Skip to main content

Help us improve the Digital Marketplace - send your feedback

ioki GmbH

ioki Demand-Responsive-Transport (DRT) Platform

We offer a software solution (SaaS) for demand-responsive transport (DDRT/DRT) services (driver-based and autonomous). Via the control centre, the operator can control the disposition, monitor the operations and intervene. The white-label passenger app enables booking and payment.
All important information are transmitted to the driving personnel via vehicle app.

Features

  • Bookings and payment via app, web and phone call
  • Pre-booking, ad-hoc-booking, departure- and arrival-based booking
  • Accessible passenger app for people with visual impairments/restricted mobility
  • Real-time information for passengers, drivers and operators
  • Anonymous contact between passenger and driver
  • Easy-to-use driver app with integrated turn-by-turn navigation system
  • A clear and user-friendly administration tool for operators
  • Real-time analytics through ioki Reporting
  • Marketing automation and referral marketing
  • Definition and assignment of rights according to role concept

Benefits

  • Continuous developments and optimisations of the product
  • Integration in existing systems (MaaS via API or DeepLink)
  • The system enables the digitalisation of public transport
  • Software can be used for driver-based and driverless operations
  • Mixing of line-based operation and area-based operation possible
  • Day- and area-dependent modularisation of the service
  • Customisable algorithm (objectives: pooling rate, service level, economic factors)
  • Customisabel and highly flexible price adapter
  • White-label solution (customisable to the corporate design)
  • ISO 27001 certification

Pricing

£236.25 to £479.00 a licence a month

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@ioki.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

7 2 0 3 0 2 6 1 9 9 3 7 6 1 0

Contact

ioki GmbH Christopher Tellkamp
Telephone: +4915237528412
Email: sales@ioki.com

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
MaaS (Mobility as a Service) Software:
The ioki solution can be integrated into existing local information apps. Integration can take place either via a deep link or API. Our system can also be used as stand-alone service (white-label).
Cloud deployment model
  • Public cloud
  • Private cloud
  • Community cloud
Service constraints
Our software is highly customisable, we set up our product for each client individually. Each app is set up individually and launched in the stores. Our suggested time frame is 2-3 months (including planning, specifying the product, product configuration, operational setup)
If our application is successful, we start with this process right away.

We offer customer support for our partners but not end-customer support.

Our passenger and driver apps are available for iOS and Android.

In addition to the main contract, we must be individually entrusted with the processing of the data through a data processing contract.
System requirements
  • Hardware (tablet or smartphone) for vehicles/driver app
  • Latest version of the Internet Browser to use control centre
  • Internet connection
  • Our applications are available for iOS and Android

User support

Email or online ticketing support
Email or online ticketing
Support response times
Q&A/Helpdesk requests:
We commit to providing written feedback on the request within five business days. Please note that automated responses will not be considered towards meeting this timeframe.

Incidents:
Incidents are classified and processed according to urgency. Response times are guaranteed via service level agreements which will be negotiated with the contract.

The market standard is currently:
Helpdesk hours:
Incident classification high: 24/7
Incident classification middle: 05:00am -09:00pm GMT (06:00am -10:00pm CET )
Incident classification low: 07:30am -04:00pm GMT (08:30am-05:00pm CET)

Standard reaction time:
High priority: 1 hour
Medium priority: 4 hours
Low priority: 24 hours
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Our customer support is tailored to assist our partners, not end customers (passengers).

Customer support covers incident reports as well as issue reports from our customers.

Furthermore, we offer the additional service of a technical account manager.

Helpdesk:
The Helpdesk is our central channel for all requests, suppport needs and reports. All Issues, problems and questions are being processed here. Whoever is needed to solve or answer the submitted issue will be involved by the Helpdesk. Therefore our customers do get access to the TSE (Technical Support Engineers , LAM or Developers)

Q&A/Helpdesk requests: We commit to provide written feedback on the request within five business days (automated responses do not count for this purpose). 

Incidents:
Incidents are classified and processed according to urgency. Response times are guaranteed via service level agreements which will be negotiated with the contract.

Helpdesk hours:
Incident classification high: 24/7
Incident classification middle: 05:00am -09:00pm GMT (06:00am -10:00pm CET )
Incident classification low: 7:30am -04:00pm GMT (08:30am-05:00pm CET)

Standard reaction time:
High: 1 hour
Middle: 4 hours
Low: 24 hours

Cost: Support a is included in our monthly fees (see Pricing)
Support available to third parties
Yes

Onboarding and offboarding

Getting started
The product training will be based on a "Train the Trainer" model.
In a one-day training course, up to five people of our customers choice can receive training on how to use the operating system for digital mobility. This includes a training on how to use all components of the platform (passenger app, vehicle app, control centre and the reporting tool), as well as training the trainers that will be responsible for training new drivers/stewards, dispatchers, customer service employees, and so on. During the training course, the trainers nominated will be granted access to a demo version of the platform, which they can then use to conduct further training for all users of the operating system for digital mobility. Furthermore, we can provide optional additional training courses, which you can order separately.

You can opt for a virtual or in-person format, depending on your individual offer.

We are providing comprehensive user/administration guide, namely "ioki Platform Handbook" as well as access to the ioki Academy.
Furthermore, in each section of the administrative tool you will find a link leading you to an online user/administration guide of this specific section.
During our training, we will provide additional user and configuration guides.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
It is possible to extract the raw data of your product via API and make it available e.g. for further business intelligence usage. The format would be JSON over HTTP and is fully documented.
End-of-contract process
With the end of contract the licence ends as well and our clients have the possibility to extend the licence and the main contract.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
Yes
Compatible operating systems
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
  • Other
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Our system consists of three applications

The administrative tool (Control Centre) works on mobile devices and through a browser. We recommend the use of the browser here.

The ioki Passenger App is available for iOS and Android devices.

The ioki Vehicle App is available for iOS and Android devices.

Our apps are react native apps.

In addition to this, bookings can be done via a website.

There are no differences in functionality using different OS, whether it is mobile or desktop.
Service interface
Yes
User support accessibility
None or don’t know
Description of service interface
The Control Centre (interface to our direct customers) provides the operator with real-time information during current transport operations (driver-based or autonomous). Our system facilitates clear and detailed operations planning for the vehicle fleet and provides a range of setting options. Thanks to the control Centre, the operator keeps a close eye on all services at all times and optimise the settings on ad-hoc basis, if necessary.

All system-related tasks can be fulfilled using a single tool:

1. Operations set-up and management
2. Driver management and fleet management
3. Dispatching and monitoring live operations and tracking historical events
4. Customer service
Accessibility standards
None or don’t know
Description of accessibility
The service interface in its current version is not designed in alignment with the above listed accessibility standards. However, as we are currently working on a new version of the service interface, which we are planning to, launch next year, this topic will be taken into consideration.
Accessibility testing
Usability tests were done to comply with standards of the A11y (Accessibility) project. In cooperation with external associations for people with disabilities the booking process in the passenger apps was tested through people with visual impairments in an interview form based on test scripts, evaluation sheets in a staging version of the apps. Focus was on improving functionalities like VoiceOver and TalkBack. Issues occurring were recorded and afterwards improvements developed. Also, we are planning to do further testing of our updated control centre next year.
API
Yes
What users can and can't do using the API
An open architecture can be integrated ​into the customer landscape​.

Scenarios:
Directory enquiries in an existing third-party app
(1) Information on the on-demand service
(2) Information on public transport services
(3) Information and availability check of the demand-responsive service (API) - ride inquiry
(4) Information, availability check, booking and live position updates of the demand-responsive service via (API) - deep integration
(5) Operational integration of the demand-responsive service (API)
(6) Raw data exchange for an external data-lake
(7) Raw data exchange to external billing service providers or a billing software (API)

The development efforts are on customer side
The implementation time frame is dependent on the customer’s technical setup, data compatibility and development team skills.​

The API must be maintained by the customer. Software application and interface must be upgraded within 2 months after a new version of the API is published.
Interface data can only be used for the approved purpose. ​No unauthorised data usage, publishing or data storage is allowed. ​
Emergency caps are possible by us to secure the API against external service attacks.​
Rate limiting or interface cuts are possible in case of misusage. ​
ToS are standard legal appendix for APIs​
API documentation
Yes
API documentation formats
Open API (also known as Swagger)
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
Our applications are available as white-label solutions and can therefore be customised to your corporate design.

Our experts can help you to customise your service parameters. Sub-operating areas can also be assigned special operating times and operating options. We advise on the optimum operating time for vehicles, waiting times, routes for passengers as well as any associated route diversions.

The most important settings can be changed by the authorised administrators for each product at any time. Even during operation, changes to parameters are applied in real time.

When creating a new operating area, the following parameters can be defined for each area: unique ID - unique area name, spatial definition of the area, operating times (service duration), automation of driver processes, routing settings and matching parameters , booking options (for example, maximum seats, pre-booking), price adapter, restricted areas (including scheduling)

Scaling

Independence of resources
We rely on OpenStack with Ubuntu machines as its provisioning system. Here, our backend is operated using Docker Containers, which are orchestrated using Docker Swarm. Together with the load balancer HAProxy, this enables a system that scales automatically during peak loads. This process is constantly monitored by our performance monitoring solution "New Relic".

Analytics

Service usage metrics
Yes
Metrics types
The reporting provides access to live data and reports of ongoing operations.
We use the third-party provider tableau for visualisation through dashboards. However, the data runs through our servers. Content is adapted browser-based and can be viewed at any time via a web-based browser or a mobile app.
We provide standard reports of the most important KPIs and process data as part of our system. The visualisations and dashboards can be used interactively.
The key figures can be exported in .csv format.
Additionally, a summary of the general performance of the system and specific services will also be provided.
Reporting types
  • Real-time dashboards
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Staff screening not performed
Government security clearance
None

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • European Economic Area (EEA)
  • Other locations
User control over data storage and processing locations
No
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Physical access control, complying with another standard
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Our reporting provides access to live data and reports of ongoing operations.
We use the third-party provider tableau for visualisation through dashboards. The data runs through our servers. Content is adapted browser-based and can be viewed at any time via a web-based browser or via a mobile app.
We provide standard reports of the most important KPIs and process data as part of our system. The visualisations and dashboards can be used interactively.
The customer has the possibility to request other or customised reporting at additional costs.
Further there is the possibility to download the data over tableau as CSV.
Data export formats
  • CSV
  • Other
Other data export formats
  • Tableau Workbooks or diagramms as PDF
  • Tableau Workbooks or diagramms as PNG
  • API: JSON
Data import formats
  • CSV
  • Other
Other data import formats
API: JSON

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
Other
Other protection within supplier network
Our network is divided into several isolated backnets. Each backnet covers a specific use case and servers can not overreach from their backnet into another.

Availability and resilience

Guaranteed availability
The supplier shall, on the basis of an agreed SLA, provide monthly accessibility of the operating system of at least 99.9% based on the following calculation: [The total number of minutes in the relevant calendar month minus the number of minutes of unavailability of the platform in that calendar month] divided by the total number of minutes in the relevant calendar month (hereinafter referred to as the “availability of the platform”).  If the availability of the platform fails to meet the required level, the client may assert vis-à-vis the supplier a claim for damages on a flat-rate basis, to the exclusion of other rights and claims accruing to the client. Any asserted claim for damages on a flat-rate basis shall, in the month following the month in which the failure to meet the required level of availability of the platform occurred, be deducted from the licence fee owed under the prime agreement for that month. For instance, if the availability of the platform is not provided in April 2024, the supplier shall deduct a discount in the relevant specified amount when preparing the licence fee invoice for May 2024 under the prime agreement.
Approach to resilience
This information is available on request.
Outage reporting
The supplier will setup a webservice in order to give access to a dashboard for the Client Platform Availability. Furthermore, the client will get access to a webpage for pro-active Supplier Incident Reports.

Identity and authentication

User authentication needed
Yes
User authentication
2-factor authentication
Access restrictions in management interfaces and support channels
Access to the control centre is protected by 2-factor authentication, which is set up by us. If authentication via a smartphone app cannot be used, necessary tokens can be set up.
Therefore, our demo, production and staging environment are only accessible to authorised persons and with unique ID.

Only registered management users can contact our support channels.
Access restriction testing frequency
At least once a year
Management access authentication
2-factor authentication

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users receive audit information on a regular basis
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
ESecurity-Cert GmbH
ISO/IEC 27001 accreditation date
01/11/2022
What the ISO/IEC 27001 doesn’t cover
In order to provide you with a better picture in this respect, we would rather list what the scope of our ISO/IEC 27001 certification includes: Demand-responsive, platform development, software development process, backend with interlocking, passenger, driver, operator app (data center with infrastructure).
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
No
Cyber essentials plus
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
* Official approval process for policies compliant with ISO 27001 from legal and IT security perspective
* Official approval process for software and services from legal and IT security perspective (ISDS board)
* Company-wide viewable catalogue with approved software and usage conditions
* Company-wide viewable internal website that covers all policies regarding IT security

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
All components (and their 3rd party dependencies) are automatically tracked and the respective teams are automatically notified about updates and/or security releases.

Since we live "configuration through code" in all of our components, the dependency tracker will also automatically open up a change request to be reviewed by a team member.

All these changes are covered up by an extensive test suite (> 95% code coverage for the backend) and our IT security team.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
We are connected to a CVE database as well as to multiple dependency management systems for our components.
These data sources usually already provide insights about the severity of a potential threat. We then follow up on these with the individual dev teams, supported by our IT security team.

We have a well defined CI pipeline with an extensive test suite. We can deploy with confidence, half-automatically (one single command) within 5 min.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
All servers and network traffic are constantly monitored and logs are stored in a central, fully-searchable system with alerting based on content or frequency of certain messages/requests.

In case of a potential compromise our IT-security-team will examine our audit and log systems, which data was vulnerable/exposed/manipulated.
Manipulated data would/could be restored.
If the compromise is ongoing, we might disconnect affected parts of the system from public access.
All findings are reviewed by our data-security and legal advisor. If a breach is found, we would inform the corresponding customers.

This process starts within minutes after a potential compromise is identified.
Incident management type
Supplier-defined controls
Incident management approach
* 24/7 standby team of back-end engineers and devops people
* Pager duty management system with automated escalation policies connected to our monitoring systems
* Status page and in-app alerts in case of performance degradation or service interruption

*Users can report incidents, to the Helpdesk. The incidents are classified by their criticality. The reaction times are handled contractual with service level agreements taking the classification into account. We can give an overview on how many incidents are being sent in, classified by their criticality, with reaction time.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Social Value

Social Value

Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

Fighting climate change

Through our analyses and DDRT software, we make a significant contribution to reducing CO2 emissions. Our primary focus lies in enhancing mobility and alleviating traffic congestion on roads, thereby playing a pivotal role in climate protection. A strategically devised DDRT service presents an enticing alternative to private car usage. We particularly concentrate on enhancing public transport attractiveness by introducing DDRT feeder services in suburban and rural areas. This initiative encourages more individuals to transition from using their personal vehicles to opting for a more sustainable mode of transportation, thus fostering a shift in mobility behaviour.

Approximately 90% of our projects are integrated into public transport systems, with the majority of our services operated using electric vehicles. Through collaboration with local partners, we strive to optimize existing public transport networks for enhanced efficiency and reduced air pollution. In Hamburg, Germany, for instance, our emission-free service seamlessly transports travellers from point A to B. By seamlessly integrating bus and train services with our DDRT offering, we actively bolster public transportation, making environmentally friendly mobility even more appealing.

Our eco-friendly e-shuttles have already mitigated over 250 tonnes of CO2 emissions. According to a study conducted by the Technical University of Hamburg, 25% of users have already forsaken their private cars in favour of this sustainable mode of transportation. We continually identify opportunities for further sustainability enhancements through comprehensive analyses.

With our Mobility Analytics and Consulting services, we identify areas where current public transport offerings fall short and where there is potential for individuals to embrace more sustainable transportation modes. By empowering more partners to launch new services, we increase awareness of and accessibility to sustainable transportation options.

Tackling economic inequality

In addressing economic inequality within our organisation, ioki stands committed to supporting the contract workforce. We offer career guidance and opportunities for career advancement, particularly in areas with known skill shortages. Our support extends to mentoring, coaching, and access to professional and educational resources, including in-house learning initiatives. We also facilitate regular meet-ups covering tech and mobility topics with the wider community, providing valuable networking opportunities for our employees. Additionally, recognising the importance of training and apprenticeships, we embrace individuals from diverse backgrounds, including career changers, students undertaking thesis projects, and trainees, with around 10% of our workforce comprising students. We prioritise supporting education certificates relevant to contracts, addressing skill gaps and leading to recognized qualifications. Moreover, we invest in training programs to diversify our business portfolio, such as in autonomous transport and software development, underscoring our commitment to continuous employee skill development.

From the perspective of our DDRT service, we acknowledge the transportation challenges faced by economically disadvantaged groups, particularly those without access to private vehicles. Limited accessibility to public transport exacerbates these challenges, especially for individuals residing in remote areas who often encounter financial burdens associated with transportation. DDRT services, facilitated by ioki software, offer a solution to these issues by extending mobility options and making public transport accessible across the deployed area. This not only enhances mobility for underserved communities but also addresses financial constraints associated with transportation expenses, ultimately fostering greater inclusivity and accessibility to essential services.

Equal opportunity

Regarding our products and services, we recognise the vital importance of providing support functions to assist passengers with various needs. Consequently, we incorporate passenger options catering to different types of disabilities, such as reserving space for wheelchairs or rolling walkers. Additionally, we have introduced a reader function in our Passenger App to aid visually impaired customers. As part of our future mobility concept, we aim to further support visually impaired passengers through audio passenger announcements.

Externally, our products can play a role in narrowing the gap for disabled individuals in transportation. By offering suitable mobility software, we enable them to access workplaces, local offices, and transport hubs more easily, thereby fostering increased participation among these groups.

Internally, we recognise the importance of raising awareness and accommodating the needs of individuals with disabilities. We strive to create an inclusive working environment where the unique requirements of disabled persons are acknowledged, as demonstrated in our diversity talks. In our recruitment process, we engage a Representative for Severely Disabled Persons who advises us on applicants with disabilities and promotes awareness throughout recruitment. Furthermore, our recruitment team receives regular training on topics such as disabilities among staff or applicants, ensuring sensitivity and inclusivity in our approach.

Wellbeing

Our DDRT software plays a crucial role in enhancing mobility accessibility for all, thereby reducing social exclusion and addressing cost-intensive empty runs/ gaps in operating hours. By offering a DDRT service, we enhance the appeal of public transport usage, countering the deterrent of long travel times to desired destinations which often dissuade individuals from relying on public transportation. With a significant portion of the population dependent on personal vehicles, this places considerable strain on parking availability within urban areas. The search for parking spaces and associated costs are significant drawbacks of car usage, resulting in the occupation of valuable space that could be utilised more effectively. Despite these drawbacks, public transport coverage remains inadequate, failing to deter car usage.

We believe that the introduction of flexible and integrated DDRT mobility services will empower individuals to travel more freely, ultimately enhancing overall satisfaction, stimulating economic activity, and facilitating safer travel, particularly for vulnerable groups such as the elderly, individuals with disabilities, and families with children.

In terms of community integration within our products and services, we are attentive to local social demographics, ensuring our offerings are tailored to meet their needs. This includes providing services and applications in local languages and actively involving local stakeholders and end users in surveys. Our applications feature customer service interfaces for direct communication with support. Community engagement is a key focus, with events organized to foster interaction between ioki and stakeholders, providing opportunities for feedback and strengthening B2B relationships.

At ioki, we are committed to supporting and promoting health and well-being among our employees. This includes facilitating flexible working schedules, remote work options, and health-focused activities such as meditation and yoga classes. Employees are encouraged to utilise company bikes, and we offer holiday and leisure activities at discounted rates, further promoting a balanced lifestyle.

Pricing

Price
£236.25 to £479.00 a licence a month
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@ioki.com. Tell them what format you need. It will help if you say what assistive technology you use.