MARI

Service scope

Software add-on or extension: No
Cloud deployment model: Public cloud
Service constraints: There are no constraints including planned maintenance arrangements or support being limited to specific hardware configurations.
System requirements: A modern web browser

A PDF viewer

User support

Email or online ticketing support: Email or online ticketing
Support response times: EMAIL AND ONLINE TICKETING SUPPORT. We offer technical support to customers through email, telephone and a Helpdesk ticket support system. We operate this facility during Working Days and Working Hours although customers can send emails or log issues using the Helpdesk 24/7. However, for an additional cost outlined in our pricing document, clients will receive 24/7/365 response for email and telephone requests out with normal office hours
User can manage status and priority of support tickets: Yes
Online ticketing support accessibility: None or don’t know
Phone support: Yes
Phone support availability: 9 to 5 (UK time), Monday to Friday
Web chat support: Web chat
Web chat support availability: 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard: None or don’t know
How the web chat support is accessible: Telegram support also as support client
Facebook messenger support
Twilio
Multiple clients support
Easy theming
Co-Browsing/Screen sharing
Speech to text
Unlimited operators, chats at the same time, departments
User screenshots, see what your users sees
Files uploads, drag & drop
Visitor tracking across different subdomains of domain
Chrome extension
Operator To Operator chat
Option to have custom form attributes or pre-fill existing ones
Pro active users invitation to chat
RTL and LTR languages support
Web chat accessibility testing: None
Onsite support: Yes, at extra cost
Support levels: SUPPORT LEVELS CATEGORY A. Fault which makes the Software unusable. 1 hour response, urgent ASAP resolution. CATEGORY B. A fault which has a material effect upon the functionality, accuracy or performance of any substantial function of the Software . 2 hour response, 7 hours resolution. CATEGORY C. A Fault which does not permit the customer and its competent employees to make full, efficient and proper use of the software. 2 hour response, 21 hours resolution. CATEGORY D. Shall be a minor cosmetic Fault, which does not affect the performance of the Software or the Customer’s use of it. 4 hour response, resolved at a date agreed with the customer. TYPE OF STANDARD SUPPORT PROVIDED • Correctly assessing and categorising reported incidents. • Filtering out any end-user errors i.e. operator error • Allocating priority categories and escalating responses. • Ensuring calls are directed to the correct resource to diagnose/resolve problems. • Updating on the progress of incidents, according to the SLA requirements. • Managing change implementation • Manage version control. 'Out-of-hours' support and a dedicated Technical/Cloud Account Manager can be provided at an extra cost.
Support available to third parties: Yes

Onboarding and offboarding

Getting started: Online training and documentation.
Service documentation: Yes
Documentation formats: PDF
End-of-contract data extraction: The only user data will be login data which will include first name, last name, and email and password which, apart from passwords, will be supplied back as CSV upon request.
Posters generated are already downloaded by the user and not stored on the server.
End-of-contract process: Website closed down and archived

Using the service

Web browser interface: Yes
Supported browsers: Microsoft Edge

Firefox

Chrome

Safari
Application to install: No
Designed for use on mobile devices: No
Service interface: No
User support accessibility: WCAG 2.1 A
API: No
Customisation available: Yes
Description of customisation: Pindar Creative will work with the customer to create templates for their Onward Travel/Wayfinding posters.
Customers can then customise the map content and journey information on their posters.

Scaling

Independence of resources: Server resource are constantly monitored and resources added is systems start to slow down

Analytics

Service usage metrics: Yes
Metrics types: PDF generated counter
Reporting types: Regular reports

Resellers

Supplier type: Not a reseller

Staff security

Staff security clearance: Other security clearance
Government security clearance: Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations: Yes
Data storage and processing locations: United Kingdom
User control over data storage and processing locations: No
Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency: At least every 6 months
Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest: Physical access control, complying with another standard

Encryption of all physical media
Data sanitisation process: Yes
Data sanitisation type: Explicit overwriting of storage before reallocation
Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach: Not applicable
Data export formats: Other
Other data export formats: Not applicable
Data import formats: Other
Other data import formats: Not applicable

Data-in-transit protection

Data protection between buyer and supplier networks: TLS (version 1.2 or above)
Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability: 99.9% application uptime as measured through 1-minute polls using ICMP echo-requests. 99.9% network connectivity uptime of the customer service as measured through 1-minute polls using ICMP echo-requests Users are refunded by negotiated settlement outlined in the services levels in the G-Cloud 12 call off contract
Approach to resilience: Pindar Creative do not want to make this information public. However, we are willing to share information with a specialist security expert on how we have designed our service to be resilient
Outage reporting: Our system issues email alerts to named contacts

Identity and authentication

User authentication needed: Yes
User authentication: Username or password
Access restrictions in management interfaces and support channels: Access only available from the server desktop. RDC over VPN locked down to IP address of business and PC.
Access restriction testing frequency: At least once a year
Management access authentication: Dedicated link (for example VPN)

Username or password

Audit information for users

Access to user activity audit information: No audit information available
Access to supplier activity audit information: No audit information available
How long system logs are stored for: User-defined

Standards and certifications

ISO/IEC 27001 certification: Yes
Who accredited the ISO/IEC 27001: United Registrar of Systems
ISO/IEC 27001 accreditation date: 3/5 2019
What the ISO/IEC 27001 doesn’t cover: Hosting partner also holds ISO 27001
ISO 28000:2007 certification: No
CSA STAR certification: No
PCI certification: No
Cyber essentials: Yes
Cyber essentials plus: No
Other security certifications: No

Security governance

Named board-level person responsible for service security: Yes
Security governance certified: Yes
Security governance standards: ISO/IEC 27001
Information security policies and processes: To preserve confidentiality, integrity and availability, Pindar Creative have implemented an Information Security Management System (ISMS) in accordance with the international standard ISO/IEC 27001. The the ISMS policy is approved by Senior Management and is reviewed at regular intervals (ISMS Management Review Meetings) or upon significant change. Management have put an audit programme in place and all sections of the ISMS are audited at least once a year to ensure that the ISMS:- a) conforms to the requirements of the relevant standards and any other legal, regulatory or contractual requirements b) meets all identified information security and business continuity requirements c) is effectively implemented and maintained d) perform as expected The ISM records decisions and actions related to: i. the improvement of the ISMS ii. updating of the risk assessment and risk treatment plan as appropriate iii. the modification of procedures and controls in response to changes in requirements iv. resource needs v. improvements to how the effectiveness of controls and objectives are measured Regular ISMS Review Meetings Any action needed is implemented and such action reviewed for effectiveness including changes to the ISMS. Appropriate documented information on the action taken is retained

Operational security

Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach: Change management is incorporated as part of our ISO/IEC 27001:2013 Accreditation
Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach: Firewalls are configured 24/7 to alert in the event of significant intrusions or incidents occurring We use Remote Management Monitoring and live detection defence systems to detect vulnerabilities Anti-Virus is configured to be patched automatically. Our automatic patch policy covers, binary executable, source code modification, service pack and firmware patches Technical services will then identify the priority for the update to be tested and deployed dependant on the nature of the treat and any known exploits. Any patch deployment and software updates must comply with our defined change management process
Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach: Systems are monitored 24/7 by Barracuda Remote Management Monitoring (RMM) software, calling the operations team to action when necessary. The RMM notifies of: Warning Alerts, Critical Alerts, System Down and System Recovery. Regular scanning at the gateway finds vulnerabilities such as SSL injection, cross-site scripting, and others. Any issues found will be imported into the Barracuda Web Application Filter, which automatically generates and applies mitigation rules. Servers are professionally managed and conform to guidelines under the Government's e-Government programme. The Data Centre undergoes PEN testing on a daily basis. Any reported issues are immediately dealt with.
Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach: There is a robust incident management policy in place and enforced as part of our ISO/IEC 27001:2013 accreditation Incidents are reported on the corporate job system database The Information security Officer responds to any incidents reported in line with established control procedures. We have a full incident management plan which we are happy to supply upon request

Secure development

Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks: No

Social Value

Fighting climate change

Travel information publicity can play a crucial role in combating climate change by promoting sustainable transportation options and encouraging environmentally friendly behaviours. These posters can help local authorities in the UK in several ways:

1. Promoting Public Transport: Travel information publicity can highlight the availability and accessibility of public transport options such as buses, trains, and trams. By encouraging people to use public transport instead of private vehicles, these posters contribute to reducing carbon emissions from road traffic.

2. Encouraging Active Travel: Posters can promote walking and cycling routes as viable onward travel options. Encouraging active travel not only reduces carbon emissions but also promotes healthier lifestyles, reducing the reliance on motor vehicles for short journeys.

3. Providing Information on Car-Sharing: The publicity can also promote car-sharing schemes and provide information on how to join or organize car-sharing groups. Car-sharing reduces the number of vehicles on the road, leading to lower emissions and less traffic congestion.

4. Raising Awareness of Eco-Friendly Practices: Through messaging and visuals, these posters can raise awareness about the environmental impact of different travel choices and encourage individuals to make more sustainable decisions.

5. Supporting Policy Initiatives: Travel information publicity can complement broader policy initiatives aimed at reducing carbon emissions and promoting sustainable transportation, helping local authorities achieve their climate action goals.

Pricing

Price: £31,374 a licence a year
Discount for educational organisations: No
Free trial available: No

Features

Benefits

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Pricing

Service documents

Cookies on Digital Marketplace

MARI

Features

Benefits

Pricing

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Social Value

Pricing

Service documents