This G-Cloud 10 service is no longer available to buy.

The G-Cloud 10 framework expired on Tuesday 2 July 2019. Any existing contracts with FM:Systems are still valid.
FM:Systems

Resource Scheduler - Room, Desk and Resource Booking Solution

Comprehensive flexible and scalable cloud-based workspace management solution incorporating room/desk booking, visitor management, full room servicing, Outlook integration, interactive floorplans, HR data feed, integrated security, mobile application, workplace business intelligence and open API.

Features

  • Conference room, hoteling and desk booking
  • Outlook plug-in
  • iOS and Android mobile application
  • Manage assets/services - catering & AV equipment
  • Visitor and event management
  • Reporting and business intelligence information
  • HR data feed, AD integration and single sign-on
  • Integration with collaborative technologies - Cisco TMS, WebEx, SfB
  • Open API - REST and SOAP
  • Meeting room panels and desk booking kiosks

Benefits

  • Improve meeting room occupancy
  • Increase employee productivity with integrated solutions
  • Suite of intuitive user tools enabling high user adoption
  • Supports centralised and self-serve booking workflows
  • Flexible and scalable cloud solution
  • Increase utilisation with check-in workflow to prevent no-shows
  • Improve service levels with inclusive booking and service provider portal
  • At the room/desk functionality with panels, kiosks and mobile app
  • Improve visitor experience with comprehensive visitor management functionality
  • Leverage existing workplace technology via open API integration

Pricing

£10 to £300 a unit a year

  • Education pricing available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at <removed>@9c0e23bc-f2e5-47fd-bed8-e92cabd6f2dd.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 10

Service ID

1 7 8 1 0 7 4 2 1 1 7 8 1 4 0

Contact

FM:Systems <removed>
Telephone: <removed>
Email: <removed>@9c0e23bc-f2e5-47fd-bed8-e92cabd6f2dd.com

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
Leverage Resource Scheduler's open API the room/desk booking application can be integrated with other collaborative technologies such as Cisco TMS, WebEx, Skye for Business.
Cloud deployment model
Public cloud
Service constraints
Resource Scheduler web application and the Outlook plug-in is compatible with the following:
Outlook 2010, 2013, 2016, Office 365 featuring Outlook 2013 and 2016 Click-To-Run.
Internet Explorer version 9, 10 and 11 (compatibility mode not supported).
Firefox version 43, Google Chrome version 50 (current releases at the time of testing)
System requirements
  • Web application - IE versions 10, 11; Chrome, Firefox
  • Outlook plug-in - Outlook, 2010, 2013, 2016
  • Outlook plug-in - Office 365 featuring Outlook 2013/2016 Click-To-Run

User support

Email or online ticketing support
Email or online ticketing
Support response times
See attached service levels document.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Asure's support structure work in three functional areas: Triage, Tier 1, and Tier 2 Support. Triage attempts to resolve the issue immediately. More complex issues are then escalated to Tier 1 and Tier 2 as appropriate. All issues, bug reports and feature requests can be tracked by clients via our Online Client Care Center.
24 x 7 Online self-support and issue tracking
An online self-support environment is available for all supported AsureSpace users on the Web. The AsureSpace Online Client Care Center
enables customers to:
• CREATE and track problem reports and feature requests.
• ACCESS downloads of all client and server software.
• REVIEW Knowledgebase articles and Tech Notes.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Our implementation/training methodology is to make the customer as self-sufficient as possible via a "train the trainer" approach.
Our standard is to offer online GoToMeeting sessions to key users covering (but not limited to) end-user, admin, visitor management. Recording of theses sessions are provided for future reference.
Onsite training can be provided at extra cost.
Asure's online support portal also includes a knowledge base of articles and videos.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Resource Scheduler uses a SQL server database so any resource, booking and user data can be exported to a CSV file.
End-of-contract process
Once notice is given the services is terminated as per the terms of the contract. Data can be exported by Admin users from within the core application at no cost; and Asure Professional Services can assist with exports from the databases which would be chargeable.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
Application to install
Yes
Compatible operating systems
  • Android
  • IOS
  • Windows
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
The NowSpace mobile application provides a quick and easy way of making simple meeting room and desk bookings whilst on the move. Resources can be searched for, booked, checked-in and cancelled. NowSpace does not support the booking of meeting room services such as catering..
NowSpace incorporates a QR code reader which provides an "at the desk" booking function by the scanning of a QR code.
Accessibility standards
WCAG 2.0 A
Accessibility testing
All application interfaces are text-based or graphical and do not include any audio or video media.
API
Yes
What users can and can't do using the API
The API is designed for the integration of complimentary workplace technologies with the Resource Scheduler application (such as WebEx, Cisco TMS, Skye for Business).
There are ReST and SOAP APIs available.
API documentation
Yes
API documentation formats
  • Open API (also known as Swagger)
  • PDF
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
The Resource Scheduler application can be fully configured to meet the workflow requirements of any organisation.
These include (but are not limited to) self-book and centralised models, approval workflows, service menus, resource hierarchy, user and security groups.
User defined fields can also be created for specific information to be gathered during the booking or for user/booker information purposes.

Scaling

Independence of resources
The Resource Scheduler solution is scalable and flexible.
Asure has clients using cloud hosted Resource Scheduler solutions with over 200,000 users, more than 3,500 resources and making over 1.3m bookings without any degredation to the service.
For large implementations Asure recommends a dedicated hosted environment.

Analytics

Service usage metrics
Yes
Metrics types
Custom reports can be provided to identify usage statistics.
Reporting types
Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
No
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Physical access control, complying with another standard
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
In Resource Scheduler the Admin Tool has a data export wizard. Data can be exported from the SQL database or a CSV file using this tool or by using a database script.
There are also a number of reports with the application which can export data to defined PDF templates based on specific search criteria.
Data export formats
  • CSV
  • Other
Other data export formats
PDF
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Other
Other protection between networks
Resource Scheduler is a cloud- hosted web-based solution.
The application is accessed via an SSL HTTP connection.
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Other
Other protection within supplier network
Asure Software’s Resource Scheduler On Demand Product is a web application where all interaction is performed over a TLS 1.2 connection with the HTTPS protocol. A Resource Scheduler user would initiate traffic from the client network to the application either with a web browser or an outlook plugin.
Resource Scheduler does not require access to any information on the client’s network for basic functionality.

Availability and resilience

Guaranteed availability
The following is taken from Schedule A of Asure’s Limited Use Software Licence agreement.
Monthly Uptime Credit
90.0% - 99.8% 10%
85.0% - 89.9% 20%
84.9% or less 30%
Approach to resilience
Available on request
Outage reporting
Dashboards are monitored by Asure's SaaS Ops team and e-mail alerts are used to immediately notify the team of any outages.

Identity and authentication

User authentication needed
Yes
User authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
Access restrictions in management interfaces and support channels
Role based security, allowing access only to the relevant modules of the application.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
EY CertifyPoint
ISO/IEC 27001 accreditation date
11/11/2016
What the ISO/IEC 27001 doesn’t cover
N/A
ISO 28000:2007 certification
No
CSA STAR certification
Yes
CSA STAR accreditation date
11/4/2017
CSA STAR certification level
Level 1: CSA STAR Self-Assessment
What the CSA STAR doesn’t cover
N/A
PCI certification
No
Other security certifications
Yes
Any other security certifications
  • SOC 1 type 2
  • PII self certified

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
Other
Other security governance standards
SOC, NST, Massachusetts Information security program (the most strict standards in USA).
Information security policies and processes
Asure Software will regularly test and monitor the implementation and effectiveness of its information security program to ensure that it is operating in a manner reasonably calculated to prevent unauthorized access to or use of personal or other sensitive information.
A copy of Asure' Written Information Security Policy is available on request.
The policy is owned by Asure's VP of SaaS/IT, and Asure's COO/CTO is the policy's executive stakeholder.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Asure uses OWASP best practices for development standards.
Regression testing includes security testing.
Asure enforces separation of duties enforced within our applications and systems.
Separate roles exist for developers, release managers, and testers.
Development management ensures that roles are restricted to the access they can be granted.
Only code builds (no actual code) are deployed to test and production environments.
Development only has access to dev environment.
QA only has access to QA environment
The production support teams are the only staff that can update production with any releases, hot fixes or upgrades.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Asure uses third party auditors to complete SOC audits. Currently, Asure RS is SOC 1 Type 2 certified.
Vulnerability Tests. Asure Software performs both internal and external vulnerability tests. OWASP code review standards are in place. We execute a regression test suite on all major releases and use an external party to perform an independent penetration tests every 12 to 18 months, depending on the product changes.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Asure Software provides 24x7 support with mobile and email alerts.
Asure Software uses several tools for logging and system health. Here are a couple of examples: NewRelic, SQL Diagnostics, PRTG.
Asure use IDS that is built into the production firewall. The SaaS team is alerted and determines the veracity and severity of the alert.
Incident management type
Supplier-defined controls
Incident management approach
In the unlikely scenario of a security incident, Asure Software has an incident response procedure. Incidence response policy document is available on request. A few key items on this procedure:
- Clients are notified of all incidents.
- An incident response team is formed.
- All incidents are classified in severity and impact.
- Our legal council is notified on all incidents

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
No

Pricing

Price
£10 to £300 a unit a year
Discount for educational organisations
Yes
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at <removed>@9c0e23bc-f2e5-47fd-bed8-e92cabd6f2dd.com. Tell them what format you need. It will help if you say what assistive technology you use.