AppyParking

AppyWay: Digital Traffic Order Management (D-TROs)

The Traffic Suite, is the most efficient way to manage TROs.

A cloud-based solution enabling local authorities to digitise Traffic Regulation/Management Orders (TRO/TMOs), ensuring compliance with Department for Transport's (DfT) D-TRO model. Utilising map-based schedules, the platform manages the full TRO lifecycle, encompassing static, moving, permanent, experimental, and temporary orders.

Features

• End-to-end traffic order management: Design, consultation, analysis
• Intuitive design with training resources and support dashboard access.
• Fast & accurate tools: Streamline order creation with bulk updates.
• Up-to-date base maps OS API, Mapbox, Google Satellite.
• Interactive map-based portal: consultation; separate application: live data.
• Built-in reporting and analysis tools; additional dashboard capabilities.
• Real-time API integration with external systems (enforcement, GIS, EV)
• Cloud-based with flexible migration options; ongoing system updates.
• Standardised data format aligned with APDS, D-TRO, DfT standards.
• Dynamic map schedules focus on changes, minimising file length/size.

Benefits

• Fully cloud-based; enables remote access from anywhere.
• Intuitive platform reduces training time; constant efficiency updates.
• Swift data ingestion in various formats takes weeks, not years.
• Unrivalled speed: 80% faster processing rate, saving time, resources.
• Data and dashboards support internal planning and sustainability goals.
• Easy navigation; read-only licence options slash editing costs.
• Standardised data, clear traffic orders ensure public understanding.
• Enhanced engagement: Interactive tools; transparent information sharing.
• Streamlined collaboration: Accessible to all departments; APIs ensure connectivity.
• Comprehensive reporting and dashboards

£13,000 a unit a year

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@appyway.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

741990054777432

Contact

Mike Potter
07398195065
sales@appyway.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: N/A
• System requirements: An up to date browser

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Monday to Friday 9am to 5.30pm (UK GMT)
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AAA
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Covering Monday-> Friday 9am-5.30pm (UK GMT) unless otherwise stated; ; Email Support; Account Manager support; Technical Support
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Included:; Given a secure login for all licensed users; Training documentation; ; Extra cost:; Onsite training is an optional extra cost item
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: User data is removed at the point of contract termination. ; API keys are removed and access to the system is terminated.; Any data owned by the user is returned in JSON format.
• End-of-contract process: Any data owned by the user is returned in JSON format

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Our application can be used in mobile browsers and scales correctly per device.
• Service interface: No
• User support accessibility: WCAG 2.1 A
• API: Yes
• What users can and can't do using the API: The API is for data retrieval. ; Users can create and edit assets using the tool and read them via the API. ; The API does not replace the tools.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: No

Scaling

• Independence of resources: The system is hosted on Azure public cloud and separated for read and write actions such that all types of users are separated from each others demands.

Analytics

• Service usage metrics: Yes
• Metrics types: We report on % uptime of the services.
• Reporting types:
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: Less than once a year
• Penetration testing approach: In-house
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Depending on the data required, either exported (GeoJSON for map-based Traffic Orders) or requested via the support process (user information)
• Data export formats: Other
• Other data export formats:
  • GeoJSON, WGS_84
  • Other formats available at additional cost
• Data import formats: Other
• Other data import formats:
  • GeoJSON, WGS_84
  • Other formats at additional cost

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: SLA for services is 99.95%, excluding maintenance.
• Approach to resilience: Available on request
• Outage reporting: Internal dashboard and alerts.; Publication via website

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Applying the Principle of Least Privilege and Role Based Access Control, access to support channels is strictly limited, via the CTO, as to who has access and how much. There are simple reporting portals, but also user and data-set management portals. Access to user and dataset management is strictly limited to few personnel via 2 factor authentication.
• Access restriction testing frequency: At least once a year
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: No audit information available
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: AppyWay has a security policy covering:; - Software security best practices; - Incident reporting and tracking; - Levels of data held and risks associated with them
• Information security policies and processes: The CTO is the named security officer.; All staff are trained in the security policy and required to attend training. ; Notification and escalation procedures are included.; The policy covers storage and access to data, data categories, and access profiles as well as physical access to the building, its contents and intellectual property.; It also covers the process for granting employees, customers, potential customers access to data and how to revoke access for each group.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All change requests, defects and feature enhancements are tracked in JIRA.; All releases are tracked in JIRA.; ; Each ticket follows the same workflow: ; Log->triage->Todo->In Progress->Code Review->UAT-> integration->Live; Security impact is assessed at both the triage state and at code review.
• Vulnerability management type: Undisclosed
• Vulnerability management approach: AppyWay uses a combination of PAAS (MS Azure) solutions to host our services. AppyWay also uses AuthO for authentication. All these services include monitoring and threat notification systems. Any threats and activity that fall outside the boundaries of the that are handled within our stipulated SLA.
• Protective monitoring type: Undisclosed
• Protective monitoring approach: AppyWay uses a combination of PAAS (MS Azure) solutions to host our services. AppyWay also uses AuthO for authentication. All these services include monitoring and threat notification systems. Any threats and activity that fall outside the boundaries of the that are handled within our stipulated SLA.
• Incident management type: Undisclosed
• Incident management approach: For reporting incidents users can contact mappersupport@appyway.com. We will notify of outages and incidents via either email.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Tackling economic inequality
  • Equal opportunity

  Tackling economic inequality

  AppyWay is an accredited Living Wage Employer, our employees are based across the UK.

  Equal opportunity

  AppyWay is an equal opportunities employer. Our processes remove any bias in our recruitment and employment practices

Pricing

• Price: £13,000 a unit a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: We can provide time-limited access to the solution for authorities where existing Traffic Order data is already available in our solution, or where it can be provided by the authority for the Appy team to import, for evaluation purposes.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@appyway.com. Tell them what format you need. It will help if you say what assistive technology you use.