ioki GmbH

ioki‘s Demand Responsive Transport (DRT) System

We offer a software solution (SaaS) for Demand Responsive Transport (DRT) services (driver-based and autonomous). Via the control centre, the operator can control the disposition, monitor the operations and intervene. The white-label passenger app enables booking and payment.
All important information are transmitted to the driving personnel via vehicle app.

Features

• Bookings and payment via app, web and phone call
• Pre-booking, Ad-hoc-booking, Departure- and arrival-based booking
• Barrier-free passenger-app for people with visual impairments or restricted mobility
• Real-time information for passengers, drivers and operators
• Anonymous contact between passenger and driver
• Easy to use driver app with integrated turn-by-turn navigation system
• A clear and user-friendly administration tool for operators
• Business Intelligence Reporting
• Marekting automation and Referral marketing
• Definition and assignment of rights according to role concept

Benefits

• Continuous developments and optimizations of the product
• Integration in existing systems (MaaS via API or DeepLink)
• The system enables the digitalization of Public Transport
• Software can be used for driverbased and driverless operations
• Mixing of line-based operation and area-based operation possible
• Day- and area-dependent modularization of the service
• Customizable algorithm (objectives: e.g. pooling-rate, service level, economic factors)
• Customizable and highly flexible price adapter
• White-label solution (customizable to the corporate design)
• ISO 27001 certification

£260 to £450 a licence a month

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@ioki.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

568565860477538

Contact

Anna Filby
+49 15237422357
sales@ioki.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Community cloud
• Service constraints: As our software is highly customisable, we are setting up our product for each client individually. Each app has to be built individually and has to be launched in the stores. A product set-up can be finalised within 2-4 weeks.; If our application is successful, we can can start with this process right away. ; ; We only offer customer support for our partners but not end-customer support.; ; Our passenger and driver apps are available for iOS and Android; ; In addition to the main contract, we must be individually entrusted with the processing of the data through a data processing contract
• System requirements:
  • Hardware (Tablet or Smartphone) for vehicles/driver app
  • Latest version of the Internet browser to use Control Center
  • Internet connection
  • Our applications are available for iOS and Android

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Q&A/ Helpdesk Requests: We commit to provide written feedback on the request within five business days (automated responses do not count for this purpose). ; ; Incidents:; Incidents are classified and processed according to urgency. Response times are guaranteed via service level agreements which will be negotiated with the contract. ; ; Help Desk hours: ; Incident classification high: 24/7; Incident classification middle: 06:00am -10:00pm CET (05:00am -09:00pm GMT); Incident classification low: 08:30am-05:00pm CET (7:30am -04:00pm GMT); ; Standard Reaction time: ; High priority: 1 hour; Middle priority: 4 hours ; Low priority: 24 hours
• User can manage status and priority of support tickets: No
• Phone support: No
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: We provide customer support for our partners not end-customer support (passengers). ; ; Customer support covers incident reports as well as issue reports from our customers. ; ; In addition to this we provide a technical account manager. ; ; Helpdesk: ; The Helpdesk is our central channel for all request, suppport needs and reports. All Issues, Problems and Questions are being processed here. Whoever is needed to solve or answer the submitted issue will be involved by the Helpdesk. Therefor our Customers do get access to the TSE (Technical Support engineers , LAM or Developers) ; ; Q&A/ Helpdesk Requests: We commit to provide written feedback on the request within five business days (automated responses do not count for this purpose). ; ; Incidents:; Incidents are classified and processed according to urgency. Response times are guaranteed via service level agreements which will be negotiated with the contract. ; ; Help Desk hours: ; Incident classification high: 24/7 ; Incident classification middle: 06:00am -10:00pm CET (05:00am -09:00pm GMT) ; Incident classification low: 08:30am-05:00pm CET (7:30am -04:00pm GMT) ; ; Standard Reaction time: ; High: 1 hour; Middle: 4 hours ; Low: 24 hours; ; Cost: Support a is included in our monthly fees (see pricing)
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: The product training will be based on a "Train the Trainer" model. ; In a one-day training course, up to five people of our customers choice can receive training on how to use the operating system for digital mobility. This includes a training on how to use all components of the platform (passenger app, vehicle app, control centre and the reporting tool), as well as training the trainers that will be responsible for training new drivers/stewards, dispatchers, customer service employees, and so on. During the training course, the trainers nominated will be granted access to a demo version of the platform, which they can then use to conduct further training for all users of the operating system for digital mobility. Furthermore, we can provide optional additional training courses, which you can order separately.; ; You can opt for a virtual or in-person format, depending on your individual offer. ; ; We are providing comprehensive user/administration guide, namely "Handbook Operating System for digital Mobility" ; Furthermore, in each section of the administrative tool you will find a link leading you to an online user/administration guide of this specific section. ; During our training, we will provide additional user and configuration guides.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: It is possible to extract the raw data of your product via API and make it available e.g. for further Business Intelligence usage. The format would be JSON over HTTP and is fully documented.
• End-of-contract process: With the end of contract the licence ends as well and our clients have the possibility to extend the licence and the main contract

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
  • Other
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Our system consists of three application ; ; The administrative tool (control centre) works on mobile devices and through a browser. We recommend the use of the browser here ; ; The passenger app is available for iOS and Android devices; ; The driver app is available for iOS and Android devices ; ; Our Apps are React Native Apps ; ; In addition to this bookings can be done via a Website; ; There are no differences in functionality using different OS, whether it is mobile or desktop
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: The control centre provides the operator with real-time information during current transport operations (driver-based or autonomous). Our system facilitates clear and detailed operations planning for the vehicle fleet and provides a range of setting options. Thanks to the control centre, the operator can keep a close eye on all services at all times and optimise the settings on an ad-hoc basis, if necessary.; ; In this way, all system-related tasks can be fulfilled using a single tool:; ; 1. Operations set-up and management ; 2. Driver management and fleet management ; 3. Dispatching and monitoring live operations and tracking historical events ; 4. Customer Service
• Accessibility standards: None or don’t know
• Description of accessibility: The service interface in its current version is not designed in alignment with the above listed accessibility standards. However, as we are currently working on a new version of the service interface which we are planning to launch next year, this topic will be taken into consideration.
• Accessibility testing: Usability tests were done to comply with standards of the A11y project. In cooperation with external associations for the disabled the booking process in the passenger apps was tested through blind people in an interview form based on test scripts, evaluation sheets in a staging version of the apps. Focus was on improving functionalities like Voice Over and TalkBack. Issues occurring were recorded and afterwards improvements developed. Also, we are planning to do further testing of our updated control centre next year.
• API: Yes
• What users can and can't do using the API: An open architecture can be integrated ​into the customer landscape​.; ; Scenarios: ; Directory enquiries in an existing third-party app ; (1) Information on the on-demand service (universal link); (2) Information on public transport services (universal link); (3) Information and availability check of the on-demand service (API) - Ride Inquiry ; (4) Information, availability check, booking and live position updates of the on-demand service via (API) - deep integration; (5) Operational integration of the on-demand service (API); (6) Raw data exchange for an external data-lake; (7) Raw data exchange to external billing service providers or a billing software (API); ; The development efforts are on customer side; The implementation time frame is dependent on the customer’s technical setup, data compatibility and development team skills.​; ; The API must be maintained by the customer. Software application and interface must be upgraded within 2 months after a new version of the API is published. ; Interface data can only be used for the approved purpose. ​No unauthorized data usage, publishing or data storage is allowed. ​; Emergency caps are possible by us to secure the API against external service attacks.​; Rate limiting or interface cuts are possible in case of misusage. ​; ToS are standard legal appendix for APIs​
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Our applications are available as white label solutions and can therefore be customised to your corporate design. ; ; Our experts can help you to customise your service parameters. Sub-operating areas can also be assigned special operating times and operating options. We advise on the optimum operating time for vehicles, waiting times, routes for passengers as well as any associated route diversions. ; ; The most important settings can be changed by the authorised administrators for each product at any time. Even during operation, changes to parameters are applied in real time. ; ; When creating a new operating area, the following parameters can be defined for each area: Unique ID - unique area name, Spatial definition of the area, Operating times (service duration), Automation of driver processes, Routing settings and matching parameters , Booking options (for example, maximum seats, pre-booking), Price adapter, Restricted areas (including scheduling)

Scaling

• Independence of resources: We rely on OpenStack with Ubuntu machines as its provisioning system. Here, our backend is operated using Docker Containers, which are orchestrated using Docker Swarm. Together with the load balancer HAProxy, this enables a system that scales automatically during peak loads. This process is constantly monitored by our performance monitoring solution "New Relic".

Analytics

• Service usage metrics: Yes
• Metrics types: The reporting provides access to live data and reports of ongoing operations.; We use the third-party provider tableau for visualisation through dashboards. However, the data runs through our servers. Content is adapted browser-based and can be viewed at any time via an web-based browser or a mobile app.; We provide standard reports of the most important KPIs and process data as part of our system. The visualisations and dashboards can be used interactively. ; The key figures can be exported in csv. format.; Additionally, a summary of the general performance of the system and specific services will also be provided.
• Reporting types:
  • Real-time dashboards
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Physical access control, complying with another standard
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Our reporting provides access to live data and reports of ongoing operations.; We use the third-party provider tableau for visualisation through dashboards. The data runs through our servers. Content is adapted browser-based and can be viewed at any time via an web-based browser or via a mobile app.; We provide standard reports of the most important KPIs and process data as part of our system. The visualisations and dashboards can be used interactively. ; The customer has the possibility to request other or customized reporting at additional costs.; Further there is the possibility to download the data over tableau as CSV
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • Tableau Workbooks or diagramms as PDF
  • Tableau Workbooks or diagramms as PNG
  • API: JSON
• Data import formats:
  • CSV
  • Other
• Other data import formats: API: JSON

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: Other
• Other protection within supplier network: Our network is divided into several isolated backnets. Each backnet covers a specific use case and servers can not overreach from their backnet into another.

Availability and resilience

• Guaranteed availability: The Supplier shall, on the basis of an agreed SLA, provide monthly Accessibility of the Operating System of at least 99.9% based on the following calculation: [The total number of minutes in the relevant calendar month minus the number of minutes of Unavailability of the Operating System in that calendar month] divided by the total number of minutes in the relevant calendar month (hereinafter referred to as the “Availability of the Operating System”). If the Availability of the Operating System fails to meet the required level, the Client may assert vis-à-vis the Supplier a claim for damages on a flat-rate basis, to the exclusion of other rights and claims accruing to the Client. Any asserted claim for damages on a flat-rate basis shall, in the month following the month in which the failure to meet the required level of Availability of the Operating System occurred, be deducted from the licence fee owed under the Prime Agreement for that month. For instance, if the Availability of the Operating System is not provided in April 2022, the Supplier shall deduct a discount in the relevant specified amount when preparing the licence fee invoice for May 2022 under the Prime Agreement.
• Approach to resilience: This information is available on request
• Outage reporting: The Supplier will setup a Webservice in order to give access to a dashboard for the Client Platform Availability. Furthermore, the Client will get access to a Webpage for pro-active Supplier Incident Reports.

Identity and authentication

• User authentication needed: Yes
• User authentication: 2-factor authentication
• Access restrictions in management interfaces and support channels: Access to the control centre is protected by two-factor authentication, which is set up by us. If authentication via a smartphone app cannot be used, necessary tokens can be set up. ; Therefore, our demo, production and staging environment are only accessible to authorised persons and with unique ID.; ; Only registered management users can contact our support channels
• Access restriction testing frequency: At least once a year
• Management access authentication: 2-factor authentication

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users receive audit information on a regular basis
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: ESecurity-Cert GmbH
• ISO/IEC 27001 accreditation date: 01/11/2019
• What the ISO/IEC 27001 doesn’t cover: In order to provide you with a better picture in this respect, we would rather list what the scope of our ISO/IEC 27001 certification includes: On-demand, platform development, software development process, backend with interlocking, passenger, driver, operator app (data center with infrastructure).
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: * Official approval process for software and services from legal and IT security perspective (ISDS board); * Company-wide viewable catalogue with approved software and usage conditions; * Company-wide viewable internal website that covers all policies regarding IT security

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All components (and their 3rd party dependencies) are automatically tracked and the respective teams are automatically notified about updates and/or security releases.; ; Since we live "configuration through code" in all of our components, the dependency tracker will also automatically open up a change request to be reviewed by a team member.; ; All these changes are covered up by an extensive test suite (> 95% code coverage for the backend) and our IT security team.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We are connected to a CVE database as well as to multiple dependecy management systems for our components.; These data sources usually already provide insights about the severity of a potential threat. We then follow up on these with the individual dev teams, supported by our IT security team.; ; We have a well defined CI pipeline with an extensive test suite. We can deploy with confidence, half-automatically (one single command) within 5 min.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: All servers and network traffic are constantly monitored and logs are stored in a central, fully-searchable system with alerting based on content or frequency of certain messages/requests.; ; In case of a potential compromise our IT-security-team will examine our audit and log systems, which data was vulnerable/exposed/manipulated.; Manipulated data would/could be restored.; If the compromise is ongoing, we might disconnect affected parts of the system from public access.; All findings are reviewed by our data-security and legal advisor. If a breach is found, we would inform the corresponding customers.; ; This process starts within minutes after a potential compromise is identified.
• Incident management type: Supplier-defined controls
• Incident management approach: * 24/7 standby team of back-end engineers and devops people; * Pager duty management system with automated escalation policies connected to our monitoring systems; * Status page and in-app alerts in case of performance degradation or service interruption; ; *users can report incidents, to the help desk. The incidents are classified by their criticality. The reaction time are handled contractual with service level agreements taking the classification into account. we can give an overview on how many incidents are being send in, classified by their criticality, with reaction time.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  With our analyses and DRT-software we contribute strongly to reducing CO2. ; ; One of our main focuses is to provide better mobility and cause less traffic on roads and thus significantly contribute to climate protection: an intelligently set up DRT service is likely to be an attractive alternative to private car usage. Therefore, it can contribute to influence communities to support environmental improvement.; ; We especially focus on providing more attractive public transport by implementing DRT-feeder services in suburban/rural areas, which lead to more passengers deciding to switch from using their own car to using a more sustainable mode of transport (mobility behaviour change). ; ; 90% of our projects are integrated into public transport and most of our services are operated with electric vehicles, optimizing existing public transport in terms of efficiency and less air pollution. ; ; In Hamburg for example, our service takes travellers from A to B completely emission-free. By linking bus and train with our DRT-service, we are actively strengthening public transport and thus making climate-friendly mobility even more attractive. The environmentally friendly e-shuttles have already saved more than 250t of CO2. One out of three passengers consciously decides for comfortable and sustainable transport with the on-demand service and leaves their own car behind. This is confirmed by a scientific study conducted by the Technical University of Hamburg.; ; We identify further improvements in terms of sustainability in concrete analyses as well. With our Mobility Analytics and Consulting services we can identify potential service areas which are not well covered the current public transport offer and where people are more likely to change their mobility behaviour towards a more sustainable mode of transport. ; ; By enabling more and more partners to bring new services on the road, we make new sustainable modes of transport visible and known to the people.
• Covid-19 recovery:

  Covid-19 recovery

  DRT which is set up in an efficient way has a high potential to strengthen today public transport. When journeys are offered for the "first and last" mile to the front door and as a feeder to public transport, public transport can be made more accessible and attractive to people, which support the Covid-19 recovery of the public bus sector which face dramatic reduction in ridership during the pandemic. ; ; DRT can be used as employee shuttle that e.g. bundles rides (pooling) from a public transport stations to the workplace. Employees are given a better more sustainable way to work. Hence workplace conditions are improved and the COVID-19 recovery effort is supported by the sustainable travel solution. ; ; On top of this, our software easily supported feeder service to Covid-19 vaccination centres in 2021. The offer provided vulnerable residents, who would have had difficulties to attend their vaccination appointment, with the opportunity to easily and safely access the vaccination centres free of charge. ; Furthermore, the COVID-19-Pandemic lead to lower PT usage. To avoid even greater use of the car, citizens were given the opportunity to use public transport flexibly. We provided convenient and comfortable journeys instead of pushing people into crowded spaces. ; ; Thanks to our digital DRT application, hygiene rules due to COVID-19 could be implemented without any problems. The system was able to limit the number of passengers per shuttle to a desired maximum.
• Tackling economic inequality:

  Tackling economic inequality

  Socially vulnerable groups of the population often live in dispersed rural and other underserved areas and usually do not have accesses to a/their own car and would be in need to use public transport. However, the insufficient accessibility of education, training, employment, health care centres, services or retail shops by public transport is a major problem.; ; Especially in dispersed rural and other underserved areas DRT can maximise the public transport’s accessibility, reduce economic inequality, social exclusion, and cost-intensive empty runs with gaps in the operating hours. This can be done by digitalizing existing services (i.e. dial-a-bus services and community transport), and through the implementation of new services. When setup and planned properly, DRT can be used to feeder into the main bus and rail system. ; ; A well operated DRT service can also give access to the above mentioned to disabled people, hence create employment opportunities particularly for those who face barriers to employment and/or who are located in deprived areas. ; ; On the other hand DRT can also make a
• Equal opportunity:

  Equal opportunity

  A DRT service provides equal access to transport in the city and in the countryside. DRT can maximise the public transport’s accessibility in dispersed rural and other underserved areas as the DRT service can be used to feeder into the main bus and rail system. Vulnerable groups often do not have a private car and rely on public transport, but when living in a underserved area they do not have equal access to public transport to reach education, retail, employment sites or medical care. To ensure an equitable transport service for specific groups of people, such as the elderly or disabled, the vehicles should be barrier-free and adapted to the needs of the disabled, like our passenger App is.; At ioki, we place high value on a diverse workforce, our workforce is made up of 23 nationalities and 36% are women. We have a working group dedicated to draw attention on diversity and the huge amount of benefits it can bring.
• Wellbeing:

  Wellbeing

  Our DRT software can maximize the accessibility to mobility for all, and reduce social exclusion. Additionally, a DRT service increases attractiveness of public transport usage as low accessibility often discourages people from using public transport.; As most people rely on their own cars, pressure is put on the area concerning parking. Finding parking spaces and costs for parking are one of the main disadvantages of using a car. Parking takes away space in cities which could otherwise be used differently. Further, people could use the time they would otherwise spend driving a car for relaxation and well-being related activities when sitting in a DRT shuttle or train. However public transport does not cover enough areas so that this does not prevent people using cars. Overall accessibility is a major challenge in many areas and a great opportunity to introduce more flexible offers and therewith improve community integration. We believe that the introduction of flexible and integrated on-demand mobility offers will allow people to move more freely, increasing overall satisfaction, boost the economy and allow for safer travel especially for elderly people, people with disabilities or families with children.; At ioki, we support mental health and well-being by enabling our employees to balance their work-and private lives flexibly. This includes flexible working hours and the possibility to work from home. All of our employees receive agile coaching. We further offer health classes such as meditation and yoga, company bikes, and holiday and leisure activities at reduced prices.

Pricing

• Price: £260 to £450 a licence a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@ioki.com. Tell them what format you need. It will help if you say what assistive technology you use.