R2P Systems UK Ltd

Real Time Passenger Information (RTPI) Lite using Bus Open Data Service (BODS)

BODS provides us with vehicle position and schedule information that is connected to our system via a secured API. The main advantage of this system is the ability to produce real-time predictions across multiple bus operators and various localities.

Features

• Real time information
• Passenger information
• Real-time control systems
• Contract management

Benefits

• Publishing and importing datasets
• Tracking and Lateness performance monitoring
• Web Based Hosted
• Multiple or single operator information
• Easy and flexibility to integrate additional operators from BODS

£1,000 to £20,000 a unit a year

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at UKroad@r2p.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

939969407964795

Contact

Steve Holloway
01293 665398
UKroad@r2p.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: None
• System requirements:
  • Browser based; works on any platform
  • Operates from any Internet-enabled device with a modern browser
  • No plugins or additional software is required

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Usually within the hour, 9:00am - 5:00pm Monday - Friday.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Support availability: working days by call, 24/7 by email. Standard support response times: 8 business hours. Office-based account manager provides monthly performance reporting (if necessary). This is included as part of the monthly revenue charge. Advanced support level is subject to contract.; ; Our software systems include automated self-monitoring, enabling us to provide high levels of availability and reliability. Each connection, whether it be a data connection (input/output – SIRI/API) or connection to a physical display is monitored, recorded and reported upon.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: R2p can create a new instance of the system and, if required, obtain data feeds and configure the system to use them. Training can be provided by webcast or onsite if required. If https or VPNs are required to secure the data connections, r2p will set these up for the user.; Our Open Data Platform provides interactive online documentation, informing users of how to use each service we provide.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • ODF
  • PDF
  • Other
• Other documentation formats: Links available to download documentation as a PDF
• End-of-contract data extraction: Data can be exported in a range of formats using the available reporting tools. This includes APIs (for historical data), JSON, CSV, XML and database exports.
• End-of-contract process: R2p will cease to accept incoming live data feeds and allow a period of time for the buyer to export their data.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The public facing services are provided with fully responsive design.; Some management functionality is most effectively carried out using a desktop or laptop as the volume of information presented on a screen is significant.
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: The r2p UK Central RTPI System (iConnex) is a web-based solution that delivers many features to the users and local bus operators. These include the following as standard: ; • A fully customisable dashboard system; • NaPTAN/Location Data import and management tools.; • TransXChange and VDV452 Timetable import and management tools.; • Data feed subscription management screen with ability to check feed health, cancel subscriptions, restart subscriptions and new subscriptions.; • System health historical reporting (system uptime, database uptime); • Live dashboards for display estate monitoring (monitoring heartbeats, prediction delivery history, live view.
• Accessibility standards: None or don’t know
• Description of accessibility: N/A
• Accessibility testing: N/A
• API: Yes
• What users can and can't do using the API: The API allows access to the live processed data and to the historical data. Initial system setup requires desktop access. Once configured, all data can be imported or exported using the API.
• API documentation: Yes
• API documentation formats:
  • HTML
  • ODF
  • PDF
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: The data reporting tools allow custom reports and dashboards to be created by authorised users. Support for customised format data feeds for incoming and outgoing date is possible by r2p engineers.

Scaling

• Independence of resources: Each customer instance operates within its own virtual machine and managed bandwidth.

Analytics

• Service usage metrics: Yes
• Metrics types: Typical metrics used: volume and quality of incoming data, volume of data requests from API, volume of requests from website and system latency.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest: Physical access control, complying with another standard
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: The available reporting tools enable data export in a range of formats and different criteria.
• Data export formats:
  • CSV
  • Other
• Other data export formats: JSON
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • TransXChange
  • ATCO CIF
  • Bespoke - to be agreed with buyer

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection within supplier network: Use of firewalls and layer 3 switched network communications with subnetting.

Availability and resilience

• Guaranteed availability: Faults shall be classified and addressed as:; Critical - any fault affecting the provision of information to more than one feed (eg. server fault, general communications fault) within 8 hours. This will be defined as not being met where either: (i) Resolution takes longer than 8 hours, or (ii) Resolution takes less than 8 hours but the System becomes unavailable again within 1 working day from the time of resolution. ; Any faults affecting the provision of information to a single feed within 3 working days will be defined as not being met where either: (i) Resolution takes longer than three 3 working days, or (ii) Resolution takes less than 3 working days but the System becomes unavailable again within 1 working day from the time of resolution. Standard offered SLA is 99% availability. Refunds based on service credits against future month charges where Critical Faults not resolved in agreed times at rate of 3% per full day of service unavailable beyond SLA.
• Approach to resilience: Details available on request.
• Outage reporting: Visual and/or audio alerts are issued whilst calls can be automatically raised within the Fault Management System (FMS) and e-mail and or text notifications sent to pre-defined personnel. This is augmented by technical support monitoring. The system includes a dashboard presenting the status of all operating assets.

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: Permissions are managed through groups. Groups control which menus and data are available to the user.
• Access restriction testing frequency: At least once a year
• Management access authentication: 2-factor authentication

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: Accountability is to the Board who regularly review the information security risk register. Regular testing of compliance and reviews of system configuration take place against a baseline.
• Information security policies and processes: The Managing Director has overall responsibility for information security and governance. The Delivery Manager has day-to-day oversight and is responsible for delivery of the information organisational policies. Awareness and update briefings are held, including regular testing of compliance and reviews of system configuration.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: R2p configuration and change management forms part of the ISO9001 certification. All elements of software and infrastructure are under configuration management. Software is fully version-controlled with ability for roll back. The r2p Fault Management System (FMS) is used to track all changes to implemented systems and manage processes. Customer access to the FMS allows for full visibility of a system's history. Before sign-off, all changes are reviewed for governance, security, operational and functionality.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: R2p undertake constant review of trade press and news statements for any threats to core IT systems, eg. membership of transport trade groups for domain specific awareness. Security forms part of regular customer reviews to enable customer-specific threats to be identified. Security updates to operating system and related components including off the shelf software are configured to automatically install. The information governance process includes risk assessment of security threats.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Regular reviews of system usage include user logins. The system automatically reports above defined levels of increased system use.; Any potential or actual compromise becomes a critical incident with immediate response with customer and Director involvement. Critical incident management is available 24/7. If feasible, the first response is to make the system inaccessible, leaving it running for any forensic analysis that may be needed.
• Incident management type: Supplier-defined controls
• Incident management approach: The FMS provides a controlled framework for the identification, recording, progressing, closing and analysis of faults enabling rapid reporting of standard incident types. Faults can be reported by telephone (via a dedicated Customer Support line which will be answered by; Customer Support personnel and not an automated voice system), email or web interface. The FMS allows the Service Manager or authorised personnel to view status of all tickets (open or closed) with the ability to drill down to details. Changes to ticket status will be notified by automated email.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity

  Fighting climate change

  r2p has set a clear internal mandate and public commitment (through its Environmental Policy) to minimise its environmental impact on the planet and operate in a genuinely sustainable way during its day-to-day activities and the execution of all its contracts. • Our goal is to be net-zero by the end of 2027 and are proactively developing our plan and undertaking initiatives and investments to achieve this. • r2p recently became ISO 14001:2015 Environmental Management System certified and continually takes steps to reduce our environmental impact further. • We also train and communicate with our staff to be mindful of their actions on the environment and to also canvass for new ideas and initiatives for reducing our carbon impact.

  Tackling economic inequality

  Fair Treatment of Suppliers • We will not make unreasonable requirements on suppliers regards deliverables and costs. We treat suppliers in the way that we expect to be treated as a supplier to others. This is particularly relevant when engaging with smaller organisations who have less ability to reject unfair conditions from larger customers. • We are signatories to the UK Prompt Payment Code. We commit to pay suppliers on time and fairly and strongly advocate similar behaviour from our customers. Fair Pay and Conditions for Employees • We ensure non-exploitation of employees in terms of reward, working hours and deliverables. Our employees are issued with fair contracts of employment. • We believe in fair pay and ensure that even the most junior staff are paid above the Living Wage. We believe that we pay our employees above the average for our industry sector and geographical region and will continue to maintain staff pay levels in line with the cost of living.

  Equal opportunity

  Equality, Diversity, Inclusion • We work hard to ensure that we provide and promote equality, transparency, respect and high standards for all our staff, suppliers and customers. • We recruit and employ staff based on their ability to perform their role and do not discriminate based on gender, family status, sexual orientation, religion or belief, race, nationality or disability. Our staff reflect this diversity policy. • We do not tolerate any form of discrimination, victimisation, harassment, or intimidation by or of our employees or others and have systems in place to ensure staff feel able and safe to report transgressions.

Pricing

• Price: £1,000 to £20,000 a unit a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at UKroad@r2p.com. Tell them what format you need. It will help if you say what assistive technology you use.