ITO World

Public Transport Passenger Information & Data Quality

Ito’s public transport passenger information and data quality services offer scalable and modular capabilities that can be configured to meet the requirements of national governments, regional transport authorities, transit agencies, local authorities as well as journey planners and Mobility as a Service (MaaS) providers.

Features

• Ingests simple vehicle position (AVL) source data
• Handles many different data input formats (e.g. SIRI-VM)
• Transforms into journey prediction and stop arrival data stream
• Data exported in industry-standard formats (e.g. SIRI-ET, SIRI-SM, GTFS-RT)
• Uses sophisticated algorithms to deliver industry-leading accuracy
• Handles challenges, e.g. driver behaviour, source data instability/outages
• Use of advanced real-time metrics to optimise results
• Architected to scale: from single operator to countrywide solution
• Integrates with Ito Transit Model, Disruption handling and RT messaging

Benefits

• Build passenger confidence and increase patronage through accurate information
• Provide accurate real-time arrival time predictions to passengers
• Provide accurate real-time at stop information across the whole journey
• Provide advanced real-time arrival predictions
• Access aggregated and corrected data
• Quick issue resolution through de-bugging/ root cause analysis tools
• Can support accurate real-time journey planning through multi-modal routing API
• Thoroughly evaluate your data for accuracy, richness and coverage
• continuous data health monitoring and timely adjustments as needed
• Provides better/ easier to use developer tools through TfL-style API

£20,000.00 to £250,000.00 a licence a year

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@itoworld.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

826625285320698

Contact

Ito World
01473272225
sales@itoworld.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Ito Transit Intelligence Platform is a SaaS application helping operators and authorities enhance passenger experience and operational efficiency by analysing, adjusting and distributing accurate real-time public transit data. The keystone is the Integrated Transit Model, into which other services integrate, including Predictions, Analytics, Developer & Routing APIs and Disruption Messaging.
• Cloud deployment model: Public cloud
• Service constraints: N/A
• System requirements:
  • EITHER: Ito Integrated Transit Intelligence Platform
  • OR: standard feed with schedules matched to real-time vehicle positions
  • Schedule data updated weekly to daily
  • Real-time updated as frequently as possible (minimum every 60 seconds)
  • Persistent identifiers applied across schedule and real-time data

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: “Business Days” means a day other than Saturday or Sunday or public holidays in the UK.; ; “Service Hours” 9am to 5.30pm local UK time on Business Days.; ; Ito will acknowledge each request within one Business Day during Service Hours. Diagnosis and any identified resolution of these issues will be managed and responded to according to the Support Levels specified below.
• User can manage status and priority of support tickets: No
• Phone support: No
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Customer Support requests are categorised as follows:; ; Major Defects that are wholly and solely in the control of Ito and that result in the loss of the majority of the Managed Service.; ; Material Errors that have a degradation of the quality of the Managed Service and impacts the users’ experience such as incorrect presentation of data attributes, duplication of information or intermittent loss of service.; ; Minor Defects that have a lesser impact upon the Managed Service experienced by the end-user.; ; The Service Level Agreement for each Customer Support request is as follows:; ; Acknowledgement time: All requests acknowledged within one Business Day.; ; Major Defects will be resolved within 1 Business Day subject to the Customer providing all requested and reasonable assistance.; ; Material Defects will be resolved within 5 Business Days subject to the Customer providing all requested and reasonable assistance.; ; Minor Defects will be resolved within 15 Business Days subject to the Customer providing all requested and reasonable assistance.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Ito World provides an initial Set up/Onboarding process for a Customer that is appropriate for the scale and complexity of the delivery as well as the Customer’s specific requirements. This can include a range of activities from onsite/ offsite training and paper-based user documentation through to online training and documentation. The initial Set up/Onboarding details are agreed between Ito World and the Customer at the start of the engagement.
• Service documentation: Yes
• Documentation formats:
  • PDF
  • Other
• Other documentation formats: Swagger API Specification
• End-of-contract data extraction: This Service is a real-time transactional system, so no data is stored unless by separate arrangement. Therefore, there is no data to extract at the end of the contract.
• End-of-contract process: There are no specific end of contract costs. At the end of the contract the service will be stopped and access to the client removed. General knowledge transfer is included throughout the contract.

Using the service

• Web browser interface: No
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: Access to the data within the service can be provided via an API.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • PDF
• API sandbox or test environment: Yes
• Customisation available: No

Scaling

• Independence of resources: The Service is delivered using cloud-based technologies providing a scalable solution on a secure platform. Ito World use techniques including sharding, horizontal scaling and replication to ensure that service performance is always guaranteed.

Analytics

• Service usage metrics: Yes
• Metrics types: Depending on the type of installation, Ito can provide service usage statistics if provided as an open API
• Reporting types: Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
• Data sanitisation process: No
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Users will normally interact with the service via an API. It is also possible to provide stream-based data feeds for some specific feed types (such as SIRI)
• Data export formats: Other
• Other data export formats:
  • SIRI
  • JSON
  • Custom XML
  • GTFS-RT
• Data import formats: Other
• Other data import formats:
  • SIRI
  • GTFS-RT
  • Any custom format

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Other
• Other protection between networks: We would also use firewall rules to restrict access for any closed APIs
• Data protection within supplier network:
  • IPsec or TLS VPN gateway
  • Other
• Other protection within supplier network: We would also firewall rules to restrict access between network nodes

Availability and resilience

• Guaranteed availability: The Ito Transit Intelligence Platform has been engineered to operate at scale. This is designed to run 24 hours per day and be available 365 days a year. This is hosted on dynamically scaling Amazon Web Services which provide an uptime of 99.99%. The technology platform has proven capability to handle GB data sets with daily processing and delivery. Ito’s processing systems support the allocation and trip prognosis of real-time data for bus fleets numbering in the tens of thousands, with minimal latency. This capability has been demonstrated across major cities and conurbations across the UK, North America, mainland Europe, Australia, and parts of Asia.
• Approach to resilience: Ito Transit Intelligence Platform uses cloud-based technologies provided by Amazon Web Services (AWS).This allows the provision of a resilient, scalable solution built on secure platforms. AWS has certification for compliance with ISO 27001, 27017, and 27018 with the certifications performed by independent third-party auditors. More information on AWS ISO 27001 compliance can be found here https://aws.amazon.com/compliance/iso-27001-faqs/.
• Outage reporting: Outage reports are provided both as an API and as email alerts. We can also provide app based notifications and a public dashboard if required.

Identity and authentication

• User authentication needed: Yes
• User authentication: Other
• Other user authentication: Access to the service is via an API. For open APIs available publicly we use API access keys to control access to the system. For closed APIs available only to the client we use network based security measures (firewall rules etc.)
• Access restrictions in management interfaces and support channels: This is not applicable for this service
• Access restriction testing frequency: At least once a year
• Management access authentication: 2-factor authentication

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: You control when users can access audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: Cyber Essentials Plus
• Information security policies and processes: Ito’s Information / Data Security Policy is communicated to all new (permanent & contracting) staff during their induction and throughout their onboarding.; ; All staff must read the Policy, understand their obligations and confirm this with a read-receipt notification using Ito’s HR Information System. Compliance with this policy is a condition of employment by Ito.; ; Staff are regularly reminded of their obligations, and their importance, during Ito’s “all hands meetings” which occur every three months.; ; Regular online security policies and processes is required for all employees to complete.; ; Ito’s senior managers have clear roles and responsibility to ensure compliance across all systems, services, software and third party / cloud-based data processors.; ; Our security policy, standards and procedures are reviewed annually to ensure compliance with the latest standards, legislation or best practice. Policies and procedures are updated promptly following the introduction of any new legislation.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: 1. Following the principles of "least user privilege", only privileges explicitly required for a particular use case are given to each role and responsibility.; ; 2. We regularly patch all software components used in provision of services to ensure everything is up to date and any vulnerabilities are fixed.; ; 3. All systems are documented at a technical level to ensure Ito’s administrators have all the information required to manage services securely.; ; 4. All configuration is stored in a version control system in order to track any changes to service configuration.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Ito routinely checks its servers and services against publicised threats, as they're announced. Our managed services are based on AWS infrastructure. This is regularly tested by AWS and patched against the latest vulnerabilities.; ; Because our platform is provisioned from the ground up using automation tools, we can quickly create new VMs to replace existing ones using base images that have the latest system and vulnerability patches applied.; ; These new images are tested in our development environment, then rolled out to the live system once the platform is OK.; ; We receive early warning information from CISP alerts (NCSC).
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Ito uses various monitoring and alerting systems to assess services and alert team members to unusual activity. Our monitoring systems include Cloudwatch, Nagios and OpsGenie, and these systems will be monitored in line with the agreed SLA.; ; Ito will agree suitable communication procedures and escalations paths as part of this service.; ; Ito will use a ticketing system to provide support for this service. All faults/incidents will be logged within the ticketing system.
• Incident management type: Supplier-defined controls
• Incident management approach: Ito World’s infrastructure is designed to be resistant to disruption by design. Infrastructure is hosted on AWS, ensuring local issues affecting Ito World’s premises (power outages, flooding, fire or connectivity) cannot impact production services.; ; Risks identified during provisioning or review of Ito World services are assessed and addressed by the infrastructure team, or in the case of AWS-specific services, solutions are deployed in partnership with AWS.; ; Users report incidents primarily via email, with alert-triggering emergency email addresses for critical systems (within SLA guidelines).; ; Reported incidents will be followed up by the Ito World team via email in a timely manner.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Equal opportunity
  • Wellbeing

  Equal opportunity

  Ito World has recently invested in a modern HR Information System which allows us to measure and report on the diversity of our workforce for a) individual contributors and b) managers across the business. We know that our workforce composition to a great extent reflects the sector in which we operate. The shortage of women in tech has been well documented and a number of high-profile campaigns and social media groups have been set-up and are seeking to redress this balance. A similar bias exists in the transport industry and several niche groups & campaigns also exist in this sector. ; ; Our Flexible & Remote working policies are designed to support young families juggle their work commitments and busy family lives. ; ; The Ito World’s management team has recently set goals to promote greater diversity across the business, and specifically has introduced a number of initiatives to promote equality in our recruitment, career progression frameworks and management & leadership roles. ; ; Ito World actively improves: ; ; Diversity awareness and training ; ; All recruiting managers and line managers receive awareness training designed to promote diversity and remove bias throughout the employee lifecycle: recruitment, reviews, pay and promotion. ; ; We review our current recruitment practices ; ; We vary where we advertise to include recruitment websites such as: jobs.womenintech.co.uk; workingmums.co.uk/; workingdads.co.uk/; www.ethnicjobsite.co.uk/; disabilityjobsite.co.uk/ ; ; We review all job description to prevent bias by removing unintended gender, age and other restrictive terms from the job advert. ; ; We introduced ‘blind’ CV reviews i.e. removing the name from candidate CVs ; ; We work to ensure CVs screening and interview panels are diverse ; ; Identify and engage with minority groups across the Tech, Transport & Transport-tech sectors to develop Ito World’s employer brand and awareness as a company that embraces diversity.

  Wellbeing

  Ito World uses Legal and General to provide life assurance for all staff. ; The Employee Assistance Programme (“EAP”) provides access to the following health and wellbeing resources: ; ; Telephone Support ; ; An independent, confidential and unlimited 24/7 service. It is provided by specialist professionals who offer practical advice on stress, anxiety, family and relationship matters and many more issues. ; ; Legal Information Support ; ; Free information and links to legal guidance on many aspects such as debt management, lawsuit, consumer or property dispute. ; ; Medical Information ; ; Recommendations, practical information and advice on medical or health-related issues from qualified professionals. ; ; Online Support ; ; Access to fact sheets, legal guides, manager guides, links and podcasts on how to cope with life events such as buying a house, giving up smoking or coping with stress. ; ; Health Risk Assessment (HRA) Tool ; ; An online tool that enables staff to set and track goals to improve their health. ; ; The EAP is discussed with all staff as part of their induction programme and published on Ito World’s HR Information System (HRIS). ; ; During ‘all hands’ meetings, staff are reminded to take care of their wellbeing and mental health and also to look out for their peers. We share employee pulse survey results and use this as an opportunity to re-iterate wellbeing messages to all staff. ; ; All Ito World managers practice a ‘servant leader’ management philosophy, where a manager’s responsibility is to help, support and trust their people to enable them to do their best work. ; ; Flexible working time & remote working is available to all staff ; ; ‘Ito World’s guide to successful remote working’ is shared with all staff during their induction and published on Ito World’s HRIS. This guide promotes checking-in with work colleagues every day, taking regular screen breaks, taking regular exercise and promotes participation during company social activities and ‘water-cooler Slack channels.

Pricing

• Price: £20,000.00 to £250,000.00 a licence a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@itoworld.com. Tell them what format you need. It will help if you say what assistive technology you use.