WiFi SPARK Limited

Fully Managed Wi-Fi Service

Guest WiFi service delivery platform that safely onboards your staff and visitors onto the filtered internet. Fully branded and customisable User Experience Portals with multiple authentication options, including via social media login. Functionality for Customer Behaviour Analysis, Event Promotion, ROI and App Integration. Extensive User Support and Project Management.

Features

  • Complete solution from design, installation and management
  • Guest WiFi networks with bandwidth management and network management
  • Enterprise grade, best of breed hardware and equipment
  • Bespoke User Experience Portal design and customisation
  • Integration with other services such as apps, surveys and CRM
  • Friendly WiFi Scheme accredited content filtering internet content filtering
  • Business intelligence through SPARK® Analytics
  • Radio, Freeview TV & movies over WiFi
  • User engagement and return on investment opportunities
  • GDPR and legal compliance with 24/7 exceptional support

Benefits

  • One provider to manage your entire solution
  • Multiple networks for public, guest & corporate with different parameters
  • Robust solution with 99.99% availability
  • White labelled and fully customisable to promote the businesses brand
  • Eliminates disparate systems with app integration
  • Safe, secure and compliant connectivity
  • Real-time data and analytics to build customer profiles
  • Streaming services with no bandwidth constraints over the network
  • Drive customer loyalty with targeted messaging
  • 24/7 technical support and network monitoring from technical experts

Pricing

£15.28 per user per year

  • Education pricing available
  • Free trial available

Service documents

G-Cloud 11

111720819901263

WiFi SPARK Limited

Julie Pedrick

0344 848 9555

tenders@wifispark.com

Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to Mobile Apps, CRM Systems, CMS Systems
Cloud deployment model Community cloud
Service constraints WiFi SPARK require an enterprise grade WiFi Network to provide it's services over. Considerations will be made of the clients core infrastructure when designing a WiFi SPARK solution but being technology agnostic in our approach gives us the freedom and flexibility to adapt to the project in hand.
Software and firmware updates will normally be done remotely and have no impact on a live system. Where updates require an interruption to service this will be scheduled by our Support Team in liaison with your authorised Support Contact
System requirements
  • Fully licensed by WiFi SPARK so no buyer requirements
  • Buyer is responsible for buyer's infrastructure licensing
  • Buyer to provide at its cost suitable mains power supplies
  • Buyer to ensure mains power remains connected and live 24/7
  • Buyer to provide suitable rack space if required
  • Buyer to ensure remote access available as required
  • Buyer to ensure permissions granted for kit location if appropriate

User support

User support
Email or online ticketing support Email or online ticketing
Support response times WiFi SPARK offer a telephone and email support service that is available 24 hours a day on every day of the year, including public holidays. This service is manned by support personnel who have been trained by WiFi SPARK, and are based in a UK service centre.

Calls will be answered within a target average time of 60 seconds.
At least 80% of calls will be resolved at first contact.
All calls will be logged on our helpdesk ticketing system and a call reference issued.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Onsite support
Support levels Average call answer time18 seconds.
WiFi SPARK has three Priority Levels for support
Priority 1 Total Loss of Service
Priority 2 Major service degradation
Priority 3 Service Requests and minor/cosmetic faults
On escalation from the helpdesk, an engineer will investigate in accordance with the relevant priority response target. WiFi SPARK has on-call engineers that operates 24/7/365 to cover for Priority 1 incidents.
WiFi SPARK is able to interrogate systems remotely and can often affect repairs without site visits. This may involve reconfiguration of the network to utilise in-built redundancy or to invoke manual or automatic failover of key components.
Major – If an event warrants fast-tracking to an enhanced level of response this is invoked by declaring a “Major Incident”. A Major Incident Manager will be appointed who will manage the situation to an agreed resolution. Enhanced levels of communication/reporting will accompany a Major Incident.
Additional services (e.g. events support) can be provided if required and will be costed on a per-case basis.
For critical components there may be opportunities to purchase additional support from the equipment manufacturer or we may agree to hold spare parts on-site for a rapid fix - to be discussed further with our sales team.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started WiFi SPARK will provide an Account Manager to support and deliver a general introduction to the platform and services and our MarComms team will be involved in the users/admin introduction to Reporting, SPARK® Analytics Portal, Content Management, and SPARK® Dashboard. User guides and marketing materials can be made available, and training sessions over the telephone or Webex organised, if required.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction WiFi SPARK is fully compliant with the GDPR and the Data Protection Act and keeps data as defined by law. Any request for data reporting, removal or destruction can be fulfilled upon request. The only other context for Data Collection is with reference to RIPA/DRIPA requests for lawful tracking.
Data can be accessed via SPARK® Analytics. The client will be given a log in to the Dashboard where real-time data can be viewed instantly, or report on historic data by selecting a date range. All access to data is managed via secure access control mechanisms which ensure only authorised personnel are allowed to view or change the data and all access sessions are logged for audit purposes. All changes are time and user associated. Reports can also be scheduled to email approved addresses with data for regular intervals such as weekly or monthly or real-time direct to the customers CRM system. This can be agreed at the time of contract.
End-of-contract process At the end of the contract, equipment that is purchased by the client will remain the property of the client. Unless otherwise requested, WiFi SPARK will not reclaim equipment. Any account information is held for the amount of time required by HMRC and then securely overwritten. With regards to Personally Identifiable Information, the data is held for the amount of time required by the Data Controller. In the event services are no longer required we will securely export any data requested to the Data Controller and hold the data for one calendar month after cessation of the contract and then overwrite the data.
If the equipment has been provided to the Customer without charge (as set out in the Order Acknowledgement) then the Customer shall promptly return the equipment to WiFi SPARK at a location reasonably designated by WiFi SPARK at the Customer's expense.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service WiFi SPARK design all User Experience Portals (UX) to be completely fluid and responsive on all WiFi enabled devices and works regardless of the operating system or browser. Therefore, the WiFi SPARK solution looks equally as professional and is equally as responsive on phones, tablets and laptops. A one-time registration process and welcome back email means returning users can be automatically reconnected and recognised.
Accessibility standards None or don’t know
Description of accessibility Portal User Journey Interface is WCAG 2.0 AA capable. Specifics of journey requirements are defined during Project Definition near the beginning of the customer journey.
Accessibility testing None
API Yes
What users can and can't do using the API The SPARK® API is a resource rich, proven interface to the SPARK® Managed Service Platform that allows developers to create complex, intuitive and well-designed WiFi on-boarding and analytics services. Customers can develop and host their own user experiences in their own environment using their own developers for true flexibility to stay ahead in innovative WiFi applications.

Three key concepts make up the bulk of the API’s usage:
• Hotspot: Is the wireless enabled area onto which subscribers can connect sessions
• Subscriber: End user access account, optionally contains a username and password
• Session: The active connection of a device onto the network, with a direct relationship to a subscriber
Whilst SPARK® has its own in-built portal logic, it may not be exactly what the customer requires so using the API allows for a fast time to market for new and innovative WiFi applications.

The API is a level3 compliant REST interface, supporting a wide range of HTTP verbs that can manipulate service Resources.
The API supports JSON, XML, and Text payload formatting with discoverable hypermedia links delivered via ATOM as per REST best practice. The API-interface is developer friendly returning descriptive messages with embedded links to the API documentation.
API documentation Yes
API documentation formats
  • HTML
  • PDF
API sandbox or test environment Yes
Customisation available Yes
Description of customisation The SPARK® Platform is a flexible and entirely configurable solution, that is built to customer requirements. The customer can customise: The User Experience Portal (UX), the user journey, which authentication methods they choose to enable, the filtering deployed, the data collected, the analytics reported and that other applications the service integrates with. The customer is able to specify their requirement which is then outlined in a Solution Requirement documentation, signed off by the customer and executed by WiFi SPARK. The design of the UX can be customised by the customer themselves, or by WiFi SPARK, but the customer will have input at every stage of the project implementation to outline their requirements to make the solution fully suited to meet the criteria specified.
The customer will appoint individuals to be responsible for the solution who will liaise with WiFi SPARK throughout the implementation. These individuals will be able to customise agreed elements, whether that would be the design of the UX, selecting which filtering categories to restrict, or managing administrative access to the WiFi by setting up accounts through the SPARK® WebAdmin.

In short, the solution is tailored to the customer.

Scaling

Scaling
Independence of resources The SPARK® Platform applies bandwidth at an authentication level to allow a fair connection to all. The SPARK® service will efficiently manage each connected session, enforcing pre-agreed bandwidth throttling to help protect overall bandwidth.
As an option, a higher bandwidth could be offered as a Premium connection. This could also have a different UX if required.

Analytics

Analytics
Service usage metrics Yes
Metrics types WiFi SPARK have the facility to provide comprehensive metrics on your service users. The detail available for dissection is dependent on the information fields that you agree with us at the beginning of the Project. The greater detail you require when your users register with you, the more granulated and specific the end result. If you glean dates of birth, gender, postcodes from your service users; you will be in an excellent position to paint a picture of your service users, understand them and better focus your marketing to assist in getting the best return on your investment.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Staff screening not performed
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest Other
Other data at rest protection approach WiFi SPARK gleans, processes and enriches data on demand, however the data remains yours and logically segregated within our cloud solution.

WiFi SPARK customer data is held securely behind enterprise level security in our cloud and at rest is encrypted using 256-bit Advanced Encryption Standard (AES).
WiFi SPARK also use Secure Sockets Layer (SSL)/Transport Layer Security (TLS) to protect data in transit between applications and our servers. It's designed to create a secure tunnel protected by 128-bit or higher Advanced Encryption Standard (AES) encryption.
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Data can be accessed via SPARK® Analytics. The client will be given a log in to the Dashboard where real-time data can be viewed instantly, or report on historic data by selecting a date range. Access is managed via secure control mechanisms which ensure only authorised personnel are allowed to view or change the data, with all sessions being logged for audit purposes. All changes are time and user associated. Reports can also be scheduled to email approved addresses with data at regular intervals such as weekly/monthly or real-time direct to the customers CRM system through the SPARK® API feed.
Data export formats
  • CSV
  • ODF
Data import formats
  • CSV
  • ODF

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
  • Legacy SSL and TLS (under version 1.2)
  • Other
Other protection between networks WiFi SPARK has extensive experience in providing both public and professional networks and in ensuring security standards are adhered to.
All guest networks operate on their own isolated layer 2 networks to ensure complete traffic separation. Layer 2 client isolation is also configured to ensure wireless devices cannot inter-connect unless provisioned.
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
  • Other
Other protection within supplier network SPARK® manages the wireless network end-to-end and includes a packet inspection firewall which protects the internal networks from the connected outside networks by only permitting ingress and egress connections that have been agreed to ensure the WiFi SPARK service is operational.
Each SSID supports roaming between APs and can be configured with encryption and 802.1x authentication to protect sensitive data and permit secure authorised use for staff and WiFi connected devices.

The WiFi SPARK service includes a fully featured integrated packet inspection firewall which will only permit connectivity for trusted networks and protocols ensuring unauthorised users are denied access.

Availability and resilience

Availability and resilience
Guaranteed availability The core SPARK® Managed Service Platform has a targeted availability level of 99.95%. Users are able to request a refund via the online refund form where they detail the service location and issues they have faced. This is then reviewed by staff for a full or partial refund depending on the nature of the issue. All information is captured in the helpdesk system for reference and the user is able to update and review their open cases online.
Approach to resilience The core SPARK Managed Service Platform is hosted on a highly resilient platform with several levels of redundancy shared across multiple data centres. Further information is available on request.
Outage reporting All WiFi SPARK services are monitored 24/7 by the SPARK®NMS Network Monitoring System. The system will record service availability metrics such as system uptime with a detailed audit trail for historical analysis. This will form the basis for performance-related measures. When this system detects an unusual event it alerts the WiFi SPARK Support Teams via direct visual alerts, email and SMS text message. In addition, critical alerts are posted automatically to the 24/7 service desk tool called Zendesk™ and a case is created for immediate escalation. An API is available for further integration if required. A customer dashboard facility is available if required. The SPARK® managed service platform is at the centre of the WiFi SPARK® solution. This is a highly available platform with an availability score of 99.99%. As such, the risk of service outage as a result of the SPARK® managed service is very low and would be measured in minutes.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
Other user authentication There are many different authentication methods that clients could choose from:
● Facebook
● Twitter
● LinkedIn
● Free use registration form (name, email, mobile, postcode, etc)
● One-click login (no personal data)
● MAC authentication
● Subscriber login
● Voucher login
● Debit/Credit card
● PayPal
● APP integration and authentication
● Email Validation
Access restrictions in management interfaces and support channels Physical and logical access to all areas and platforms is restricted. WiFi SPARK employ a restrict-all security lock down policy. This means that each user only has access to areas essential to their work, both geographically and on the network. User Privilege access is defined roles and authorised by Directors. WiFi SPARK can also lock down access by IP address where appropriate.
Access restriction testing frequency At least every 6 months
Management access authentication 2-factor authentication

Audit information for users

Audit information for users
Access to user activity audit information No audit information available
Access to supplier activity audit information No audit information available
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 British Assessment Bureau
ISO/IEC 27001 accreditation date May 2019
What the ISO/IEC 27001 doesn’t cover Nothing
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification Yes
Who accredited the PCI DSS certification Security Metrics
PCI DSS accreditation date 6/5/2014
What the PCI DSS doesn’t cover We have PCI Level 4 on SAQ C-vt, and are not covered outside this classification.
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards IASME Cyber Essentials
Information security policies and processes WiFi SPARK has a comprehensive internal Information Security Policy which covers all data processed and housed through the physical and virtual infrastructure. This policy gives insight into WiFi SPARK's processes regarding the physical security of facilities, Disaster Recovery, Password Requirements, Physical Access, Removable Media, Media Destruction, Environmental Hardening, Patches and Updates, Software Development and Transmission of Data. This is not an exhaustive list of topics.

As well as an internal Information Security Management Plan, WiFi SPARK works with its key customers in order to develop tailored Information Security Plans. This is to assist in understanding and for efficient management of their data risks.

These policies are owned and developed by the WiFi SPARK Network Operations (NetOps) team which is responsible for security at WiFi SPARK, with close partnership with the Development Team and Management. NetOps in turn report to Senior Management and Board members in order to ensure that these policies are adhered to and that any changes to these practices are measured and controlled.

WiFi SPARK is also working towards the ISO 27001 accreditation and actively executes practices from this guideline.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach WiFi SPARK operates a structured configuration and change control process as part of its ISO 9001 Quality Management System. This incorporates Change Request forms that need approval by client and a senior manager at WiFi SPARK before changes are approved. Changes are tested in a staging environment before being released to production in an agreed maintenance window. At the detailed level all changes are assessed for potential security implications as part of the controlled development process. All changes are tracked throughout their lifetime in a change log and can be rolled back if required.
Vulnerability management type Supplier-defined controls
Vulnerability management approach WiFi SPARK employs a comprehensive SPARK®NMS monitoring solution covering all aspects of the core platform. This monitoring includes operating system and application versions to ensure protection against any known/new threats/vulnerabilities.
Patching and updating of all core systems is maintained by a central management server (ansible) which checks for updates nightly. Patches/updates are reviewed and deployed through a managed six-weekly sprint cycle, or fortnightly if critical, on the WiFi SPARK staging platform, before being pushed out to live production systems to ensure no adverse effects.
WiFi SPARK systems run on enterprise platforms that receive patches/updates inline with the vendor release cycles.
Protective monitoring type Supplier-defined controls
Protective monitoring approach The solution is monitored 24/7/365 by the SPARK® Network Monitoring System. This records service availability metrics e.g. system uptime, with a detailed audit trail for historical analysis.
WiFi SPARK has a three-tier priority category and a 24/7/365 telephone service. 80% of calls are resolved in first contact. Calls are answered in an average of 60 seconds.

Priority-1
Response: 30 minutes
Target resolution: 1 day

Priority-2
Response: Same day
Target resolution: 1 day

Priority-3
Response: Next business day
Target resolution: 5 business days
Alerts are generated to staff immediately and an investigation will commence in accordance with the priority response target.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach WiFi SPARK operates a structured Incident Management process as part of its ISO 9001 Quality Management System. This incorporates the recording, designation, prioritisation and processing of incidents following ITIL best practice standards. Users can report incidents using the 24/7 helpdesk service or via email to the support teams. This will create a case in the service desk application where all subsequent actions will be logged for full traceability. Incidents that meet predefined criteria will be defined as Major Incidents and a separate MI process will be followed. Incident Reports are compiled by the Service Delivery Manager as required.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks Yes
Connected networks
  • Public Services Network (PSN)
  • Police National Network (PNN)
  • NHS Network (N3)
  • Joint Academic Network (JANET)
  • Scottish Wide Area Network (SWAN)

Pricing

Pricing
Price £15.28 per user per year
Discount for educational organisations Yes
Free trial available Yes
Description of free trial WiFi SPARK is willing to enter a Proof of Concept with Buyers. This will be for a defined period of time (Usually 30 days) and will have defined KPI's assigned to the PoC

Service documents

pdf document: Pricing document pdf document: Skills Framework for the Information Age rate card pdf document: Service definition document pdf document: Terms and conditions
Service documents
Return to top ↑