21st Century Technology PLC

Journeo Portal - Passenger Solutions

The Journeo Portal is the secure and scalable system providing specialist microservices and applications to enhance the data gathering and information dispersal to on-street and in-bus station Passenger Information Displays. The service consumes data in Transmodel data standards and disseminates the information to the right location, at the right time.

Features

• Remote condition monitoring of Passenger Information Displays
• Hardware agnostic CCTV downloads
• Secure and scalable EvidenceSafe
• Real time map with live system information layers
• At a glance information through user-configurable dashboard
• Reporting and analytics
• Remote screen grab functionality
• System performance monitoring tools
• Comprehensive Data Management tools
• Advertising and content management tools

Benefits

• Create data views suitable to you and your job role
• Manage destination and via information
• View and manage the health of your information estate
• Create and manage Point of Interest indicators
• Upload, store and assign media files to your displays
• Manage playlists and advertising campaigns
• Create and manage complex disruption messaging
• Create and manage source rules and automatic publising rules
• Monitor real time delivery levels
• Manage data for transport interchanges including designators and changes

£149,855 an instance a year

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@journeo.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

451750889732017

Contact

Paul Nelson
08448717990
info@journeo.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Passenger Transport Real Time Information publishers
• Cloud deployment model: Private cloud
• Service constraints: Third-party connected devices must conform to RTIGT047 CMS to PID interface communication standards
• System requirements:
  • Users require internet access
  • Transport feeds should confirm to CEN standards
  • Browser should conform to modern security standards

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: The standard response SLA is within 4 hours Monday-Friday 7am-7pm, or within 12 hours at weekends.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: All new purchasers of the system receive full training on the system, its features and how to access the benefits that the system can provide them with. At licence renewal, Journeo are also happy to provide a FoC "Train-the-Trainer" refresher course, creating a local champion and knowledge resource for the system. Full documentation will also be provided by the trainer. All users have access to our Application Support Engineers for the duration of their licenced period.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Upon order, all customers are given full and comprehensive training on how to use the platform to customise transport information that is being distributed to different platforms. Depending upon the IT literacy of the user, training will usually take 1-2 days and can be completed in 1-to-1 or small group sessions. This can be provided on-site, or via video conferencing platforms, to the customer's convenience. ; ; All new release notes are accompanied by training videos, to give users insight into the new functionality of the system.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Historical information is available to customers in .xml logs in line with transport standards, additional supporting data uploaded by customers (such as media files) can either be downloaded directly by the customer from the web portal or collated by Journeo staff and provided to them in a format of their choosing
• End-of-contract process: Within 2 months of the end of a customer's contract, they are notified of the approaching end of their service, if they elect not to re-new/extend the contract, they are provided with offloading documentation, which advises users on how to be supplied with held data, or select for it to be provided to a third party, or securely destroyed.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: UI is re-formatted to be suited to mobile devices, but is replicated as much as possible
• Service interface: No
• User support accessibility: WCAG 2.1 AAA
• API: Yes
• What users can and can't do using the API: Users can access stored data to forward to additional systems, for example, a user may wish to export reporting information to include in their own Business Intelligence reports/dashboards.; ; All API configuration is completed by Journeo's Application Support Engineers. Users must request a PSK for access to the API. API is accompanied by full swagger documentation.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • PDF
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: Users can customise data and information available to the different roles within their organisation. A customer admin role has the privileges required to add and remove aspects to the system for other users within their organisation.

Scaling

• Independence of resources: Users with minimal endpoints are placed on shared infrastructure to ensure that the service can be provided at a cost effective level, however, heavy users are provided their own virtualised environment to ensure they do not impact other users. All infrastructure is hosted with a tier-3 Cloud provider and can be set to automatically scale with the demands of the system.

Analytics

• Service usage metrics: Yes
• Metrics types: Journeo provide a range reports, from the amount of CCTV footage being downloaded to the EvidenceSafe to the number of passengers boarding and alighting vehicles, dependent on the data available from on board systems
• Reporting types:
  • API access
  • Real-time dashboards
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Dependent upon the data format, it can either be downloaded directly from the user interface (rich media files) or extracted by Journeo staff upon request and provided in csv
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Journeo guarantee 99% uptime of our service to our customers
• Approach to resilience: Journeo utilise only scalable and replicable solutions. All data is stored in fully resilient and geo-replicated tennancies ensuring failover for all customer systems.; ; Further information available on request
• Outage reporting: Service outages are reported to customers via email notification which will contain, as a minimum the time the outage began, any known causes of the outage and an expected resolution time. If that resolution time elapses without a suitable resolution being located, customers are provided regular updates until a resolution is located.

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: Access is reticted by user and role. A role has a bespoke list of elements that can be viewed or edited, whilst a user can be set see/alter a reduced subset of information. For example restricting a bus operator to perform only operator functions.
• Access restriction testing frequency: At least once a year
• Management access authentication: 2-factor authentication

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: Between 6 months and 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Alcumus ISOQAR
• ISO/IEC 27001 accreditation date: 15/11/2019
• What the ISO/IEC 27001 doesn’t cover: Nothing - certification covers Journeo PLC and all operating subsidiaries
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Journeo comply with all local legislation regarding information security and are accredited to ISO 27001 standards.; ; Security policies and processes are maintained on a day-to-day level by the IT Systems Manager, who in turn reports any issues to the Chieft Technology Officer.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: All change management is controlled through issuing Change Control Notices, completed to best practice. Once a system change has passed testing our ISTQB-certified testers, a CCN is issued and the change is applied. Once complete the CCN is reviewed to ensure the changes applied had the desired effect.
• Vulnerability management type: Undisclosed
• Vulnerability management approach: We undertake regular review of published statements for any threats to core IT systems. We review IT bulletins and CERT notifications on a regular basis. We are members of specialist transport trade groups for domain specific awareness. Security forms part of regular customer reviews to enable customer specific threats to be identified. Security updates to operating system and related components including off the shelf software are configured to automatically install. The information governance process includes risk assessment of security threats.
• Protective monitoring type: Undisclosed
• Protective monitoring approach: Regular reviews of system usage incl user logins, system automatically reports above defined levels of increased system use. Any potential or actual compromise becomes a critical incident with immediate response with customer and Director involvement. Critical incident management is available 24/7. Regular reviews of system usage incl user logins, system automatically reports above defined levels of increased system use. Any potential or actual compromise becomes a critical incident with immediate response with customer and Director involvement. Critical incident management is available 24/7. First response is to make system inaccessible, where possible leaving it running for any forensic analysis needed.
• Incident management type: Undisclosed
• Incident management approach: Common incidents have FAQ and standardised responses in place. All customers have access to a fault management system which is the preferred route for reporting. Incident updates are published through the fault management system.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Fighting climate change

  Fighting climate change

  Use of the Journeo Portal removes the requirement to visit mobile assets to secure captured footage and other transport-related data. All information can be accessed remotely and transferred securely. Prior to the release of the Journeo Portal, major transport operators would require teams of people, using deisel vehicles, to actively attend mobile assets to capture data.; ; Journeo is an intelligent transport systems specialist and promotes the use of public transport above personal-use vehicles, as the most carbon-effective method for the mass movement of people.

Pricing

• Price: £149,855 an instance a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@journeo.com. Tell them what format you need. It will help if you say what assistive technology you use.