ioki GmbH

ioki Demand-Responsive-Transport (DRT) Platform

We offer a software solution (SaaS) for demand-responsive transport (DDRT/DRT) services (driver-based and autonomous). Via the control centre, the operator can control the disposition, monitor the operations and intervene. The white-label passenger app enables booking and payment.
All important information are transmitted to the driving personnel via vehicle app.

Features

• Bookings and payment via app, web and phone call
• Pre-booking, ad-hoc-booking, departure- and arrival-based booking
• Accessible passenger app for people with visual impairments/restricted mobility
• Real-time information for passengers, drivers and operators
• Anonymous contact between passenger and driver
• Easy-to-use driver app with integrated turn-by-turn navigation system
• A clear and user-friendly administration tool for operators
• Real-time analytics through ioki Reporting
• Marketing automation and referral marketing
• Definition and assignment of rights according to role concept

Benefits

• Continuous developments and optimisations of the product
• Integration in existing systems (MaaS via API or DeepLink)
• The system enables the digitalisation of public transport
• Software can be used for driver-based and driverless operations
• Mixing of line-based operation and area-based operation possible
• Day- and area-dependent modularisation of the service
• Customisable algorithm (objectives: pooling rate, service level, economic factors)
• Customisabel and highly flexible price adapter
• White-label solution (customisable to the corporate design)
• ISO 27001 certification

£236.25 to £479.00 a licence a month

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@ioki.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

720302619937610

Contact

Christopher Tellkamp
+4915237528412
sales@ioki.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: MaaS (Mobility as a Service) Software: ; The ioki solution can be integrated into existing local information apps. Integration can take place either via a deep link or API. Our system can also be used as stand-alone service (white-label).
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Community cloud
• Service constraints: Our software is highly customisable, we set up our product for each client individually. Each app is set up individually and launched in the stores. Our suggested time frame is 2-3 months (including planning, specifying the product, product configuration, operational setup); If our application is successful, we start with this process right away. ; ; We offer customer support for our partners but not end-customer support.; ; Our passenger and driver apps are available for iOS and Android.; ; In addition to the main contract, we must be individually entrusted with the processing of the data through a data processing contract.
• System requirements:
  • Hardware (tablet or smartphone) for vehicles/driver app
  • Latest version of the Internet Browser to use control centre
  • Internet connection
  • Our applications are available for iOS and Android

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Q&A/Helpdesk requests: ; We commit to providing written feedback on the request within five business days. Please note that automated responses will not be considered towards meeting this timeframe.; ; Incidents:; Incidents are classified and processed according to urgency. Response times are guaranteed via service level agreements which will be negotiated with the contract. ; ; The market standard is currently: ; Helpdesk hours: ; Incident classification high: 24/7; Incident classification middle: 05:00am -09:00pm GMT (06:00am -10:00pm CET ); Incident classification low: 07:30am -04:00pm GMT (08:30am-05:00pm CET); ; Standard reaction time: ; High priority: 1 hour; Medium priority: 4 hours ; Low priority: 24 hours
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Our customer support is tailored to assist our partners, not end customers (passengers).; ; Customer support covers incident reports as well as issue reports from our customers. ; ; Furthermore, we offer the additional service of a technical account manager.; ; Helpdesk: ; The Helpdesk is our central channel for all requests, suppport needs and reports. All Issues, problems and questions are being processed here. Whoever is needed to solve or answer the submitted issue will be involved by the Helpdesk. Therefore our customers do get access to the TSE (Technical Support Engineers , LAM or Developers) ; ; Q&A/Helpdesk requests: We commit to provide written feedback on the request within five business days (automated responses do not count for this purpose). ; ; Incidents:; Incidents are classified and processed according to urgency. Response times are guaranteed via service level agreements which will be negotiated with the contract. ; ; Helpdesk hours: ; Incident classification high: 24/7 ; Incident classification middle: 05:00am -09:00pm GMT (06:00am -10:00pm CET ) ; Incident classification low: 7:30am -04:00pm GMT (08:30am-05:00pm CET) ; ; Standard reaction time: ; High: 1 hour; Middle: 4 hours ; Low: 24 hours; ; Cost: Support a is included in our monthly fees (see Pricing)
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: The product training will be based on a "Train the Trainer" model. ; In a one-day training course, up to five people of our customers choice can receive training on how to use the operating system for digital mobility. This includes a training on how to use all components of the platform (passenger app, vehicle app, control centre and the reporting tool), as well as training the trainers that will be responsible for training new drivers/stewards, dispatchers, customer service employees, and so on. During the training course, the trainers nominated will be granted access to a demo version of the platform, which they can then use to conduct further training for all users of the operating system for digital mobility. Furthermore, we can provide optional additional training courses, which you can order separately.; ; You can opt for a virtual or in-person format, depending on your individual offer. ; ; We are providing comprehensive user/administration guide, namely "ioki Platform Handbook" as well as access to the ioki Academy.; Furthermore, in each section of the administrative tool you will find a link leading you to an online user/administration guide of this specific section. ; During our training, we will provide additional user and configuration guides.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: It is possible to extract the raw data of your product via API and make it available e.g. for further business intelligence usage. The format would be JSON over HTTP and is fully documented.
• End-of-contract process: With the end of contract the licence ends as well and our clients have the possibility to extend the licence and the main contract.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
  • Other
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Our system consists of three applications ; ; The administrative tool (Control Centre) works on mobile devices and through a browser. We recommend the use of the browser here. ; ; The ioki Passenger App is available for iOS and Android devices.; ; The ioki Vehicle App is available for iOS and Android devices.; ; Our apps are react native apps.; ; In addition to this, bookings can be done via a website.; ; There are no differences in functionality using different OS, whether it is mobile or desktop.
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: The Control Centre (interface to our direct customers) provides the operator with real-time information during current transport operations (driver-based or autonomous). Our system facilitates clear and detailed operations planning for the vehicle fleet and provides a range of setting options. Thanks to the control Centre, the operator keeps a close eye on all services at all times and optimise the settings on ad-hoc basis, if necessary.; ; All system-related tasks can be fulfilled using a single tool:; ; 1. Operations set-up and management ; 2. Driver management and fleet management ; 3. Dispatching and monitoring live operations and tracking historical events ; 4. Customer service
• Accessibility standards: None or don’t know
• Description of accessibility: The service interface in its current version is not designed in alignment with the above listed accessibility standards. However, as we are currently working on a new version of the service interface, which we are planning to, launch next year, this topic will be taken into consideration.
• Accessibility testing: Usability tests were done to comply with standards of the A11y (Accessibility) project. In cooperation with external associations for people with disabilities the booking process in the passenger apps was tested through people with visual impairments in an interview form based on test scripts, evaluation sheets in a staging version of the apps. Focus was on improving functionalities like VoiceOver and TalkBack. Issues occurring were recorded and afterwards improvements developed. Also, we are planning to do further testing of our updated control centre next year.
• API: Yes
• What users can and can't do using the API: An open architecture can be integrated ​into the customer landscape​.; ; Scenarios: ; Directory enquiries in an existing third-party app ; (1) Information on the on-demand service ; (2) Information on public transport services ; (3) Information and availability check of the demand-responsive service (API) - ride inquiry ; (4) Information, availability check, booking and live position updates of the demand-responsive service via (API) - deep integration; (5) Operational integration of the demand-responsive service (API); (6) Raw data exchange for an external data-lake; (7) Raw data exchange to external billing service providers or a billing software (API); ; The development efforts are on customer side; The implementation time frame is dependent on the customer’s technical setup, data compatibility and development team skills.​; ; The API must be maintained by the customer. Software application and interface must be upgraded within 2 months after a new version of the API is published. ; Interface data can only be used for the approved purpose. ​No unauthorised data usage, publishing or data storage is allowed. ​; Emergency caps are possible by us to secure the API against external service attacks.​; Rate limiting or interface cuts are possible in case of misusage. ​; ToS are standard legal appendix for APIs​
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Our applications are available as white-label solutions and can therefore be customised to your corporate design. ; ; Our experts can help you to customise your service parameters. Sub-operating areas can also be assigned special operating times and operating options. We advise on the optimum operating time for vehicles, waiting times, routes for passengers as well as any associated route diversions. ; ; The most important settings can be changed by the authorised administrators for each product at any time. Even during operation, changes to parameters are applied in real time. ; ; When creating a new operating area, the following parameters can be defined for each area: unique ID - unique area name, spatial definition of the area, operating times (service duration), automation of driver processes, routing settings and matching parameters , booking options (for example, maximum seats, pre-booking), price adapter, restricted areas (including scheduling)

Scaling

• Independence of resources: We rely on OpenStack with Ubuntu machines as its provisioning system. Here, our backend is operated using Docker Containers, which are orchestrated using Docker Swarm. Together with the load balancer HAProxy, this enables a system that scales automatically during peak loads. This process is constantly monitored by our performance monitoring solution "New Relic".

Analytics

• Service usage metrics: Yes
• Metrics types: The reporting provides access to live data and reports of ongoing operations.; We use the third-party provider tableau for visualisation through dashboards. However, the data runs through our servers. Content is adapted browser-based and can be viewed at any time via a web-based browser or a mobile app.; We provide standard reports of the most important KPIs and process data as part of our system. The visualisations and dashboards can be used interactively. ; The key figures can be exported in .csv format.; Additionally, a summary of the general performance of the system and specific services will also be provided.
• Reporting types:
  • Real-time dashboards
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Physical access control, complying with another standard
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Our reporting provides access to live data and reports of ongoing operations.; We use the third-party provider tableau for visualisation through dashboards. The data runs through our servers. Content is adapted browser-based and can be viewed at any time via a web-based browser or via a mobile app.; We provide standard reports of the most important KPIs and process data as part of our system. The visualisations and dashboards can be used interactively. ; The customer has the possibility to request other or customised reporting at additional costs.; Further there is the possibility to download the data over tableau as CSV.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • Tableau Workbooks or diagramms as PDF
  • Tableau Workbooks or diagramms as PNG
  • API: JSON
• Data import formats:
  • CSV
  • Other
• Other data import formats: API: JSON

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: Other
• Other protection within supplier network: Our network is divided into several isolated backnets. Each backnet covers a specific use case and servers can not overreach from their backnet into another.

Availability and resilience

• Guaranteed availability: The supplier shall, on the basis of an agreed SLA, provide monthly accessibility of the operating system of at least 99.9% based on the following calculation: [The total number of minutes in the relevant calendar month minus the number of minutes of unavailability of the platform in that calendar month] divided by the total number of minutes in the relevant calendar month (hereinafter referred to as the “availability of the platform”). If the availability of the platform fails to meet the required level, the client may assert vis-à-vis the supplier a claim for damages on a flat-rate basis, to the exclusion of other rights and claims accruing to the client. Any asserted claim for damages on a flat-rate basis shall, in the month following the month in which the failure to meet the required level of availability of the platform occurred, be deducted from the licence fee owed under the prime agreement for that month. For instance, if the availability of the platform is not provided in April 2024, the supplier shall deduct a discount in the relevant specified amount when preparing the licence fee invoice for May 2024 under the prime agreement.
• Approach to resilience: This information is available on request.
• Outage reporting: The supplier will setup a webservice in order to give access to a dashboard for the Client Platform Availability. Furthermore, the client will get access to a webpage for pro-active Supplier Incident Reports.

Identity and authentication

• User authentication needed: Yes
• User authentication: 2-factor authentication
• Access restrictions in management interfaces and support channels: Access to the control centre is protected by 2-factor authentication, which is set up by us. If authentication via a smartphone app cannot be used, necessary tokens can be set up. ; Therefore, our demo, production and staging environment are only accessible to authorised persons and with unique ID.; ; Only registered management users can contact our support channels.
• Access restriction testing frequency: At least once a year
• Management access authentication: 2-factor authentication

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users receive audit information on a regular basis
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: ESecurity-Cert GmbH
• ISO/IEC 27001 accreditation date: 01/11/2022
• What the ISO/IEC 27001 doesn’t cover: In order to provide you with a better picture in this respect, we would rather list what the scope of our ISO/IEC 27001 certification includes: Demand-responsive, platform development, software development process, backend with interlocking, passenger, driver, operator app (data center with infrastructure).
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: * Official approval process for policies compliant with ISO 27001 from legal and IT security perspective ; * Official approval process for software and services from legal and IT security perspective (ISDS board); * Company-wide viewable catalogue with approved software and usage conditions; * Company-wide viewable internal website that covers all policies regarding IT security

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All components (and their 3rd party dependencies) are automatically tracked and the respective teams are automatically notified about updates and/or security releases.; ; Since we live "configuration through code" in all of our components, the dependency tracker will also automatically open up a change request to be reviewed by a team member.; ; All these changes are covered up by an extensive test suite (> 95% code coverage for the backend) and our IT security team.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We are connected to a CVE database as well as to multiple dependency management systems for our components.; These data sources usually already provide insights about the severity of a potential threat. We then follow up on these with the individual dev teams, supported by our IT security team.; ; We have a well defined CI pipeline with an extensive test suite. We can deploy with confidence, half-automatically (one single command) within 5 min.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: All servers and network traffic are constantly monitored and logs are stored in a central, fully-searchable system with alerting based on content or frequency of certain messages/requests.; ; In case of a potential compromise our IT-security-team will examine our audit and log systems, which data was vulnerable/exposed/manipulated.; Manipulated data would/could be restored.; If the compromise is ongoing, we might disconnect affected parts of the system from public access.; All findings are reviewed by our data-security and legal advisor. If a breach is found, we would inform the corresponding customers.; ; This process starts within minutes after a potential compromise is identified.
• Incident management type: Supplier-defined controls
• Incident management approach: * 24/7 standby team of back-end engineers and devops people; * Pager duty management system with automated escalation policies connected to our monitoring systems; * Status page and in-app alerts in case of performance degradation or service interruption; ; *Users can report incidents, to the Helpdesk. The incidents are classified by their criticality. The reaction times are handled contractual with service level agreements taking the classification into account. We can give an overview on how many incidents are being sent in, classified by their criticality, with reaction time.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Through our analyses and DDRT software, we make a significant contribution to reducing CO2 emissions. Our primary focus lies in enhancing mobility and alleviating traffic congestion on roads, thereby playing a pivotal role in climate protection. A strategically devised DDRT service presents an enticing alternative to private car usage. We particularly concentrate on enhancing public transport attractiveness by introducing DDRT feeder services in suburban and rural areas. This initiative encourages more individuals to transition from using their personal vehicles to opting for a more sustainable mode of transportation, thus fostering a shift in mobility behaviour.; ; Approximately 90% of our projects are integrated into public transport systems, with the majority of our services operated using electric vehicles. Through collaboration with local partners, we strive to optimize existing public transport networks for enhanced efficiency and reduced air pollution. In Hamburg, Germany, for instance, our emission-free service seamlessly transports travellers from point A to B. By seamlessly integrating bus and train services with our DDRT offering, we actively bolster public transportation, making environmentally friendly mobility even more appealing.; ; Our eco-friendly e-shuttles have already mitigated over 250 tonnes of CO2 emissions. According to a study conducted by the Technical University of Hamburg, 25% of users have already forsaken their private cars in favour of this sustainable mode of transportation. We continually identify opportunities for further sustainability enhancements through comprehensive analyses.; ; With our Mobility Analytics and Consulting services, we identify areas where current public transport offerings fall short and where there is potential for individuals to embrace more sustainable transportation modes. By empowering more partners to launch new services, we increase awareness of and accessibility to sustainable transportation options.

  Tackling economic inequality

  In addressing economic inequality within our organisation, ioki stands committed to supporting the contract workforce. We offer career guidance and opportunities for career advancement, particularly in areas with known skill shortages. Our support extends to mentoring, coaching, and access to professional and educational resources, including in-house learning initiatives. We also facilitate regular meet-ups covering tech and mobility topics with the wider community, providing valuable networking opportunities for our employees. Additionally, recognising the importance of training and apprenticeships, we embrace individuals from diverse backgrounds, including career changers, students undertaking thesis projects, and trainees, with around 10% of our workforce comprising students. We prioritise supporting education certificates relevant to contracts, addressing skill gaps and leading to recognized qualifications. Moreover, we invest in training programs to diversify our business portfolio, such as in autonomous transport and software development, underscoring our commitment to continuous employee skill development.; ; From the perspective of our DDRT service, we acknowledge the transportation challenges faced by economically disadvantaged groups, particularly those without access to private vehicles. Limited accessibility to public transport exacerbates these challenges, especially for individuals residing in remote areas who often encounter financial burdens associated with transportation. DDRT services, facilitated by ioki software, offer a solution to these issues by extending mobility options and making public transport accessible across the deployed area. This not only enhances mobility for underserved communities but also addresses financial constraints associated with transportation expenses, ultimately fostering greater inclusivity and accessibility to essential services.

  Equal opportunity

  Regarding our products and services, we recognise the vital importance of providing support functions to assist passengers with various needs. Consequently, we incorporate passenger options catering to different types of disabilities, such as reserving space for wheelchairs or rolling walkers. Additionally, we have introduced a reader function in our Passenger App to aid visually impaired customers. As part of our future mobility concept, we aim to further support visually impaired passengers through audio passenger announcements.; ; Externally, our products can play a role in narrowing the gap for disabled individuals in transportation. By offering suitable mobility software, we enable them to access workplaces, local offices, and transport hubs more easily, thereby fostering increased participation among these groups.; ; Internally, we recognise the importance of raising awareness and accommodating the needs of individuals with disabilities. We strive to create an inclusive working environment where the unique requirements of disabled persons are acknowledged, as demonstrated in our diversity talks. In our recruitment process, we engage a Representative for Severely Disabled Persons who advises us on applicants with disabilities and promotes awareness throughout recruitment. Furthermore, our recruitment team receives regular training on topics such as disabilities among staff or applicants, ensuring sensitivity and inclusivity in our approach.

  Wellbeing

  Our DDRT software plays a crucial role in enhancing mobility accessibility for all, thereby reducing social exclusion and addressing cost-intensive empty runs/ gaps in operating hours. By offering a DDRT service, we enhance the appeal of public transport usage, countering the deterrent of long travel times to desired destinations which often dissuade individuals from relying on public transportation. With a significant portion of the population dependent on personal vehicles, this places considerable strain on parking availability within urban areas. The search for parking spaces and associated costs are significant drawbacks of car usage, resulting in the occupation of valuable space that could be utilised more effectively. Despite these drawbacks, public transport coverage remains inadequate, failing to deter car usage.; ; We believe that the introduction of flexible and integrated DDRT mobility services will empower individuals to travel more freely, ultimately enhancing overall satisfaction, stimulating economic activity, and facilitating safer travel, particularly for vulnerable groups such as the elderly, individuals with disabilities, and families with children.; ; In terms of community integration within our products and services, we are attentive to local social demographics, ensuring our offerings are tailored to meet their needs. This includes providing services and applications in local languages and actively involving local stakeholders and end users in surveys. Our applications feature customer service interfaces for direct communication with support. Community engagement is a key focus, with events organized to foster interaction between ioki and stakeholders, providing opportunities for feedback and strengthening B2B relationships.; ; At ioki, we are committed to supporting and promoting health and well-being among our employees. This includes facilitating flexible working schedules, remote work options, and health-focused activities such as meditation and yoga classes. Employees are encouraged to utilise company bikes, and we offer holiday and leisure activities at discounted rates, further promoting a balanced lifestyle.

Pricing

• Price: £236.25 to £479.00 a licence a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@ioki.com. Tell them what format you need. It will help if you say what assistive technology you use.