TransportAPI

TransportAPI Cloud hosting

The TransportAPI Cloud hosting offer provides a means to aggregate transport sector data from any set of digital sources into a data warehouse for distribution through a content distribution network to business and consumer facing services.

Features

• Connection to sensor data by polling standard transport data interfaces
• Connection to sensor data by consuming standard transport streaming data
• Data warehousing of polling or streaming sources in secure repositories
• Provision of access to the secure repositories through RESTful API
• Provision of access to secure repositories through streaming content distribution
• Content distribution scaling differentiated by delivery channel
• Content validation to standards used in transport data sector
• Service design and UX modelling for client transport user stories
• Service integration tools to embed data delivery in client architectures
• Realtime data integration logic for heterogeneous transport data sources

Benefits

• Offers data handling on secure AWS infrastructure in UK/ globally
• Licensing data downstream for any required business usage
• Customisable service level agreements for data delivery guarantees
• Provides failure-safe logic for continuous access and delivery
• Flexible support arrangements for public/ private content distribution
• Offers turnkey design, build and deliver deployments to client design
• Delivery in single-tenant public/ private cloud environments
• Full ownership of service or delivery by results models available

£500 to £5,000 a licence a month

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at jonathan.raper@transportapi.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

974307873079767

Contact

Jonathan Raper
02032901357
jonathan.raper@transportapi.com

Service scope

• Service constraints: Core support is provided between 9:00am to 5:00pm on UK working days.; Extended support is provided from 7:00am to 8:00pm during UK working days and 9:00am to 6:00pm on weekends and UK bank holidays. Full 24/7 support is provided on application.
• System requirements:
  • Service is provided over private/ public cloud network as designed
  • Service is provided over public cloud subject to bandwidth connection
  • Data delivery is subject to any upstream warranties and licences
  • Integration of TransportAPI open data content

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: TransportAPI telephone and email support is provided on the following basis:; 1. Core platform support is provided between 9:00am to 5:00pm on UK workings days. ; 2. Extended support is provided from 7:00am to 9:00am and 5.00pm to 8.00pm on UK working days and between 9:00am and 6:00pm at weekends and on UK bank holidays. ; 4. 24/7 support is available on application.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 A
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: TransportAPI offers three levels of telephone and email support:; P1. The entire TransportAPI service is unavailable and/or inaccessible to service user; P2. One or more TransportAPI service fail ten consecutive one minute Service Level Agreement (SLA) checks or where the response time rises 50% above the SLA metric for 10 consecutive one minute checks ; P3. Service performance is affected by behaviour of an upstream or downstream service outside TransportAPI; These service levels are included within the service cost unless service-specific variations are agreed with the customer.; TransportAPI customers are provided with account management and support contacts.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: TransportAPI provides comprehensive on-boarding support to the client operations team through our Go-Live process and Support manual documentation.; ; TransportAPI will work in partnership with clients to manage and support the development, alpha/beta testing and deployment to live processes. TransportAPI will operate within client change control processes within the cost of the contract.; ; On site training is available at extra-cost and will be delivered by professional trainers experienced at cloud service deployments.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • Other
• Other documentation formats:
  • RESTful API markup language (RAML)
  • Open API
• End-of-contract data extraction: TransportAPI will offer export functions to download users and analytics data from the service as an integral part of the delivered service.; ; The service design will define whether the ownership of the service remains with the client and the nature of the transition tools to be provided, or whether the service is offered as-a-service with ownership vested in the supplier.
• End-of-contract process: At termination contracts provide for the downloading of user details and client-specific data analytics and for the use of transition tools as appropriate to the service model.

Using the service

• Web browser interface: Yes
• Using the web interface: Register for an account; Set up and configure applications; Invite additional users; Monitor usage and costs
• Web interface accessibility standard: WCAG 2.1 A
• Web interface accessibility testing: Testing of new accessibility features is ongoing
• API: Yes
• What users can and can't do using the API: Robust and high-performing API which aggregates, validates, enhances and tests all of its data sources and provides sophisticated fail-over logic to provide uninterrupted service.
• API automation tools:
  • Chef
  • Terraform
• API documentation: Yes
• API documentation formats:
  • HTML
  • Other
• Command line interface: Yes
• Command line interface compatibility: Linux or Unix
• Using the command line interface: Using CURL users can make requests to the API

Scaling

• Scaling available: Yes
• Scaling type: Automatic
• Independence of resources: TransportAPI is based on a single tenant architecture for each service, offered over public cloud.
• Usage notifications: Yes
• Usage reporting:
  • Email
  • Other

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
  • Other
• Other metrics:
  • Upstream data source performance
  • System administration indicators
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Physical access control, complying with SSAE-16 / ISAE 3402
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
  • Hardware containing data is completely destroyed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • Github manages and holds all platform code
  • Deployment information held on chef.io
  • Logging data is backed-up on AWS
  • User log-in data is stored on 3Scale.net
• Backup controls: TransportAPI offers a managed back-up service that is specified as part of the service design.
• Datacentre setup: Multiple datacentres with disaster recovery
• Scheduling backups: Users contact the support team to schedule backups
• Backup recovery: Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: TransportAPI provides a service level agreement (SLAs) over average platform availability (Uptime) and response times (Response time).; SLA commitments are applied to monthly minimum levels of Uptime and Response time. Credits are applied if service levels fall below monthly SLA limits.
• Approach to resilience: TransportAPI uses AWS' proven platform resilient features and details of resilience configuration are available.
• Outage reporting: TransportAPI uses standard AWS outage reporting which is relayed to customers via dashboards and by email.

Identity and authentication

• User authentication: Username or password
• Access restrictions in management interfaces and support channels: TransportAPI manages all access to the platform interfaces by username and passwords conforming to the ISO27001 password standards. No role based user accounts are permitted for management interfaces or support channels.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password
• Devices users manage the service through: Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: Between 1 month and 6 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Between 1 month and 6 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: TransportAPI applies the principles of the ISO27001 quality management system for information security.; Responsibilities are devolved from the CTO at board level to development operations management and all development team members according to ISO27001 standard.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All platform changes are handled through change management processes including pull-requests on Github and User Acceptance Testing is applied to new feature roll-outs and customer change control processes before deployment to production.
• Vulnerability management type: Undisclosed
• Vulnerability management approach: The TransportAPI platform manages threats to the service through the procedures set out in its Business Continuity policy. The TransportAPI development operations team subscribe to 'patch and threat' notification systems however TransportAPI does not publish details except on demand.
• Protective monitoring type: Undisclosed
• Protective monitoring approach: The TransportAPI platform responds to potential compromise situations in accordance to its Business Continuity policy. Further details are available on request.
• Incident management type: Undisclosed
• Incident management approach: The TransportAPI platform deals with incidents according to the principles of its Business Continuity policy. Further details are available on request.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Third-party
• Third-party virtualisation provider: AWS
• How shared infrastructure is kept separate: TransportAPI customers have a single tenant service on public or private cloud, as specified by the customer.

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: TransportAPI uses AWS and its sustainability and data efficiency standard policies. These can be found at https://aws.amazon.com/about-aws/sustainability/

Social Value

• Fighting climate change:

  Fighting climate change

  Please see http://www.transportapi.com/
• Covid-19 recovery:

  Covid-19 recovery

  Please see http://www.transportapi.com/
• Tackling economic inequality:

  Tackling economic inequality

  Please see http://www.transportapi.com/
• Equal opportunity:

  Equal opportunity

  Please see http://www.transportapi.com/
• Wellbeing:

  Wellbeing

  Please see http://www.transportapi.com/

Pricing

• Price: £500 to £5,000 a licence a month
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: TransportAPI's fee trial option offers customer access to the full functionality of the TransportAPI platform with access restrictions limited to 1000 hits per day. Full details are available on request.
• Link to free trial: https://developer.transportapi.com

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at jonathan.raper@transportapi.com. Tell them what format you need. It will help if you say what assistive technology you use.