Via Technologies Europe

Via

Via is the world’s leading provider of public mobility solutions, including demand responsive transport (DRT) software. We partner with cities, councils, local authorities, and transport authorities, harnessing the power of data to optimise networks of buses, shuttles, wheelchair accessible vehicles (WAVs), school buses, autonomous vehicles, electric vehicles, and more.

Features

  • Dynamic routing and matching algorithms to aggregate and direct trips
  • Via Passenger App for booking and real-time vehicle tracking
  • Web application and phone support for passengers without smartphones
  • Via Driver App providing directions, support, and real-time vehicle locations
  • Easily-accessed administrative console with a range of tools and functionalities
  • Data analytics and reporting with granular operational data and trends
  • Transport technology integrations supported by production-grade APIs
  • Software support and maintenance provided on a regular, ongoing basis
  • Transport planning, design, and scheduling through Remix

Benefits

  • Passenger App can be white-labelled to meet specific branding wants/needs
  • Passengers can easily, independently schedule trips on-demand or in advance
  • Configurable service parameters account for any specific requirements and restrictions
  • DRT services can be integrated into larger transport networks
  • Highly automated service management module minimises need for manual intervention
  • Real-time data permits ongoing DRT service enhancements and improvements
  • Platform flexibility facilitates service scaling and growth
  • Powerful algorithms increase operational efficiencies
  • Increased efficiency creates long-term savings and best value for money
  • Powerful transport planning software (Remix) allows thoughtful network design

Pricing

£245 to £325 a unit a month

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at samuel.griffiths@ridewithvia.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

8 9 5 1 5 2 6 3 6 6 1 3 6 2 9

Contact

Via Technologies Europe Samuel Griffiths
Telephone: +44 7736-068351
Email: samuel.griffiths@ridewithvia.com

Service scope

Software add-on or extension
No
Cloud deployment model
Private cloud
Service constraints
The Via Passenger App is compatible with commercially available iOS and Android devices; the Via Driver App can also be downloaded for free to any commercially available, GPS-enabled iOS or Android mobile device. Via's administrative console works best on Chromium-based browsers, such as Google Chrome and Microsoft Edge.
System requirements
  • Devices should have internet access.
  • Via's Driver App should be used on an GPS-enabled device.
  • Via's Passenger App is compatible with iOS and Android devices.
  • Via's Driver App is compatible with iOS and Android devices.

User support

Email or online ticketing support
Email or online ticketing
Support response times
Via provides a customer service platform powered by Zendesk. Partners can submit technical questions on a 24/7 basis. Incidents are escalated to our 24/7 technical team using a predefined alert protocol, which instantly notifies the on-call member of the team. The technical team member will immediately examine the issue to begin the process of issue resolution and resource allocation. All issues will be resolved based on their level of severity and associated response times.

Additionally, Via's Project Team for each partner includes a Partner Success Manager, who will be available to answer any questions via email during normal working hours.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Onsite support
Support levels
In the event of any technical incidents, partners are able to contact their dedicated Partner Success Manager by phone or email during normal business hours. Via also maintains a rotating technical manager at all times to resolve any problems that may arise, providing 24/7 technical assistance.

Via also provides partners with a customer service platform powered by Zendesk. Using this tool, our partners' staff can submit technical questions on a 24/7 basis and review the status of each request as “Open,” “Awaiting Reply,” or “Solved.”

Incidents are escalated to our 24/7 technical team using a predefined alert protocol, which instantly notifies the on-call member of the team. The technical team member will immediately examine the issue to begin the process of issue resolution and resource allocation. All issues will be resolved based on their level of severity and associated response times, and Via will provide each partner with regular status updates on resolution. Specific response service levels are detailed in the SLA attached to this application.

These support levels do not vary in cost and our included as part of our SaaS pricing structure for each partnership/deployment.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
We provide onsite or virtual/online training along with user documentation.

Via typically plans our live training program for two days. We can train as many employees needed, and we can conform our training program to align with any unique training needs. Our hands-on training workshops include sessions on the following topics:

Systems Training: workshops for using the Driver App and Rider App
Dispatch and Customer Service Training: workshop for all administrative tools in the Via Operation Center (VOC)
Advanced Administrative Tools: training for advanced administrative functions, such as inputting road closures, and other back-end administration and dispatching functions
Data Dashboards Training: workshop for understanding and leveraging Via’s data dashboards and reports
Marketing Training: consultation on service marketing strategies

We can also offer two types of web-based training sessions:

Operations Workshop: high-level overview of the Rider App, Driver App, and administrative tools
Service Optimization Workshop: overview of Via’s data dashboards and reports, and best practices for marketing and growing the service
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
Our partners (such as municipalities and transport authorities) are able to easily download all relevant service data in CSV or XLS format through our reporting tool, accessed through our administrative management interface, the Via Operations Center.

For individual riders of our partners' services, we utilise the GDPR "delete passenger" flow at the end of a contract.
End-of-contract process
At the end of a contract, all services are shut down, including any active databases. We work with partners to ensure they are able to extract any necessary data in an easily usable format at the end of a contract.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
The Via Platform includes a web booking portal and a Via Passenger App that passengers can use to book trips. While the two are very similar in functionality, there are a few differences: the web portal does not include deep link support; only Braintree is supported on the web portal, while on the Passenger App there are more payment service provider options; SSO is not supported on the web portal; and ride ratings/tips are not supported on the web portal.
Service interface
Yes
User support accessibility
None or don’t know
Description of service interface
Via's Rider App, a mobile application available for free download on iOS and Android devices, allows customers to book pre-scheduled, on-demand, and multimodal trips, track their vehicles, pay for rides, and troubleshoot any issues. Riders without smartphones can book through a web portal with the same interface and functionality, or by calling a customer service agent over the phone.
Accessibility standards
None or don’t know
Description of accessibility
IOS (Apple):
VoiceOver: gesture-based screen reader allowing visually impaired users to navigate apps by hearing a description of all screen elements
Adaptive font size: feature to increase font size, making text more legible to the visually impaired
Switch control: assistive technology that lets users select switches, a joystick, or other adaptive devices to control the screen without touching it.

Android:
TalkBack: a screen reader that uses spoken feedback to describe user actions and describe alerts and notifications
Adaptive font size and contrast: features to adjust text size and color contrast to make the screen more legible to the visually impaired
Accessibility testing
Via works with an external consulting company called essential Accessibility (eA), to review and ratify our apps and software modules as meeting or exceeding various standards for accessibility. This process involves submitting a product to eA for review and detailed assessment, including a combination of manual and automated testing techniques. As part of their process, eA includes live testing by users with disabilities.

As part of their process, eA includes live testing by users with disabilities. eA collects this testing feedback and provides it to Via’s internal accessibility team, including a team of engineers who directly address any non-compliant features. Once Via’s tools are updated, eA tests them once again and then issues an official Letter of Conformance. Once a product has received a Letter of Conformance, it will undergo an annual review to ensure that it maintains the WCAG standards as it evolves.

Based on the most recent round of product testing conducted by eA, several of Via’s products currently meet the WCAG 2.1 AA standard, and the remaining products are more than 90% compliant
API
Yes
What users can and can't do using the API
Through our API, users can book and cancel trips, see details about their trip as well as trip status, and receive webhook events upon any status changes. Users can also use our API to get a list of all trips, with mutliple filtering options.

Users cannot use our API to edit trips (including adding or subtracting passengers) or filter for private trips only. We do not handle trip payment, provide intermodal / public transport proposals, or support flexible capacity through our API.
API documentation
Yes
API documentation formats
PDF
API sandbox or test environment
Yes
Customisation available
No

Scaling

Independence of resources
Via systems and vendors support horizontal scaling to a theoretically unlimited size — along with vertical scaling as necessary — allowing the system to flex to meet surges in customer demand or scale to additional zones, locations, or services. Via uses “serverless” server architecture, allowing it to dynamically and automatically use more or fewer servers depending on system server load at any given time.

Should the service exceed predicted demand, Via’s system will scale up automatically without disruption of operations. Our cloud infrastructure leverages some of the most advanced technologies and solutions available for highly responsive, scalable, reliable, secure applications.

Analytics

Service usage metrics
Yes
Metrics types
Using our reporting suite, we provide partners with all of the necessary information for service management, analytics and reporting, and strategic management, organised into two core interfaces.

Service KPI Reports allow partners to assess service patterns and track key performance indicators (KPIs). These reports provide clear data to measure service performance and identify areas that work well and areas that require additional attention.

The Data Generator page consolidates all service data into filterable and exportable tables. Authorised staff can review and download data into various formats and tables for granular review or analysis in third party reporting tools.
Reporting types
  • Real-time dashboards
  • Regular reports

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
None

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
European Economic Area (EEA)
User control over data storage and processing locations
No
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Authorised staff can review and download data into various formats and tables for granular review or analysis in third party reporting tools using the Data Generator tool within our service management interface, the Via Operation Center (VOC.)
Data export formats
CSV
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Per our SLA: Via provides a targeted uptime of 99.9%. All work for the purpose of planned outages for maintenance, upgrades and related reasons, will take place outside of service hours whenever possible. Planned outages will be notified via email and, wherever possible, with 24 hours' notice.

We apply various service level credits equal to a percentage of our monthly support fees, with an annual cap, in response to unexcused downtime. These levels vary according to specific contract sizes and terms. We have included our SLA terms as part of this application.
Approach to resilience
Via’s system is designed for performance and resiliency. Its core system architecture is based on a series of microservices. Microservices is an architectural development approach in which the application is made up of smaller services communicating with each other directly, using lightweight protocols like HTTP. The core idea of microservices is to split the large system into loosely coupled services that can be managed and deployed independently. This contrasts with a ‘monolith’ structure where all components are developed under a single backend.

We have over 10 microservices — all separated into distinct parts — that cover various system functionalities, including routing, pricing, and account management.
Outage reporting
Via maintains a 24/7 Network Operating Center (NOC) that uses many utility tools and platforms to monitor the system's health, such as Coralogix and Grafana. For any planned outage, our Partner Success Managers will communicate with their respective partner by phone or email as soon as the outage was detected to share any relevant information and details. Planned outages are very uncommon, but in case there has to be a planned outage it will be coordinate enough time in advance with the partner

Identity and authentication

User authentication needed
Yes
User authentication
2-factor authentication
Access restrictions in management interfaces and support channels
Access is based on need-to-know and least privilege principles, ensuring that a user receives only the access minimally required for their role or job function. Authorized users of Via’s system must be uniquely identifiable within the information system; generic, shared, or group user accounts (IDs) for general user access are not permitted.

Via’s system administrator tools limit user access by utilizing a personal permissions list for each user or group of users. For every user the Partner and the Via project team will establish user permission levels that will grant access to the appropriate set of information and system components.
Access restriction testing frequency
At least every 6 months
Management access authentication
2-factor authentication

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
Institute of Quality & Control Ltd.
ISO/IEC 27001 accreditation date
05/03/2020
What the ISO/IEC 27001 doesn’t cover
Our ISO27001 certification covers development, operation, and commercialization of a proprietary technology platform and related systems and methods used to establish, monitor, operate, or manage transportation systems.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
Yes
Who accredited the PCI DSS certification
Comsec Global Rotchild 17, Tel Aviv, Israel
PCI DSS accreditation date
09/02/2022
What the PCI DSS doesn’t cover
This certification does not cover the various software modules within our product suite that do not pertain to transactions and/or payment information, such as our Map Editor, Ride Plan, Reporting Suite, and other management functions.
Cyber essentials
No
Cyber essentials plus
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
Via follows proven practices for ensuring the security, privacy, and integrity of data in the Via system. All security practices are informed by Via’s comprehensive Information Security Management System (“ISMS”), which establishes guidelines for protecting the privacy of non-public information, safeguarding the accuracy of all data, and maintaining the availability of systems that are vital to the operations of Via and our partners.

Via has developed all ISMS policies in accordance with ISO 27001 — an international standard for information risk management — and has received full ISO 27001 certification. The ISMS also reflects cybersecurity practices outlined in the CIS Critical Security Controls (“CSC”), a globally recognized guide for following best practices around data protection. As part of the ISMS, Via conducts periodic training and awareness programs so that all employees are equipped to uphold the company’s high standards for cybersecurity.

By following ISO 27001 and CSC standards, Via incorporates proven practices to minimize risk associated with a computer or network intrusion; allocate time and resources necessary to maintain the confidentiality, integrity and availability of information systems; and direct resources required to comply with internal and external compliance or audit requirements.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Every change to an information system must be done in the following way: 1. A change request can be proposed by product managers, team leaders, or Legal, after analyzing its business, security, and other impacts.
• If the change is identified as a “Major Change,” teams need to follow the “Major Changes” process described below.
• Teams can always consult with the Security Team if needed, and they are encouraged to do so.
2. Changes must be implemented by an appointed team member / contractor.

Our ISO-27001-compliant ISMS provides further details on these processes.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Via performs annual scans of the corporate and production environments. Via’s information technology and information security teams are responsible for implementing controls and performing remediation activities to eliminate any identified vulnerabilities. The vulnerability management process includes the following high-level steps:
- Discovery of network assets using an approved third-party scanning tool
- Scanning for vulnerabilities on discovered network assets
- Remediation for identified vulnerabilities

Annually, Via performs a network and application penetration test (across the entire system) by a third-party vendor. The penetration tests include, but are not limited to:
-External and internal assessments
-Web application testing
-Infrastructure scanning
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Via protects our systems and services against security risks using industry best practices with internal and external security testing. All of our services run in secured Virtual Private Clouds, with proper network segmentation and stateless firewalls.

Protection Measures:
Reblaze WAF
Wiz: posture management, compliance, and governance
Guard Duty - threat detection service
AWS Security Groups

We also use a system of audit trails and logging, compartmentalized systems, annual system scans (both Via and third-party conducted), production environment and database monitoring, and other protocols.

We provide a response and mitigation strategy to partners within 48 hours of discovery.
Incident management type
Supplier-defined controls
Incident management approach
Via maintains well-rehearsed security incident management processes to detect incidents before they arise, respond quickly and decisively, and review and learn from any incidents over time. We maintain formal Incident Management Procedure and Business Continuity and Disaster Recovery Plans.

Via’s ongoing system monitoring automatically escalates any incidents to the on-call member of our 24/7 Network Operating Centre (NOC). This member determines the appropriate team member (including our emergency response team) to lead the resolution process, based on incident type and severity. We notify partners based on severity and SLA terms, and create full documented reviews of any major incident.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Social Value

Fighting climate change

Fighting climate change

Reducing the carbon emissions and overall environmental impact of transportation is central to Via’s mission. Via embeds greenhouse gas-reducing features throughout our services by increasing the use of public transport and reducing single occupancy vehicle (SOV) use — in our Go2 service in Sevenoaks, UK, about 70% of car owners said they use their cars less when a DRT vehicle is available, while in our fllecsi service in Wales 73% of passengers now drive their own vehicles less because of the DRT service. 9% of fllecsi service users had never taken the bus before the introduction of our service. Additionally, in its first two years of service from 2017-2019, our city-wide, on-demand, shared-ride service in Arlington, Texas, US eliminated nearly 650,000 kilometers of travel that would have occurred if the passengers had driven solo, corresponding to a vehicle miles travel (VMT) reduction of 36%. Below are two of the features and strategies we use to significantly reduce carbon emissions and the environmental impact of transport in our DRT services:

Our powerful algorithms analyse all trip requests, assigning passengers to the best-suited vehicle and grouping passengers headed in the same direction into efficient shared trips. By effectively pooling passengers into these shared trips and minimising travel distance, our algorithms remove SOVs from the road while also minimising VMT, reducing road congestion and emissions.

We continuously fine-tune the algorithm parameters in our system to reduce the time that vehicles travel empty (“dead head”) while improving the ratio of person miles traveled (PMT) to VMT. For example, for our Via to Transit service in Seattle, Washington, US, we adjusted the number and location of “terminals” — the places where vehicles wait between trips — so that drivers are better positioned to meet demand as quickly and efficiently as possible.
Covid-19 recovery

Covid-19 recovery

Our DRT services support COVID-19 recovery in a range of ways. Following the outbreak of COVID-19, we worked with dozens of our partners to adapt their transport systems in response to the pandemic, re-launching many services within days or weeks. In Malta, for example, we expanded the coverage area of our COOL DRT service — originally targeted to tourists — to cover the entire country and population, adjusting service parameters to provide passengers with private trips only in order to meet social distancing requirements. We also expanded service to allow local grocery stores and small shops to dispatch goods through the Via App, and built in-app distinctions between delivery trips and passenger transport for drivers. We were able to configure and deploy all of these changes in only two days in response to our partner’s shifting needs.

We have continued to work with our partners on an ongoing basis to adjust and adapt to changing priorities sparked by the COVID-19 pandemic. For example, in our Tees Valley service, we expanded service coverage to account for new use cases such as transport to and from vaccination sites. By increasing access to these sites as well as to health centres, our DRT services help ensure that communities are able to receive necessary preventative care and treatment.

Additionally, as communities continue to re-open, our DRT services encourage economic growth by better connecting individuals to goods and services. In many of our services, the most-requested destinations are commercial — meaning that passengers use our services to travel to shops. Relatedly, our DRT services provide communities with greater opportunity for social connection, by allowing individuals to travel to events and public gatherings. In all of these ways, our services are helping communities around the world recover from the COVID-19 pandemic.
Tackling economic inequality

Tackling economic inequality

By deploying effective DRT services in areas with limited public transport, we increase access to opportunity for all. In the communities we serve, we have increased the number of jobs accessible by public transport by 46%. Our services are frequently designed specifically to serve underserved communities. In our Jersey City service in New Jersey, United States, which is designed to complement existing public transport options and introduce DRT into transport “deserts,” 88% of passengers identify as people of color, while 51% report an annual household income of less than $50,000 and 27% make less than $25,000 a year (the median household income in the State of New Jersey in 2020 was $85,245, meaning passengers of our service often fall significantly below the median income). Jersey City’s low fares, accessible vehicles, and multiple booking options has attracted a diverse user group and increased public transport equity throughout the city, better connecting disenfranchised communities to greater opportunity.

In our Arlington service, more than 88% of passengers make less than $50,000 per year. Passengers use the service to access educational opportunities, job opportunities, and essential services like pharmacies and grocers.

In addition to our work with communities of color and low-income communities, we have significant experience working with passengers who are unbanked (i.e. without credit or debit cards and / or traditional bank accounts) as well as those without access to smartphones. We recognise that these communities have unique concerns regarding how they will be able to use new transport services. We work to ensure that these groups are not left behind, but rather feel enabled and empowered to use our DRT services in order to access economic and social opportunity.
Equal opportunity

Equal opportunity

Our DRT services increase equal opportunity in a range of ways: by better connecting underserved communities to employment opportunities (as described in our response to “Tackling Economic Inequality”), by providing individuals with disabilities more responsive, transparent, and accessible transport options, by partnering with local businesses to attract greater service usage, and by connecting more individuals to goods and services in their local areas.

Additionally, our services save our partners money over time by increasing operational efficiencies: our Sevenoaks partner saw a 77% increase in utilisation following the implementation of our DRT service, while in Milton Keynes our MK Connect service is expected to result in a 40% reduction in subsidy per trip. The money our partners save on public transport as the result of our DRT services goes back into other areas of need in the communities in which we serve — increasing equal opportunity for all.
Wellbeing

Wellbeing

Via’s services support wellbeing in a variety of ways: by connecting users to healthcare, by connecting them to social opportunities and their community-at-large, and by affording them greater independence to travel to shops, grocery stores, libraries, educational institutions, and more.

Many passengers in our existing DRT services use them to access essential healthcare. Via also offers Non-Emergency Medical Transport (NEMT) services, designed specifically to take passengers to and from medical appointments. Additionally, many of our DRT services are designed specifically for unique passenger demographics — such as the elderly — in order to offer them greater independence and promote overall wellbeing. Our fllecsi service in Wales has a 9.0 out of 10 ease of use score — with passengers over 75 scoring fllecsi a 10 for ease of making a journey. Passengers use our DRT service to travel to shopping centres, medical appointments, recreational activities, dining, and places of worship.

Across all user groups, shops and educational institutions are frequently-requested destinations. Our services make our users’ worlds bigger, expanding their access to goods and services as well as expanding their social network and growing their sense of community. This is especially true of passengers with disabilities — one DRT user told us that “depend on UTA On-Demand to get to work and school. It’s essential to being able to function in my community with my disability.” Improving mobility and transport equity is central to Via’s mission, and we are dedicated to improving the wellbeing of those passengers who rely on our services to get them where they need to go.

Pricing

Price
£245 to £325 a unit a month
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at samuel.griffiths@ridewithvia.com. Tell them what format you need. It will help if you say what assistive technology you use.