StatMap Ltd

StatMap Addressing and Geocoding Data Service

StatMap's Addressing and Geocoding Data Service provides an advanced and high performance AddressBase™ Premium look-up, geocoding / cleansing and geospatial search web service. eVO’s APIs enable you to schedule and automate address matching and cleansing – providing you with valid addresses to ensure that your business data is correct.

Features

• Integrates with all REST compatible software applications
• Uses the latest epoch of OS AddressBase Premium
• Secure HTTPS services
• High performance server environments serving UK-wide AddressBase Premium data
• Simple to consume with all GIS (ArcGIS Pro, QGIS, etc.)
• Instant access to over 40 million addresses
• Full Technical Support offered
• Geocoding and Address Matching for over 40 million addresses

Benefits

• Avoid the need to create your own mapping service infrastructure
• Geocode and spatially enable your critical business system data
• Avoid the need to locally store and configure addressing datasets
• Simple purchase of tranches of Transactions
• Best value and most powerful hosted address data services
• Ensures all users accessing most up-to-date AddressBase addressing

£12,000 to £24,000 a licence a year

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@statmap.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

670673251888219

Contact

Gordon Norrie
0844 376 4321
info@statmap.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Hybrid cloud
• Service constraints: There are no constraints to the service. It is provided via an enterprise site licence. The software service is available on a 24/7/365 basis.
• System requirements: REST compatible software client application

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Questions are answered depending upon their urgency. If the question is of high importance / urgency, a response is made within twenty minutes.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AAA
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: The standard support model is the same for all customers.; ; A technical account manager will be provided for each customer. The Cloud support engineer is available via telephone, e-mail or video call.; ; Annual visits to customers by the technical account manager are offered to discuss functionality, service development, offer advice and assistance in getting the most out of the software. These visits are provided as part of the standard annual licencing and maintenance agreement.; ; On-site training is offered to groups for up to 8, at a daily rate of £850.; ; Technical user forums, on-line technical documentation inventory libraries, and on-line report ticketing system for reporting issues, asking questions, and requesting service features.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We offer on-site training, on-line videos, an online library of technical user documentation which provides users with access to everything that they need in order to use all technical elements of the software.; ; The on-boarding process starts with the initial uploading of your spatial data to the Spatial Data Repository database (SQL Server or PostGIS), which StatMap technical personnel will undertake on your behalf - following consultation as to which datasets you wish to upload. As part of the set-up process, we will provide you with two days of 'Knowledge Transfer' which is for the system administrator(s) in order to show them how to set-up and create mapping and spatial applications and projects.; ; For more details, see the Service Specification document where full details for the On-boarding process are provided, along with getting customers up and running with using and developing the services.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: Full details are provided in the Service Specification documentation.; ; In summary, the following steps apply:; ; i) Withdraw all client access to StatMap’s SaaS facility for all StatMap products.; ; ii) Copy and place all client data onto a full database schema file (in the form of a SQL file), incorporating spatial data in Well Known Text (WKT) and Well Known Binary (WKB) formats. That data can then be uploaded onto any separate database of the client’s choice.; ; iii) All data will be additionally copied to ESRI Shapefiles (where the file format restrictions permit) or Geopackage (.gpkg).; ; iv) If requested, StatMap will also supply data in the form of text files, using WKT format for representation of the geometry / geography field.; ; v) All document files will be extracted in native format.; ; vi) All data will be sent to the client on encrypted media.; ; Once the client is satisfied that all data has been adequately returned and that it has been safely uploaded onto alternative storage locations, the client will inform StatMap that they are in agreement to have all data relating to their organisation removed in its entirety from the hosted server – thus protecting the business interests of the client.
• End-of-contract process: The annual licencing and maintenance contract pays for the right to use the software. If the client authority wishes to discontinue use of the system with the provision of advance notification stipulated in the eVO Terms and Conditions documentation, StatMap will - in consultation with the customer - arrange to off-board all of the customer data in an agreed manner.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The application user interface scales itself automatically depending upon the size of the screen of the application from which the request originated.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AAA
• Description of service interface: All visual elements of the software service are accessed via JavaScript enabled internet browser clients (e.g. MS Edge, Google Chrome, Mozilla Firefox, Apple Safari, Opera, etc.); ; Interfaces are also provided via APIs conforming to open standards.
• Accessibility standards: WCAG 2.1 AAA
• Accessibility testing: To ensure inclusivity and compliance with WCAG (Web Content Accessibility Guidelines), we employ several methods for ensuring accessibility of our SaaS applications.; ; Usability testing sessions are conducted with our clients using personnel who sight disabilities to gather real-world feedback on the accessibility of our applications.; ; using screen readers, including NVDA (NonVisual Desktop Access) and JAWS (Job Access With Speech) to navigate through the application.; ; Keyboard navigation is employed and tested fuly to ensure all interactive elements are reachable and operable without a mouse.; ; We test in order to verify that all interactive elements, such as buttons, links, form fields, etc., are announced correctly by the assistive screen reader.; ; Ensure that focus indicators are visible and properly styled for keyboard users.; ; All of our applications are tested with browser zoom settings to ensure content remains accessible and usable at different zoom magnifications.; ; We integrate the use of the WAVE automated accessibility testing tool into our development workflows for scanning each application for common accessibility issues, so integrating testing into the CI/CD pipeline. We do that in order to catch accessibility issues early and ensure continuous accessibility testing.; ; Proper labeling of form elements and alternative text for images is checked for.
• API: Yes
• What users can and can't do using the API: All eVO features of the service are available via API; ; As an example, rich JavaScript APIs enable the embedding of fully customisable interactive maps for all applications, embed application functions configured in eVO Flows, searching for addresses in multiple gazetteers via web-page interface, and much more.; ; Data services are exposed via APIs. These are configured using the administration tools integrated within the internet browser client interface by those granted permissions to do so. APIs enable data to be exposed and consumed as OGC-compliant WFS, WMS, WMTS, JSON / GeoJSON, and GML.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Customisation can be applied to branding, appearance, configuration of the interface, creation and configuration of data, gazetteers, provision of functionality via the creation of Roles - which you can configure to apply to as many users and / or Groups (groups into which users can be added) as you require.

Scaling

• Independence of resources: Client organisations are provided with unique and isolated application server environments. These are unaffected by demand placed upon other server instances used by other client organisations.

Analytics

• Service usage metrics: Yes
• Metrics types: The service usage metrics are available via the Administrator tools integrated into the Earthlight user interface. They can be made available to as many users as the customer wishes to grant (configured via Roles groups), but normally restricted to just a few users with administrator privileges.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: This can be done in two ways: (i) using tools integrated within the internet browser client interface, (ii) using server-side ETL tools to export the data on a scheduled or ad-hoc basis.
• Data export formats:
  • CSV
  • ODF
  • Other
• Other data export formats:
  • Excel
  • MapInfo .TAB
  • GeoPackage (.gpkg)
  • DXF
  • GML
  • KML
  • ESRI Shapefile
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • GeoPackage (.gpkg)
  • MapInfo .TAB
  • ESRI Shapefile
  • GML
  • DXF
  • Excel
  • KML

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: StatMap will use commercially reasonable endeavours to make all services available 99.99% between 6am and 11pm.; ; StatMap will carry out planned, preventative maintenance on a regular basis. Maintenance will be performed outside of the period of Service Desk availability listed above and we will inform the customer with details of the planned maintenance and timescales for completion with a minimum of 5 working days’ notice. Unplanned maintenance will be immediately communicated to the customer along with the action to be taken.; ; Following the receipt of problems with the service, StatMap will assess the availability and if it falls below the OVHcloud guaranteed availability, StatMap will seek to refund customers on a per day basis as a proportion of the annual licencing and maintenance contract.
• Approach to resilience: We offer additional processing power, high-availability and resilience options. This allows deployment of multiple EVO application instances, accompanied by software load balancers and other services to ensure that the service can better withstand periods of high activity and/or the failure of one node. These are available by buying one or more units of Additional Cloud Compute Capacity, depending on the configuration you need.
• Outage reporting: For planned system outages and downtime, the Administration tools within the application browser interface enables system messages to be set to communicate with any and all users to provide them with instructions via the browser client interface. This can be used to report outages and require users to save and logout of the system.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Restriction and control is provided via the Administration tools integrated into the application browser client interface. These enable management interfaces to be restricted to just those granted access to via Administration tools within application.; ; Access for users is governed by the client stipulated requirements, e.g. a username and password to access the system, and with optional 2-factor authentication. In addition to Single Sign On (integration with corporate Identity Provider - e.g. Azure Active Directory), administration tools within the browser client enable for password expiry, session expiration times, minimum password complexities to be set.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: OVHcloud
• ISO/IEC 27001 accreditation date: 22/03/2023
• What the ISO/IEC 27001 doesn’t cover: -
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Information Security policies are held and developed internally and the processes are enforced by the company General Manager who is responsible for corporate information security.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: For tracking components throughout their lifecycle, we implement a number of processes for all of our services, including: A Change Management Team; Defined Change Management Processes; Formal Change Request Submission; Change Review and Approval; Documentation and Tracking (involves comprehensive documentation for all approved changes); Testing and Validation; Deployment and Rollback Procedures; Communication and Stakeholder Management; Continuous Improvement; and Compliance and Auditing.; ; Testing and Validation involves thorough testing and validation of all changes before deployment to the production environment. This includes functional testing, performance testing and security testing to ensure that changes do not adversely affect the application services.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We operate rapid patching and update support. The software is continually monitored for risks and any potential vulnerabilities – but is rigorously tested prior to release, using best practice software development. As such we comply fully with the recommendations made by the Cabinet Office in terms of meeting best practice with regard to the PSN framework.; ; Patching and upgrades to eliminate identified vulnerabilities is undertaken immediately upon identification.; ; Information about potential threats involves use of a threat intelligence aggregation and analysis platform; security mailing lists subscriptions; participating in security forums; monitor security advisories and alerts issued by industry and government.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: We utilise network intrusion detection systems (NIDS) and network traffic analysis tools to monitor inbound and outbound network traffic for suspicious behaviour, anomalous patterns, and known attack signatures.; ; Robust logging of all login attempts, IP addresses, time/date, and login outcome Indicators of Compromise (IoCs) and unusual behaviour patterns are monitored, and controls enable the system administrator to define: failed login attempts allowed; session lengths; Whitelisting IP ranges; password criteria, etc.; ; User behaviour and activity logs to detect unusual or suspicious behaviour indicative of insider threats or compromised accounts. Real-time alerts and notifications identify potential security incidents, enabling response and mitigation.
• Incident management type: Supplier-defined controls
• Incident management approach: Calls and issues are tracked throughout via our Support Centre Ticket System. The pre-defined process for reporting common events is for users to log all incidents via the Support Centre Ticket System. All communication is logged and transmitted to this system. Individual users and clients report through dedicated support accounts.; ; Three levels of reporting provided via the software: (1) Incident reports which describe a single error instance. (2) Security logs which describe users’ activities and are used by system managers to detect any security breaches. (3) Low-level logs which are kept on the server.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity

  Fighting climate change

  StatMap's cloud-hosting data centre partner, OVHcloud, commits to achieve the recently stated aim of The European Green Deal - which recently announced aims to make Europe the world’s first climate neutral continent by 2050. In order to achieve this, OVHcloud recognises that the cloud industry must play its part. OVHcloud commit to leading by example and enable players from other industries who rely on OVHcloud services, as well as its competitors services. OVHcloud fully supports and contributes to the CISPE approach (Cloud Infrastructure Services Providers of Europe). CISPE is an organisation chaired by OVHcloud, which gathers 30 cloud infrastructure services providers operating in Europe. A “Green Cloud Task Force” was set up in December 2019 to discuss how to make this possible and define what Climate Neutrality means for our industry. Members have agreed to reach Climate Neutrality for the cloud infrastructure industry by 2030. Subsequently, the European Digital Strategy, published in February 2020, confirmed that this goal was adequate for the data centre industry.; ; To measure our progress towards our goals, we already collect data on the significant activities in our business which release greenhouse gases and choose a 12-month period over which to collect data on. We will collect data points related to total kilowatt hours used from electricity and gas bills, litres of fuel purchased from invoices and receipts or mileage logbooks, water consumption in cubic metres from our water bill, and the tonnes of waste-to-landfill and recycled from waste collection provider. To calculate the greenhouse gas emissions associated with each activity, we enter this information into an online application to give us a total figure for our emissions. We monitor the results of these calculations and benchmark them against the projected results set at the start of the period.

  Covid-19 recovery

  Public-facing applications provided via the eVO technology platform use common internet browser clients and enable users to participate easily in public-participation exercises / activities, including viewing and responding to consultations via easy to use public-facing interfaces (which are fully accessible to WCAG 2.1 guidelines).; ; eVO technology platform enables users of its applications to participate in community / public consultations from any location and from any device. It means that, not only can members of the public and community groups meaningfully participate at their convenience, it reduces the need for them to travel and that those with physical and mental health problems do not have to make such an effort to attend particular locations in order to make their opinions known, and in so doing they do not need to call upon support workers provided by public-sector institutions in order to assist in getting them to remote locations.; ; Because full system functionality for all eVO technology platform applications is provided via the internet browser client, workforce employees can work from any location, performing their role from remote locations, facilitating effective social distancing, remote working, and sustainable travel solutions by removing the need for employees in particular roles from needing to travel to offices / places of work to access missing functionality. As everything is provided out-of-the-box for eVO technology platform applications via the internet browser client, all operations to process cases / activities can now be undertaken remotely as there are no elements missing from the application which require access to third-party applications available only in an office environment.

  Tackling economic inequality

  StatMap actively seeks partnerships with new and small organisations, providing them with access to our SaaS solutions at preferential rates or through tailored packages designed to meet their specific needs. By empowering these organisations with cutting-edge technology, we aim to catalyse their growth, foster innovation, and contribute to economic prosperity.; ; Additionally, we are committed to diversity and inclusion in our hiring practices, undertaking actively to seek to recruit people from underrepresented groups and disadvantaged backgrounds.; ; StatMap recognises the importance of investing in the development of our workforce and the broader community. We offer apprenticeship opportunities which address skills gaps and lead to recognised qualifications. By equipping individuals with the skills and knowledge needed to thrive in high-growth sectors, we contribute to a more skilled and resilient workforce.; ; We actively support initiatives that promote educational attainment and lifelong learning in software development, finance, and project management, and in the contracts we undertake. Through our corporate social responsibility activities, we sponsor educational initiatives and provide mentorship opportunities, and offer support to students pursuing studies in fields such as technology, business, and innovation.; ; When delivering on our contracts, we prioritise social impact and community engagement. We engage with our staff, suppliers, customers, and local communities to identify opportunities to support employment and skills development in high-growth sectors. Whether through job placements, skills workshops, or volunteering initiatives, we seek to leverage our expertise and resources to create positive change and empower individuals to achieve their full potential.; ; At StatMap, we view our role as more than just a provider of SaaS solutions—we see ourselves as agents of positive change, driving socioeconomic development and creating opportunities for individuals and communities to thrive. By aligning our business practices with the objectives outlined by the Government and Crown Commercial Service.

  Equal opportunity

  StatMap operates a workplace which is based upon Equal Opportunities for all of our employees. It is our expectation that our employees maintain an environment which values and promotes equality of opportunity, as we are committed to achieving a non-discriminatory and respectful working environment for our employees at all times.; ; StatMap identifies any inequalities in our workforce by undertaking an audit of each employee’s length of service, job classification, and demographic information, including gender, race, and age. We also track official statistics to uncover inequalities in employment effecting BAME individuals, disabled and women, such as higher unemployment amongst BAME women than the national average. To tackle inequality in pay and skills, StatMap has inclusive and accessible recruitment practices and we are focused on staff retention. We use “blind” processes to remove personal information from the selection process. We ensure that all staff are given equal access to training and to routes of progression and promotion. We recognise it is essential that all employees are treated on the same terms, with no detriment in matters such as rates of pay, training, holiday entitlement, parental leave and domestic incident leave, and access to our pension scheme.; ; Please see our Equal Opportunity Statement document which can be found on our website, and at this location: https://static1.squarespace.com/static/5967536d1e5b6c31e1edb074/t/645cfcbd73c7125109eb7ec3/1683815613380/StatMap+-+Equal+Opportunities+Policy+2022.pdf; ; Our whistle-blowing policy sets out our commitment to ensure people are free to question things and raise anything they are concerned about and specifically modern slavery and human trafficking. We intend to take further steps to identify, assess and monitor potential risk areas in terms of modern slavery and human trafficking, particularly in our supply chains. ; ; Please see our Anti-Slavery Statement here: https://static1.squarespace.com/static/5967536d1e5b6c31e1edb074/t/629603fb067e6b2cf0f08525/1653998588108/StatMap+-+Anti-Slavery+Policy+2022.pdf

Pricing

• Price: £12,000 to £24,000 a licence a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@statmap.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.