Skip to main content

Help us improve the Digital Marketplace - send your feedback

AVR Group Limited

Multi Agency Incident Transfer Hub

MAIT, or Multi Agency Incident Transfer, is the catalyst for seamless incident communication among emergency services. Developed in collaboration with British APCO, MAIT adheres to an open standard, fostering quicker and more informed decision-making during critical incidents.

Features

  • Real time incident transfer
  • Secure
  • Resilient architecture
  • UK Data Centres

Benefits

  • Rapid communications
  • Reduces response times
  • Secure, reliable communications
  • Transfer one incident to many responders

Pricing

£2,000 a licence a year

  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at paul.miller@monitoring.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

6 1 5 6 3 7 3 1 7 8 1 3 6 9 6

Contact

AVR Group Limited Paul Miller
Telephone: 08704009998
Email: paul.miller@monitoring.co.uk

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
Interfaces to MAIT compliant emergency service command and control systems for instant incident transfer
Cloud deployment model
Private cloud
Service constraints
99.99% availability except during agreed maintenance windows
System requirements
  • MAIT Integrated, compatible command and control system
  • MAIT Web, Windows 10, Windows 11 OS

User support

Email or online ticketing support
Email or online ticketing
Support response times
Online support tickets responded to within 60 minutes 24 hours/day 365 days/year
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
No
Onsite support
No
Support levels
Support is integral to the AVR MAIT hub service and is available 24 hours/day 365 days/year without additional cost. Users can reach out for assistance at any time of the day including public holidays.
Support is provided through email, phone calls, and a dedicated support portal. This ensures users can choose the most convenient method for seeking help based on their preferences and urgency of the issue.
The support team likely consists of highly skilled professionals who are well-versed with the intricacies of the AVR MAIT hub and its underlying technology and is equipped to handle a wide range of issues effectively and efficiently.
Beyond reactive support, the AVR MAIT service includes proactive monitoring of system health and performance to help in identifying and resolving potential issues before they escalate, ensuring uninterrupted service availability.
Support available to third parties
No

Onboarding and offboarding

Getting started
User documentation augmented with online training and technical support. Where users are operating an integrated command and control system user training and documentation will be provided by the command and control system provider. The standalone AVR MAIT web based option includes online user documentation.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
The user will specify the specific data sets or categories to be extracted. The export formats include CSV (Comma-Separated Values), Excel spreadsheets, and PDFs. Once the export is complete, the integrity of the exported data may be verified by reviewing sample files and perform data validation checks to ensure accuracy and completeness.
The extracted data will be secured during the transition period and thereafter securely transferred to the user.
After successfully transferring the data to the user, the account will be closed and all data deleted to ensure no unauthorised access to user data post-contract termination.
End-of-contract process
Data extract is provided at the end of the contract without cost, their are no charges to exit the contract when the contract ends.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
Application to install
No
Designed for use on mobile devices
No
Service interface
No
User support accessibility
WCAG 2.1 AAA
API
No
Customisation available
Yes
Description of customisation
AVR can customise the MAIT web service (non-integrated) to meet user requirements regarding labelling of fields, alerting options, and message broadcasts while maintaining compatibility with the MAIT schema and other connected systems

Scaling

Independence of resources
The AVR MAIT service infrastructure is highly scalable, capable of dynamically adjusting resources based on demand fluctuations. This ensures that increased usage by one set of users doesn't degrade performance for others.
Load balancing techniques evenly distribute messages across multiple servers to prevents any single server from becoming overloaded.
Monitoring and alerting systems continuously track performance and resource utilisation, and alert administrators of any performance degradation so that proactive measures can be taken.
By implementing these strategies the AVR MAIT service ensures that users are insulated from the impact of demand fluctuations, delivering a reliable messaging experience for all users.

Analytics

Service usage metrics
Yes
Metrics types
Service usage metrics for the AVR MAIT service include:

The number of unique users actively engaging with the messaging service within a specified time frame.

Total volume of messages sent and received over a given period.

The percentage of messages successfully delivered to recipients without errors or delays.

Average time it takes for messages to be delivered from sender to recipient.

System uptime and responsiveness.

Metrics related to data security, privacy, and compliance with regulatory requirements to ensure the messaging service meets data protection requirements and user expectations.
Reporting types
Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2019
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Users will not normally export data when using MAIT - data is transferred between participating organisations in real time
Data export formats
CSV
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
Service availability 99.99%, full details provided in Service Level Agreement Document
Approach to resilience
Resilient architecture distributed across geographically separated secure locations. ISO 27001 and ISO 22301 certificated - further information available on request
Outage reporting
Any service outages are notified by email alerts

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
Access to management interfaces and support channels is enforced through robust access controls. Role-based access control (RBAC) assigns permissions based on job roles and responsibilities. Multi-factor authentication (MFA) enhances authentication security. Access permissions are regularly reviewed and update to ensure only authorised personnel have access. Encrypted connections (e.g., SSL/TLS) are used to secure communications and access logs monitored for suspicious activities and any anomalies promptly investigated
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
Isoqar
ISO/IEC 27001 accreditation date
17/11/2011, expiry 17/11/2026
What the ISO/IEC 27001 doesn’t cover
All aspects of the MAIT service are in scope
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
MAIT Data is classified by the message originator and role-based access control (RBAC) utilised to restrict access to authorised personnel.
A patch management process ensures timely installation of security patches and updates for software, applications, and systems to address known vulnerabilities.
The Senior Information Risk Owner ensures compliance with policies and regulations and receives reports from the technical team and/or Data Protection Officer of any security incidents. Periodic audits, security assessments and IT CHECK health checks evaluate compliance with information security policies and identify areas for improvement.
Security controls and technologies include firewalls, intrusion detection/prevention systems (IDS/IPS), and data loss prevention (DLP) solutions to enforce policy adherence and protect against threats.
There is continual monitoring and review of information security policies and processes to adapt to evolving threats, technology advancements, and regulatory changes.
Certified compliant to ISO 27001 by UKAS accredited certification body.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
The AVR Configuration and change management process entails documenting all service components, submitting change requests, and undergoing review before testing and deployment. Components are tracked using an inventory system, documenting configurations and versions. Changes undergo rigorous security impact assessments, considering vulnerabilities, compliance, access control, data protection, and incident response implications. Regular audits ensure adherence to standards and timely updates to the process for evolving security needs
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
The AVR vulnerability management process involves continuous assessment of potential threats to services. This includes identifying vulnerabilities, prioritising them based on severity, and implementing appropriate controls or patches within 14 days of release by the supplier. Information about potential threats is sourced from various channels including the National Cyber Security Centre, National Protective Security Authority, threat intelligence feeds, vendor notifications, and security forums. Regular vulnerability scans, penetration testing (NCSC CHECK scheme), and security audits help ensure proactive identification and mitigation of security risks, adhering to industry standards and best practices
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Protective monitoring aligns with the government's 5th cloud security principle by continuously monitoring system activities and network traffic for suspicious behaviour or unauthorised access. Real-time analysis of logs, alerts, and security events enables promptly detection and response to potential threats. Monitoring tools are deployed to track user activities, system changes, and data access, ensuring compliance with security policies and regulations. Incident response procedures are in place 24/7/365 to investigate and mitigate security incidents swiftly, minimising the impact on operational security.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
The AVR incident management process ensures swift response to security incidents detected by or reported to our 24/7/365 centre. Pre-defined processes outline steps required for events including unauthorised access attempts, malware detection, or data breaches. Incidents are reported via an online support ticketing system, categorised, prioritised, and assigned to appropriate responders. Established procedures exist for containment, eradication, and recovery to minimise impact on operational security. Post-incident analysis facilitate continuous improvement and resilience against future incidents, incident reports are distributed from the online support ticketing system

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
Yes
Connected networks
  • Public Services Network (PSN)
  • Police National Network (PNN)

Social Value

Social Value

Social Value

  • Tackling economic inequality
  • Equal opportunity

Tackling economic inequality

Eeconomic inequality is tackled by implementing various strategies aligned with the Social Value themes including fair employment practices where AVR offers fair wages, benefits, and opportunities for career advancement to all employees, regardless of background or socioeconomic status. Our policies promote diversity, equality and inclusion in the workplace.We invest in local communities by supporting small businesses and sponsoring community projects.
Goods and services are sources from a diverse range of suppliers, including where possible minority-owned businesses.
Our employees are encouraged to participate in training programs, to acquire the skills and knowledge needed to succeed in the workplace. Support initiatives are aimed at closing the skills gap and promoting lifelong learning. We are committed to paying a living wage that enables employees to meet their basic needs and achieve financial stability.

Equal opportunity

AVR implement fair and inclusive recruitment processes to attract candidates from diverse backgrounds and provide equal access to job opportunities regardless of gender, race, ethnicity, disability, or other factors.
The work environment is inclusive where all employees feel valued, respected, and empowered to contribute their unique perspectives.
Facilities, technologies, and workplace practices are accessible to individuals with disabilities and we provide reasonable accommodations and support services to employees who require them to perform their job duties effectively.
Training programs (internal and external) and leadership development opportunities are available to help employees from underrepresented groups advance in their careers. There is support for skill-building and professional growth, including access to networking events and conferences.
Pay and benefits are fair and equitable across demographic groups and there are no gender or racial pay gaps.
We collaborate with organisations to provide resources and opportunities for individuals from underprivileged backgrounds.
AVR fully supports policies and legislation that promote equal opportunities and diversity initiatives.

Pricing

Price
£2,000 a licence a year
Discount for educational organisations
No
Free trial available
Yes
Description of free trial
A demonstration version is available for time unlimited evaluation

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at paul.miller@monitoring.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.