S&P Global Market Intelligence LLC

Maritime Intelligence Risk Suite (MIRS)

The Maritime Intelligence Risk Suite (MIRS) integrates the world’s largest maritime database, real-time ship movement tracking software, and a newly developed risk events database to provide a one-stop maritime risk mitigation solution.

Features

• World’s Largest Shipping Database
• Most Comprehensive Vessel Tracking
• Maritime Risk
• Sanctions, Sanctioned Entities, Sanctions Evasion
• Ultimate Beneficial Ownership UBO
• Dark Shipping / Ghost Fleet
• Automatic Identification System, AIS
• Vessel Characteristics
• Decarbonization, ESG, Sustainability
• Flag Registry

Benefits

• S&P Global is the Official Issuer of IMO Numbers Globally
• Track any AIS-broadcasting vessel globally
• Track ownership and flag changes through a vessel’s lifespan
• Verified and validated data, ISO certified data
• Understand a vessels’ trading activity over time
• Understand global vessel movements
• Analyze fleet metrics
• Replay historical events
• Understand maritime risk from sanctions to anomalous behavior
• Complete listing of maritime events including accidents and piracy

£28,000 to £96,000 a user

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at dpearcey@spglobal.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

970655660023601

Contact

Daniel Pearcey
+447967785826
dpearcey@spglobal.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: No
• System requirements:
  • Platform, all browsers, latest version recommended
  • Internet Access
  • Whitelisting of URLs depending on security configuration

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Customer Service is available 24/6 with less coverage on Sundays. Client Managers are available to support and escalate outside of hours. Global coverage due to support in all time zones
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Web chat
• Web chat support availability: 24 hours, 7 days a week
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: Not Applicable
• Web chat accessibility testing: Not Applicable
• Onsite support: Onsite support
• Support levels: Our Customer Care is divided into 3 Tiers and there is no additional cost. There is a Client Manager and a Technical Point of Contact assigned for each Client. ; Tier 1 focuses on general questions and basic issues; ; Tier 2 focuses on technical support and quality issues, and ; Tier 3 provides training and value-added support.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We provide user documentation, online training, and onsite training. A Client Manager and Technical Point of Contact are assigned to each Client for smooth onboarding.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: When the contract ends, users can extract their data from S&P Global by following the data extraction process outlined by the Sales Operations team. This process typically involves submitting a data extraction request, specifying the data they need, and providing the necessary details for retrieval. The Sales Operations team will then work with the user to ensure a smooth and secure transfer of their data. It is important for users to communicate their data extraction requirements in a timely manner to ensure a seamless transition.; ; Once we no longer have a legitimate business need to process your personal information/data, we follow our applicable information governance policies, procedures and standards and retain your information for as long as necessary to accomplish the purpose for which it was collected, following which we either delete or anonymize your personal information/data, or if deletion or anonymization is not possible, then we pseudonymize and/or securely store your personal information and isolate it from any further processing until deletion is possible.
• End-of-contract process: Our contracts will be subscription based and the termination covers as part of our agreement. Please note that there will not be any additional cost.; S&P Global has a detailed Exit Strategy document and process. There is a policy for deletion of data in the hosted environment that is followed up written notification of the termination of contracts. S&P Global have a company policy around the deletion of documents and this is reviewed annually. In general, we use several methods to wipe data. These methods are employed dependent on classification of data present on the system. Data is destroyed by overwriting, degaussing, or physical destruction.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: Users can access all services via API in addition to the browser interface. There are no limitations, but excessive call volume will need to be reviewed.
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Dashboards may be customized for Clients using the existing data assets to improve efficiency for Clients.

Scaling

• Independence of resources: Our services operate globally with tens of thousands of users and hosted by AWS. We can offer an uptime service availability of 99.98%.

Analytics

• Service usage metrics: Yes
• Metrics types: Usage statistics by user
• Reporting types: Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
  • Other
• Other data at rest protection approach: Encryption at rest provides data protection for stored data (at rest). Encryption at rest is designed to prevent unauthorized users from accessing the unencrypted data by ensuring the data is encrypted on disk. In addition to satisfying compliance and regulatory requirements, encryption at rest provides defense-in-depth protection. Attacks against data at-rest include attempts to obtain physical access to the hardware on which the data is stored, and then compromise the contained data. Encryption solutions must be applied to servers, desktop computers, thumb drives, mobile devices (phones, tablets, laptops) and Cloud storage. AES 256 based encryption is used for data protection.
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Exports of data via Excel/CSV are possible from the browser interface as are visualizations such as tables and screenshots.
• Data export formats:
  • CSV
  • Other
• Other data export formats: Excel
• Data import formats: Other
• Other data import formats: Not Applicable

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Other
• Other protection between networks: To protect data between the buyer's network and S&P Global's network, several security measures are in place. These include:; ; Encryption: Data is encrypted using industry-standard protocols such as SSL/TLS to ensure secure communication.; Firewalls: Robust firewalls are implemented to monitor and control network traffic, preventing unauthorized access to sensitive data.; ; Access Controls: Strict access controls are enforced, ensuring that only authorized personnel can access and manage data.; ; Intrusion Detection and Prevention Systems: Advanced systems are in place to detect and prevent any unauthorized access attempts or suspicious activities.
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: SPGI manages network interfaces including gateways, routers, firewalls, or encrypted tunnels implemented within a security architecture (e.g., routers protecting firewalls or application gateways residing on protected subnetworks). S&P Global's' Network Security Standard Policy defines the minimum requirements necessary for providing appropriate access controls over the SPGI network infrastructure. This standard applies to all Company owned or leased network devices, and all third-party service provider devices connected to or used to connect to the Company network for any purpose.

Availability and resilience

• Guaranteed availability: We have an uptime Service Availability of 99.98% and have never experienced substantial periods of solution unavailability.
• Approach to resilience: Available on request
• Outage reporting: In accordance with contractual commitments or regulatory obligations, the Company may have to report InfoSec or Data Incidents to clients or customers. ; ; S&P Global has a robust incident management process in place to report and address any outages or service disruptions. When an outage occurs, the incident management team is immediately notified and begins investigating the issue. The team communicates updates and progress through various channels, including email notifications, status updates on the S&P Global website, and direct communication with affected users. Additionally, S&P Global may utilize automated monitoring systems to detect and report outages in real-time. This allows for prompt resolution and keeps users informed throughout the process. The incident management team works diligently to minimize the impact of outages and restore service as quickly as possible.

Identity and authentication

• User authentication needed: Yes
• User authentication: Other
• Other user authentication: S&P Global authenticates users when they access the service through a combination of username/password authentication and multi-factor authentication (MFA).
• Access restrictions in management interfaces and support channels: According to S&P Global's 'User Provisioning and Access Controls Standard', All users must have an account provisioned via the Corporate Simple Access identity management facility before being granted access to any other SPGI system or application. Users are only given those privileges and entitlements necessary to perform their functions. Access rights are not activated before authorization procedures are completed. Similarly, All access are immediately revoked for users who terminated employment. Authorized users are assigned group and role membership, and account access authorizations (e.g., privileges) and other attributes for each account.
• Access restriction testing frequency: At least once a year
• Management access authentication: Other
• Description of management access authentication: S&P Global authenticates users when they access the service through a combination of username/password authentication and multi-factor authentication (MFA).

Audit information for users

• Access to user activity audit information: No audit information available
• Access to supplier activity audit information: No audit information available
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: S&P Global’s Information Security policies and standards are based on the best practices recommendations for information security management as published in ISO/IEC-27002 and NIST 800 Standards.
• Information security policies and processes: SPGI’s Information Security Program mission is to protect customer information and the company’s reputation and brand through well established, uniform security practices while complying with legal requirements and industry best practices. This is accomplished by having a centralized accountability function with the goal of enhancing the company’s ability to: predict security events and their relative impact to SPGI environments; prevent attacks by augmenting the enterprise security posture; detect attacks that have evaded preventative measures; respond to security events for timely remediation; and improve/update the group’s capabilities and resiliency.; ; The Chief Information Security Officer (CISO) manages and coordinates SPGI’s Information Security Program. The CISO reports to SPGI’s Chief Information Officer (CIO) who is a member of the Operating Committee and reports to the President and Chief Executive Officer (CEO) of SPGI.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: We follow robust configuration and change management process. The components of S&P Global's services are tracked throughout their lifetime using a configuration management database (CMDB). The CMDB maintains record of components, including hardware, software, and network devices. Each component is assigned a unique identifier and its attributes, such as version, configuration settings, and dependencies, are documented. This allows for accurate tracking and management of components throughout their lifecycle.; ; Before implementing any changes, S&P Global assesses them for potential security impact. This assessment involves evaluating the security implications of the proposed changes, including any potential vulnerabilities or risks that may arise.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: S&P Global's Network Vulnerability Assessment Standard is designed to identify risks affecting the infrastructure of the organization and provide actionable advice to efficiently and effectively address the risk. The Network Vulnerability assessment identifies both patch-related and configuration-related vulnerabilities. Scans occur both within and without the environment. All applications will go through the threat modeling, static vulnerability assessments, dynamic vulnerability assessments (for web applications and web APIs), and manual and penetration tests if deemed necessary, during the SDLC.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: S&P Global has Cyber Incident Response Program that is managed by the Information Security Monitoring & Cyber Incident Response Team (“CIRT”) in conjunction with the Security Operations centre (SOC) where security analysts monitor security events 24x7 and escalate validated or suspicious security incidents for further probing and invoke Incident Management Procedure as necessary. The CIRT is responsible for triaging, responding to and resolving security incidents. The Cyber Incident Response Plan is intended to include all necessary processes, procedures, internal and external communication strategies, provisions for business continuity, and steps to limit disruptions in service. This plan is rehearsed annually.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: The Cyber Incident Response Team (CIRT) along with Privacy/Legal team is responsible for engaging the necessary business, risk management, compliance stakeholders, customers, employees, and regulators based on the nature of the incident, legal requirements, and industry practices in accordance with the Cybersecurity Incident Response Plan. In accordance with contractual commitments or regulatory obligations, the Company may have to report InfoSec or Data Incidents to clients or customers.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  The risks and impacts of climate change pose a substantial threat to communities and ecosystems worldwide. At S&P Global, we recognize that we must do our part to address this growing crisis, as the wellbeing of our people and business is inextricably linked to the health of the communities where we live and work. In 2021, we announced our goal of achieving net-zero emissions by 2040, which included near-term 2025 targets validated by the Science Based Targets initiative (SBTi). Our approach is informed by the latest climate science aimed at limiting global warming to 1.5°C and aligns with best practice of avoiding and lowering greenhouse gas (GHG) emissions by carefully tracking and disclosing our performance, implementing energy reduction initiatives and transitioning to low-carbon energy sources. ; ; For our impact report, please refer to the link - https://www.spglobal.com/en/who-we-are/corporate-responsibility/impact-report/index; For our TCFD report, please refer to the link - https://www.spglobal.com/en/who-we-are/corporate-responsibility/tcfd-report-2023.pdf

  Covid-19 recovery

  • The S&P Global Foundation responded by channeling $4.5 million in global grants for COVID-19 relief efforts, supporting first responders, helping the hungry, providing medical supplies and meeting other critical needs, as well as providing critical aid for small businesses to help address the strain of economic uncertainty.; • We provided hospitals and governments free access to Panjiva supply chain data relating to ventilators and personal protective equipment.; • Across the globe, S&P Global team members responded too, volunteering their time and donating funds to the S&P Global Foundation to help meet the needs of their local communities. In India, during a lockdown period, our CRISIL team used their corporate kitchen to serve 10,000 meals per day to Mumbai’s most vulnerable. And in the U.S., colleagues in our California, Colorado and New York offices got to work, 3D-printing face shields for local healthcare workers.; ; For more details, please refer to the link - https://www.spglobal.com/en/who-we-are/corporate-responsibility/cr-spotlight-covid-19

  Tackling economic inequality

  The S&P Global Supplier Diversity Program provides fair and equal procurement opportunities for all capable, competitive suppliers. We welcome companies managed or led by members of all underrepresented groups, including women, veterans and other historically disadvantaged populations, to apply. Partnering with diverse suppliers is one way that we are living out our overall commitment to fostering a diverse, equitable and inclusive workplace and community.; ; Please refer; https://www.spglobal.com/en/who-we-are/diversity-equity-inclusion/supplier-diversity

  Equal opportunity

  S&P Global is an equal opportunity employer and all qualified candidates will receive consideration for employment without regard to race/ethnicity, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, marital status, military veteran status, unemployment status, or any other status protected by law.

  Wellbeing

  S&P Global provides colleagues with a comprehensive, competitive benefits package that includes a host of programs, resources, and incentives to enable informed decisions and healthy lifestyles. Our global benefits differ from country to country, but specific offerings include flexible work environments and programs designed to promote our people’s physical, financial, mental, and emotional health.; ; To support a safe and healthy work environment, the company maintains a rigorous management system. Our facilities worldwide follow internally and externally audited occupational health and safety policies in line with ISO 45001 and ISO 14001 standards. All of our office locations follow ISO 45001, with our London office formally certified in ISO 45001. Of our office area, 49% is covered by ISO 14001 standards.; ; For more details, please visit - https://www.spglobal.com/en/who-we-are/corporate-responsibility/impact-report/our-people/employee-health-safety-and-wellbeing

Pricing

• Price: £28,000 to £96,000 a user
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Free trials include time limited access to the full version of the product to be purchased.
• Link to free trial: To register for a free trial, contact: justin.heron@spglobal.com

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at dpearcey@spglobal.com. Tell them what format you need. It will help if you say what assistive technology you use.