
• End-of-contract process: Actions to be carried out at the end of the contract and associated their costs are discussed and agreed prior to contract commencement.

Using the service

• Web browser interface: No
• API: Yes
• What users can and can't do using the API: API Access allows users to read only access to their data sets.
• API automation tools: Other
• Other API automation tools: Can be defined by the client
• API documentation: Yes
• API documentation formats: HTML
• Command line interface: No

Scaling

• Scaling available: Yes
• Scaling type:
  • Automatic
  • Manual
• Independence of resources: This is controlled through different access levels agreed at the start of the contract.; ; Each customer has their own dedicated server.
• Usage notifications: No

Analytics

• Infrastructure or application metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest: Physical access control, complying with another standard
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: A third-party destruction service

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • Database back ups
  • Historical data and reporting
• Backup controls: CPC provide this service as standard to all customers.
• Datacentre setup: Multiple datacentres with disaster recovery
• Scheduling backups: Supplier controls the whole backup schedule
• Backup recovery:
  • Users can recover backups themselves, for example through a web interface
  • Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Availability guarantees are subject to each clients SLA with CPC.
• Approach to resilience: Information is available on request.
• Outage reporting: Should an outage occur CPC will issue an email from the service desk detailing the cause of the problem and details of when the issue will be resolved.

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
• Access restrictions in management interfaces and support channels: All users have a pre-agreed access to the web based system appropriate to their user level.; ; Reports are available on the system to monitor individual usage.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
• Devices users manage the service through: Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: You control when users can access audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: You control when users can access audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: No
• Security governance certified: No
• Security governance approach: We have security essentials plus accreditation and are working towards ISO 27001 certification in the near future.
• Information security policies and processes: We have security essentials plus accreditation and are working towards ISO 27001 certification in the near future.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Config and change management processes are subject to each clients SLA with CPC.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: CPC assess threats on a case by case basis taking into account the type of threat, the level of threat and how it affects our software and hardware infrastructure.; ; Patches are typically deployed on a time scale based on the level of threat. Known high vulnerabilities are patched within a few days and medium risk vulnerabilities within 10 days and low risk vulnerabilities within a month.; ; Information on threats typically comes from the chosen web service provider, software vendor notifications and security message boards.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: CPC regularly view detailed logs of access and attempted access.; ; All access to servers is blocked, only allowing access to the website via the standard port.; ; As part of our quality assurance CPC respond instantly and put a plan in place immediately based on the level of threat.
• Incident management type: Supplier-defined controls
• Incident management approach: CPC have pre-defined processes in place through agreed SLA's with third party suppliers.; ; Users are able to report incidents through the web based ticketing system. ; ; CPC provide incident reports through communicate with users via the ticketing system and also provide communication via email dependant on the incident.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: No

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: CPC Software is hosted within AWS which adhere to the EU Code of Conduct.

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  CPC is committed to achieving net zero emissions by 2050, if not before, our SME targets have been verified by the Science Based Target initiative (SBTi). We have been a carbon neutral business since 2021, annually using the Carbon Neutral Britain methodology and DEFRA Greenhouse gas reporting. ; ; Employee Network: As well as complying with our ISO14001 environmental management system, to monitor and reduce our carbon reduction activity, our Climate Action Group:; ; • Raise awareness of key climate updates/changes, educate and promote best practices through the use of ‘monthly moments’ and newsletters; • Implement companywide initiatives, Recycling Week, Climate Quiz and Save the Bees; • Provide Skills Share Session on ‘climate’ topics to influence behaviour change and to benefit project delivery (delivered by employee and guest speakers); • Track and analyse companywide environmental performance on projects; ; Measuring and Taking Action: Our PPN06/21 compliant Carbon Reduction Plan sets out our emissions, reduction targets (near and long-term), as well as our performance against these targets. We report that following a review of Scope 1 & 2 emissions they have reduced by 54% from our baseline year, largely due to change in travel behaviour. We have, and continue to take action to reduce waste through promoting recycling, eliminating single use plastics, reduced energy usage through efficient printing, sensor lighting and auto turn off of IT. We also consult with our suppliers and landlords on their carbon reduction practices to positively influence behaviours.; ; Supporting Clients: CPC actively supports its clients in reaching Net Zero targets through a focus on sustainability leadership and management from the outset of our projects. We invest time upfront to understand the clients’ sustainability goals and aspirations and assist them in developing a bespoke strategy, tailored to their specific requirements, and drive progress through the management of environmental trackers and reports.

  Covid-19 recovery

  We outline in our answers to ‘Fighting Climate Change’, ‘Tackling Economic Inequality’, ‘Equal Opportunity’ and ‘Wellbeing’ how we support individuals and the environment to recover from the effects of Covid-19.

  Tackling economic inequality

  CPC is committed to tackling economic inequality; developing skills to support the future needs of industry is a key priority for CPC. We have designed our Volunteering Programme around ‘developing skills for the future’ and ‘promoting our profession’. ; ; In collaboration with our clients, we agree at the outset how we help tackle economic inequality in their communities and implement this through the project lifecycle.; ; Local Recruitment: We plan to grow, provide new employment opportunities for local people across regions. ; ; Inspiring the Future: CPC partners with the ‘Inspiring the future’ charity, which connects CPC volunteers with schools and colleges across the country, informing children of different careers in construction and the range of opportunities available. Engagement includes; Careers Advice, Day in my Life and Mock Interviews. We use this vehicle to connect with education establishments in local communities, reaching deprived areas and empowering children from all backgrounds. ; ; Developing Skills in Science, Technology, Engineering and Maths: Our employees are encouraged to join the STEM Ambassador Programme to help students improve attainment in these key subjects. By supporting local schools/colleges with STEM workshops we aim to making learning fun through interactive tasks.; ; Apprenticeships: We provide apprenticeships to develop skills from the local area, resulting in recognised qualifications. Advertising in local colleges and job centres to recruit individuals local to our offices/projects.; ; Work Experience/T-Level Placements: We offer paid work experience for local people, offering exposure to the industry, career guidance and developing core skills. Each year we welcome individuals from secondary schools and universities local to our offices/projects, providing both administrative and site-based learning.; ; Internal Processes: We support each employee to achieve their aspirations. Our embedded training and development programme includes:; • Bi-Annual Appraisal System; • Graduate Training; • Skills Share Sessions ; • Mentoring; • Chartership Support Networks ; • Leadership Programme for aspiring leaders

  Equal opportunity

  CPC is committed to creating an inclusive and diverse working environment where everyone is respected and treated equally. We are a committed member of ‘Inclusive Employers’ using their resources to embed an equitable culture.; ; Training: To support our EDI policy all employees must complete Equality on Diversity training, which includes education on protected characteristics, when joining CPC and then every 2 years. Those in management positions must also complete an Unconscious Bias course. ; ; Recruitment: To ensure there is no barrier to employment we have removed personal information from CV’s before sending them to hiring managers to avoid unconscious bias. We ensure that opportunities with CPC, a Living Wage employer, are accessible using media sources available to all demographics. ; ; Agile Working: Our Agile Working Policy offers an opportunity to create a more diverse workforce, supporting employees from different demographics across all job levels. It can also help close the gender gap by creating more flexibility for individuals with childcare issues, particularly where we are looking to increase under represented groups in male dominated industries such as the technology sector. ; ; Process Adjustments: CPC takes a proactive approach to ensure equal opportunities for all individuals including those with varying abilities by offering reasonable adjustments in both recruitment processes and daily life. Neurodiverse individuals, encompassing conditions like ADHD, Autism, and Dyslexia, receive extended exam and learning times. We consider flexible working options prior to retirement, ensure succession planning is age neutral.; ; Employee Network: Our Network of Equality and Diversity (NEDI) actively work to educate staff and challenge discriminatory assumptions of individuals with different abilities and neurodiverse conditions. The group awareness on key topics and support awareness days, such as; International Women’s Day, Black History Month, Pride, and arrange webinars, featuring speakers like Wendy Smith, a former Paralympian Basketball Champion.

  Wellbeing

  CPC has a comprehensive programme of wellbeing initiatives to support our employees in achieving and maintaining better health and wellbeing outcomes. ; ; Employee Network: Our Health and Wellbeing Group was established to support the 4 pillars of wellbeing: Physical, Emotional, Mental and Spiritual. This is achieved through the creation of a yearly calendar which comprises of activities, awareness days, quizzes, coffee mornings, runs/walks, webinars, talks and charity events. We produce a quarterly ‘Healthy Minds’ Newsletter, and ‘Monthly Moments’ which are shared at team meetings to reinforce policies and generate discussion on the subject of Health, Safety and Wellbeing.; ; Policies: CPC’s wellbeing policies span a wide range of topics: mental health and wellbeing, menopause, fatigue management, stress management, flexible and agile working. A recent addition to the office environment has been the implementation of a ‘reflection room’, a quiet space for employees and visitors.; ; Support Programme: includes;; • Comprehensive Employee Assistance Programme ; • 24-hr stress counselling helpline; • Mental Health First Aiders , who hold weekly Time–to–Talk sessions; • Private healthcare ; • Gym discounts ; • Cycle to work scheme ; • Support/resources through our corporate charity partner; Mental Health UK; ; Engagement: Every November we conduct a staff survey to anonymously obtain feedback on ‘Life at CPC’. We sought feedback on our approach to Good Health & Wellbeing to determine any improvements / additional communication needed to raise awareness or provide support. In our Nov-23 employee survey, 93.5% agreed that CPC provides enough support and resource on mental health and wellbeing.; ; Project Teams: We also like to foster a positive approach to wellbeing within our external project teams. This includes sharing our ‘Monthly Moments’ in project meetings to create a culture of support. We have also arranged wellbeing walks, these walk and talks are a good way to hold meetings away from a screen.

Pricing

• Price: £2,000 a unit a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at g-cloud@cpcprojectservices.com. Tell them what format you need. It will help if you say what assistive technology you use.