GRM MAPPING LIMITED

Cloud-based bus stop departure poster processing and publishing tool

Development and maintenance of bespoke automated bus stop departure posters to accurately show available routes and destinations using TransXChange bus scheduling data. Customised look and feel for each client and bespoke templates for poster case sizes at all relevant stop locations.

Features

• Use of existing TransXchange Bus Open Data
• Customisation of display look and feel
• Detailed location information and start date
• Sort by chronological time order, route or destination
• Inclusion of QR codes for further information
• Inclusion of major stopping points on each route
• Dedicated templates and poster sizes to fit each case
• Batch production of posters by route, date or location
• Suitable as physical poster at stop or virtual download
• Available as a managed service or Software as a Service

Benefits

• Reliable information using existing compliant data
• Ability to select and blend different data sources
• Ability to customise to corporate look and feel
• Ability to include promotional material and QR codes
• One stop portal to manage all roadside information
• Map-based visual approach to selecting individual stops
• Real-time use of current and future TransXChange data
• Creation of worklists for posters to be updated
• Interaction with GRM TransXChange creation tool
• Interaction with GRM online journey planning websites

£6,500.00 to £9,500.00 a licence a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at enquiries@grmmapping.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

810368035147105

Contact

Mark Knowler
020 8242 6169
enquiries@grmmapping.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: None
• System requirements:
  • Understanding of geographic area required
  • Understanding of internal data sources available
  • Understanding of key contacts in maintaining site accuracy

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: An initial response to issues raised within one hour Mondays to Fridays office hours and a commitment to monitor contact and respond as quickly as appropriate outside of these times.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Our commitment to all clients is to acknowledge and initially respond to issues and questions within one hour of contact on Mondays to Fridays 0900-1700hrs. Outside of these times we would regularly monitor any contact and respond as soon as is required or appropriate. The cost of support would be included within the contract price and would initially involve a nominated technical account manager.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: The key buyer representatives would be fully involved throughout the design and commissioning stages to ensure full transparency on data sources and accuracy and to be able to confidently navigate the software and promote it to public end users. User documentation and online training would be included as standard.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: As the software uses only publicly-available open data and operates in real time, there would be no data to extract when the contract ends. Any user or performance logs and analytics would be available up to the end of the contract.
• End-of-contract process: The contract would include full site maintenance, processing and support for the live site until the specified end of contract and this is included within the price quoted. Any additional work required to hand over to a new supplier, or to extend temporarily until a new solution is live would be an additional cost.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: WCAG 2.1 A
• Description of service interface: A dedicated URL allowing managed access to the dashboard to create, edit and publish bus top poster information to predetermined templates.
• Accessibility standards: WCAG 2.1 A
• Accessibility testing: Extensive testing with existing local authority and bus operator clients to ensure ease of use and clarity of information to the general public.
• API: No
• Customisation available: Yes
• Description of customisation: The buyer may customise the poster template in terms of size, content and corporate look and feel. This would be identified during the start-up phase prior to the public site going live.

Scaling

• Independence of resources: The entire product is hosted on our own dedicated web server, and as such the number of individual users or tasks being performed will not affect the performance experienced.

Analytics

• Service usage metrics: Yes
• Metrics types: We provide a Web Log Analysis Report on all live sites to the buyer monthly or quarterly. This includes analysis of website activity including number of hits, page views, unique visitors and bandwidth usage.
• Reporting types: Regular reports

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest: Physical access control, complying with CSA CCM v3.0
• Data sanitisation process: No
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: The exporting of data is limited purely to the end user publishing the completed poster, either individually or as part of a batch printing process. End user export would include the ability to export as PDF and to be able to store or print for future reference.
• Data export formats: Other
• Other data export formats: PDF/A
• Data import formats: Other
• Other data import formats: XML

Data-in-transit protection

• Data protection between buyer and supplier networks: Private network or public sector network
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Our SLAs are tailored to each client, and would describe the roles and responsibilities of all parties and stakeholders. As a standard, we guarantee 100% uptime of all software products within the core hours required by any client, and the scheduling of any planned maintenance or upgrades to take place outside of these hours. ; ; Any disruption to service, planned or otherwise, would be responded to within one hour of discovery or contact by the client during our office hours, and on agreed timescales during out-of-hours periods. Escalation procedures and compensation for failure to meet key performance targets would be agreed with the client at beginning of contract and regularly reviewed during the contract lifetime.
• Approach to resilience: Detailed information on the location, functions and resilience of our datacentre setup is available on request.
• Outage reporting: We have 24/7 access to a public dashboard for our datacentre operation which provides real-time indication of any service outage or security threat. This is then passed on to the end client within the terms of the Service Level Agreement, and updates towards resolution provided at frequent and timely intervals agreed with the client.

Identity and authentication

• User authentication needed: No
• Access restrictions in management interfaces and support channels: We utilise Role-Based Access Control (RBAC) to restrict access to management interfaces and support channels based on internal and external users' roles, responsibilities, and privileges.
• Access restriction testing frequency: At least once a year
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users receive audit information on a regular basis
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: We have conducted a comprehensive risk assessment to identify potential security risks and vulnerabilities, including evaluating the likelihood and impact of cyber attacks and data breaches. Based on this, we have clear and concise security policies and procedures on access control, data protection, incident response, and compliance.; ; We maintain a robust incident response plan to mitigate security incidents when they might occur. This establishes clear roles and responsibilities and defines escalation procedures.; ; We regularly review and update our security policies and procedures, investing in new technologies and staying informed about emerging security trends and best practices
• Information security policies and processes: Our nominated Director oversees and ensures compliance with our security policies and processes which are tailored to ensure our bespoke software solutions remain secure and compliant at all times for ourselves, our clients and end users.; ; We maintain and regularly review our Access Control Policy, Data Protection Policy, Incident Response Policy, Network and Physical Access Security Policies and Compliance Policy. ; ; The latter is regularly reviewed and ensures that the organisation complies with relevant laws, regulations, and industry standards related to information security and privacy. It includes procedures for conducting regular compliance assessments, audits, and reporting requirements to demonstrate adherence to legal and regulatory obligations.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: We maintain an inventory of all hardware, software, and network devices deployed within our workflows. This includes servers, workstations, routers, switches, firewalls, storage devices, and software applications. We regularly audit and review these configurations to ensure compliance with our security and resilience policies. ; ; Within our formal processes for reviewing and approving change requests for IT systems and infrastructure, we obtain formal approval from relevant stakeholders before implementing changes with a guarantee to maintain the highest standards on security and availability. After implementing changes, post-implementation reviews evaluate their success, which enables us to extend any specific improvements to other clients.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Together with our dedicated server supplier, we conduct regular vulnerability assessments to identify weaknesses, misconfigurations, and security vulnerabilities across our IT infrastructure. We use automated scanning tools to detect vulnerabilities and security misconfigurations.; ; We actively implement a patch management process to address identified software and hardware vulnerabilities in a timely manner. This involves regularly applying security patches and updates provided by software vendors to reduce the risk of cyber attack.; ; We constantly monitor new vulnerabilities, emerging threats and changes to our IT environment. This includes monitoring security advisories and vendor announcements for information about new vulnerabilities and potential security risks.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Our continuous real-time monitoring processes collect and analyse security data for signs of unauthorised access, malware infections, data breaches, and other security incidents.; ; Within our agreed Service Level Agreement with our dedicated datacentre supplier and our clients, we have clear incident response procedures to respond to security incidents detected through protective monitoring within the shortest possible timeframe.
• Incident management type: Supplier-defined controls
• Incident management approach: Once an incident is detected, it is classified into categories such as malware infections, unauthorised access, data breaches, denial-of-service attacks, or system outages. Users will be able to report such concerns directly through our established direct communication channels.; ; Once the incident is contained, a detailed investigation is conducted to determine the root cause, impact, and scope of the incident. Recovery is then undertaken to restore affected systems and data to a secure state.; ; Throughout the process, stakeholders are kept informed about the incident, its impact, and the ongoing response efforts as part of our Service Level Agreement.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Wellbeing

  Fighting climate change

  The promotion of, and easy access to, detailed and accurate journey planning results that are tailored to the user at their specific location.

  Covid-19 recovery

  The ability to promote the Government's £2 maximum bus fare cap and other Bus Service Improvement Plan projects in promoting the bus as a sustainable travel choice and to aid in returning usage to pre-pandemic levels.

  Tackling economic inequality

  The ability to break down perceived barriers in access to employment for those reliant on public transport, both in terms of availability and cost.

  Wellbeing

  The promotion of bus travel as a sustainable, healthy mode of travel both for work and leisure purposes, and the ability to reassure users that they are in the right place at the right time.

Pricing

• Price: £6,500.00 to £9,500.00 a licence a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at enquiries@grmmapping.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.