Kaarbon Technology Ltd

KT Collector

An asset management system allowing mobile users to add highway asset data and geo-referenced mapping for offline use and modelling. The mobile application uploads updated inspection or network data to the cloud system. utilises the ESRI collector Android or Apple app in conjuction with our bespoke web browser reporting system.

Features

• Mandatory data capture, offline working, 'If This, Then That' (IFTTT)
• Associate Council datasets, interface with GIS, CRM, import existing assets
• Defined risk groups with map visualisation and work package allocation
• Create programme based on risk, resilience, importance and importance
• Independent Defect recording with service request/fulfillment facility, HADDMS compatible
• Reporting suite with map view, export functionality (shp csv etc).
• Integration/Interface with existing corporate systems, Symology, Confirm, Alloy, etc

Benefits

• Self served mobile working, outstanding todo filter and inspection history
• Any attribute report filtering, including drawn area, and inspection history
• Onsite or online training, remote desktop support, normal working hours
• Data validation service to confirm data attributes and location information
• Flexible creation of work packages from report output, Interactive KPI's
• PDF reports with automatic compilation of maps, photos, inspection data
• Does not require dedicated client resource to manage system.
• Dedicated account manager, GDPR Compliant, ISO 27001 accreditation

£995 to £1,295 a licence a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@kaarbontech.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

643863649547914

Contact

Graeme Forward
01202031333
sales@kaarbontech.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: There are no service constraints.
• System requirements:
  • Web browser, Google Chrome, Mozilla Firefox, Edge or Internet Explorer
  • Internet connection, minimum 10Mbps and latency less than 100ms

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Monday to Friday 8am to 6pm - response within 60 minutes, out of hours SLA can be specified, further details on request
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Our support services are delivered by online ticket, email or telephone and are operational 0800 until 1800 UK time, Monday to Friday excluding bank and public holidays. We do provide a dedicated account manager for each customer but this is not specifically a technical or cloud support engineer.; ; We offer onsite support at the rate published on our pricelist.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We provide detailed training video's, telephone support and offer on site training for an additional fee
• Service documentation: Yes
• Documentation formats:
  • PDF
  • Other
• Other documentation formats: Video tutorials
• End-of-contract data extraction: All data can be exported at any time during the contract period.
• End-of-contract process: No additional charges are due at the end of the contract.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • Windows Phone
  • Other
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Mobile service can have offline maps for use when a mobile signal is not available.
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: Our API is not part of our standard G Cloud offering, Please contact us to discuss your requirements
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Asset collection process has questions based on HMEP advice, answers to these questions can be personalised by buyer once an order has been received.

Scaling

• Independence of resources: We limit the amount of customers hosted on a single server and monitor demand to ensure system is optimised at all times

Analytics

• Service usage metrics: Yes
• Metrics types: Real-time management and login information provided
• Reporting types: Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Data can be exported in from the operations tab on the main menu or from many of the reporting screens within the system.
• Data export formats:
  • CSV
  • Other
• Other data export formats: Esri Shapefile
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: 99% service availablility
• Approach to resilience: Detailed resilience information available on request
• Outage reporting: Email alert of service outages.

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: We use Puppet as our core user control system. Access can be restricted via an access control dashboard, restricted access and version control access is also applied to reduce the possibility of unauthorised access to the system
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Approachable Certification Ltd
• ISO/IEC 27001 accreditation date: 01/04/2021
• What the ISO/IEC 27001 doesn’t cover: Website (kaarbontech.co.uk)
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Our policies around information security are held within the companies ‘service definition’ document and are reviewed annually. All queries or issues with regard to information security should be reported the Information Security Officer who has ultimate authoritiy over IT governance.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: All changes to the KaarbonTech software source code are recorded using version-control software GIT, which carries an audit trail showing who has made what change. Access to KaarbonTech code is limited through GitHub Teams, which produces an audit log and restricts permissions as per our configuration. GitHub issues are used to track all change requests and log changes. Code is only be deployed on Production servers following a full testing cycle.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Vulnerability monitoring tools operate in realtime and any potential threats are assessed using the Common Vulnerability Scoring System (CVSS). All identified vulnerabilities are risk assessed, where remedial action is required this is carried out within our vulnerability management lifecycle. Standard updates are installed monthly or when specific vulnerabilites are identified.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Static source code analysis is performed using Perl::Critic. Github security services monitor for dependency issues and send alerts, or create automatic patches for testing.; ; All servers run IPTables firewalls locked down to just the ports required. Developers and admins connect to the servers using a Secure Shell and keys. All servers run auditd to monitor system alterations and stream logs to a central log server. We have the ability to activate DDOS protection by enabling Cloudflare proxy protection. Potential compromises that require remediation are dealt with immediately.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Security incidents may be identified through a number of channels: by real-time system monitoring, regular penetration testing or identified by a member of staff. All users of KaarbonTech systems and services are required to report any information security weakness, event, or incident to the Information Security Officer. All incidents are classified into one of three tiers and managed appropriately. Target times for response depend on the severity and classification of the incident and relevant parties will be notified where applicable.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  Our environmental management and impact policy provides a process for assessing, measuring, and mitigating the environmental impact of KaarbonTech operations. A copy of this policy is available on request.
• Covid-19 recovery:

  Covid-19 recovery

  In March 2020 we created a covid-19 risk matrix for all staff to use to mitigate the effect of coronavisus on the business, it proved effective in keeping staff and customers safe and is update annually to ensure readiness should we need to react to the changing environment. A copy of this risk matrix is available on request.
• Tackling economic inequality:

  Tackling economic inequality

  At KaarbonTech we recognise economic inequality is relevent to various functions within the business, we therefore strive to ensure payments to suppliers are made promptly and our recruitment processes recognise this providing opportunities for training and persoal growth within the business.
• Equal opportunity:

  Equal opportunity

  KaarbonTech recognises that it is essential to provide equal opportunities to all persons without discrimination. We operate a policy which sets out the organisation's position on equal opportunity in all aspects of employment, including recruitment and promotion, giving guidance and encouragement to employees at all levels to act fairly and prevent discrimination on the grounds of sex, race, marital status, part-time and fixed term contract status, age, sexual orientation, or religion.
• Wellbeing:

  Wellbeing

  KaarbonTech approach to wellbeing encompasses good mental, physical, financial and social health, we aim to create a workplace culture where employees feel comfortable to talk, seek help and support, provided by a designated member of the team.; We recognise that our employees may encounter events that may affect; them in the workplace including those related to their health, personal or domestic situation as well as work-related problems and aim to support them during these times.

Pricing

• Price: £995 to £1,295 a licence a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@kaarbontech.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.