TARANTO SYSTEMS LIMITED

Taranto

The Taranto notice processing system combines over twenty-years of market experience and parking sector expertise, with a cutting-edge, future-proof, fully web-enabled application.

Taranto has been developed to drive efficiencies through on-street and back-office processes; as well as transferring parking administration to the customer through self-serve functionality.

Features

  • Automated Progression
  • Automated Correspondence
  • Real-time Ticketing
  • SSRS Reporting
  • Web-enabled Solution
  • Integrated Self-serve Functionality
  • Environmental Enforcement
  • Clamping and Removal
  • Clean Air Zone Enforcement
  • Blue Badge Management

Benefits

  • Immediate PCN progression from Android app to back-office solution
  • Multi-functional application; manage PCNs, FPNs, Permits and more
  • Real-time GPS tracking, fault-reporting, clamping and removal management
  • Intelligent deployment through location tools, real-time geolocation and historic reporting
  • Automatic allocation of incoming correspondence and work through Workflow
  • Completely customisable solution with focus on user empowerment
  • Totally web-enabled access without the need of third-party software
  • Customisable levels of user-access to specific functionality for every user
  • Automatic report and system dashboard distribution
  • Branded and customisable web-portals for PCNs, Permits, Suspensions and Issue-Reporting

Pricing

£5,000 a licence a year

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at chris.murphy@tarantosystems.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

6 6 2 4 4 5 0 9 6 4 5 8 3 0 0

Contact

TARANTO SYSTEMS LIMITED Chris Murphy
Telephone: 07969 430632
Email: chris.murphy@tarantosystems.com

Service scope

Software add-on or extension
No
Cloud deployment model
Private cloud
Service constraints
The Taranto Mobile enforcement application is used via a handheld device running Android OS. However, the software is device agnostic, meaning that it is compatible with a wide-range of hardware, providing the version of Android OS is higher than 5.1.
System requirements
  • Modern web-browser to access back-office solution (Edge, Chrome, Safari, etc.)
  • Handheld device running Android 5.1 or higher to use app

User support

Email or online ticketing support
Email or online ticketing
Support response times
When an issue is raised by the user, one of our support engineers will assign the issue a severity level. Once we have agreed the severity level with the user, our team will aim to respond within the timeframes of the agreed SLA.

We have standard support hours (8:30am-5:30pm) however, we also have the platform to provide an ‘out of hours’ support facility through a staffed support service, which is available 24 hours a day, 7 days a week (excluding bank holidays).
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Onsite support
Support levels
We offer a “standard” support package covering hours (8:30am-5:30pm), but we have the platform to provide an ‘out of hours’ support facility through a staffed support service, which is available 24 hours a day, 7 days a week (excluding bank holidays). We are of course happy to discuss the optional enhanced service.

Our Support team is split across our Liverpool and London offices. The team consists of an Service Delivery Director, who leads the function; a Service Delivery Manager, who manages the support engineers; and, a mixture of Senior Technical Engineers and Technical Engineers.

Each of our clients is assigned a team of engineers, who will be dedicated to their service; this will be true for the user's contract. We will are happy to discuss alternate support levels with customers as the contract matures.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
We have years of experience in delivering Taranto system training for our new and existing users. We successfully deliver training to hundreds of users each year, offering a tailored and flexible approach to all our customers.

Our dedicated training team are responsible for working with the customers and our own project managers to ensure a smooth transition to Taranto - the user's understanding of the software is critical to the successful delivery of the project.

Interactive classroom sessions are used to deliver ‘train the trainer’ courses to the council’s trainers or to train users directly (depending on the client's preference), and covering all pertinent areas of the system to the user. Training can be delivered remotely if required / preferred

During go-live, floor-walkers will be available to support system users to ensure that there is a smooth transition from learning to practical use of the solution.

Following the classroom training, evaluation forms will be used to gather feedback from the council’s training experience. This will ensure a high level of quality is maintained and reflected in our training delivery. We can also deliver post go-live webinar sessions to pick up any residual queries relating to the functionality of the system.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Users can extract their data from Taranto using the various data export and reporting available as part of the Taranto solution, however, we would expect to assist the client with this process, and can facilitate an open, transparent and easy exit strategy should a contract held between ourselves and the user come to an end.
End-of-contract process
Users can expect us to act professionally in communicating with both themselves and the new provider, should a contract held between ourselves and a user come to an end, in a defined transition of responsibilities.

This will include an extract of data (in a suitably agreed format to protect our database IPR), decommissioning handheld hardware containing our software, exchanging database information if required (e.g., data dictionaries) and passing over all documentation stored upon TSL infrastructure.

Moreover, we will endeavour to facilitate transparency with the new provider in an effort to leave the user in an agreeable position following our tenure as supplier. We are happy to agree a plan for this before the award of the contract, or to agree a specific date timeline as part of the contract.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
The Taranto solution is comprised of a handheld application that is used for PCN issuance (and much more) that communicates with a web-based, back-office solution. Portals are designed to work on mobile devices.
Service interface
No
User support accessibility
WCAG 2.1 AA or EN 301 549
API
Yes
What users can and can't do using the API
Taranto has an established existing suite of documented APIs that can be used in many different use-cases.

Taranto has been designed to make interfacing with third party applications as straightforward and as simple as possible - Taranto can provide a data source for the operation to utilise, either through the front-end, GUI based solution (the Taranto website used within the Back Office), or via an API that can enable two-way communication with Taranto to be easily accomplished. This versatility and transparency means that Taranto can easily communicate with multiple external systems in multiple ways concurrently, and can easily assist with the integration of disparate systems.

We provide our clients with full documentation of our APIs and we are happy for any third-party provider to develop against our system, so long as our IPR is not infringed or at risk.
API documentation
Yes
API documentation formats
PDF
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
Taranto is used in various different geographies and in numerous different environments, including both on street and off street.

The system can be configured to be used in accordance with a variety of different legislations including, but not limited to, Road Traffic Regulation (Special Events) Act 1994, London Local Authorities Acts 1996 to 2008, Traffic Management Act 2004, including those issued by CEOs, CCTV (Bus Lane, Camera Enforcement & Mobile Unit Enforcement, including all Moving Traffic Contraventions (incl. 2022)). The system is not limited to the listed legislations; rules can be amended (or just relaxed) through Taranto’s own configuration module to align with user policies.

Taranto Policy will allow the users to maintain its own, individual polices. By default, Taranto follows statutory rules for processing different PCNs through the required stages and at the correct timescales in line with legislative requirements). The module can be used by users with the correct access levels (definable by operation itself) to amend these rules, providing flexibility to easily respond to changes in legislation or policy, including pre-fix, progression path, statutory documents, new schemes such as additional permit types, cancellation-codes, new locations, contraventions, permit types and logo alterations, and more.

Scaling

Independence of resources
The structure of the back-office database means that it is a highly robust and scalable solution. Taranto is used nationwide to process PCNs within a wide range of local authority and private company clients, and is deployed within some of the more strategically important and taxing operations in the UK. As such, we are confident about its ability to support the requirements of users, no matter how much their operation expands. Our hosted solution ensures that the demand of one client will not affect the performance of another.

Analytics

Service usage metrics
No

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
None

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Although direct database access is restricted, there are various options available to the user's System Administrators to export data from within the Taranto database. Taranto has specific functionality for this task called QueryBuilder which enables the user to construct database type queries to run against the database to export data. These can range from very simple to extremely complex queries.

Separate to QueryBuilder, Taranto has a varied suite reporting tools. All are included within the standard Taranto offer and no additional licences are required, meaning that each solution can be accessed by all users, dependent on permissions settings.
Data export formats
  • CSV
  • Other
Other data export formats
  • PDF
  • XLS
  • DOC
  • XML
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
We are is used to working to performance targets with associated service credit regimes. We hold current contracts for the largest and most complex enforcement operations in the UK, all of which have well-defined Key Performance Indicators and financial penalties for non-performance. We are comfortable with the addition of such targets in the user's contract and happy to discuss these further.
Approach to resilience
We boast a strong track-record in service provision, with over 99% system uptime in the last two years.

Taranto’s primary and fail-over services are both hosted in the Microsoft Azure Cloud, helping provide us and the council with peace of mind around data security and service uptime. We also employ robust testing processes to ensure data is backed up so that in the unlikely event of a system failure, the council can continue to undertake their business activities.

TSL commissions all services in the Azure UK regions UK South and UK West. Azure utilises multiple datacentres in each region with various degrees of geographical separation, providing unrivalled resilience. All data held is only utilised for purposes specifically agreed with TSL’s clients as part of the provision of our services.

More information is available upon request.
Outage reporting
We fully understand and appreciate the necessity of Taranto to remain active at all times, due to its inherent importance and business-critical function within the UK.

Taranto system outages are immediately dealt with as Priority 1 incidents,

We agree that availability and stability are key to customer experience and confidence in the product. Due to the monitoring, replication and failsafe measures within our hosted environment, we can provide a solution wherein the system can still be available even in the event of certain mechanisms failing, therefore avoiding unnecessary downtime for the user whilst the issues are resolved. This allows us to achieve and maintain an uptime of above 99%, and we have observed this amongst all existing clients hosted by ourselves.

Further, we do not believe in tiered levels of system availability – all clients who use the Taranto hosted solution are given our highest levels of system availability as standard.

Users are contacted if necessary, regarding system outages, however, it's more likely that users will contact us; issues will be dealt with via the escalation protocol followed and business continuity procedures that are in place.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Username or password
Access restrictions in management interfaces and support channels
All management interfaces and support channels are subject to User Authentication. Sensitive data is encrypted through a carefully selected set of proven and robust industry standard delivery channels and encryption protocols, such as 128-bit encrypted password authentication for aspects of our external interfaces which are used by our third parties in accordance with the Data Protection Act. These services can also be made available over HTTPS for added security. All Taranto users have dedicated accounts for both the software solution itself (Taranto) and the online helpdesk solution (Freshdesk). Accounts can have varying user-access permissions.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Limited access network (for example PSN)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
Alcumus ISOQAR
ISO/IEC 27001 accreditation date
29/09/2021
What the ISO/IEC 27001 doesn’t cover
N/A
ISO 28000:2007 certification
No
CSA STAR certification
Yes
CSA STAR accreditation date
19/06/2020
CSA STAR certification level
Level 2: CSA STAR Attestation
What the CSA STAR doesn’t cover
Microsoft hold the above certification for the datacentres that we commission to host Taranto for our clients.
PCI certification
No
Cyber essentials
No
Cyber essentials plus
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
TSL holds ISO27001 and ISO9001, the international standard for information security, for the provision of our IT services. This standard requires systematic examination of any risks to information security, with comprehensive policies to manage those risks put in place.

By continuously updating our data security policies we ensure that we are a proactive organisation, not a reactive one. As part of the certification, we maintain an Information Management System (IMS), with documented and evidenced processes to maintain the confidentiality, integrity, and availability of TSL and client data. Part of our IMS includes supplier management, and clauses in our supplier contracts to ensure that TSL and client data is only to be used for service delivery.

Security and information security from a key part of our approach of our financial and operational risk reporting mechanisms. Business and IT risks are tracked and reviewed as part of the management governance process. Quarterly ICT and Integrated Management System meetings are held with the directors and IT to review security related topics.

Certification to ISO27001 demonstrates our commitment to ensure client’s information is kept secure and shows our ongoing commitment to delivering an exceptional service.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Should users wish for any bespoke changes to be made to the application (amending look and feel, or bespoke enhancements to pre-coded functionality) that are beyond user control, then these would need to be made by ourselves. Such changes must follow the agreed Change Control process; including assessment for potential security impact.

Once complete, we have a policy of making a new software release available once every four months; this includes both bug fixes and enhancements. As part of each upgrade, we provide software release notes and videos providing information on what fixes and functionality are available in each release.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
We utilise Azure Security Centre for Pro-Active Security as a Service monitoring. This allows us to constantly monitor the security state of Azure resources containing user data, and provides various methods to facilitate a secure environment, alongside preventing unauthorised installations / access. We extend security and compliance monitoring on to the inside of the firewall to continually deliver monitoring, protection, and more, 24x7x365.

Should a vulnerability be discovered, the user is immediately notified. An initial mitigation would be implemented as soon as possible to minimise the negative effect of the vulnerability, until a patch is applied as a priority.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
We will utilise the various and industry-standard monitoring tools available as part of Microsoft Azure. Azure security has defined requirements for active monitoring, and service teams configure active monitoring tools in accordance with these requirements. Active monitoring tools include the Microsoft Monitoring Agent (MMA) and System Centre Operations Manager. These tools are configured to provide time alerts to Azure security personnel in situations that require immediate action.
Incident management type
Supplier-defined controls
Incident management approach
We operate a management system which is compliant with the requirements of BS EN ISO 9001:2015. This is independently accredited by a UKAS recognised company. All key services delivered by us are covered by the requirements of this management system.

The Taranto Support team follows rigorous processes that are consistent with industry-standard IT service delivery standards such as Information Technology Infrastructure Library (ITIL) guidelines, and the key framework contained within our ISO 9001:2015 accredited Quality Management System.

Our support service can be accessed via telephone, email, or via an on-line, customer web-portal, the Freshdesk Incident Management Tool.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Social Value

Fighting climate change

Fighting climate change

As part of our long-term commitment to sustainability, we are reducing our environmental impacts – less energy and less waste, and reducing our carbon footprint predominantly from business travel, which is our biggest environmental impact. Additional measures include:

•Restricting the use of travel for internal meetings - we introduced this initiative to encourage staff to utilise our smart working tools in place of all offices; retaining use of Microsoft Teams

• Promoting a Single Use Plastic (SUP) free agenda – TSL are keen to champion a SUP-free policy throughout TSL offices, and join the council in its drive to phase out their use, were reasonably practical, throughout our organisation

• Promoting a flexible work-life balance –TSL encouraged staff to work from home regularly to prevent un-necessary travel, in-turn lowering our carbon footprint, even prior to the COVID-19 pandemic

• Tree Reforestation – Our parent company, Trapeze, are committed to helping improve the UK’s carbon footprint, alongside our own, and we are achieving this through our work with Ecologi, a platform for real climate action. Ecologi facilitate the funding of carbon offset projects and tree planting around the world. Their mission is to reduce 50% of global CO2 emissions by 2040 and responsibly plant billions of trees every year.
Trapeze Group are now partners with Ecologi as we recognise the importance of this work. We are playing our part in offsetting our carbon emissions and contributing to climate positive projects globally, as well as reforestation projects here in the UK. We currently have 1,044 trees planted in any one of the many global projects which means 76.8 tonnes of CO2 is also removed on a monthly basis. Trapeze Group also contribute to the UK tree reforestation scheme where 75 trees are planted every month either in Bath, Wales, or Aberdeen.
Tackling economic inequality

Tackling economic inequality

We aim to assist in tackling economic inequality in many ways. For example, during the mobilisation period, we will commit to working closely with the user to forge relationships with their local supply chain. This could be through networking events, hosting, or supporting supplier days, online forums and supporting business start-ups through advice surgeries.

Further, we have contributed to targeted programmes with schools to “engage, inspire, support and employ” 14 to 19-year-olds: through talks and workshops, mentoring and work experience placements, we have helped students to understand what a career in our industry would look like, and how their own skills and interests could help them to progress. We are happy to explore similar initiatives with the new users.

We regularly offer places to apprenticeships, graduates, and work-placement staff; systematically moving them around various departments, including setting specific training and development programmes, enabling rounded experience to be gained.

In the past three years we have employed three staff at apprenticeship level, three graduates, and one work placement member of staff, the majority of which have gone on to become permanent employees of our business.

These individuals perform duties in relation to all of our contracts, and this will certainly be the case with users' contracts. We will actively ensure that staff at junior grades receive exposure to the service, both in terms of getting involved with supporting the contract in our offices, but also in terms of working on-site with users on specific projects or issues, where appropriate.

Pricing

Price
£5,000 a licence a year
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at chris.murphy@tarantosystems.com. Tell them what format you need. It will help if you say what assistive technology you use.