3D City Visualisation Platform for Urban Planning and Community Engagement

Service scope

Software add-on or extension: No
Cloud deployment model: Public cloud
Service constraints: Should the user want to download and use the VU.CITY desktop app then there will be hardware requirements which the minimum specifications are;
- Windows 10 64-bit or later;
- Intel Integrated Graphics with support for DirectX 11 or higher;
- Intel 6th generation i5 processor,
- 8GB RAM,
- 128GB SSD,
System requirements: 100 Mbps internet connection

Wired ethernet connection

Up to date internet browser

Windows 10 64-bit or later (Desktop app)

Intel Integrated Graphics* with DirectX 11 or higher (Desktop app)

Intel 6th generation i5 processor (Desktop app)

8GB RAM (Desktop app)

128GB SSD (Desktop app)

User support

Email or online ticketing support: Email or online ticketing
Support response times: Same day response for questions raised on working days Monday to Friday between 9:00am - 5:30pm GMT. Next working day responses for questions raised outside of these working days and times.
User can manage status and priority of support tickets: No
Phone support: Yes
Phone support availability: 9 to 5 (UK time), Monday to Friday
Web chat support: No
Onsite support: Yes, at extra cost
Support levels: On first accessing the system the user is greeted with a step by step guided tour and also has access to the Knowledge Base.

An Account Manager will be allocated to the customer when an agreement has been signed and the Account Manager will establish a virtual contact with the customer. After payment terms have been agreed, a licence to the system will be issued. Once the licence is issued the user has access to the system and can start using it immediately. The Account Manager will reach out to the new customer to plan a date for onboarding. If the customer requires in-person onboarding then this will be seen as Training and will be priced separately as set out in the pricing document.
Both our Account Management team and Technical Support team are available via phone or email support during the business hours of Monday to Friday, 9am - 5:30pm GMT
Support available to third parties: Yes

Onboarding and offboarding

Getting started: An Account Manager will be allocated to the client when an agreement has been signed and the Account Manager will establish a virtual contact with the client. After payment terms have been agreed, a licence to the system will be issued. Once the licence is issued the user has access to the system and can start using it immediately. The Account Manager will reach out to the new client to plan a date for onboarding. If the client requires in-person onboarding then this will be seen as Training and will be priced separately and can be seen in the pricing document.
There is no system configuration to do as the solution is all about adding project specific data into the app and creating new data (mainly images and annotations) within the platform to share with other stakeholders
On first accessing the system the user is greeted with a step by step guided tour and also has access to the Knowledge Base.
Service documentation: Yes
Documentation formats: HTML

ODF

PDF
End-of-contract data extraction: Users can download any files that have been shared or any files that they have created throughout the duration of their license, on the VU.CITY Hub. Users have the opportunity to download their files ahead of the contract ending. This is easily done from within the application by any users that the VU.CITY project has been shared with unless the file has been set to view only, in which case only the file owner can download.

Clients can exercise their rights through GDPR and request a 'subject access request' or a 'right to erasure'.

Although we offer knowledge base articles on how to retrieve your project data, we are more than happy to assist with any specific requests for data retrieval and removal at no extra cost.
End-of-contract process: The users will be given the opportunity to download their files and once the contract has terminated, access to the system will be restricted. There are no additional costs or extra requirements at the end of the clients contract should they wish to not carry on their subscription. The customer will remain as a marketing contact and receive marketing material via email unless they choose to unsubscribe at the bottom of the email.

Using the service

Web browser interface: Yes
Supported browsers: Microsoft Edge

Firefox

Chrome

Safari

Opera
Application to install: No
Designed for use on mobile devices: No
Service interface: Yes
User support accessibility: None or don’t know
Description of service interface: There's a graphical interface for the application that allows users to use various tools within the application to perform various tasks.
This is an application that is streamed to users directly to a browser window.
Accessibility standards: None or don’t know
Description of accessibility: VU.CITY will not overwrite the customers display attributes.
Accessibility testing: None.
API: No
Customisation available: Yes
Description of customisation: We offer our customers to buy development resources to customise the core
VU.CITY platform which is listed in G-Cloud-14, Lot 2. It consists of developer time and a
project manager resource which are charged at a day rate shown in our pricing document.
The number of days of both developer time and project management time will be defined,
agreed and written into the call-off contract, before the project commences.

Scaling

Independence of resources: Our Cloud service provisions individual compute resources per user which ensures no contention for shared resources.

Analytics

Service usage metrics: No

Resellers

Supplier type: Not a reseller

Staff security

Staff security clearance: Other security clearance
Government security clearance: None

Asset protection

Knowledge of data storage and processing locations: Yes
Data storage and processing locations: United Kingdom
User control over data storage and processing locations: No
Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency: At least once a year
Penetration testing approach: Another external penetration testing organisation
Protecting data at rest: Physical access control, complying with CSA CCM v3.0

Physical access control, complying with SSAE-16 / ISAE 3402

Encryption of all physical media
Data sanitisation process: No
Equipment disposal approach: A third-party destruction service

Data importing and exporting

Data export approach: Data is saved to a user or organization's storage in the Hub (cloud based object storage in buckets). A user can export their files using the Hub which will download the file to their browser's default download location. This is easily done from within the application by any users that the VU.CITY project has been shared with unless the file has been set to view only, in which case only the file owner can download. We can support our users in doing this if the client requires.
Data export formats: CSV

Other
Other data export formats: IFC

FBX

3D, 3DS, 3MF, AC, AC3D, ACC, AMF, AMJ, ASE, ASK

B3D, BLEND, BVH, COB, DAE, DXF, ENFF, GLTF

IRR, IRRMESH, LWO, LWS, LXO, MD2, MD3, MD5, MDC, MDL

MESH, MOT, MS3D, NDO, NFF, OBJ, OFF, OGEX, PLY, PMX

PRJ, Q3O, Q3S, RAW, SCN, SIB, SMD, SSLV, STEP, STL

TER, UC, VTA, X, X3D, XGL, ZGL
Data import formats: CSV

Other
Other data import formats: IFC

FBX

3D 3DS 3MF AC AC3D ACC AMF AMJ ASE ASK

B3D BLEND BVH COB DAE DXF ENFF FBX GLTF IFC

IRR IRRMESH LWO LWS LXO MD2 MD3 MD5 MDC MDL

MESH MOT MS3D NDO NFF OBJ OFF OGEX PLY PMX

PRJ Q3O Q3S RAW SCN SIB SMD SSLV STEP STL

TER UC VTA X X3D XGL ZGL

Data-in-transit protection

Data protection between buyer and supplier networks: TLS (version 1.2 or above)
Data protection within supplier network: TLS (version 1.2 or above)

IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability: We have a dedicated support team that takes phone calls and email support queries via support@vu.city which are merged into support tickets via our custom-built helpdesk and knowledge base “VUniverse”. When a user is completing a support ticket via the VU.CITY Knowledge Base they will be asked to select a topic related to their query which assists our support team to triage and prioritise the issue.

Support tickets are triaged, categorised and managed by the support team by selecting prioritisation categories such as Critical, High, Medium and Low priorities after the user has submitted their support request. The priority category indicates the desired SLA response time. Critical issues should be addressed immediately, high priority soon after, medium within a few days and low as time permits. We regularly review our support teams’ response quality and SLA results to ensure that we provide the support and issue resolutions that our customers would expect, especially public sector bodies.

Critical - 2 hour resolution,
High - 4 hour resolution,
Medium - 8 hour resolution,
Low - 16 hour resolution,
Approach to resilience: Production databases are highly available across multiple data centres
Compute resources are self healing and will auto restart when in a failed state.
Our APIs and web services will scale up with demand using Kubernetes
Outage reporting: Alerts for service outages reach relevant staff via emails and slack channels

Identity and authentication

User authentication needed: Yes
User authentication: 2-factor authentication

Username or password
Access restrictions in management interfaces and support channels: Only authorised staff are allowed to log into management backend services
Support is available publicly and does not require authentication
Access restriction testing frequency: At least once a year
Management access authentication: 2-factor authentication

Dedicated link (for example VPN)

Username or password

Audit information for users

Access to user activity audit information: Users have access to real-time audit information
How long user audit data is stored for: Between 6 months and 12 months
Access to supplier activity audit information: Users contact the support team to get audit information
How long supplier audit data is stored for: Between 6 months and 12 months
How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification: Yes
Who accredited the ISO/IEC 27001: Citation
ISO/IEC 27001 accreditation date: 19/02/2023
What the ISO/IEC 27001 doesn’t cover: Privacy regulations and data protection requirements like GDPR are distinct from ISO 27001's focus on information security. In addition, industry or sector-specific regulatory standards like HIPAA for healthcare are outside ISO 27001's scope - it offers a general framework applicable across all organisations. Organisations must determine the specific measures needed based on their own risk tolerance. In summary, ISO 27001 provides a high-level, non-specific framework for information security management. It does not get into the specifics of technical solutions, physical controls, privacy, industry regulations, or in-depth business continuity planning. These must be addressed separately by organizations within ISO 27001's risk-based structure to meet their own requirements.
ISO 28000:2007 certification: No
CSA STAR certification: No
PCI certification: No
Cyber essentials: No
Cyber essentials plus: No
Other security certifications: No

Security governance

Named board-level person responsible for service security: No
Security governance certified: No
Security governance approach: We conduct annual ISO audits, notably ISO 27001, to assess and enhance our security practices. These audits guide us in aligning with industry best practices and international standards
Information security policies and processes: Leadership Commitment: The process begins with strong leadership commitment, where top management actively supports and enforces the information security policies. This includes allocating necessary resources for implementing and maintaining these policies.

Employee Training and Awareness: Employees are regularly trained on their roles in information security, with a focus on how to identify, report, and respond to security incidents. Awareness campaigns are conducted to keep security at the forefront of organisational culture.

Incident Management Procedures: The business establishes clear procedures for reporting and managing security incidents. This involves a designated team or individual responsible for incident response, ensuring swift action to mitigate risks.

Continuous Monitoring and Evaluation: Systems and networks are continuously monitored for unusual activities or breaches. Post-incident reviews are conducted to analyse and learn from security incidents, leading to improvements in policies and procedures.

Regular Audits: Internal audits are conducted regularly to assess the effectiveness of the incident management process and compliance with established policies.

Feedback and Improvement: A feedback mechanism is in place for employees to suggest improvements. Information security policies, particularly those related to incident management, are reviewed and updated regularly to adapt to evolving threats and business needs.

Operational security

Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach: All of our software deployments go through a 3 part lifecycle consisting of Development, Staging and Production environments. Quality assurance is performed on Staging environments before being deployed to Production.
Vulnerability management type: Undisclosed
Vulnerability management approach: Threat alerts can come from various places directly via our cloud providers. We get notifications from different providers regarding various CVE vulnerabilities that are flagged with systems/services that we're using. For example, AWS will inform us if a particular version of a database needs to be updated due to new security patches that are available. Once a threat is identified immediate action is taken to assess triage the issue and mitigate any possible consequences of ignoring said threat. Actions such as patching software is taken immediately in the event of high risk with lower risk threats scheduled for future improvements.
Protective monitoring type: Undisclosed
Protective monitoring approach: Some services have personalised monitoring while others use base cloud provider monitoring systems such as Cloudwatch. Alerts come in the form of messages in Slack channels while triggered alarms are visible in AWS Cloudwatch Dashboards. Once a compromise is found it's escalated to the appropriate engineering team who then prioritise it and disable any compromised systems immediately to prevent further damage. Depending on the severity of the compromise it is triaged appropriately to put in an appropriate hotfix. Critical issues will be identified and resolved within 1 hour.
Incident management type: Undisclosed
Incident management approach: Notification of a potential incident always comes in via email or a Slack message. When an incident occurs any relevant engineers are tasked with resolving the issue immediately. Communication to our customers is handled by a member of our commercial team. Once the incident is resolved a RCA is published in a post-mortem which is presented to management and communicated to our customers using direct channels. Important status messages can be sent to the customer portal (the Hub) as well as direct emails to customers by our commercial team.

Secure development

Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks: No

Social Value

Fighting climate change
Tackling economic inequality
Equal opportunity
Wellbeing

Fighting climate change

We are dedicated to reducing our environmental impact and achieving net zero emissions by 2030. Our green office practices include using energy-efficient systems and promoting recycling and waste reduction across all operations. We also prioritise sustainability in our supply chain, selecting partners who adhere to eco-friendly practices.

Tackling economic inequality

As a technical advisor to government bodies and a facilitator of urban planning processes, we uphold high standards of integrity and transparency. We engage local communities in planning, ensuring their voices are heard and integrated into our projects. Our ethical supply chain management ensures that our business practices remain responsible and beneficial to all stakeholders.

Over the next three years, we aim for our platform to be instrumental in 80% of major planning initiatives in our model cities. We will expand our public engagement model to more local authorities, enhancing community wellbeing and contributing to sustainable urban development.

Equal opportunity

VU.CITY invests in the communities where we operate by sponsoring local events, engaging in public planning processes, and offering educational programs in partnership with local institutions. We encourage our employees to participate in volunteer initiatives, enhancing community relations and ensuring that our projects reflect local needs and values.

We continuously innovate to make urban planning more accessible through our web platform, reducing barriers to engagement and allowing for broader community input. This approach not only supports democratic participation but also contributes to environmental sustainability by minimising the need for travel.

Wellbeing

Our commitment to employee wellbeing is reflected in our comprehensive health programs, flexible work policies, and mental health support. We ensure that our work environments are safe and inclusive, fostering a culture of respect and diversity.

Pricing

Price: £9,800 a licence a year
Discount for educational organisations: Yes
Free trial available: Yes
Description of free trial: 24 hours trial
Link to free trial: https://www.vu.city/trial

3D City Visualisation Platform for Urban Planning and Community Engagement

Features

Benefits

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Pricing

Service documents

Cookies on Digital Marketplace

3D City Visualisation Platform for Urban Planning and Community Engagement

Features

Benefits

Pricing

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Social Value

Pricing

Service documents