Valerann UK Ltd

Lanternn by Valerann Transport and Logistics

Valerann serves Road Operators as an innovative cutting-edge Intelligent Transportation Systems SaaS company, specialising in Artificial Intelligence, Big Data and Data Fusion technology. Powered by our proprietary Real-Time Fusion Engine, our smart road Traffic Management platform leverages existing ITS infrastructure enriched with modern, connected data sources enabling rapid, informed decision-making.

Features

• View all traffic flow included on the network
• Event based alert from navigation apps and weather sources
• Integration to cameras exposed to internet (VPN or direct)
• Machine vision on IP based, live stream video cameras
• Integration of Legacy ITS back into Valerann's platform
• Integration of location of patrol and maintenance fleet vehicles
• Based on data from existing, internet exposed fleet management platforms

Benefits

• Provides high visibility of traffic concisely
• Enables proactive decision making to avoid incidents
• Provides higher road coverage
• Smooth traffic flow and automated incident detection
• Low cost as it avoids setting up new ITS systems
• Allocating patrols to high-risk areas to prevent/manage incidents better

£36,000 to £240,000 a licence

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at john.fagan@valerann.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

999759994266658

Contact

John Fagan
<removed>
john.fagan@valerann.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Our service can connect to existing ATMS, UTMC, and ITS services. In addition, our service connects to existing legacy ITS sensors (cameras, radars, loops, etc), integrates them into our system, and analyses them to support detection and management of traffic and safety events.
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
• Service constraints: Our product is hardware agnostic (we will integrate with any pre-installed or new ITS equipment e.g., any CCTV camera, radar loop or sensor). However, integration/development effort may be required where the equipment is unfamiliar to us.
• System requirements: Modern web browser such as Chrome, Google etc.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We provide email and ticket support, providing users with a response within the first 24hrs. On weekends, this can take up to 48 hours. The status and priority of tickets is not currently available; however, we will be developing a system that allow users to manage their incidents.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Onsite support
• Support levels: We provide the same level of onsite support to all of our clients. This includes the help from a cloud support engineer. ; ; We provide remote support, via phone and email, and onsite support on a case-by-case basis in agreement with the client. We currently offer one support level for all clients, which covers: Product feature queries and training requests; Troubleshooting and resolution of an issues, fault or bugs identified; In the event of an outage or major fault, regular status updates until such a time as the issue is resolved. ; ; Support is offered 8am-10pm. Out of hours is for emergency support only.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: We provide all of our users a PDF training guide, videos and webinars (for remote onboarding and training). We also provide on-site training as required.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: We host our services and the associated data in a cloud environment allocated to each client. Whilst we typically manage this environment on the client’s behalf, they remain the owner of the account and therefore have access to the data throughout the contract and thereafter, after which our access will be revoked. We can provide appropriate advice to migrate the data to a different location as required in the event the contract ends. We can also enable hosting in a client's own self-managed cloud environment.
• End-of-contract process: Valerann stops collecting data from sources proprietary to the client, unless a different agreement is reached with the client. User access to the platform is limited. Data is archived and can be transferred to the client organisation for storage at request within 3 months of the end of the contract.

Using the service

• Web browser interface: Yes
• Supported browsers: Chrome
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Our SWAGGER interface has full documentation of request parameters and response schema. Our platform has a Web Application interface for Desktop computers. The UI includes a live-view of traffic, weather, and hazardous events occurring on roads, displayed in list format or within widgets/graphs. Information is also displayed on a GIS map interface. Conditions and hazardous events are colour coded to communicate severity. Users can log events through the interface manually, manage status of events, record comments/notes, and share information with other applications, such as collaboration services (Waze/Slack/MS Teams/Whatsapp/email). The interface provides access to live camera streams from integrated CCTV-cameras.
• Accessibility standards: None or don’t know
• Description of accessibility: We have a SWAGGER interface with full documentation of request parameters and response schema. We can also provide an integration staging environment upon request.
• Accessibility testing: We do not currently meet any accessibility standards and have not completed accessibility testing or intentionally adhered to any accessibility standards.
• API: Yes
• What users can and can't do using the API: Our services (live and historical data insights) can be accessed via API without our user interface. We provide API documentation and set up a test environment for integration purposes.; ; The API allows users to retrieve both live and historical insights generated by our services, including events relating to hazards, traffic, risks and weather conditions for a given road or network, including all associated contextual data points (videos from nearest cameras, traffic/weather conditions at the time of the event), the status of traffic and weather conditions over time for any given location. Data can be requested based on LRS or WGS geometries, GeoJSON including points, line and polygons.
• API documentation: Yes
• API documentation formats: Other
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Our system incorporates client specific business rules and configuration to tailor insights to each use case or environment. Utilising our proprietary AI, machine learning and data fusion models as a basis, we ensure the relevance of any alerting, operational workflows and other insights are tailored to each client's requirements on an ongoing basis. This is achieved through our discovery and onboarding process and thereafter through consultation with Customer Success.

Scaling

• Independence of resources: We host our services and the associated data in a cloud environment allocated to each client. Therefore, clients are unaffected by others.

Analytics

• Service usage metrics: Yes
• Metrics types: We utilise UX monitoring tools, such as Hotjar, to monitor user sessions and interactions. All data captured is anonymised i.e., we cannot link specific sessions to specific users.

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: Never
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Other
• Other data at rest protection approach: Encryption at rest
• Data sanitisation process: No
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: We provide a reporting interface through which data can easily be exported on demand.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • JSON
  • GeoJSON
  • MP4
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • Direct database access (ETL)
  • JSON
  • GeoJSON

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Other
• Other protection between networks: VPN access (Tunnel)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: Private Networks, VPN Access, and Encryption at rest

Availability and resilience

• Guaranteed availability: System availability of the hosting, network infrastructure, communications network and Hosting Centre is designed to be seven days per week and twenty-four hours per day, subject to the pre-notification of any scheduled downtime required for system maintenance. Outside of the scheduled downtimes that are agreed with the client, the Performance Target is for the system to be available 99.8% of the time measured over a period of one month.
• Approach to resilience: To ensure we are resilient, we use cloud best practice and database replication across regions (Postgres cluster, Kafka cluster), automated scaling and recovery of services using Kubernetes.
• Outage reporting: We add posts onto our public dashboard and also notify of outages in Slack, email and other channels.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
  • Other
• Other user authentication: We authenticate users with a username and password. We also Whitelist IP addresses.; ; Users can also be subject to identity federation from known providers (Google, Facebook), VPN, 2 factor authentication.
• Access restrictions in management interfaces and support channels: We utilise a role and permission model, meaning some users have restricted access (read only) or may only be able to carry out certain actions within the system based on their user role.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Username or password
  • Other
• Description of management access authentication: Username + Password, Whitelist IP addresses. Optional: identity federation from known providers (Google, Facebook), Optional: VPN, Optional: 2 factor authentication

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: In Autumn (September/October) of this year (2022), we will have ISO 27001 certification.
• Information security policies and processes: The Company takes the security and privacy of data extremely seriously. We comply with our legal obligations in respect of data privacy and security under the General Data Protection Regulation (GDPR). Our data protection policy sets out how we handle the personal data of our customers, suppliers, employees, workers and other third parties. It applies to all personal data we process regardless of the media on which that data is stored or whether it relates to past or present employees, workers, customers, clients or supplier contacts, shareholders, website users or any other data subject.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: We are using numerous microservices and databases. Every change involves automatic tool scanning for quality and security. Changes are logged and tracked and reported automatically. Every change is peer reviewed and QA tested and approved.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Automatic scanning upon every software change using industry recognised tools. Migration and patching as part of the standard on going delivery process (sprints prioritisation and backlog management)
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We identify compromises through investigating of dashboard and logs when an anomalous behaviour/alert is detected.
• Incident management type: Supplier-defined controls
• Incident management approach: Employees report incidents to our Chief Technology Officer, who then notifies all employees via both Slack and Email. Incident / Retro reports are provided internally for major events.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  We are committed to achieving environmental best practice throughout our business activities, wherever this is practicable. This we will achieve through: ; • Observing all laws, bylaws and regulations directly concerned with the environment and which affect our business; ; • Working continuously to improve the effectiveness of our environmental management;; • Providing appropriate environmental training and communicating of this policy;; • Recycling and reusing materials wherever possible including the recycling of wastepaper; and; • Monitoring any environmental impact where possible and if areas of deficiency are identified taking action to improve the situation.
• Equal opportunity:

  Equal opportunity

  We are an equal opportunity employer, being committed to ensuring within the framework of the law that our workplace is free from unlawful or unfair discrimination on the grounds of race, ethnic or national origin, sex, gender, pregnancy, sexual orientation, age, religion, belief, marital status or disability. Our aim is to ensure that staff achieve their full potential and that all employment decisions are taken without reference to irrelevant or discriminatory criteria. Recruitment and employment decisions are made based on fair and objective criteria in accordance with our Recruitment Policy. If staff are disabled or become disabled, we encourage them to let us know about their condition, so that we can support them as appropriate. Working patterns are reviewed to enable us to offer flexible working to staff with carer/childcare responsibilities where possible. Where necessary, special provision may be made for training for staff returning to work following a break for domestic reasons. All staff have a right to equality of opportunity and are under a duty to implement our policy. Breach of our policy is potentially a serious disciplinary matter.
• Wellbeing:

  Wellbeing

  We aim to maintain the wellbeing of all our staff, accommodating to their needs. For instance, we are committed to being flexible to those with children. Within our policy, we ensure that as far as possible staff can combine career and family responsibilities. We recognise that parenthood brings additional responsibilities. This includes maternity, paternity, shared parental, adoption, flexible working, and unpaid parental leave, all of which we ensure that staff know they have the correct rights and duties in accordance with government guidelines.

Pricing

• Price: £36,000 to £240,000 a licence
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at john.fagan@valerann.com. Tell them what format you need. It will help if you say what assistive technology you use.