IBI Group UK Ltd

ASSIST by Arcadis IBI Group

ASSIST asset information system is a secure, customisable platform for viewing imagery, interacting with 3D-point clouds and querying highway and road asset information and data.

This web based systems allows customers to seamlessly move from one view of an asset to another, across imagery, mapping and 3D LiDAR point clouds.

Features

• Remote, browser-based access
• Road imagery viewer, aerial, ortho mosaic and drone images
• 3D viewer, LiDAR from vehicle, terrestrial, aerial and drone
• DTM, DSM, Slope, Contour mapping, 3D meshes and models
• Inventory viewer, data management and simplified query builder
• Scalable, multi user access via single sign-on
• Multiple, interchangeable views on the same asset
• Measure any object within 2D and 3D environments
• Self serve smaller 3D drone and imagery datasets
• Reporting module

Benefits

• User/data management system provided as standard
• Very simple interface
• Time-stamped imagery, no ambiguity on the date collected
• Highly accurate measurement of objects from the office
• Compare asset details via images, LiDAR, models and maps
• Inspect objects using different views and timeframes, drone, meshes, models
• Generate reports and export data
• Check details, condition of assets and validate works undertaken
• Allows user to remotely access their network/site
• Improves road worker and construction site safety

£1,000 a licence a year

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at uk_intelbd@arcadis.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

542419259382006

Contact

Gareth Bower
0141 331 4500
uk_intelbd@arcadis.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Hybrid cloud
• Service constraints: Any maintenance activities that might result in service degradation or unavailability will undertaken outside of normal working hours. ; Buyers will be informed by email one week in advance of any planned maintenance or downtime.
• System requirements: Client browser must be JavaScript-enabled

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Questions submitted via e-mail will be responded to during weekday business hours (9am to 5pm).; ; Critical faults raised will be responded to within 1 hour. ; Non-critical faults will be responded to within 1 working day.; ; Response times do not included weekends.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: No
• Support levels: First level e-mail and telephone support is provided during office hours (9am to 5pm). Issues raised by customers are triaged by the first line support team and reported to the relevant support teams for resolution. A technical account manager oversees the customer arrangements, ensuring updates and communication on all support items.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: The on-boarding process should be completed within a maximum of six weeks of the order being confirmed, dependent on the volume of data and account configuration that is required. The process will begin with a service initiation meeting with the customer to confirm the various elements of configuration that will be required and to review the customer's data and available interfaces. A training webinar will be made available as part of the onboarding process.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: If storage of customer data sets in the cloud has been requested these data sets will be made available to the customer within one month of the notification that the subscription will not be renewed and up to three months following the end of the subscription period.; Data will be provided on hard drive(s) back to the customer after which IBI Group will purge and destroy all customer data from its systems including any logs and archives that have built up with use.
• End-of-contract process: Customer access to ASSIST will be rescinded at the end of the contract,; ; If storage of customer data sets in the cloud has been requested these data sets will be made available to the customer within one month of the notification that the subscription will not be renewed and up to three months following the end of the subscription period as previously indicated. There will be no additional costs to the customer for data cleansing.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: ASSIST has been designed using responsive design techniques and will scale accordingly over the various devices.
• Service interface: Yes
• User support accessibility: WCAG 2.1 A
• Description of service interface: The ASSIST dashboard interface is browser-based. On a desktop computer it is mouse-driven. On tablet and mobile control is via the touch screen interface of the device. The dashboard presents as a number of tiles (modules) in both graphical and text-based formats which can be moved, added and removed as each user requires, allowing for an personalised setup per user.
• Accessibility standards: None or don’t know
• Description of accessibility: ASSIST is a highly graphical application that makes heavy use of images, maps and graphs. It requires all of these in order to perform its key functions and is therefore not accessible as such. Although text-only modules can easily be created from the same data sets, this is not standard practice.
• Accessibility testing: No testing with users of assistive technology has been carried out.
• API: Yes
• What users can and can't do using the API: An API provides an interface to the data in ASSIST including video imagery, LiDAR, mapping, and road asset data. The API also provides the Buyer with the ability to allow third party developers to create additional modules. Once licensing is in place the Buyer can instruct third party developers to build additional functionality into ASSIST. The Buyer must retain possession of the License, as resale is not permitted under GCloud 12.
• API documentation: Yes
• API documentation formats: HTML
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Asset data, images, LiDAR, drone data, meshes and models are all customised to the client's requirements within ASSIST. Datasets can be transferred and translated within the system. In addition ASSIST API provides a framework that allows developers to create packages within the Dashboard environment on which ASSIST is based.

Scaling

• Independence of resources: ASSIST is a single-tenant application in that everything happens in the browser and there are no shared resources.; The API spins up a new instance per request and each instance runs in its own application pool. ; IIS handles the application pool management using available resources on the server. The server can be clustered so that it scales.

Analytics

• Service usage metrics: Yes
• Metrics types: IBI Group can provide reporting on system usage, on a weekly or monthly basis, including data downloads, individual usage and other targeted reporting. This feature can be included automatically for a fee, or on an ad hoc basis.
• Reporting types: Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Other
• Other data at rest protection approach: Imagery is redacted, face, numberplates and other such personal information is blurred by our own AI software.
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Modules within ASSIST provide data export facilities
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • Exporter module is extensible-can be configured for other formats
  • LAZ
  • LAS
  • Mesh
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • Shapefiles
  • JPEG
  • XLS
  • LAS
  • TIFF
  • Mesh
  • LAZ

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: 99.9% up time is guaranteed during office hours. There is no standard SLA for the ASSIST service, but one can be agreed with the customer if required.
• Approach to resilience: The ASSIST API and database can both be clustered which makes the system resilient. ASSIST services run in the cloud on virtual servers.
• Outage reporting: All of the ASSIST services are monitored by Internet Vista. Outages are reported via email and SMS.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: To handle different levels of access rights, roles can be defined within the system and users added to these groupings. This allows access rights and permissions to be set up in bulk rather than having to configure for each individual user.; Management of local user accounts can be undertaken using ASSIST's account administration section, which is only available to those users assigned the Administrator Role.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: No audit information available
• Access to supplier activity audit information: No audit information available
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: DNV
• ISO/IEC 27001 accreditation date: 27/02/2024
• What the ISO/IEC 27001 doesn’t cover: No exclusions
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: MNP LLP
• PCI DSS accreditation date: 01/09/2023
• What the PCI DSS doesn’t cover: None
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: SOC2

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: We secure Personal Data as a Data Controller or Data Processor through compliance with the Cyber essentials Plus, ISO 27001 Standard, SOC2 Reporting and PCI-DSS compliance. These standards are regularly audited and are the basis for the controls we have when handling client data (Product dependant)
• Information security policies and processes: Our IS Global Policies cover the following: Information Classification; Information Sharing & Handling Rules; Acceptable Use; Asset Management; Change Management; Physical Access Control; Human Resource Security; Mobile Device Security

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: We have centralised registers for our hardware and software assets and these are management through a Change Advisory Board, which meets regulary to manage change and advise on the risk of new asset introduction. These procedures are in compliance with ISO27001:2022 and SOC2
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Our Change Advisory Board classifies: Normal – Enhancements/other planned changes in line with product roadmaps Standard – Routine updates to keep systems/products healthy, e.g. patching vulnerabilities with Medium, Low/Very Low classification Emergency Outage – Changes in response to direct issues affecting a platform/product from operating in line with client expectations. Emergency Imminent – an emergent known threat that could bring disruption to systems/products, e.g. zero-day vulnerabilities. Emergency Scheduled – Important changes that can be implemented per schedule but have a high/critical classification. Threats assessed by the CAB board and implementation and testing requirements set along with timelines for deployment.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Intrusion detection monitoring systems and tools are in place both at the hardware and software levels and these trigger upon detection. We take the necessary steps to comply with the local information security office in the domains we operate and notify accordingly. We operate monitoring services 24/7/365 and have remote teams ready to act upon detection and carry out the appropriate actions to minimise disruption following disaster recovery plans as appropriate. We conform to ISO27001:2022
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Employees comply with the Arcadis General Business Principles and the full suite of data protection policies. Most incidents are reported through monitoring tools but employees are comppelled to report any incidents to their immediate line manager and through our tech services organisation. Incident management takes over from there and reporting is in line with best practice and compliance with local regulatory laws and ISO27001:2022.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  By allowing users to remotely access data from anywhere in the world, we are reducing the need for multiple trips to site. We have users in India, Europe and North America working on projects where the data has been recorded in the UK. ASSIST is a true remote inspection system

  Covid-19 recovery

  IBI Group are supporting a mixed return to office. Those employee's effected by COVID-19 with regard to short and long term recoveries both physically and mentally. No one is being forced to come back to the office environment when they are settled in working from home. With several of our own local staff moving further afield, remote work is seen as the new normal from us.

  Tackling economic inequality

  Use of ASSIST increases client resilience and capacity which in turn influences staff, suppliers, customers and communities through the delivery of the contract to support resilience and capacity in the supply chain. Access throughout the world means staffing resources can be shared with skilled people in other countries.

  Equal opportunity

  IBI Group is committed to creating a culture where everyone has an equal opportunity to grow, develop, succeed and be their truest self. We hold each other accountable to create and contribute to an inclusive culture, which includes a focus on increasing gender representation and diversity across the entire organisation. In 2022 IBI launched the Diversity, Inclusion and Belonging (DIB) Scholarship which rewards students who self-identify as Black with a $5,000 scholarship at six partner universities across Canada and the United States. This scholarship is one of many IBI Group programs aimed at increasing internal gender representation and diversity and in turn fostering an environment where everyone is encouraged to be themselves and achieve a sense of belonging. IBI's Diversity Policy can be viewed here: https://www.ibigroup.com/wp-content/uploads/2021/03/2021.02.17-Diversity-Inclusion-Belonging-Policy-Approved.pdf

  Wellbeing

  ASSIST allows for a remote inspection and maintenance regime to be used across all road types by reducing the need to close carriageways or roads altogether. This gives the road user a much better experience, by not only having open roads, but also reducing defects across the network.

Pricing

• Price: £1,000 a licence a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at uk_intelbd@arcadis.com. Tell them what format you need. It will help if you say what assistive technology you use.