Infosight

Service scope

Software add-on or extension: No
Cloud deployment model: Hybrid cloud
Service constraints: No
System requirements: Windows 10 or later

Optimized for Chrome Browser

Consistent Internet Connection

Minimum 4GB RAM

Optimised for Desktop & Laptop use

User support

Email or online ticketing support: Email or online ticketing
Support response times: Geollect is able to provide support to users through an internal support network. This is made up of an account manager for day to day communications, the AM will be supported by the head of Geospatial Operations, Head of Data Science and their respective teams. Geollect will aim to acknowledge support requests within 1 working day and aim to resolve all tickets, where possible within 5 working days.
User can manage status and priority of support tickets: No
Phone support: Yes
Phone support availability: 9 to 5 (UK time), Monday to Friday
Web chat support: No
Onsite support: Yes, at extra cost
Support levels: Geollect is able to provide support to users through an internal support network. This is made up of an account manager for day to day communications, the AM will be supported by the head of Geospatial Operations, Head of Data Science and their respective teams. All onboarding and following development work will be carried out under the supervision of a project team to ensure maximum value is gained at the point of onboarding with regular follow up sessions available for those requiring extra assistance or bespoke functionality
Support available to third parties: Yes

Onboarding and offboarding

Getting started: Once the purchase of Infosight Licenses has been completed, Geollect will begin the onboarding process for users. This can be done either virtually or in-person depending on the requirement of a workshop.

Throughout the qualification process, Geollect will work with key stakeholders to generate user stories for those who will be using the platform to ensure that we as a business understand how the buyer will be using the platform and what they aim to achieve and create the onboarding materials in line with this.

A tailored workshop will be delivered for users off the back of their individual requirements supported by the Infosight product owner and the buyer account manager.

How-to guides are embedded in the platform for quick reference and Geollect will make every reasonable effort to accommodate follow up sessions with users requiring further assistance getting up to speed.
Service documentation: No
End-of-contract data extraction: Any customer data brought in and used by Geollect will be returned to the customer and deleted from Geollect infrastructure either at the termination of the contract or in line with pre-agreed data retention policies.
End-of-contract process: At the end of the contract, Geollect will revoke license access for Infosight and users will no longer be able to access the platform. Data will be retained in line with pre-agreed data retention policies and any physical materials will be disposed of or returned to the buyer.

Using the service

Web browser interface: Yes
Supported browsers: Firefox

Chrome

Safari
Application to install: No
Designed for use on mobile devices: Yes
Differences between the mobile and desktop service: There are no significant differences between the desktop and mobile service
Service interface: Yes
User support accessibility: WCAG 2.1 AA or EN 301 549
Description of service interface: Infosight delivers insights through a web-based interface.
Accessibility standards: WCAG 2.1 AA or EN 301 549
Accessibility testing: Geollect welcomes the opportunity to test and develop Infosight in line with access and usability requirements for users that require assistive technology.
API: No
Customisation available: Yes
Description of customisation: Infosight is by design, a flexible platform designed to ingest 3rd party data alongside your own and our proprietary. We can easily integrate external datasets to allow for a more enriched picture within the platform. This can be map layers, environmental or other contextualising datasets. Geollect can create bespoke analytics and reporting modules to integrate with Infosight allowing further customisation of the functionality within the platform in line with customer requirements. This will be achieved by the Geollect technical teams in close collaboration with the customer. Alerts and reports can be created to monitor regions and groups in line with customer requirements. The granularity of these reports is set by the buyer, ensuring the levels of awareness are fit for purpose against buyers' requirements. Access to specific data can be restricted within the platform through the application of credential-based access. This can also work for user-level settings in terms of preferred alerts, base maps and other front end settings.

Scaling

Independence of resources: Geollect is committed to aligning dedicated resources to these requirements. Where necessary Geollect will bring in extra resources to the business to ensure all necessary personnel and resource are available to service users at all times.

Analytics

Service usage metrics: Yes
Metrics types: Users can audit themselves to a certain extent – for example they can view their usage, web apps access, data layers accessed. But the details of user tracking are limited to Geollect administrative accounts (unless otherwise specified by a customer). Here is an example of fields captured in audit files:
Org member
Action taken
Time stamp
Current status
Member’s Source IP address
Reporting types: Regular reports

Reports on request

Resellers

Supplier type: Not a reseller

Staff security

Staff security clearance: Other security clearance
Government security clearance: Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations: Yes
Data storage and processing locations: United Kingdom

Other locations
User control over data storage and processing locations: Yes
Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency: At least once a year
Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest: Physical access control, complying with CSA CCM v3.0
Data sanitisation process: Yes
Data sanitisation type: Explicit overwriting of storage before reallocation

Deleted data can’t be directly accessed
Equipment disposal approach: A third-party destruction service

Data importing and exporting

Data export approach: Data can be downloaded/exported from the service if required. Data export is controlled by the predefined functionality within the service.
Data export formats: CSV

ODF

Other
Other data export formats: SHP

PDF

FGDB
Data import formats: CSV

ODF

Data-in-transit protection

Data protection between buyer and supplier networks: TLS (version 1.2 or above)
Data protection within supplier network: TLS (version 1.2 or above)

IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability: If applicable, Geollect will use commercially reasonable efforts to make the Covered Services available with a Quarterly Uptime Percentage of 99.9%, “Service Commitment”. For any Service Quarter that the Quarterly Uptime Percentage is less than Geollect’s Service Commitment, the Buyer will receive an SLA Credit equivalent to the net Covered Downtime during the relevant Service Quarter in excess of the maximum Downtime permitted under the Service Commitment. The Covered Services may in part be facilitated by Mapbox and Amazon Web Services (AWS). As such, Mapbox operations/availability transparency can be seen at www.mapbox.com/legal/sla. Should issues with Covered Services arise, communication should be made with Geollect via the appropriate representative. If applicable once Geollect has verified that the Quarterly Uptime Percentage for Buyer’s account fell below 99.9%, the appropriate SLA Credit will be applied to the Customer’s account and shall apply towards the next invoice. SLA Credits are the Customer’s sole and exclusive remedy for any breach of this SLA (save that Geollect acknowledges and agrees that multiple breaches of this SLA which amount to a material breach of the Agreement will entitle the Customer to terminate this Agreement in accordance with the provisions of clause 5.2(a)). SLA Credits are non-transferable.
Approach to resilience: AWS and esri assure that they meet the following timescales for patching. Geollect will also do the same, as detailed in their SLA.
esri health dashboard can be monitored here: http://status.arcgis.com/
For AWS: https://status.aws.amazon.com/
Outage reporting: In the event of an outage, automated email alerts will be sent to the buyer, The dedicated account manager will provide continual status updates while Geollect look to resolve any outage by liaising directly with AWS and ESRI providing continual updates both by phone and email.

Identity and authentication

User authentication needed: Yes
User authentication: 2-factor authentication

Username or password
Access restrictions in management interfaces and support channels: Only authorised individuals can authenticate to and access management interfaces for the Infosight service. To streamline processes and ensure service stability and security, Geollect will maintain control of the management interfaces and will work closely with the consumer if access to the management console is required. Security credentials have minimum requirements.

Minimum password length is 12 characters
Must contain at least one letter
Must contain at least one upper case letter
Must contain at least one lower case letter
Contains at least one number
Contains at least one special character
Password expires every 90 days
Cannot reuse previous 5 passwords
Access restriction testing frequency: At least every 6 months
Management access authentication: 2-factor authentication

Username or password

Audit information for users

Access to user activity audit information: You control when users can access audit information
How long user audit data is stored for: User-defined
Access to supplier activity audit information: You control when users can access audit information
How long supplier audit data is stored for: User-defined
How long system logs are stored for: At least 12 months

Standards and certifications

ISO/IEC 27001 certification: Yes
Who accredited the ISO/IEC 27001: QMS International
ISO/IEC 27001 accreditation date: 24/03/2022
What the ISO/IEC 27001 doesn’t cover: This applies to all areas of the Geollect business.
ISO 28000:2007 certification: No
CSA STAR certification: No
PCI certification: No
Cyber essentials: Yes
Cyber essentials plus: Yes
Other security certifications: No

Security governance

Named board-level person responsible for service security: Yes
Security governance certified: Yes
Security governance standards: ISO/IEC 27001
Information security policies and processes: Information Security is central to all activities, processes, plans, projects, contracts and partnerships within Geollect. Compliance with Information Security procedures in line with Policies and guidelines is a requirement, a clause to this effect is in all Employee Contracts. IS Policies are available to all employees. Breach of the IS Policies and procedures may result in disciplinary action, including dismissal. Employees are trained on Information Security, according to their company function. Contracts of Employment include a condition covering Company confidentiality. Geollect hjas a Business Continuity Plan that is maintained, tested and regularly reviewed. Statutory and regulatory requirements are met and monitored for ongoing changes. Further Policies and Directives such as those for access, acceptable use of email and the Internet, malware protection, backups, passwords, systems monitoring etc. are in place, maintained and are regularly reviewed. This Information Security Policy is reviewed at least annually and may be amended in order to ensure its continuing viability, applicability and legal compliance and with a view to achieving continual improvement in the ISMS. The ISMS and Information Security operations are subject to continuous improvement through a program of internal and external audits and risk assessments. Confidentiality Agreements are entered into with third-party companies.

Operational security

Configuration and change management standard: Supplier-defined controls
Configuration and change management approach: Geollect use detection mechanisms to watch for attempts to move data outside of defined boundaries. Geollect will respond to incidents when identified, and undertake the necessary measures, e.g., password resets and revoke authorisation or access, to limit severity and duration. The AWS incident response guide can be found here: https://d1.awsstatic.com/whitepapers/aws_security_incident_response.pdf
Vulnerability management type: Undisclosed
Vulnerability management approach: AWS is ISO/IEC 30111:2013, CSA CCM v3.0, and ISO/IEC 27001 compliant. Geollect is not compliant by association, but Geollect regularly and routinely engage in password changes and security updates.
Protective monitoring type: Undisclosed
Protective monitoring approach: Geollect use detection mechanisms to watch for attempts to move data outside of defined boundaries. Geollect will respond to incidents when identified, and undertake the necessary measures, e.g., password resets and revoke authorisation or access, to limit severity and duration. The AWS incident response guide can be found here: https://d1.awsstatic.com/whitepapers/aws_security_incident_response.pdf
Incident management type: Undisclosed
Incident management approach: Geollect will respond to incidents when identified, and undertake the necessary measures, e.g., password resets and revoke authorisation or access, to limit severity and duration. The AWS incident response guide can be found here: https://d1.awsstatic.com/whitepapers/aws_security_incident_response.pdf

Secure development

Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks: No

Fighting climate change: Fighting climate change

Completed Carbon Reduction Initiatives

• We set a carbon reduction target that has been external verified by the Science-Based Targets Initiative (SBTi) as being in line with the 1.5oC ambition set out in the Paris Agreement
• We created a climate action roadmap that includes:
• Active engagement with our largest global suppliers so they monitor and report their carbon emissions, prior to setting their own 1.5oC aligned carbon reduction target

In the future we will continue to develop projects around the above themes of supplier engagement, business travel emissions reduction, and efficient operations. We will also embed wider sustainability considerations into our business operations, empower our colleagues to lead by example, and convene ecosystems that will enable us to accelerate climate action across the sectors in which we operate.
Covid-19 recovery: Covid-19 recovery

With the impact of COVID-19 lessening, Geollect continues to take a safe approach to business. Geollect continues to bring the workforce back into the office while allowing for remote working where necessary. Any Geollect employee that shows COVID symptoms is expected to leave work and undergo a COVID test. If the test is positive, the member of staff will be required to stay away from the office until they have returned a negative test.

To maintain diligence and safety against COVID, hand sanitiser should be used at all entry points to the offices and desks should be regularly cleaned down with antibacterial wipes and spray to minimise any potential impact from COVID-19.

Pricing

Price: £30,000 a licence a month
Discount for educational organisations: No
Free trial available: No

Features

Benefits

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Pricing

Service documents

Cookies on Digital Marketplace

Infosight

Features

Benefits

Pricing

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Social Value

Pricing

Service documents