Via Technologies Europe

Via

Via is the world’s leading provider of public mobility solutions, including demand responsive transport (DRT) software. We partner with cities, councils, local authorities, and transport authorities, harnessing the power of data to optimise networks of buses, shuttles, wheelchair accessible vehicles (WAVs), school buses, autonomous vehicles, electric vehicles, and more.

Features

• Dynamic routing and matching algorithms to aggregate and direct trips
• Via Passenger App for booking and real-time vehicle tracking
• Web application and phone support for passengers without smartphones
• Via Driver App providing directions, support, and real-time vehicle locations
• Easily-accessed administrative console with a range of tools and functionalities
• Data analytics and reporting with granular operational data and trends
• Transport technology integrations supported by production-grade APIs
• Software support and maintenance provided on a regular, ongoing basis
• Transport planning, design, and scheduling through Remix
• Passenger journey planning, ticketing, disruption management, and data through Citymapper

Benefits

• Passenger App white-labelled to meet specific branding wants/needs
• Passengers can easily book on-demand trips or guaranteed pre-booked trips
• Configurable service parameters account for any specific requirements and restrictions
• DRT services can be fully integrated into wider transport network
• Highly automated service management module minimises need for manual intervention
• Real-time data permits ongoing DRT service enhancements and improvements
• Powerful algorithms increase efficiency to reduce the subsidy per trip
• Increased efficiency creates long-term savings and best value for money
• Powerful transport planning software (Remix) allows thoughtful network design
• Intuitive passenger app for journey planning, ticketing & data (Citymapper)

£245 to £325 a unit a month

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at samuel.griffiths@ridewithvia.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

713504495099429

Contact

Samuel Griffiths
+44 7736-068351
samuel.griffiths@ridewithvia.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: The Via Passenger App is compatible with commercially available iOS and Android devices; the Via Driver App can also be downloaded for free to any commercially available, GPS-enabled iOS or Android mobile device. Via's administrative console works best on Chromium-based browsers, such as Google Chrome and Microsoft Edge.
• System requirements:
  • Devices should have internet access.
  • Via's Driver App should be used on an GPS-enabled device.
  • Via's Passenger App is compatible with iOS and Android devices.
  • Via's Driver App is compatible with iOS and Android devices.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Via provides a customer service platform powered by Zendesk. Partners can submit technical questions on a 24/7 basis. Incidents are escalated to our 24/7 technical team using a predefined alert protocol, which instantly notifies the on-call member of the team. The technical team member will immediately examine the issue to begin the process of issue resolution and resource allocation. All issues will be resolved based on their level of severity and associated response times. ; ; Additionally, Via's Project Team for each partner includes a Partner Success Manager, who will be available to answer any questions via email during normal working hours.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Onsite support
• Support levels: In the event of any technical incidents, partners are able to contact their dedicated Partner Success Manager by phone or email during normal business hours. Via also maintains a rotating technical manager at all times to resolve any problems that may arise, providing 24/7 technical assistance.; ; Via also provides partners with a customer service platform powered by Zendesk. Using this tool, our partners' staff can submit technical questions on a 24/7 basis and review the status of each request as “Open,” “Awaiting Reply,” or “Solved.”; ; Incidents are escalated to our 24/7 technical team using a predefined alert protocol, which instantly notifies the on-call member of the team. The technical team member will immediately examine the issue to begin the process of issue resolution and resource allocation. All issues will be resolved based on their level of severity and associated response times, and Via will provide each partner with regular status updates on resolution. Specific response service levels are detailed in the SLA attached to this application.; ; These support levels do not vary in cost and our included as part of our SaaS pricing structure for each partnership/deployment.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We provide onsite or virtual/online training along with user documentation. ; ; Via typically plans our live training program for two days. We can train as many employees needed, and we can conform our training program to align with any unique training needs. Our hands-on training workshops include sessions on the following topics: ; ; Systems Training: workshops for using the Driver App and Rider App; Dispatch and Customer Service Training: workshop for all administrative tools in the Via Operation Center (VOC); Advanced Administrative Tools: training for advanced administrative functions, such as inputting road closures, and other back-end administration and dispatching functions ; Data Dashboards Training: workshop for understanding and leveraging Via’s data dashboards and reports ; Marketing Training: consultation on service marketing strategies; ; We can also offer two types of web-based training sessions: ; ; Operations Workshop: high-level overview of the Rider App, Driver App, and administrative tools ; Service Optimization Workshop: overview of Via’s data dashboards and reports, and best practices for marketing and growing the service
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Our partners (such as municipalities and transport authorities) are able to easily download all relevant service data in CSV or XLS format through our reporting tool, accessed through our administrative management interface, the Via Operations Center.; ; For individual riders of our partners' services, we utilise the GDPR "delete passenger" flow at the end of a contract.
• End-of-contract process: At the end of a contract, all services are shut down, including any active databases. We work with partners to ensure they are able to extract any necessary data in an easily usable format at the end of a contract.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The Via Platform includes a web booking portal and a Via Passenger App that passengers can use to book trips. While the two are very similar in functionality, there are a few differences: the web portal does not support SSO, minor differences in using the map to specify the pickup and drop off locations of trips, booking trips for autonomous vehicles and generating QR tickets are available on the Via Passenger App only.
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Via's Passenger App, a mobile application available for free download on iOS and Android devices, allows customers to request pre-booked, on-demand, multimodal, and intermodal trips, track their vehicles, pay for rides, and troubleshoot any issues. Passengers without smartphones can either book through a web portal with a very similar interface and functionality, or by calling a customer service agent over the phone who is able to book on behalf of the passengers directly into the administrative tool.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: Via works with an external consulting company called essential Accessibility (eA), to review and ratify our apps and software modules as meeting or exceeding various standards for accessibility. This process involves submitting a product to eA for review and detailed assessment, including a combination of manual and automated testing techniques. As part of their process, eA includes live testing by users with disabilities.; ; As part of their process, eA includes live testing by users with disabilities. eA collects this testing feedback and provides it to Via’s internal accessibility team, including a team of engineers who directly address any non-compliant features. Once Via’s tools are updated, eA tests them once again and then issues an official Letter of Conformance. Once a product has received a Letter of Conformance, it will undergo an annual review to ensure that it maintains the WCAG standards as it evolves.; ; Based on the most recent round of product testing conducted by eA, several of Via’s products currently meet the WCAG 2.1 AA standard, and the remaining products are more than 90% compliant.
• API: Yes
• What users can and can't do using the API: Through our API, 3rd parties are able to integrate to the Via platform for use cases such as including Via-powered DRT services in MaaS apps. Users can book and cancel trips, see details about their trip as well as trip status, and receive webhook events upon any status changes. Users can also use our API to get a list of all trips, with mutliple filtering options. ; ; Users cannot use our API to edit trips (including adding or subtracting passengers) or filter for private trips only. We do not handle trip payment or provide intermodal / public transport proposals through our API.
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: Yes
• Customisation available: No

Scaling

• Independence of resources: Via systems and vendors support horizontal scaling to a theoretically unlimited size — along with vertical scaling as necessary — allowing the system to flex to meet surges in customer demand or scale to additional zones, locations, or services. Via uses “serverless” server architecture, allowing it to dynamically and automatically use more or fewer servers depending on system server load at any given time. ; ; Should the service exceed predicted demand, Via’s system will scale up automatically without disruption of operations. Our cloud infrastructure leverages some of the most advanced technologies and solutions available for highly responsive, scalable, reliable, secure applications.

Analytics

• Service usage metrics: Yes
• Metrics types: Using our reporting suite, we provide partners with all of the necessary information for service management, analytics and reporting, and strategic management, organised into two core interfaces. ; ; Service KPI Reports allow partners to assess service patterns and track key performance indicators (KPIs). These reports provide clear data to measure service performance and identify areas that work well and areas that require additional attention.; ; The Data Generator page consolidates all service data into filterable and exportable tables. Authorised staff can review and download data into various formats and tables for granular review or analysis in third party reporting tools.
• Reporting types:
  • Real-time dashboards
  • Regular reports

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest: Physical access control, complying with SSAE-16 / ISAE 3402
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Authorised staff can review and download data into various formats and tables for granular review or analysis in third party reporting tools using the Data Generator tool within our service management interface, the Via Operation Center (VOC.)
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Per our SLA: Via provides a targeted uptime of 99.9%. All work for the purpose of planned outages for maintenance, upgrades and related reasons, will take place outside of service hours whenever possible. Planned outages will be notified via email and, wherever possible, with 24 hours' notice.; ; We apply various service level credits equal to a percentage of our monthly support fees, with an annual cap, in response to unexcused downtime. These levels vary according to specific contract sizes and terms. We have included our SLA terms as part of this application.
• Approach to resilience: Via’s system is designed for performance and resiliency. Its core system architecture is based on a series of microservices. Microservices is an architectural development approach in which the application is made up of smaller services communicating with each other directly, using lightweight protocols like HTTP. The core idea of microservices is to split the large system into loosely coupled services that can be managed and deployed independently. This contrasts with a ‘monolith’ structure where all components are developed under a single backend. ; ; We have over 10 microservices — all separated into distinct parts — that cover various system functionalities, including routing, pricing, and account management.
• Outage reporting: Via maintains a 24/7 Network Operating Center (NOC) that uses many utility tools and platforms to monitor the system's health, such as Coralogix and Grafana. For any planned outage, our Partner Success Managers will communicate with their respective partner by phone or email as soon as the outage was detected to share any relevant information and details. Planned outages are very uncommon, but in case there has to be a planned outage it will be coordinate enough time in advance with the partner

Identity and authentication

• User authentication needed: Yes
• User authentication: 2-factor authentication
• Access restrictions in management interfaces and support channels: Access is based on need-to-know and least privilege principles, ensuring that a user receives only the access minimally required for their role or job function. Authorized users of Via’s system must be uniquely identifiable within the information system; generic, shared, or group user accounts (IDs) for general user access are not permitted.; ; Via’s system administrator tools limit user access by utilizing a personal permissions list for each user or group of users. For every user the Partner and the Via project team will establish user permission levels that will grant access to the appropriate set of information and system components.
• Access restriction testing frequency: At least every 6 months
• Management access authentication: 2-factor authentication

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Institute of Quality & Control Ltd.
• ISO/IEC 27001 accreditation date: 14/03/2023
• What the ISO/IEC 27001 doesn’t cover: Our ISO27001 certification covers development, operation, and commercialization of a proprietary technology platform and related systems and methods used to establish, monitor, operate, or manage transportation systems.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: Comsec Global Rotchild 17, Tel Aviv, Israel
• PCI DSS accreditation date: 15/02/2024
• What the PCI DSS doesn’t cover: This certification does not cover the various software modules within our product suite that do not pertain to transactions and/or payment information, such as our Map Editor, Ride Plan, Reporting Suite, and other management functions.
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Via follows proven practices for ensuring the security, privacy, and integrity of data in the Via system. All security practices are informed by Via’s comprehensive Information Security Management System (“ISMS”), which establishes guidelines for protecting the privacy of non-public information, safeguarding the accuracy of all data, and maintaining the availability of systems that are vital to the operations of Via and our partners.; ; Via has developed all ISMS policies in accordance with ISO 27001 — an international standard for information risk management — and has received full ISO 27001 certification. The ISMS also reflects cybersecurity practices outlined in the CIS Critical Security Controls (“CSC”), a globally recognized guide for following best practices around data protection. As part of the ISMS, Via conducts periodic training and awareness programs so that all employees are equipped to uphold the company’s high standards for cybersecurity. ; ; By following ISO 27001 and CSC standards, Via incorporates proven practices to minimize risk associated with a computer or network intrusion; allocate time and resources necessary to maintain the confidentiality, integrity and availability of information systems; and direct resources required to comply with internal and external compliance or audit requirements.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Every change to an information system must be done in the following way: 1. A change request can be proposed by product managers, team leaders, or Legal, after analyzing its business, security, and other impacts. ; • If the change is identified as a “Major Change,” teams need to follow the “Major Changes” process described below. ; • Teams can always consult with the Security Team if needed, and they are encouraged to do so. ; 2. Changes must be implemented by an appointed team member / contractor. ; ; Our ISO-27001-compliant ISMS provides further details on these processes.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Via performs annual scans of the corporate and production environments. Via’s information technology and information security teams are responsible for implementing controls and performing remediation activities to eliminate any identified vulnerabilities. The vulnerability management process includes the following high-level steps:; - Discovery of network assets using an approved third-party scanning tool; - Scanning for vulnerabilities on discovered network assets; - Remediation for identified vulnerabilities; ; Annually, Via performs a network and application penetration test (across the entire system) by a third-party vendor. The penetration tests include, but are not limited to:; -External and internal assessments; -Web application testing; -Infrastructure scanning
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Via protects our systems and services against security risks using industry best practices with internal and external security testing. All of our services run in secured Virtual Private Clouds, with proper network segmentation and stateless firewalls. ; ; Protection Measures:; Reblaze WAF; Wiz: posture management, compliance, and governance; Guard Duty - threat detection service; AWS Security Groups; ; We also use a system of audit trails and logging, compartmentalized systems, annual system scans (both Via and third-party conducted), production environment and database monitoring, and other protocols.; ; We provide a response and mitigation strategy to partners within 48 hours of discovery.
• Incident management type: Supplier-defined controls
• Incident management approach: Via maintains well-rehearsed security incident management processes to detect incidents before they arise, respond quickly and decisively, and review and learn from any incidents over time. We maintain formal Incident Management Procedure and Business Continuity and Disaster Recovery Plans.; ; Via’s ongoing system monitoring automatically escalates any incidents to the on-call member of our 24/7 Network Operating Centre (NOC). This member determines the appropriate team member (including our emergency response team) to lead the resolution process, based on incident type and severity. We notify partners based on severity and SLA terms, and create full documented reviews of any major incident.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality

  Fighting climate change

  Via is committed to delivering environmental improvements through well run DRT services. Hence, we have invested significant resources in researching how we as a DRT partner and how our services can create the most social value that assist partners reducing climate change. ; ; To achieve this, we have devised a variety of different tools including:; - Environmentally conscious service design: deploying our UK team of over 60 transport professionals to design DRT services which efficiently aggregate passengers together and reduce dead milage; - Passenger education: for a DRT service to succeed in attracting passengers, users need to be aware of the service, how it works & how to use it. Via works with partners to develop unique marketing strategies that will speak to a range of target audiences to acquire, activate and engage passengers to build adoption of the DRT service which encourages modal shift away from private vehicle journeys. In the Go2 DRT service in Sevenoaks, 75% of surveyed passengers had been replacing private vehicle trips with DRT trips. In Wales, 49% of passengers surveyed had never used fixed-route buses prior to the DRT service.; - Increasing EV adoption: we conduct EV workshops with partners delivered by our EV operations experts in order to ideate approaches to electrify the fleet of the DRT service. In services such as MK Connect in Milton Keynes, emissions have been reduced by 14% through EV adoption

  Tackling economic inequality

  Via-powered services work to fulfil a variety of community-focused goals, including promoting economic mobility by connecting workers to employment and customers to businesses; and advancing equity by providing better access to healthcare, food shopping, and critical appointments.; ; To achieve this, we have devised a variety of different tools including:; - Using economic inequality date in Remix to make better decisions: our public transportation planning platform, Remix, helps public sector partners and practitioners visualise existing data, such as income and indices of deprivation, and measure the potential impacts of service changes on the communities they serve. For example, Remix's proprietary Jane isochrone visualises how many employment opportunities can be accessed via public transport and the journey time so planners can better design their networks around this goal.; - Transport equity as a central tenet of DRT service design: through our Partner Success team, Via will conduct research and analysis to assess the improvement in the accessibility of employment and education opportunities, especially for those who are located in deprived areas.

Pricing

• Price: £245 to £325 a unit a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at samuel.griffiths@ridewithvia.com. Tell them what format you need. It will help if you say what assistive technology you use.