Kaarbon Technology Ltd

Gully SMART

An ISO27001 drainage flood asset management system allowing mobile users to add resilient highway asset data and geo-referenced mapping for offline use and modelling. The mobile application uploads updated inspection or network data to the cloud system. KaarbonTech include the ability to complete gully cleaning, maintenance, repair, create service requests.

Features

• Mandatory data capture, offline working, 'If This, Then That' (IFTTT)
• Associate Council datasets, interface with GIS, CRM, import existing assets
• Risk modelling solution, score road or gully with live view
• Visualisation of live risk in asset view, compare to historic
• Defined risk groups with map visualisation and work package delivery
• Create cleansing programme based on risk, resilience, importance and importance
• Independent Defect recording with service request/fulfillment facility, HADDMS compatible
• Reporting suite with holistic view, export functionality (shp csv etc).
• Add cctv survey videos, view, print, export defects, jetting, valuation
• Integration/Interface with existing corporate systems, Symology, Confirm, Alloy, etc

Benefits

• Self served mobile working, outstanding todo filter and inspection history
• Module available for online public reporting for surface water flooding
• Any attribute report filtering, including drawn area tools, and history
• Onsite or online training, remote desktop support, and programming
• Data validation service to confirm cleaning data and location information
• Flexible creation of work packages from report output, Interactive KPI's
• PDF reports with automatic compilation of maps, photos, inspection data
• Complies with DfT HMEP Drainage Guidance efficient, efficiency
• Does not require dedicated client resource to manage system, ukpms.
• integrated account manager, GDPR Compliant, ISO 27001 accreditation

£1,560 to £5,525 a licence a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@kaarbontech.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

806428929747800

Contact

Graeme Forward
01202031333
sales@kaarbontech.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: There are no service constraints.
• System requirements:
  • Web browser, Google Chrome, Mozilla Firefox or Edge
  • Internet connection, minimum 10Mbps and latency less than 100ms

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Monday to Friday 8am to 5pm - response within 60 minutes, out of hours SLA can be specified, further details on request
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Our support services are delivered by online ticket, email or telephone and are operational 0800 until 1700 UK time, Monday to Friday excluding bank and public holidays. We do provide a dedicated account manager for each customer but this is not specifically a technical or cloud support engineer.; ; We offer onsite support at the rate published on our pricelist.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We provide detailed training video's, telephone support and offer on site training for an additional fee
• Service documentation: Yes
• Documentation formats:
  • PDF
  • Other
• Other documentation formats: Video tutorials
• End-of-contract data extraction: All data can be exported at any time during the contract period.
• End-of-contract process: No additional charges are due at the end of the contract.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • Windows Phone
  • Other
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Mobile service can have offline maps for use when a mobile signal is not available.
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: Our API is not part of our standard G Cloud offering, Please contact us to discuss your requirements
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Asset collection process has questions based on HMEP advice, answers to these questions can be personalised by buyer once an order has been received.

Scaling

• Independence of resources: We limit the amount of customers hosted on a single server and monitor demand to ensure system is optimised at all times

Analytics

• Service usage metrics: Yes
• Metrics types: Real-time management and login information provided
• Reporting types: Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Data can be exported in from the operations tab on the main menu or from many of the reporting screens within the system.
• Data export formats:
  • CSV
  • Other
• Other data export formats: Esri Shapefile
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: 99% service availablility
• Approach to resilience: Detailed resilience information available on request
• Outage reporting: Email alert of service outages.

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: We use Puppet as our core user control system. Access can be restricted via an access control dashboard, restricted access and version control access is also applied to reduce the possibility of unauthorised access to the system
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Approachable Certification Ltd
• ISO/IEC 27001 accreditation date: 01/04/2021
• What the ISO/IEC 27001 doesn’t cover: Website (kaarbontech.co.uk)
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Our policies around information security are held within the companies ‘service definition’ document and are reviewed annually. All queries or issues with regard to information security should be reported the Information Security Officer who has ultimate authoritiy over IT governance.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: All changes to the KaarbonTech software source code are recorded using version-control software GIT, which carries an audit trail showing who has made what change. Access to KaarbonTech code is limited through GitHub Teams, which produces an audit log and restricts permissions as per our configuration. GitHub issues are used to track all change requests and log changes. Code is only be deployed on Production servers following a full testing cycle.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Vulnerability monitoring tools operate in realtime and any potential threats are assessed using the Common Vulnerability Scoring System (CVSS). All identified vulnerabilities are risk assessed, where remedial action is required this is carried out within our vulnerability management lifecycle. Standard updates are installed monthly or when specific vulnerabilites are identified.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Static source code analysis is performed using Perl::Critic. Github security services monitor for dependency issues and send alerts, or create automatic patches for testing.; ; All servers run IPTables firewalls locked down to just the ports required. Developers and admins connect to the servers using a Secure Shell and keys. All servers run auditd to monitor system alterations and stream logs to a central log server. We have the ability to activate DDOS protection by enabling Cloudflare proxy protection. Potential compromises that require remediation are dealt with immediately.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Security incidents may be identified through a number of channels: by real-time system monitoring, regular penetration testing or identified by a member of staff. All users of KaarbonTech systems and services are required to report any information security weakness, event, or incident to the Information Security Officer. All incidents are classified into one of three tiers and managed appropriately. Target times for response depend on the severity and classification of the incident and relevant parties will be notified where applicable.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Our software is designed to optimise a cyclical planned programme of works to reduce unnecessary driving and therefore results in lower co2 emissions from plant and machinery in use

  Covid-19 recovery

  Following the COVID 19 Pandemic we have changed the way we work enabling all staff to work fully remotely to allow for effective isolation and social distancing and decrease the need for travel.

  Equal opportunity

  We monitor and benchmark employee pay across the business and have a robust training programme to ensure all employees have the same access to training and future progression opportunities appropriate to their ability to enable to increase their salary and progress professionally. We actively seek to fill vacancies with underrepresented demographics where appropriate.

  Wellbeing

  We actively support the mental and physical health and wellbeing of our workforce with a package of employee benefits including access to employee assistance programs, paid days off for wellness, unlimited paid leave, and fully flexible and remote working opportunities.

Pricing

• Price: £1,560 to £5,525 a licence a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@kaarbontech.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.