Novoville e-Ticketing & Smart Mobility Platform
The Novoville e-Ticketing & Smart Mobility platform is an out-of-the box solution which allows local authorities to offer a single ticketing and journey planning application for all modes of transport. This improves customer experience, increases revenue, makes enforcement more efficient and positively impacts the quality of life in the locality.
Features
- Book and buy public transport tickets
- Find the best mobility options (live occupation, vehicle tracking, etc.)
- Plan intermodal trips
- Compare different types of transport
- Book and pay for taxis, rental cars, bikes, scooters, etc.
- Find and pay for on-street & off-street parking
- Get incentives, including discounts, free travel for using eco transport
- Pay for fines and permits
- Messages & notifications from the local authority or transport operators
- Complete control of e-ticketing & mobility operations through management dashboard
Benefits
- Multiple interfaces to suit users’ needs (mobile/web app, SMS)
- Fully customisable and appropriate for any scale
- Third-party software can interface with the Novoville services directly
- Secure and easy payments (credit/debit card, Apple Pay/Google Pay, Paypal)
- Configurable ticket types
- Omni-comms tools to reach citizens
- Rapid, low-cost implementation while ensuring security and privacy compliance
- Easily add/remove/edit a public transport option displayed on the app
- Real-time data & reporting
- Reduce handling costs and improve revenue collection
Pricing
£4,000 a licence a month
Service documents
Request an accessible format
Framework
G-Cloud 13
Service ID
5 6 6 9 0 4 8 2 9 6 4 0 2 0 4
Contact
Novoville Ltd
Iraklis Bourantas
Telephone: 02074425551
Email: info@novoville.com
Service scope
- Software add-on or extension
- Yes, but can also be used as a standalone service
- What software services is the service an extension to
- Our solution is primarily a stand-alone service, but can be integrated with existing CRM, ERP, Enforcement, Smart City systems, etc. using open and documented APIs. It is also compatible with the Cisco Kinetic for Cities platform among other IoT platforms.
- Cloud deployment model
- Public cloud
- Service constraints
-
-iOS application requires OS version 9.0 or later
-Android application requires OS version 4.5 or later
-Citizen webapp requires Firefox version 45 or later, Google Chrome 48 or later, Apple Safari 10 or later.
-Client web management dashboard requires Firefox version 45 or later, Google Chrome 48 or later, Apple Safari 10 or later. - System requirements
-
- Dashboard requires internet connection without firewall limitations towards novoville servers
- IOS application requires OS version 9.0 or later
- Android application requires OS version 4.5 or later
- Webapp requires Firefox ≧45, Chrome ≧48, Safari ≧10
- Dashboard requires Firefox ≧45, Chrome ≧48, Safari ≧10
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
-
Novoville provides a single level of support, which is built into the subscription cost.
It includes an online help desk and ticketing system available 24/7, as well as telephone support during business hours (9am-5pm, Monday to Friday, except UK Bank Holidays). We typically respond to queries within 2 hours.
On-call support will respond to critical availability issues outside of standard business hours. Our support SLA is included in the terms of service document.
Each client has a designated account manager and will receive dedicated support for any issue. - User can manage status and priority of support tickets
- No
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- Yes, at an extra cost
- Web chat support availability
- 9 to 5 (UK time), 7 days a week
- Web chat support accessibility standard
- WCAG 2.1 AA or EN 301 549
- Web chat accessibility testing
- We conduct twice a year accessibility testing using third-party testing software
- Onsite support
- Yes, at extra cost
- Support levels
-
Novoville offers their gold plan for support to all clients. This includes account and billing questions and notifications for service quota increases. In the same plan, Novoville also offers an unlimited number of technical support cases. All customers during working hours automatically have access to their personal account manager for support on:
-Account and billing questions
-Service health checks and bug reporting
-Documentation, whitepapers, and best practice advice
-Guidance on how to use products, features, and services together
Please refer to our SLA for further information. - Support available to third parties
- No
Onboarding and offboarding
- Getting started
- Management Dashboard users are provided with extensive training over the course of a two-day workshop. Depending on the availability and structure of the client workshops can be on-site or over videoconferencing. Additionally, novoville uses a set of onboarding forms that are filled prior to launch in order to automate the initial state of the system e.g. user accounts, internal services names, email templates etc. Every user gets access to an online manual and a series of hints available next to each button, action etc. Throughout the term of contract clients benefit from further online training for new features and best practises.
- Service documentation
- Yes
- Documentation formats
-
- HTML
- End-of-contract data extraction
- Within two weeks of contract termination clients receive through a safe transmission channel all user personal data and the corresponding transactions these have performed with the client. This export is available as a database dump or a set of CSV files.
- End-of-contract process
- After transmission of data to the client, all transaction information is deleted from our servers within two weeks. There are no extra costs for the transmission or deletion.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Opera
- Application to install
- Yes
- Compatible operating systems
-
- Android
- IOS
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- No differences
- Service interface
- Yes
- User support accessibility
- WCAG 2.1 AA or EN 301 549
- Description of service interface
-
The management dashboard provides data on all activities where Novoville provides a front end, whether you’re using legacy applications, your website or a Novoville application.
The Novoville dashboard allows council employees or transport operators to have access to the functions that are relevant to their role. The dynamic list of products allows authorities to easily add, remove or edit a public transport option and the associated pricing displayed on the app. It also enables them to improve communication with customers and boost community engagement by promoting the brand, introducing loyalty schemes, creating polls, etc. - Accessibility standards
- WCAG 2.1 AA or EN 301 549
- Accessibility testing
- We conduct twice a year accessibility testing using third-party testing software
- API
- Yes
- What users can and can't do using the API
- The setup of the service environment does not require use of the novoville APIs. Nevertheless, the novoville APIs are available for consumption of information and resources created by novoville users (from the mobile apps and the dashboard) using a client-specific authentication, i.e. client id and API key.
- API documentation
- Yes
- API documentation formats
-
- Open API (also known as Swagger)
- HTML
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
- Our service is customisable but requires the input of the Novoville team. In general, the customisable elements are: branding, workflows, stats & analytics/KPIs, forms, public transport options, pricing & policies, etc.
Scaling
- Independence of resources
- Scaling novoville is a matter of replicating the same codebase,namely the app stack.A similar logic applies to our database cluster.A load balancing architecture takes care of distributing load to replicas of the app stack while also providing means of failsafe i.e. switching between app stacks if one of them goes down.Given our current user traction we can serve up to 200K concurrent users per app stack node.Greater load can easily be dealt with by tweaking the node configuration (more RAM/CPU) and/or introducing more app stack nodes.Novoville is deployed on Azure and allows near real-time updates of either of these resources.
Analytics
- Service usage metrics
- Yes
- Metrics types
-
Indicative list of the service metrics we provide:
- Number of users
- Number of interactions
- Number of requests
-Number of transport ticket purchases
-Number of parking time purchases
-Number of parking fines & permits
- Number of messages
- Number of transactions
-Number of wallet top-ups
-Number and amounts of refunds
All service metrics provided can be accessed and filtered by multiple criteria on the management dashboard. - Reporting types
-
- Real-time dashboards
- Regular reports
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Security Clearance (SC)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
-
- United Kingdom
- European Economic Area (EEA)
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Managed by a third party
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- Another external penetration testing organisation
- Protecting data at rest
-
- Encryption of all physical media
- Scale, obfuscating techniques, or data storage sharding
- Data sanitisation process
- Yes
- Data sanitisation type
- Deleted data can’t be directly accessed
- Equipment disposal approach
- A third-party destruction service
Data importing and exporting
- Data export approach
- Users are given the option to export transaction data in the form of a CSV or an EXCEL file. Upon request data can also be exported as a database dump from our engineers. Data exports can include all transactions or can be a filtered version using the dashboard filters prior to the export itself.
- Data export formats
-
- CSV
- Other
- Other data export formats
- MySQL dumps
- Data import formats
-
- CSV
- Other
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- Private network or public sector network
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
Availability and resilience
- Guaranteed availability
-
The following details the nature, quality and scope of the services that novoville provides for its system up-time.
-For Web Dashboard / Back-office Module SLA is 99.9% i.e. novoville’s Web Dashboard site shall be available for use by the Customer’s staff 99.9% of the time
-For the Mobile Application SLA is 99.9% i.e. novoville’s mobile app is available on the various app stores shall be available for use by citizens 99,9% of the time
Νovoville tracks its support performance based on mutually agreed SLAs. The Customer’s end-user responsibilities will be set out in the final set terms and conditions. novoville will make sure that in the unlikely event of the availability going below the aforementioned 99.9% will do its best to recover the provided software and any data affected as quickly as possible. The intention is to work with clients towards solutions that ideally never take more than 24 hours to deploy successfully. novoville uses systems provided by Apache Foundation and Azure Cloud services to measure whether the “Software” is available. These systems are our basis for monitoring this SLA.
Please refer to our SLA for further information. - Approach to resilience
- Hosting is provided by state-of-the-art Azure datacenters compatible with all principles described in ‘Asset protection and resilience’.
- Outage reporting
- We report outages in real-time through: the novoville dashboard, email alerts and through slack channel webhooks.
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Identity federation with existing provider (for example Google Apps)
- Username or password
- Access restrictions in management interfaces and support channels
- Access is performed with a username-password pair along with available two-factor authentication (typically SMS codes on the mobile phones of users).
- Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Identity federation with existing provider (for example Google Apps)
- Username or password
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- At least 12 months
- Access to supplier activity audit information
- Users have access to real-time audit information
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- No
- ISO 28000:2007 certification
- No
- CSA STAR certification
- Yes
- CSA STAR accreditation date
- 31/10/2019
- CSA STAR certification level
- Level 1: CSA STAR Self-Assessment
- What the CSA STAR doesn’t cover
- Mobile apps
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- No
- Other security certifications
- Yes
- Any other security certifications
- CyberEssentials
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- Other
- Other security governance standards
- CyberEssentials
- Information security policies and processes
-
- We review twice a year our list of business threats
- We align our security measures with our IT strategy
- We review extensively the security policies of third party vendors we work with (or use their tech)
- We work continuously to minimize time between our continuous deployment process. This is currently between 3 and 7 days
- We do not invest in “hipster” security technologies. For example we invest more time in selecting an appropriate DDoS solutions, a CDN provider etc. than investing in a centralized SSO solution
- We are empowering from their early days in the company all of our engineers and product managers with the freedom and knowledge to report possible security flaws and vulnerabilities
- We use a series (more than 2000) of automated tests to detect vulnerabilities before exposing our system to bi-annual PEN tests from external security consultants.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
-
Our change-management-process follows a similar approach when “change” relates to a product update or the introduction of a new module/feature, namely:
-Requirements analysis of what is going to be improved
-Solid business case for the update or new product
-Create an Agile roadmap for introducing the change
-Design method for evaluation including automated tests, UAT strategy and A-B testing approach
-Communicate upcoming changes to account managers and subsequently clients. Prepare the corresponding training material
-Monitor resistance and budget risks (including risks for clients)
-Apply Agile methodologies process-wide by revisiting requirements and problems - Vulnerability management type
- Undisclosed
- Vulnerability management approach
-
Novoville has a test-driven development approach. New features are never released without corresponding tests (currently more than 2000 of them across products) creating a first line of defence for potential threats. Additionally, we use several real-time monitoring tools to detect threats and security vulnerabilities.
In case of a problem detection we classify the issue (LOW to CRITICAL) and act upon the creation of a patch that is applied from anything between 3 hours (for most CRITICAL issues) to the next scheduled system update (for issues classified as LOW). - Protective monitoring type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Protective monitoring approach
-
Compromises are identified by a combination of 3rd party monitoring tools along with in-house tools tailored to our product.These tools perform in real-time traffic monitoring for:
-Blocking attacks from the OWASP top 10 including Cross Site Scripting (XSS),SQL injections,Shell injections etc.
-Runtime Application Self-Protection,In-App Web Application Firewalling, applying Content Security Policies
-Leveraging in-app signals to automatically detect and block bruteforce or automated credential stuffing attacks
- Leveraging dynamic risk scores and full user account timelines
- Leveraging playbooks to cover business logic threats ranging from shared user accounts,fake signups or feature abuses
- Instantly notifying the engineers and account managers - Incident management type
- Undisclosed
- Incident management approach
-
Novoville uses a web-software compatible with our continuous-deployment technology to report and absorb incidents.This includes:
-Log the incidence by recording (name of person reporting the incident,date/time,description including type of log file or screenshots if available,id number assigned to the incident)
-Categorize the incident reported (assign a logical,intuitive category/subcategory from pre-populated list,assign level of criticality according to the reporter and the evaluation of the engineer that processes the incident)
-Prioritize the incident (address all open incidents in order of prioritization,notify engineers and reschedule normal deployment of features)
-Respond to the incident (Investigation and diagnosis,Resolution and recovery,Update knowledge base for future use)
Secure development
- Approach to secure software development best practice
- Conforms to a recognised standard, but self-assessed
Public sector networks
- Connection to public sector networks
- No
Social Value
- Fighting climate change
-
Fighting climate change
Novoville is committed to the Race to Zero campaign, through its subscription with the “Business Ambition for 1.5°C”. Indicatively, we have:
- Invested in upgrading the energy efficiency of our offices and their infrastructure (IT equipment, A/Cs, paperless operation, etc.).
- Funded all public transport or micro-mobility commuting for our colleagues when they travel to/from our offices.
- Invested in upgrading the car fleet of our sales team with hybrid cars.
- Migrated all of our software to Microsoft Azure, committed to be carbon negative by 2030.
- Innovated by launching the “Adopt a Tree” initiative as part of our product, whereby people are prompted to adopt a tree in their city and water it during the summer months to help it survive. We have saved 2,000 trees so far.
- Introduced a series of KPIs (the green dashboard) for our clients, mostly local authorities, that monitor the impact of their operations to the environment. We expect a 40-60% impact on emissions as we train them to improve their services using these novel metrics. - Covid-19 recovery
-
Covid-19 recovery
Novoville has actively been involved in activities for COVID-19 recovery, such as:
- We launched and maintained the GetVolunteering platform for managing volunteers offering Befriending services. Councils and organisations using GetVolunteering have already organised more than 2,000 volunteers and offered 5,000 hours of phone support to people in need within their communities.
- Through our mobility platform, we recently launched an advanced "loyalty system" for drivers, whereby shops can refund parking time to them as long as they decide to spend money in the local market that has suffered from shop closures due to the pandemic.
- We have implemented workplace conditions that support the COVID-19 recovery effort, including effective social distancing, remote working, hygiene measures, and sustainable travel solutions. - Equal opportunity
-
Equal opportunity
Novoville maintains offices in three countries and four cities. We employ people of more than ten nationalities and four ethnic backgrounds, placed approximately uniformly between administration, engineering and support/maintenance teams. We encourage travel of employees between locations to remove diversity barriers and promote our family culture.
Our products are designed to be accessible by disabled people and different demographics, empowering more than 1.1m citizens of enormous diversity.
Hiring Process & HR: Job descriptions are worded in a way that limits the probability of unintentionally describing positions towards a certain demographic. During interviews we disclose the organisation's approach to equality and diversity and why it is important.
Training: Our DPO performs annual training to managers to allow them to demonstrate, by reference to published equality information, how they have “due regard” to the requirements of the general equality duty of the company.
Safe work environment: We place a positive duty on employees to comply with the equal-opportunities policy and to ensure that their colleagues are treated with respect and dignity. Employees are encouraged to discuss any concerns, without judgement.
Education: We provide resources and educational material that include examples of different types of discrimination to make employees aware of issues they may not have recognised as discrimination before.
We celebrate differences: We celebrate diverse religious/national holidays and encourage team sports and activities. Our core purpose is to help bring people together.
We shout equality: Any actions taken by leaders attempt to uphold, communicate and display our culture and values.
We speak about wider issues: Employees are affected by current affairs, but certain topics can have a particular impact on mental wellbeing. This was especially important during COVID-19. We try to encourage these discussions in the workplace.
Work/life balance: We promote a work/life balance and offer flexible working hours and remote working.
Pricing
- Price
- £4,000 a licence a month
- Discount for educational organisations
- No
- Free trial available
- No