SIMPLIFAI SYSTEMS LIMITED

Simplifai AI Smart Cities and Regions

Simplifai's patented Artificial Intelligence (AI) Smart City and/or Region Service integrates with multiple local and national data sources to extract operational service performance insights and knowledge and deliver goal centred service optimisation. Addressing unique, complex, and hypothetical scenario interactions across local and government sectors; health, education, transport and emergency services.

Features

• Patented AI goal centred service control optimisation and management tool.
• Integrates/sources data from multiple urban/rural/customer operational systems and data sources.
• Management dashboards to analyse and visualise service constraints and performance.
• Patented models generated to inform simulator and planner platform.
• Generate and implement AI optimised operational service outcomes in minutes!
• Optimise service for unique, complex, non-recurrent and hypothetical scenario interactions.
• Identify and manage transport inter-modal, hot-spots and service reliability issues.
• Address complex sites, events, service incidents, service interactions and reliability.
• Rolling horizon forecasting and contingency planning to address planned issues.
• Access controlled, multi cloud platform hosted service supporting scale deployment.

Benefits

• Significant increase in resource optimisation and better informed investment allocation.
• Analysis and visualisation of complex data providing service performance insights.
• Gain cross-sector insights identifying and addressing previously unidentified service constraints.
• Delivers improved reliability and performance and enables automated response triggering.
• Address cross-vertical authority issues, e.g. health service impacts on transport.
• Supports delivery of sustainability, net zero and environmental benefits.
• Identifies service performance and calibration issues, validating targeted interventions.
• Validate improvement and service schemes before, during and after interventions.
• Improved Transport reliability through interventions and active travel prioritisation.
• Supports plans for economic growth, inclusion, sustainability and wellbeing.

£4,000 to £100,000 a unit a month

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at keith.mccabe@simplifaisystems.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

763536863825578

Contact

Keith McCabe
07812721181
keith.mccabe@simplifaisystems.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: It extends and augments existing client management and control systems. It is an extension to Smart City management systems and services provided by Simplifai under prior G Cloud frameworks.
• Cloud deployment model: Private cloud
• Service constraints: Buyers will need to have existing control systems, or equivalent, that are capable of connecting to a cloud based Artificial Intelligence system or have access to sufficient data that monitors service flows and volumes.; Clients will be informed of planned service maintenance in advance.
• System requirements:
  • Client computers and internet access agreed in advance
  • Secure communications to the Cloud based AI System.
  • Access to customer data, data sources and data volumes
  • A modern standards compliant web browser

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: 24 hours
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 A
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Email and phone support to technical account manager.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Initially there is a user requirement capture process which is undertaken using online questionnaires and conference call workshops.; There is an online user training support.; There is also a configuration repository for the capture and modification to user requirements.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: The transport data is returned to the local authority at the end of the contract apart from the data that is needed to be retained to meet legal requirements.
• End-of-contract process: Decommissioning the system is included in the contract.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: No
• User support accessibility: WCAG 2.1 A
• API: Yes
• What users can and can't do using the API: To transfer outputs and data from the system into a third party system.
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: What can be customised:; -Configuration of user display; - Goals for system; - Forms of data analytics; - Performance measurement; How do users customise; -Initially through the agile development of the system; -Once installed it is through the user interface; Who can customise; -Different levels of users have different customisation settings

Scaling

• Independence of resources: The system is designed to be used by a single local authority for the management of its traffic control systems. There number of simultaneous operations of the AI system needed for each authority area will be agreed in advance as part of the scoping of the service requirement for the deployment.

Analytics

• Service usage metrics: Yes
• Metrics types: Metrics are provided on levels of congestion on the impacts of the congestion. There are options to convert these metrics indirectly or directly into the economic costs to society for use in business case analysis.
• Reporting types:
  • Real-time dashboards
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Physical access control, complying with another standard
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Users can either export their data as common separated variable files for selected variables and data sets or export the entire database of the users data.
• Data export formats: CSV
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • Text files
  • SQL database

Data-in-transit protection

• Data protection between buyer and supplier networks: IPsec or TLS VPN gateway
• Data protection within supplier network: IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Service is available for a minimum of 99% of the time. ; If the service level drops below 99% measured over the period of a month a refund of the percentage below 99% for the time the system unavailable is used to calculate the % refund of monthly fee.
• Approach to resilience: Available on request.
• Outage reporting: Email alert and public dashboard.

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: User access is controlled using roles and security groups. Access can also be restricted by IP address.
• Access restriction testing frequency: At least once a year
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: (1) The board of directors is accountable for security governance.; (2) The Senior Information Risk Officer is responsible for information security management and is a member of the board of directors.; (3) There is a clear information security policy.; (4) Information security is regularly assessed and if necessary improved.; (5) There is a clear reporting structure for security events and corrective action is swiftly taken.; (6) We adopt a risk-based approach.; (7) The importance of information security is regularly communicated.
• Information security policies and processes: (1) The Senior Information Risk Officer (SIRO) is responsible for information security and is a member of the board of directors.; (2) Information security policies and processes are reviewed annually.; (3) All information security events are reported to the SIRO, investigated and then a corrective and/or preventative action plan is enacted.; (4) Our policy covers information risk assessment, endpoint protection, encryption, identity and access management, remote access, protection from malicious software, asset (including network) and data security, vulnerability scanning, minimum levels of application security, password compliance, appropriate use, change management, joiners/leavers, disposal of equipment, data backup/archiving/recover, training and awareness.; (5) Points of information ingress and egress are protected by physical, technical and organisational controls as necessary.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: (1) Software configuration is controlled using a configuration management tool, incorporating version management and change history.; (2) Deployment uses a combination of versioned containerisation and CI/CD tools.; (3) Documentation is version controlled and stored in a cloud-based information management system; (4) Environments and infrastructure use versioned snapshots and containerisation.; (5) Changes are assessed by a Change Advisory Board, which takes a risk-based approach to change control.; (6) Changes must have an assigned owner and be thoroughly documented, including an implementation plan, risk and impact assessment, evidence that changes have been tested and that there is a rollback plan.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: (1) We use third party cloud hosting services approved to ISO27001, including continuous vulnerability assessment and up-to-date patching of all components according to a defined patching schedule. Critical patches are applied immediately.; (2) We perform annual penetration testing, including application-level vulnerability assessment.; (3) We deploy malware/virus detection and prevention tools.; (4) We monitor publicly available threat assessment sources (e.g. US-CERT, FBI, Internet Storm Centre, @abuse.ch, NCSC)
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: (1) Our cloud infrastructure provider is ISO27001 compliant and provides a monitoring service with alerts that are actively monitored by us.; (2) Our applications include access, audit and performance logs that are actively monitored using log monitoring services, with alerts.; (3) Potential and confirmed compromises are raised as a critical incident and managed through our incident response protocol.; (4) Security incidents are overseen by a member of the board of directors.; (5) Customer impact is assessed and communicated honestly and transparently, as quickly as possible
• Incident management type: Supplier-defined controls
• Incident management approach: (1) Incidents are reported through our incident management tool, in accordance with our pre-defined incident response protocols (email or telephone).; (2) Security incidents are overseen by a member of the board of directors.; (3) Customer impacts are reported honestly and transparently, as quickly as possible and in the most expedient manner (telephone or email).; (4) A full incident report is made available to customers, including the source of compromise, impact and risk assessment, corrective and protective action plan, etc.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: Yes
• Connected networks: Other
• Other public sector networks:
  • Urban Traffic control systems
  • Data systems connected to urban traffic control systems

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Optimise traffic flows to reduce CO2 emissions and manage networks to improve climate change resilience. Supporting communities to deliver on environmental protection and improvement.

  Covid-19 recovery

  Better predict where organisations are in the recovery cycle from COVID 19 through traffic management monitoring; and helping the health service to deal with the backlog of appointments from COVID 19. Assessing the impacts of health, air quality and transport in the backlog recovery.

  Tackling economic inequality

  As a company, a conscious decision has been taken to be based in the North to help with the levelling up agenda. ; Traffic flow improvements also support equal opportunities for the broader population.

  Equal opportunity

  Supporting equal opportunities for the broader population through location in the North.

  Wellbeing

  From 1st April 2022 Simplifai have reduced the working week to 35 hours and increased staff annual holidays; this is to reduce the impacts of lockdown and the effects of social isolation to aid the return to post pandemic working. These are also seen to attract staff through providing a good work-life balance.; Efficient transport management enables communities to develop socially and economically. Locations with the worst air pollution are frequently next to roads with highest emissions - our solution manages and optimises traffic to improve health.

Pricing

• Price: £4,000 to £100,000 a unit a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at keith.mccabe@simplifaisystems.com. Tell them what format you need. It will help if you say what assistive technology you use.