AECOM LTD

AECOM plan.engage

PlanEngage is an advanced solution providing a fully customisable and interactive platform that creates digital engagement experiences. PlanEngage enables communication and collaboration throughout project lifecycles and supports transparent and equitable stakeholder engagement. It allows the creation and publishing of websites to stakeholders – without the need for a web developer!

Features

• Customisable access permissions, built-in editing and reviewing workflows
• Visually communicate GIS-based mapping and technical data
• Simple editing functionality with accessibility permissions
• Customisable feedback forms and sentiment measurement
• Feedback linked directly to consultation management solution
• Visualise data changing over time
• Interactive map pop-up windows your GIS data
• Publish from your project website directly to a PDF Report
• Customisable colours and branding
• Real-time community comments

Benefits

• Enhanced key stakeholder and community understanding and acceptance of projects
• Personalised online experiences for property owners and residents
• Share information with stakeholders
• Engage meaningfully with key stakeholders and communities remotely
• Update without needing to engage a web-developer
• Reduce printing costs for hard-copy reports
• More accessible data compared to PDF and hard copy documents
• Houses project data for ease of regulatory approvals
• Centralised information management

£400 to £20,000 an instance a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at matthew.pilgrim@aecom.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

671231348481980

Contact

Matthew Pilgrim
07803197524
matthew.pilgrim@aecom.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: Maintenance activities are communicated before taking place. For GIS services that are to be consumed from external systems, the rest end point needs to be accessible for PlanEngage. AECOM GIS hosting services may be offered at an additional charge
• System requirements:
  • Web browser is required. All modern browsers are supported
  • Accessible via a computer, tablet or mobile device

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: L1 – High < 1 business day < 5 business days; L2 – Medium < 3 business days < 10 business days; L3 – Low < 5 business days < 15 business days
• User can manage status and priority of support tickets: No
• Phone support: No
• Web chat support: No
• Onsite support: No
• Support levels: AECOM as the vendor of the PlanEngage platform will provide agreed support to the contracting organisation. This includes a defined escalation process for major issues.; The PlanEngage agreement includes the system to be operational 24/7 with at least a 99% uptime. ; It is accessible from any location via an internet connection. Updates and hotfixes are made to the platform with minimal disruption ; to users including rollouts during non-business hours globally.; ; The response times to enquiries and issues are classified by AECOM and are as follows: ; Classification Initial Response Final Response; L1 – High < 1 business day < 5 business days; L2 – Medium < 3 business days < 10 business days; L3 – Low < 5 business days < 15 business days
• Support available to third parties: No

Onboarding and offboarding

• Getting started: The PlanEngage product team can provide user training as well as hyper-care and ongoing user support throughout a project if so contracted. This includes but is not limited to virtual user training session/s, user guides, online help portal, email help management and phone support.; ; AECOM as the vendor of the PlanEngage platform will provide agreed support to the contracting organisation. This includes a defined escalation process for major issues.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Reports of the content can be configured and downloaded by the user from the solution itself. Database tables/records are supplied on request to the product support team
• End-of-contract process: Self guided content download in form of PDF reports is included throughout the life of the deployment period and can be conducted as a final download at the end of the subscription.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Graphics have been optimized for smaller screens
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: Yes
• What users can and can't do using the API: API access is only granted under a separate agreement
• API documentation: No
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: PlanEngage provides privileged users with the ability to upload documents, images, videos and other various media formats. It provides users with the ability to edit text elements including changing fonts, font size, themes, italics, bold, colour, alignment and inserting and editing tables. This is all managed through a WYSIWYG editing experience where users can see exactly how their site will look while editing.; The PlanEngage platform allows users to display interactive maps with the ability to show multiple layers, pop-up feature documents, interactive elements and data changes over time. ; PlanEngage includes the ability to brand your individual site to your organisation or project requirements including colours, logos, specific vanity URL, imagery and layout.; The PlanEngage platform uses a user identity to ensure that users roles are well-defined on the basis of the client and the project. ; The key roles provide the user with view only or edit access. Full information on role permissions is available in the user access permissions guide.; User Roles within the PlanEngage platform include:; Project Viewer – read-only access ; Project Editor – can view/edit any section in a specific project,manage project details,configuration; Project Owner – can publish sites and grant other users any of the roles

Scaling

• Independence of resources: AECOM has load monitoring in place and can increase the sizing of the platform at any time leveraging the scalability of the Microsoft Azure cloud. We also measure load capacity in our testing and roll out procedures.

Analytics

• Service usage metrics: Yes
• Metrics types: Users can check the following in the management section with the right credentials.; - Client Telemetry; - Resource Utilization
• Reporting types: Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: Less than once a year
• Penetration testing approach: In-house
• Protecting data at rest: Physical access control, complying with another standard
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: The platform has a built in reporting function that allows the user to export the configured website and its content in the same structure as a PDF report. Reports can be configured by the user and can be run and downloaded.
• Data export formats: Other
• Other data export formats: PDF
• Data import formats:
  • CSV
  • ODF
  • Other
• Other data import formats:
  • Microsoft office (Word, Excel)
  • Multimedia files (jpg, tiff, png, avi, mp4)
  • Power BI

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: PlanEngage agreement includes the system to be operational 24/7 with at least a 99% uptime. Updates and hotfixes are made to the platform with minimal disruption to users including rollouts during non-business hours. ; ; AECOM will provide the software to meet or exceed the service levels agreed, and any failure to do so will constitute a ‘Service Level Failure’. Upon occurrence of a Service Level Failure, AECOM must promptly take steps to remediate the cause of the Service Level Failure, and report to the buyer on the progress of any remediation activities. An agreement will be put in place around any Service Level Credits to be applied in compensation for any Service Level Failures which take place.
• Approach to resilience: All data is encrypted in transit and at rest according to the cloud provider recommendations. Data for each logical unit of the application, is stored in a separate database and in a separate blob storage container.; While in the system, data is protected by continuous backup which allows point in time recovery for 35 days for database and 30 days soft delete for files like images, video, etc.; The database backups and the blob backups can be stored at least for 10 years. Once retention period is complete data is safely disposed. The traffic to the application is filtered by Azure Front Door WAF. All data input to the system is filtered against a set of rules including OWASP TOP 10.; All file uploads are additionally scanned for malicious injections using built-in MS Azure mechanisms.; Our compilation and deployment system are entirely housed within Azure DevOps, and take advantage of the security implicitly provided by that solution. SAST scanning is performed against source code and libraries using WhiteSource Bolt. Code is regularly reviewed.; User sessions are timed out after 24 hrs by default.
• Outage reporting: Service outages are reported via email.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: AECOM shall employ the principle of least privilege, allowing only authorized access for users (or processes acting on behalf of users) that are necessary to accomplish assigned tasks in accordance with organizational missions and business functions. Least privilege applies to the development, implementation, and production lifecycle of information systems.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: Between 1 month and 6 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: Between 1 month and 6 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: Dedicated environment that is accredited to NIST 800-171

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: Hosting infrastructure is isolated from 3rd party networks.; Application is constantly checked against the benchmarks provided by Microsoft Defender for Cloud. ; Users of the system only interact via Azure App Service website.; AECOM has deployed Endpoint Detection and Response (EDR) software. AECOM uses centrally managed firewalls at all internet-facing gateways. All servers have anti-malware protection and agents for detection of advanced persistent threats.; Malware scans are run real-time.; Business Continuity and Disaster Recovery Plan, termed ‘Organisational Resilience Plan’, provides a structured approach to the continuity of our business during any disruptive events. Major data centers have a BC/DR policy.
• Information security policies and processes: AECOM has an internal security policies and procedures which are aligned to industry-leading standards and safeguards, including but not limited to ISO 27001, NIST CSF, and NIST 800-53.; ; All employees are required to take information security training. Security awareness articles and tips are posted on a regular basis on the company's private social network. Phishing exercises are conducted regularly.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: AECOM has a formal change management procedure and a change control board that ensures that all changes are tested and approved.; ; All official network vulnerability scans are run by a member of the Cyber Security Team. System Owners may request a scan of their individual devices following any remediation actions to determine the success of those efforts; ; Development Life Cycle ; We utilise agile methodology. Requirements are prioritised before interface changes, software changes, implementation and user acceptance testing take place. We build in fortnightly sprints. Additional feature enhancements are then prioritised for the next sprint. Testing is performed consistently
• Vulnerability management type: Undisclosed
• Vulnerability management approach: AECOM prevents compromises with proactive vulnerability scanning and patching. AECOM’s VM team has the expertise and solutions to identify, assess, prioritize, and remediate security vulnerabilities, weaknesses, or exposures in IT resources or processes. The VM team offers services that protect the availability, confidentiality, and integrity of AECOM’s systems and data, including (but not limited to): Infrastructure Vulnerability Scanning, Application Vulnerability Scanning, Penetration Testing, and Configuration Scanning.
• Protective monitoring type: Undisclosed
• Protective monitoring approach: 1. The information system and assets are monitored at discrete intervals to identify cybersecurity events and verify the effectiveness of protective measures.; 2. Response processes and procedures are executed and maintained, to ensure timely response to detected cybersecurity events.; 3. Detection processes and procedures are maintained and tested to ensure timely and adequate awareness of anomalous events.
• Incident management type: Undisclosed
• Incident management approach: AECOM has a robust Monitoring and Incident Response (IR) program in place. Logs are collected from computers and network devices and correlated using sophisticated Security Incident Event Management (SIEM) systems. We have documented IR procedures and a highly trained CSOC team. ; ; The CSOC is an internal team of seasoned security experts who monitor and respond to cybersecurity incidents within AECOM. The team is globally distributed. This team is dedicated to continuous monitoring and protecting the business from cyber-attacks and threats, as well as ensuring expedient recovery time.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  As the world’s trusted infrastructure consulting firm and a leader in environmental, social and corporate governance (ESG), AECOM is determined and well positioned to deliver positive, impactful and sustainable legacies for our company, our communities and our planet. With ESG principles embedded into everything we do, the goal of our Sustainable Legacies strategy is straightforward: ; ; to ensure that the work we do in partnership with our clients leaves a positive, lasting impact for communities and our planet. ; ; The strategy is themed around:; Embedding sustainable development and resilience across our work. ; ; We help governments, cities, organizations, developers, asset owners and other businesses protect the environment and improve communities by integrating sustainable development into their normal business.; This includes providing advisory services for sustainable development planning, assessment and benchmarking and using circular economy principles to design out waste and pollution. ; ; Improving social outcomes.; ; Achieving net-zero carbon emissions; We are helping clients achieve their carbon targets through energy strategies, services to manage and reduce the contribution of greenhouse gas emissions, and nature-based solutions that work with and enhance natural habitats to take advantage of their ability to sequester carbon. ; ; PlanEngage specifically reduces the need for hard-copy reports and help users move towards digital format of reporting.
• Covid-19 recovery:

  Covid-19 recovery

  In the spirt of the Government's Project Speed, PlanEngage is a PlanTech solution that can support leaner local and nationally infrastructure planning, helping to drive more cost effective and equitable recover.; During the pandemic, PlanEngage platform enabled organizations to continue to engage meaningfully with key stakeholders, the public and communities while maintaining social distancing restrictions. The platform provides remote access to content and serves as a collaboration platform.
• Tackling economic inequality:

  Tackling economic inequality

  At AECOM, we believe infrastructure creates opportunity for everyone –uplifting communities, improving access and sustaining our planet. We’re committed to managing our business with the upmost responsibility and to always strive for better —be that reducing emissions, creating social value or diversifying our senior leadership and workforce.; As a digital engagement platform, PlanEngage facilitates more equitable and socially just engagement on matters of local planning and national infrastructure planning.
• Equal opportunity:

  Equal opportunity

  We understand both the urgency of the challenges facing our society and our responsibility to actin an impactful and enduring way. We’re leading the change towards a more sustainable and equitable future, partnering with those who want to make a positive difference in the world.; We’re listening to clients and the communities we serve in order to improve lives and livelihoods, and to create sustainable legacies for generations to come.; ; AECOM’s PlanEngage platform provides your project with the ability to easily comply with the globally accepted standards for web accessibility. These standards are known as the Web Content Accessibility Guidelines (WCAG) and the section 508 Standards (US). The PlanEngage platform is designed to comply with both of these standards. This document outlines the key components of web accessibility and how the PlanEngage platform is able to comply with those standards.; ; As a digital engagement platform, PlanEngage facilitates more equitable and socially just engagement on matters of local planning and national infrastructure planning.
• Wellbeing:

  Wellbeing

  AECOM was named one of 2021 World’s Most Ethical Companies for its commitment to integrity and making a positive impact by Ethisphere.; ; Improving social outcomes.; We support social value projects and programs at scale through assessment, advisory and related services such as materiality, reporting and disclosure, supply chain, product stewardship, management systems, resource action planning and goal setting. We also advise organizations on strategies to boost equity, diversity and inclusion.

Pricing

• Price: £400 to £20,000 an instance a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: We are happy work with you to explore the potential use cases and may be able to offer a custom demo site to generate buy in. We have existing demo sites or public site available for review.
• Link to free trial: https://planengageuk.alytics.com/

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at matthew.pilgrim@aecom.com. Tell them what format you need. It will help if you say what assistive technology you use.