Multi Agency Incident Transfer Hub
MAIT, or Multi Agency Incident Transfer, is the catalyst for seamless incident communication among emergency services. Developed in collaboration with British APCO, MAIT adheres to an open standard, fostering quicker and more informed decision-making during critical incidents.
Features
- Real time incident transfer
- Secure
- Resilient architecture
- UK Data Centres
Benefits
- Rapid communications
- Reduces response times
- Secure, reliable communications
- Transfer one incident to many responders
Pricing
£2,000 a licence a year
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
6 1 5 6 3 7 3 1 7 8 1 3 6 9 6
Contact
AVR Group Limited
Paul Miller
Telephone: 08704009998
Email: paul.miller@monitoring.co.uk
Service scope
- Software add-on or extension
- Yes, but can also be used as a standalone service
- What software services is the service an extension to
- Interfaces to MAIT compliant emergency service command and control systems for instant incident transfer
- Cloud deployment model
- Private cloud
- Service constraints
- 99.99% availability except during agreed maintenance windows
- System requirements
-
- MAIT Integrated, compatible command and control system
- MAIT Web, Windows 10, Windows 11 OS
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- Online support tickets responded to within 60 minutes 24 hours/day 365 days/year
- User can manage status and priority of support tickets
- No
- Phone support
- Yes
- Phone support availability
- 24 hours, 7 days a week
- Web chat support
- No
- Onsite support
- No
- Support levels
-
Support is integral to the AVR MAIT hub service and is available 24 hours/day 365 days/year without additional cost. Users can reach out for assistance at any time of the day including public holidays.
Support is provided through email, phone calls, and a dedicated support portal. This ensures users can choose the most convenient method for seeking help based on their preferences and urgency of the issue.
The support team likely consists of highly skilled professionals who are well-versed with the intricacies of the AVR MAIT hub and its underlying technology and is equipped to handle a wide range of issues effectively and efficiently.
Beyond reactive support, the AVR MAIT service includes proactive monitoring of system health and performance to help in identifying and resolving potential issues before they escalate, ensuring uninterrupted service availability. - Support available to third parties
- No
Onboarding and offboarding
- Getting started
- User documentation augmented with online training and technical support. Where users are operating an integrated command and control system user training and documentation will be provided by the command and control system provider. The standalone AVR MAIT web based option includes online user documentation.
- Service documentation
- Yes
- Documentation formats
- End-of-contract data extraction
-
The user will specify the specific data sets or categories to be extracted. The export formats include CSV (Comma-Separated Values), Excel spreadsheets, and PDFs. Once the export is complete, the integrity of the exported data may be verified by reviewing sample files and perform data validation checks to ensure accuracy and completeness.
The extracted data will be secured during the transition period and thereafter securely transferred to the user.
After successfully transferring the data to the user, the account will be closed and all data deleted to ensure no unauthorised access to user data post-contract termination. - End-of-contract process
- Data extract is provided at the end of the contract without cost, their are no charges to exit the contract when the contract ends.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Application to install
- No
- Designed for use on mobile devices
- No
- Service interface
- No
- User support accessibility
- WCAG 2.1 AAA
- API
- No
- Customisation available
- Yes
- Description of customisation
- AVR can customise the MAIT web service (non-integrated) to meet user requirements regarding labelling of fields, alerting options, and message broadcasts while maintaining compatibility with the MAIT schema and other connected systems
Scaling
- Independence of resources
-
The AVR MAIT service infrastructure is highly scalable, capable of dynamically adjusting resources based on demand fluctuations. This ensures that increased usage by one set of users doesn't degrade performance for others.
Load balancing techniques evenly distribute messages across multiple servers to prevents any single server from becoming overloaded.
Monitoring and alerting systems continuously track performance and resource utilisation, and alert administrators of any performance degradation so that proactive measures can be taken.
By implementing these strategies the AVR MAIT service ensures that users are insulated from the impact of demand fluctuations, delivering a reliable messaging experience for all users.
Analytics
- Service usage metrics
- Yes
- Metrics types
-
Service usage metrics for the AVR MAIT service include:
The number of unique users actively engaging with the messaging service within a specified time frame.
Total volume of messages sent and received over a given period.
The percentage of messages successfully delivered to recipients without errors or delays.
Average time it takes for messages to be delivered from sender to recipient.
System uptime and responsiveness.
Metrics related to data security, privacy, and compliance with regulatory requirements to ensure the messaging service meets data protection requirements and user expectations. - Reporting types
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Conforms to BS7858:2019
- Government security clearance
- Up to Security Clearance (SC)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- No
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- ‘IT Health Check’ performed by a CHECK service provider
- Protecting data at rest
-
- Physical access control, complying with CSA CCM v3.0
- Encryption of all physical media
- Data sanitisation process
- Yes
- Data sanitisation type
- Deleted data can’t be directly accessed
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
- Users will not normally export data when using MAIT - data is transferred between participating organisations in real time
- Data export formats
- CSV
- Data import formats
- CSV
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- Private network or public sector network
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
Availability and resilience
- Guaranteed availability
- Service availability 99.99%, full details provided in Service Level Agreement Document
- Approach to resilience
- Resilient architecture distributed across geographically separated secure locations. ISO 27001 and ISO 22301 certificated - further information available on request
- Outage reporting
- Any service outages are notified by email alerts
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Limited access network (for example PSN)
- Dedicated link (for example VPN)
- Username or password
- Access restrictions in management interfaces and support channels
- Access to management interfaces and support channels is enforced through robust access controls. Role-based access control (RBAC) assigns permissions based on job roles and responsibilities. Multi-factor authentication (MFA) enhances authentication security. Access permissions are regularly reviewed and update to ensure only authorised personnel have access. Encrypted connections (e.g., SSL/TLS) are used to secure communications and access logs monitored for suspicious activities and any anomalies promptly investigated
- Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Limited access network (for example PSN)
- Dedicated link (for example VPN)
- Username or password
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- At least 12 months
- Access to supplier activity audit information
- Users have access to real-time audit information
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- Isoqar
- ISO/IEC 27001 accreditation date
- 17/11/2011, expiry 17/11/2026
- What the ISO/IEC 27001 doesn’t cover
- All aspects of the MAIT service are in scope
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- No
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
-
MAIT Data is classified by the message originator and role-based access control (RBAC) utilised to restrict access to authorised personnel.
A patch management process ensures timely installation of security patches and updates for software, applications, and systems to address known vulnerabilities.
The Senior Information Risk Owner ensures compliance with policies and regulations and receives reports from the technical team and/or Data Protection Officer of any security incidents. Periodic audits, security assessments and IT CHECK health checks evaluate compliance with information security policies and identify areas for improvement.
Security controls and technologies include firewalls, intrusion detection/prevention systems (IDS/IPS), and data loss prevention (DLP) solutions to enforce policy adherence and protect against threats.
There is continual monitoring and review of information security policies and processes to adapt to evolving threats, technology advancements, and regulatory changes.
Certified compliant to ISO 27001 by UKAS accredited certification body.
Operational security
- Configuration and change management standard
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Configuration and change management approach
- The AVR Configuration and change management process entails documenting all service components, submitting change requests, and undergoing review before testing and deployment. Components are tracked using an inventory system, documenting configurations and versions. Changes undergo rigorous security impact assessments, considering vulnerabilities, compliance, access control, data protection, and incident response implications. Regular audits ensure adherence to standards and timely updates to the process for evolving security needs
- Vulnerability management type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Vulnerability management approach
- The AVR vulnerability management process involves continuous assessment of potential threats to services. This includes identifying vulnerabilities, prioritising them based on severity, and implementing appropriate controls or patches within 14 days of release by the supplier. Information about potential threats is sourced from various channels including the National Cyber Security Centre, National Protective Security Authority, threat intelligence feeds, vendor notifications, and security forums. Regular vulnerability scans, penetration testing (NCSC CHECK scheme), and security audits help ensure proactive identification and mitigation of security risks, adhering to industry standards and best practices
- Protective monitoring type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Protective monitoring approach
- Protective monitoring aligns with the government's 5th cloud security principle by continuously monitoring system activities and network traffic for suspicious behaviour or unauthorised access. Real-time analysis of logs, alerts, and security events enables promptly detection and response to potential threats. Monitoring tools are deployed to track user activities, system changes, and data access, ensuring compliance with security policies and regulations. Incident response procedures are in place 24/7/365 to investigate and mitigate security incidents swiftly, minimising the impact on operational security.
- Incident management type
- Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
- Incident management approach
- The AVR incident management process ensures swift response to security incidents detected by or reported to our 24/7/365 centre. Pre-defined processes outline steps required for events including unauthorised access attempts, malware detection, or data breaches. Incidents are reported via an online support ticketing system, categorised, prioritised, and assigned to appropriate responders. Established procedures exist for containment, eradication, and recovery to minimise impact on operational security. Post-incident analysis facilitate continuous improvement and resilience against future incidents, incident reports are distributed from the online support ticketing system
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Public sector networks
- Connection to public sector networks
- Yes
- Connected networks
-
- Public Services Network (PSN)
- Police National Network (PNN)
Social Value
- Social Value
-
Social Value
- Tackling economic inequality
- Equal opportunity
Tackling economic inequality
Eeconomic inequality is tackled by implementing various strategies aligned with the Social Value themes including fair employment practices where AVR offers fair wages, benefits, and opportunities for career advancement to all employees, regardless of background or socioeconomic status. Our policies promote diversity, equality and inclusion in the workplace.We invest in local communities by supporting small businesses and sponsoring community projects.
Goods and services are sources from a diverse range of suppliers, including where possible minority-owned businesses.
Our employees are encouraged to participate in training programs, to acquire the skills and knowledge needed to succeed in the workplace. Support initiatives are aimed at closing the skills gap and promoting lifelong learning. We are committed to paying a living wage that enables employees to meet their basic needs and achieve financial stability.Equal opportunity
AVR implement fair and inclusive recruitment processes to attract candidates from diverse backgrounds and provide equal access to job opportunities regardless of gender, race, ethnicity, disability, or other factors.
The work environment is inclusive where all employees feel valued, respected, and empowered to contribute their unique perspectives.
Facilities, technologies, and workplace practices are accessible to individuals with disabilities and we provide reasonable accommodations and support services to employees who require them to perform their job duties effectively.
Training programs (internal and external) and leadership development opportunities are available to help employees from underrepresented groups advance in their careers. There is support for skill-building and professional growth, including access to networking events and conferences.
Pay and benefits are fair and equitable across demographic groups and there are no gender or racial pay gaps.
We collaborate with organisations to provide resources and opportunities for individuals from underprivileged backgrounds.
AVR fully supports policies and legislation that promote equal opportunities and diversity initiatives.
Pricing
- Price
- £2,000 a licence a year
- Discount for educational organisations
- No
- Free trial available
- Yes
- Description of free trial
- A demonstration version is available for time unlimited evaluation