Capture 2 by Arcadis IBI Group

Service scope

Software add-on or extension: No
Cloud deployment model: Hybrid cloud
Service constraints: Any maintenance activities that might result in service degradation or unavailability will undertaken outside of normal working hours. Buyers will be informed by email one week in advance of any planned maintenance or downtime.
System requirements: Windows devices required for the Capture 2 App

Modern browser (Firefox, Chrome or edge) required for Viewer

Web GL enabled graphics card and browser

User support

Email or online ticketing support: Email or online ticketing
Support response times: Questions submitted via e-mail will be responded to during weekday business hours (9am to 5pm). Critical faults raised will be responded to within 1 hour. Non-critical faults will be responded to within 1 working day. Response times do not included weekends.
User can manage status and priority of support tickets: No
Phone support: Yes
Phone support availability: 9 to 5 (UK time), Monday to Friday
Web chat support: No
Onsite support: No
Support levels: First level e-mail and telephone support is provided during office hours (9am to 5pm). Issues raised by customers are triaged by the first line support team and reported to the relevant support teams for resolution. A technical account manager oversees the customer arrangements, ensuring updates and communication on all support items.
Support available to third parties: No

Onboarding and offboarding

Getting started: The onboarding process should be completed within four weeks of the order being confirmed. The process will begin with a service initiation meeting with the customer to confirm the various elements of configuration that will be required such as user accounts, defect types and look and feel.
A training webinar will be made available as part of the onboarding process.
Service documentation: Yes
Documentation formats: PDF
End-of-contract data extraction: Customer datasets in the cloud will be made available to the customer within one month of the notification that the subscription will not be renewed and up to three months following the end of the subscription period.
Data will be provided on hard drive(s) back to the customer after which IBI Group will purge and destroy all customer data from its systems including any logs and archives that have built up with use.
End-of-contract process: Access via Customer devices will be rescinded at the end of the contract,

Customer cloud data sets will be made available to the customer within one month of the notification that the subscription will not be renewed and up to three months following the end of the subscription period as previously indicated. There will be no additional costs to the customer for data cleansing.

Using the service

Web browser interface: Yes
Supported browsers: Microsoft Edge

Firefox

Chrome
Application to install: Yes
Compatible operating systems: Windows
Designed for use on mobile devices: Yes
Differences between the mobile and desktop service: Capture 2 is a mobile app which runs on windows mobile devices and has been disigned to run best on medium to large format tablets. The viewer has been developed to run on 3D enabled browsers such as Firefox, Chrome and Edge
Service interface: Yes
User support accessibility: None or don’t know
Description of service interface: User input via the Tablet app is captured via the touch screen. This includes selecting the desired defect type and optional photo of asset at the users current location.

The visualisation application is provided via a browser interface.
Accessibility standards: None or don’t know
Description of accessibility: Large buttons, easy navigation, little to no free text required. As much use of location data to eliminate text entry on the mobile app as possible.
Accessibility testing: There has been no specific interface testing with users of assistive technology. The app requires a visual inspection of images
API: Yes
What users can and can't do using the API: All interfaces within the Capture 2 system are called via means of RESTful APIs with payloads submitted in JSON format. The APIs are not open to users. However the app can be configured to process by means of upload and download of images, location information, defects and other essential background data.
API documentation: No
API sandbox or test environment: Yes
Customisation available: Yes
Description of customisation: Capture 2 is fully customisable per client installation including skinning the app with corporate colours and logo. Clients can choose defect types based upon their own asset data requirements.

Scaling

Independence of resources: The only potential for users to place demand on the system is when submitting reports. Reports with images can take a long time to submit to the server depending on signal strength and type (3G/4G etc). If all the available concurrent server connections are taken the app will seamlessly continue to attempt to submit the report until successful. Maximum concurrent server connections can be increased as more customers use the service.

Analytics

Service usage metrics: Yes
Metrics types: Service usage statistics.
Reporting types: Reports on request

Resellers

Supplier type: Not a reseller

Staff security

Staff security clearance: Other security clearance
Government security clearance: Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations: Yes
Data storage and processing locations: United Kingdom
User control over data storage and processing locations: No
Datacentre security standards: Managed by a third party
Penetration testing frequency: At least every 6 months
Penetration testing approach: In-house
Protecting data at rest: Physical access control, complying with another standard

Encryption of all physical media
Data sanitisation process: Yes
Data sanitisation type: Explicit overwriting of storage before reallocation

Deleted data can’t be directly accessed
Equipment disposal approach: A third-party destruction service

Data importing and exporting

Data export approach: Reports can be exported in CSV format for further manipulation and analysis.
Data export formats: CSV
Data import formats: Other
Other data import formats: JSON

Data-in-transit protection

Data protection between buyer and supplier networks: TLS (version 1.2 or above)
Data protection within supplier network: IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability: 99.9% up time is guaranteed during office hours. There is no standard SLA for the Capture service, but one can be agreed with the customer if required.
Approach to resilience: Capture services run on virtual servers, which can be clustered to provide resilience.
The Capture app is resilient in the face of loss of signal and will store reports until such time as it can submit them to the server.
Outage reporting: Service outages and errors are reported via email alerts.

Identity and authentication

User authentication needed: Yes
User authentication: 2-factor authentication

Other
Other user authentication: Only registered devices are allowed to submit defect survey reports via Capture. The unique IDs of each authorised device are registered per client installation.
In addition, each interface service request from the mobile app has to be individually authenticated via an access token, which has to be sent each time, before information will be accepted, ensuring that a double layer of security is in place. Access tokens expire after a month and re-authentication is required at this point. Tokens can be revoked at any time.
Access restrictions in management interfaces and support channels: Only Administrator users have access to the Cloud Report Viewer. These must be registered by IBI per client deployment.
Access restriction testing frequency: At least every 6 months
Management access authentication: 2-factor authentication

Identity federation with existing provider (for example Google Apps)

Username or password

Audit information for users

Access to user activity audit information: Users have access to real-time audit information
How long user audit data is stored for: User-defined
Access to supplier activity audit information: No audit information available
How long system logs are stored for: User-defined

Standards and certifications

ISO/IEC 27001 certification: Yes
Who accredited the ISO/IEC 27001: DNV
ISO/IEC 27001 accreditation date: 27/02/2024
What the ISO/IEC 27001 doesn’t cover: No exclusions
ISO 28000:2007 certification: No
CSA STAR certification: No
PCI certification: Yes
Who accredited the PCI DSS certification: MNP LLP
PCI DSS accreditation date: 01/09/2023
What the PCI DSS doesn’t cover: None
Cyber essentials: Yes
Cyber essentials plus: Yes
Other security certifications: Yes
Any other security certifications: SOC2

Security governance

Named board-level person responsible for service security: Yes
Security governance certified: Yes
Security governance standards: ISO/IEC 27001

Other
Other security governance standards: We secure Personal Data as a Data Controller or Data Processor through compliance with the Cyber essentials Plus, ISO 27001 Standard, SOC2 Reporting and PCI-DSS compliance. These standards are regularly audited and are the basis for the controls we have when handling client data (Product dependant)
Information security policies and processes: Our IS Global Policies cover the following: Information Classification; Information Sharing & Handling Rules; Acceptable Use; Asset Management; Change Management; Physical Access Control; Human Resource Security; Mobile Device Security

Operational security

Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach: We have centralised registers for our hardware and software assets and these are management through a Change Advisory Board, which meets regulary to manage change and advise on the risk of new asset introduction. These procedures are in compliance with ISO27001:2022 and SOC2
Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach: Our Change Advisory Board classifies: Normal – Enhancements/other planned changes in line with product roadmaps Standard – Routine updates to keep systems/products healthy, e.g. patching vulnerabilities with Medium, Low/Very Low classification Emergency Outage – Changes in response to direct issues affecting a platform/product from operating in line with client expectations. Emergency Imminent – an emergent known threat that could bring disruption to systems/products, e.g. zero-day vulnerabilities. Emergency Scheduled – Important changes that can be implemented per schedule but have a high/critical classification. Threats assessed by the CAB board and implementation and testing requirements set along with timelines for deployment.
Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach: Intrusion detection monitoring systems and tools are in place both at the hardware and software levels and these trigger upon detection. We take the necessary steps to comply with the local information security office in the domains we operate and notify accordingly. We operate monitoring services 24/7/365 and have remote teams ready to act upon detection and carry out the appropriate actions to minimise disruption following disaster recovery plans as appropriate. We conform to ISO27001:2022
Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach: Employees comply with the Arcadis General Business Principles and the full suite of data protection policies. Most incidents are reported through monitoring tools but employees are comppelled to report any incidents to their immediate line manager and through our tech services organisation. Incident management takes over from there and reporting is in line with best practice and compliance with local regulatory laws and ISO27001:2022.

Secure development

Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks: No

Social Value

Fighting climate change
Covid-19 recovery
Tackling economic inequality
Equal opportunity
Wellbeing

Fighting climate change

By supporting the simple drive through of data collection, Capture 2 means that inspectors do not have to stop on the hard shoulder and leave an idling vehicle for any length of time.

Covid-19 recovery

By remotely tagging defects, the Capture 2 app reduces the need for large parties of engineers to visit site together, therefore limiting the mixing of various groups of people.

Tackling economic inequality

Use of Capture 2 increases client resilience and capacity which in turn influence staff, suppliers, customers and communities through the delivery of the contract to support resilience and capacity in the supply chain.

Equal opportunity

IBI Group is committed to creating a culture where everyone has an equal opportunity to grow, develop, succeed and be their truest self. We hold each other accountable to create and contribute to an inclusive culture, which includes a focus on increasing gender representation and diversity across the entire organisation. In 2022 IBI launched the Diversity, Inclusion and Belonging (DIB) Scholarship which rewards students who self-identify as Black with a $5,000 scholarship at six partner universities across Canada and the United States. This scholarship is one of many IBI Group programs aimed at increasing internal gender representation and diversity and in turn fostering an environment where everyone is encouraged to be themselves and achieve a sense of belonging. IBI's Diversity Policy can be viewed here: https://www.ibigroup.com/wp-content/uploads/2021/03/2021.02.17-Diversity-Inclusion-Belonging-Policy-Approved.pdf

Wellbeing

Capture 2 app allows for a remote inspection regime to be used across all road types by reducing the need to close carriageways or roads altogether. This gives the road user a much better experience, by not only having open roads, but also reducing defects across the network.

Pricing

Price: £5,000 a licence a year
Discount for educational organisations: No
Free trial available: No

Features

Benefits

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Pricing

Service documents

Cookies on Digital Marketplace

Capture 2 by Arcadis IBI Group

Features

Benefits

Pricing

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Social Value

Pricing

Service documents