Symology Ltd

Symology Enterprise (Cloud Edition)

Symology's Enterprise solution is designed specifically to provide an integrated spatially enabled solution for the management of infrastructure assets, including highways, street lighting, structures, street works, public rights of way, grounds and property.

Features

• Sophisticated Asset Management, Pavement Management and Asset Valuation facilities
• Embedded GIS/Mapping facilities based on ESRI technology
• Mobile Working capability with real-time communications with central system
• EToN6 Compliant Street Works Noticing/Permitting & NSG Maintenance functions
• Comprehensive facilities for recording Inspections/Condition Surveys of any type
• Defect Recording & Works Ordering with Budget Monitoring capabilities
• Integrated Works Management (Contractor) functions
• Facilities to manage Customer Services Requests and Licences & Events
• Range of interfaces, integrating with corporate systems & Street Manager
• UKPMS Tranche 3 Accredited & Comprehensive Reporting Facilities

Benefits

• Integrated solution removes need & cost for numerous separate systems
• Provides accurate, timely, reliable, valid, complete and secure data
• Streamlines end-to-end workflow providing lean, efficient business processes
• Supports and informs management, budgeting and engineering decisions
• Increases efficiency by enabling mobile working
• Ensures compliance with legislation and codes of good practice
• Enables 3rd Party Insurance Claims to be successfuly defended
• Eradicates duplication, multiple site visits and other operational inefficiencies
• Interacts with corporate systems and external customer facing access channels
• Intuitive user interface with common look and feel minimises training

£120 to £1,386 a user a year

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@symology.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

914958786290274

Contact

Stuart Marshall
0808 196 8693
sales@symology.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: A nightly planned maintenance window of 30 minutes scheduled between 21:00 and 24:00.
• System requirements: The Insight Mobile software requires Windows tablet

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Response times are based on the helpdesk hours and are dependant on priority. ; ; Priority 1 -> 1 hour; Priority 2 -> 1 hour; Priority 3 -> 24 hours; Priority 4 -> 24 hours
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Symology offer a single level of high quality support to all our customers which has resulted in us retaining our extensive customer base for many years. ; ; Symology’s helpdesk is able to offer both technical and functional support during standard office hours Monday to Friday. Manned support outside of the standard support time can be made available at an additional charge as required. Symology also provide a designated Account Manager who is a product consultant and is available during office hours for escalation of issues. Symology also include a Customer Service Portal (Fault Management System) which provides a web interface that allows customers to create or review Insight support cases at any time. It also allows customers to;; • Search and browse the Insight product knowledgebase. ; • Log new support case's, specifying a priority. ; • Check on the status of existing cases (including those opened by phone or email). ; • Add comments and attachments to existing cases. ; • A detailed Customer Service Portal User Guide is available to users on logging in to the portal.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Symology provide Introduction to Insight training videos, available via the customer only area of the Symology website. It is pre-requisite of attending a training course that end users have familiarised themselves with these videos. ; ; During an implementation key personnel will gain a detailed understanding of the functionality within Insight (and the options available), and they will fully understand how the business processes are merged with the system functionality. ; ; Standard/bespoke training courses can then be delivered using the customer’s data and be tailored, as far as possible, to match the business processes that have been agreed during the implementation. ; ; Symology will liaise with the key “champion users” in each business area prior to the training courses in order to finalise the agenda/content of each course. Once the content is agreed, Symology would prepare the course content and associated documentation. ; ; Users will be able to access the test environment following their training in order to gain further familiarity with the system prior to go-live.; ; Following each phase of the project going live, Symology will provide “drop-in surgeries”. End Users will be able to attend these, and raise any queries that have arisen since they started using the system.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Upon expiry or termination of the contract Symology will make all data available in a format relative to its system (XML/CSV) for input into any new system. Symology’s own schema will be utilised. This data will be available via FTP for three months from the termination/expiry of the contract. Following this three month period the customer's data will be removed. Any configuration parameters will only be relevant to the Symology solution and therefore will not benefit the transition away from Symology. These parameters can be provided at part of the files. Symology are happy to work with customers to transition the service away from Insight within what we deem reasonable levels. We have a number of customers who have returned to Symology following the maintaining of good relations at the expiry of contracts.
• End-of-contract process: Upon expiry or termination of the contract Symology will make all data available in a format relative to its system (XML/CSV) for input into any new system. Symology’s own schema will be utilised. This data will be available via FTP for three months from the termination/expiry of the contract. Following this three month period the customer's data will be removed. Any configuration parameters will only be relevant to the Symology solution and therefore will not benefit the transition away from Symology. These parameters can be provided at part of the files. Symology are happy to work with customers to transition the service away from Insight within what we deem reasonable levels. We have a number of customers who have returned to Symology following the maintaining of good relations at the expiry of contracts.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Insight Mobile is designed for multi-disciplined inspectors. The solution offers inspectors the functionality to complete and prompt inspections/condition surveys, record defects, collect/record asset information, record status updates, attach photographs, send Street Works start/stop notices and record works details(completed/labour/plant/materials). It is designed to work without the requirement for an 'always-on' connection. Mobile mapping facilities allow users to select/update records as well as plot points/lines/polygons. GPS tracking facilities include the ability to trace the routes that inspectors have been taking. A planned route facility allows the inspector/gang to optimise the route and coordinate different activities to ensure maximum efficiency when on-site.
• Service interface: No
• User support accessibility: WCAG 2.1 A
• API: Yes
• What users can and can't do using the API: Insight offers a range of Web Services (XML/SOAP) Interfaces to interface with corporate systems. Symology's Web Portal solutions, including Report It, Apply For It and View It, also utilise direct interfaces. These Interface solutions are designed to allow other applications to interface directly with the various Insight modules. The aim of the Direct Interface is to receive data from "trusted sources" which can be recorded directly into the Insight database, without any form of review by an Insight user. ; ; Typically Direct Interfaces are used to call Insight which operates as a specialist back-office product. They can be plugged in to from a corporate product, or used as an alternative to the main Insight interface, for performing the actions available to the interface.; ; The Direct Interfaces operate by providing a component interface to the relevant Insight module, whereby elements of the Insight application logic can be called by external applications.; ; Direct Interfaces are currently available for Customer Service, Asset Register, Licences, Street Works and Street Gazetteer.
• API documentation: Yes
• API documentation formats:
  • PDF
  • Other
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Insight offers users considerable customisation. The web portal by which Insight is accessed will be customised in line with the customers visual identity guidelines as standard. ; ; All screens can be controlled (no access, read-only access, update access) by permissions. Facilities are also provided on a user-by-user basis to change the font sizes used throughout the system and to change colour schemes. ; ; Update/Enquiry dashboard grids can be customised considerably including what data is displayed. Highlighting options also allow business rules to be created to change the visualisation of the data.; ; Insight has an Additional Fields facility allowing users to create fields within each module to store data that may not be catered for elsewhere. These fields can be many formats and can be grouped as required. They can also be passed to Insight Mobile and made read-only if required.; ; Insight has extensive and customisable workflow capabilities. This is aimed at marrying a customers business processes with the Insight solution to ensure the maximum benefits are returned.; ; Insight's online help system can also be customised in accordance with a customers business processes.

Scaling

• Independence of resources: Our Managed Service infrastructure is designed specifically for the Insight solution and its performance is continually monitored. Regular performance reports are reviewed by our dedicated Managed Service team against predetermined intervention levels for areas including but not limited to capacity (35%) and load usage (80% for sixty seconds). This guarantees we have the capacity to absorb any unexpected additional requirements. Our customers are hosted on the same logical network using a combination of network firewalls and application restrictions to prevent any ‘cross-talk’ security issues.

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Users can export data in CSV or XML format very quickly and easily from the 'File' menu within Insight. Users select the data required to export by means of the vast array of definable enquiry data grids and then simply export to file. This file would automatically be made available via the customer web portal where it can be downloaded. Complete data sets will be provided to a customer, in a fixed XML format, on contract end/termination.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • XML
  • HMDIF
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • XML
  • HMDIF

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection between networks: Often the level of protection is dictated by the authority customer however we always recommend customers use encrypted traffic. Symology do not support SSL 1, 2 or 3. Secure FTP traffic is permitted although support for weak algorithms has been removed.
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection within supplier network: SFTP

Availability and resilience

• Guaranteed availability: Symology's Managed Service has been in operation since 2006. The standard availability target is 99% and is measured between the hours of 08:30 and 17:30 although since 2006 we have actually achieved 99.8%. The Service period is 3 months. In the unlikely event that the availability falls below the target service level in any service period, the customer shall be granted a service credit against the fees for that service period. 98% -> 5%, 97% -> 10%, 96% -> 15%, 95% and below -> 20%.
• Approach to resilience: Symology operate a dual hosting model offering an active/passive approach resulting in an extremely high level of resilience when it comes to business continuity and disaster recovery. Our hosting sites are NTT Global Data Centers, based in Hemel Hempstead and Virtus (provided by CloudCoCo), based in Slough. Both are Tier 3 data centres with ISO27001 accreditation. Half our customers use NTT Global Data Centers and the other half use Virtus as their active service. Each customer's solution is then mirrored every hour to the passive service be it NTT Global Data Centers or Virtus. All hardware is replicated exactly at the two sites. Further information is available on request.
• Outage reporting: Service outages and availability are reported by means of a public Service Status website providing a transparent view of the availability of the Symology Hosted Services. In addition, availability is continually monitored and customer Account Managers are informed of any outages, be it planned or otherwise, that need communicating with affected customers.

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: Management interface and support access is controlled by means of group permissions including but not limited to Domain Administrators, Technical Implementation Consultants, Account Managers and Support Consultants. All access is audited and internal accreditation is required to gain access. Access is also controlled by IP address filtering ensuring those approved have access.
• Access restriction testing frequency: At least once a year
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: ASCB with QMS International carrying out the regular auditing
• ISO/IEC 27001 accreditation date: 21/01/2015
• What the ISO/IEC 27001 doesn’t cover: We are fully covered.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: In additional to ISO27001 and Cyber Essentials Plus accreditations, Symology adhere to our own internal Information Security Management System. All of the components of this ISMS are periodically and systematically reviewed by both internal and external audit procedures. A nominated member of staff has been appointed by Symology’s Managing Director to be responsible for the control of all matters relating to the implementation, control and continuing audit of these procedures which are adopted and practised by all Symology employees.; ; Symology has adopted the process approach for developing, implementing and improving the effectiveness of its ISMS by committing to understanding business information security requirements and the need to establish policy and objectives for information security, implementing and operating controls in the context of managing the overall business risk, monitoring and reviewing the performance and effectiveness of the ISMS, continual improvement based on objective measures, communicating throughout Symology the importance of meeting all relevant statutory and regulatory requirements specifically related to its business activities and ensuring that adequate resources are determined and provided to monitor and maintain the ISMS.; ; Due to its secure nature, access to Symology's ISMS policy will only be made available to customers visiting our head office.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: All changes pass through a centralised, controlled approvals process which is audited. Records are retained indefinitely. Software changes pass through a PQT/QA process which also includes security testing. External-facing software is tested by two separate third parties.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Potential threats are assessed by a combination of security device monitoring and regular log reviews. Following our Cyber Essentials Plus certification requirements, our patches are rolled out within 14 days of release. We are subscribed to a number of security information services whose role it is to inform us of emerging threats. Once informed the relevance of the threat is assessed and if relevant the scope of the threat is assessed and then the mitigation is planned and documented to help monitor the progress of mitigation. The potential impact is assessed to help prioritise the mitigation effort.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Potential compromises tend to be identified by alerts generated by hardware and software security devices including but not limited to our firewalls and intrusion detection/protection devices once they have assessed the issue as warranting investigation. Logs are also monitored by a third party log monitoring tool. Once alerted, a priority service case is raised to track investigation of the issue. If there is a concern about security or the monitoring or it will be tracked back to its source and any necessary remediation of software, services or procedure will be investigated.
• Incident management type: Supplier-defined controls
• Incident management approach: Incident notifications come from system monitors, log monitoring or report from an individual. A priority service case is raised and stakeholders are automatically alerted. An investigation will be immediately launched to assess the source, scope and severity of the incident. Once the immediate threat has been resolved, work will be undertaken to assess the extent of the incident, trace the source and identify necessary steps to eliminate any residual effects. The response will be examined to highlight if anything could have been done differently to detect the incident sooner, reduce its impact or improve communications to the relevant parties.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  Symology takes its responsibility to fight climate change seriously and is ISO14001 accredited. As part of the Environmental Management System deployed, mechanisms are in place for monitoring environmental indicators, including but not limited to, commuting carbon emissions, energy usage and paper usage. A hybrid working model is in place across all staff, reducing carbon emissions through a 60% reduction in commuting and staff are encouraged to support environmental protection by utilising public transport when travelling within contracts. Customer training is predominantly delivered online, further contributing to a reduction in carbon emissions.; ; Symology is actively working towards net zero greenhouse gas emissions, with a target date in advance of the national target of 2050 (NT31.3). Initiatives include promoting fully paperless operations within five years and provision of an Electric Vehicle scheme to all staff. Further aspirations include working towards ISO14065 accreditation in support of sustainability.
• Covid-19 recovery:

  Covid-19 recovery

  During the COVID-19 pandemic, Symology provided facilities for remote working in addition to ensuring all offices were COVID secure such that employees could attend the office, with social distancing in place. A hybrid working model has been introduced, with teams encouraged to attend offices on the same day, in order to achieve wellbeing benefits.
• Tackling economic inequality:

  Tackling economic inequality

  Symology are UK based, Employee Owned, SME, focused solely on UK market with no international operations. We are involved in the Employee Ownership sector, actively promoting the ownership model. Upskilling represents a key part of our organisation, particularly for our staff and our customers, where comprehensive training is provided. ; ; Symology will deliver a two-hour webinar offering CV writing advice. As this will be provided as a webinar there is no limitation on the number of residents that can attend in the initial instance. Additionally, the webinar can be recorded and used as a reference video for the duration of the contract thus maximising its audience and its benefit. ; ; Additionally, as an ESRI Gold Partner, Symology will provide a two-hour educational instruction video, on the use of ESRI ArcGIS. This video will be aimed at personal and professional development of young people in the local area with an interest in geography and the application of the worlds leading GIS solution. This video will be made available for the duration of the contract term again maximising its audience and its benefit.; ; Both recordings will be provided on a platform such as Vimeo, where the views can be tracked with no limit on the number of views (NT7 + NT11). ; ; Symology are committed to cyber security by increasing resilience, identifying and managing cyber security risks alongside our Cyber Essentials Plus and ISO27001 accreditations. We hold internal information sessions monthly including quarterly security updates in addition to regular staff security training. In addition, members of our Technical teams run covert security exercises to try and entice staff to breach security as part of the training.
• Equal opportunity:

  Equal opportunity

  Equal opportunities are of paramount importance to Symology. All staff (130) are paid beyond the Real Living wage (NT41) and we do not offer zero hours contracts. We operate with Equal Opportunities and Slavery and Trafficking policies and we endeavor to ensure the same standards across 100% of our suppliers, contractors and business partners (NT22) by means of an annual survey. As an Employee Owned organisation, all staff have a responsibility for ensuring equal opportunities throughout.; ; There is no gender pay gap at Symology and an annual salary review is conducted by a sub-committee to ensure this remains for which we can provide an annual report on throughout the contract. The annual review also considers other factors to ensure no salary inequalities across the company.
• Wellbeing:

  Wellbeing

  Symology has an Employee Assistance Program (EAP) in place (NT20) which is available to all staff (130), their partners and eligible dependents within the household. The EAP is a confidential service offering health advice, both physical and mental, financial advice, legal information, consumer advice, career guidance, life coaching and parenting coaching. A 24/7 helpline, live chat and a comprehensive web portal are included within the EAP, offering employees access to a wide variety of mental health support, in addition to practical services. Where appropriate, Symology will provide an EAP service as part of the contract with secure login access for every user licence contracted. ; ; All employees have access to the Symology Social Directory, which details a range of organised activities in which all staff are encouraged to participate, promoting both mental and physical wellbeing.

Pricing

• Price: £120 to £1,386 a user a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: It should be noted that free trial has been selected to facilitate access to a technical connection test rig rather than enabling functional system use.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@symology.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.