Imperial Civil Enforcement Solutions

PermitSmarti

PermitSmarti allows customers an innovative way to apply for and procure their parking permits. PermitSmarti enables clients to manage
every aspect of their permits using a web portal. The Imperial Civil Enforcement Solutions system is designed to simplify the permit application and management process and to improve accessibility and efficiency.

Features

• Browser based solution – mobile optimised
• Customer facing online portal for speed of application
• Managed infrastructure available 24/7
• Reporting tools
• Supports multi-contract systems
• CRM integration
• Virtual permits
• PCI-DSS compliant
• Supports configuration of any permit type
• Address and vehicle look-up for zone exclusions and emissions

Benefits

• Offers virtual permits – saving on stationary, eliminates abuse
• Provides a user friendly interface
• Enables customers to meet digital objectives
• Introduces significant cost savings and added value
• Offers address and vehicle look-up functionality to check emissions
• Mobile optimised solution increases accessibility and improves interaction rates
• Real-time capability means applications are received immediately reducing processing
• Secure service ensures third party data cannot be accessed
• Easily scalable
• Unrivalled flexibility in tailoring look and feel to client requirements

£7,000 to £7,000 a user a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Sales@imperial.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

756144678538711

Contact

David Wearmouth
01179251700
Sales@imperial.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: No
• System requirements: Modern Browser

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Response times are subject to our Service Level Agreement. Depending on severity, our response time can be as low as 1 hour between 8am and 6pm from Monday to Friday.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Onsite support
• Support levels: Imperial provides on-site training and technical support. As part of these, a trainer and or consultant is dispatched. For pricing and daily rates, please refer to the SFIA score card.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Following a discovery meeting, where user requirements are assessed, clients are handed over a fully; tailored system. The on-boarding service includes a one day user training. Imperial support services are; available from the outset should the client require.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: At the end of the contract, the service is switched off, the client is provided with a copy of their data in an agreed format. All client data in possession of Imperial is securely deleted.
• End-of-contract process: At the end of the contract, the service is switched off, the client is provided with a copy of their data in an agreed format. All client data in possession of Imperial is securely deleted.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: There are no functional differences between the mobile and desktop application.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: From the PermitSmarti portal, customers are able to – following the creation of an account – apply for, renew or cancel a permit as well as request suspensions.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: We visually inspect pages, adjusting browser settings to ensure we can increase/decrease font sizes easily, switching to black and white to ensure elements indicated by colour can also be identified in other ways and using Audio reader/navigation tools such as NVDA.; We inspect the screens visually taking into account the applicable guidelines.; For each new website installation we run the relevant checking tools as part of the system test process to ensure that the Customer’s corporate layout and accessibility requirements fit with our website structure.
• API: Yes
• What users can and can't do using the API: PermitSmarti provides a simple API to allow client CRM systems to pre-register users or to integrate with single sign-on through hosting of digitally signed data via the browser
• API documentation: Yes
• API documentation formats: Other
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: As part of both initial set-up and the on-going support provided, the client will be set-up the permit types, the permit zones, the permit schemes with prices and all other aspects including automated reminder letters. In accordance permit limits and street exclusions are also recorded. The system will also be tailored to match the look and feel of the client website.

Scaling

• Independence of resources: Infrastructure is designed with considerable headroom to cope with peak traffic and is monitored for issues.

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest: Physical access control, complying with another standard
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: An export facility exists from within the permit search facility. There is also a direct service (SOAP) for providing basic permit information to the handheld enforcement system which could be accessed to retrieve information via an interface.
• Data export formats:
  • CSV
  • Other
• Other data export formats: SOAP Format XML
• Data import formats: Other

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • IPsec or TLS VPN gateway
  • Other
• Other protection within supplier network: We have an MPLS link between our offices and IPSec VPN tunnel to Cloud provider.

Availability and resilience

• Guaranteed availability: Owing to the headroom, redundancies and monitoring incorporated into our infrastructure, we are able to; guarantee 99.5 per cent uptime. Imperial works in accordance with its hosted service SLA, which lays down incident severity levels and resolution times.; Imperial will take all reasonable step to achieve a Resolution of; Incidents within the Target Resolution Times. In the event Imperial fails to meet a service level, service credits will be calculated which can be used for ICES services or training.
• Approach to resilience: The service is backed up fully once per week. There are differential backups performed every 12 hours and transaction logs are backed up every 10 minutes. This is automatic and requires no manual input.; ; The service is replicated across two geographically diverse datacentres. This ensures that the database can be brought back on-line very quickly. The failover between datacentres would require no manual intervention as it would happen automatically upon failure.; The RTO for the managed instance is 1 hour and the RPO is 5 seconds between the datacentres, this is using Auto-failover . If the data centres are both lost then we would revert to a Geo-restore strategy where the RTO would be 12 hours and the RPO 1 hour, deploying the solution to a third site.; ; Database restores are managed by the Imperial support team by selecting the database backup to restore.; File storage is backed up multiple times a day, with a 1-month retention policy on the backup. File restores are managed by the Imperial support team.
• Outage reporting: Instant messaging, e-mail and SMS alerts to Support Team.

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: Access is restricted through elevated accounts in active directory.
• Access restriction testing frequency: At least once a year
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Alcumus ISOQAR
• ISO/IEC 27001 accreditation date: 08/01/2024
• What the ISO/IEC 27001 doesn’t cover: Fully certified
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Access Control systems are in place to protect the interests of all users of the Company computer systems by providing a safe, secure and readily accessible environment in which to work. A formal process is; conducted at regular intervals by system owners and data owners in conjunction with the Infrastructure Department to review users’ access rights. Confidentiality and data protection clauses are integral part of; the employment contracts as well as contracts with business entities. In addition Imperial has Data Protection and Information Security Policies in place.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: We follow the agile software development methodology. We release new versions of software every month.; ; When a new release is available all users are emailed with a set of detailed release notes documenting the changes, additions and fixes in the release. Where a change, addition or fix is of a particular benefit to a; specific customer they are contacted directly by Imperial Support.
• Vulnerability management type: Undisclosed
• Vulnerability management approach: Our patching policy covers operating system patches for Microsoft based servers and workstations owned or managed by Imperial. ; Microsoft Windows Update Server (WSUS) constantly scans for new patches. ; All patching is automated wherever possible to remove human error. Endpoint settings are set centrally via group policy to prevent users changing configuration. ; New servers are deployed from templates containing the up-to-date patches and updates from Microsoft. ; Patches are deployed to the test environment first and checked for issues before deployment to live.
• Protective monitoring type: Undisclosed
• Protective monitoring approach: Real-time monitoring of servers, virtual machines, network devices, and web applications and will provide additional monitoring metrics, among others network utilisation, CPU load and disk space consumption.
• Incident management type: Supplier-defined controls
• Incident management approach: Any security breach is assessed immediately upon discovery to assess the severity and any such incident is reported immediately to the Customer. As data controller, the Customer will then decide on whether to inform the ICO within 72 hours should they deem the breach as reportable.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Fighting climate change; ; At Imperial, we are dedicated to reducing our own environmental impact wherever possible, as well as developing tools to help our customers to do so.; ; To reduce our own impact on the environment, Imperial employees are all made aware of the corporate environmental policy at their induction. We have implemented an energy efficient office space, bike storage lockers and a cycle to work scheme to encourage sustainable travel to work, a flexible home working policy and focus on virtual meetings where appropriate, to reduce the need for our employees to travel unnecessarily.; ; We have developed a range of solutions to help our customers to reduce their environmental impact.; ; PermitSmarti issues virtual permits by default. By implementing our PermitSmarti virtual permit solution, our customers save on the environmental and financial cost of purchasing, storing and printing permit-related stationery. The online web-portal eliminates the need for paper applications, and virtual permits do not require printing or posting, resulting in a reduced carbon footprint.; ; An innovative feature of PermitSmarti is the ability to gather vehicle CO2 emission data from a third party. This enables our customers to implement emissions-based permit schemes, to encourage citizens towards cleaner vehicles.; ; Imperial is can also help customers to implement Clean Air and Low Emission Zones to improve local air quality. PermitSmarti can complement our 3sixty Clean Air Zone Notice Processing solution by providing a platform to pay to enter a clean air zone, or to process discounts and exemptions.

  Tackling economic inequality

  We have delivered a number of social value initiatives throughout the Bristol and Northampton areas in which we operate.; We conduct staff visits to schools in these local areas to demonstrate our software and talk about potential careers in software and IT. We host school and college visits to our Business Processing Centre in Northampton. We support numerous local charities throughout each year, including children’s charities

  Equal opportunity

  We have delivered a number of social value initiatives throughout the Bristol and Northampton areas in which we operate. As an employer, we work with Remploy, a leading provider of specialist employment services to disabled people, to offer transformational employment opportunities to disabled people and those with complex needs.

  Wellbeing

  Imperial is committed to the wellbeing of our staff, and we also place a great emphasis on delivering improvements to the wellbeing our customers and their local communities, through use of our software.; ; Initiatives to support the physical and mental health of our workforce include: charity walking, cycling and running challenges, a cycle to work scheme, a free independent counselling service, and other resources including a monthly newsletter created by our ‘healthy minds’ company mental health champions.

Pricing

• Price: £7,000 to £7,000 a user a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Sales@imperial.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.