ESB Meeting Rooms
ESB Meeting Rooms is a cloud software service that provides the capability to manage room bookings and related resources. This intuitive system is designed to work with facilities managers to enable a unified approach to the organisation of their facilities and provides the ability to book rooms through public-facing website.
- Ability to create room bookings
- Create locations and rooms
- Automatic notifications
- Built in reporting services
- Online booking facility
- Manage room resources
- Flexible booking schedules
- Recurring booking function
- Simplify room booking process
- Reduction in costs
- Automation of time-consuming tasks
- Reduction of missed bookings
- Intelligent automated room selection based on user input
- Quickly react to service or council changes
£4995 to £9995 per unit per year
- Education pricing available
1 8 1 0 9 1 1 4 0 5 0 8 4 2 0
0845 680 7147
|Software add-on or extension||No|
|Cloud deployment model||Private cloud|
|Email or online ticketing support||Email or online ticketing|
|Support response times||Each support issue will be raised as a ‘ticket’ on our help desk system and the appropriate resolution will be scheduled and communicated to the client. Our service desk is staffed by knowledgeable staff providing first level support, this is backed up by unrestricted access to our second and third level support provided by our own experienced consultancy and development teams. Priority A - System not usable or service down-1 hour. Priority B - Important production job or service will not run-4 hours. Priority C - Any other problem call -1 day. Additional support levels available upon request.|
|User can manage status and priority of support tickets||Yes|
|Online ticketing support accessibility||WCAG 2.1 AA or EN 301 549|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
|Support levels||Support is standard and included within the licence charge. All customers benefit from the same excellent level of support. Each customer will be provided with a dedicated Account Manager and full access to support channels.|
|Support available to third parties||Yes|
Onboarding and offboarding
As ESB is a flexible platform offering numerous functional parts and each client’s use is bound to be disparate, our approach to on-boarding would be through collaborative working with the client.
The methods we would use to facilitate this would be through a combination of onsite training, online training, and access to our extensive online documentation site.
|End-of-contract data extraction||
The service has in-built functionality to extract information in various formats available to the users.
Additionally if required we will provide a data extraction service tailored to the individual needs of the customer
|End-of-contract process||All client data returned to client.All client access deactivated.Relevant secure processes fully applied.Final invoice prepared.|
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||None|
|Description of service interface||The service interface has been designed to be simple, consistent and as predictable as possible. We use common UI elements, have tried to avoid unnecessary ones and use concise language in our labels and messaging. Page layouts are consistent and structured based on importance, which helps draw attention to the most significant pieces of information. Our service interface communicates readily what’s happening, we use various UI elements to communicate status and next steps which can reduce frustration for users. We anticipate the end goals that our users bring, so we create the relevant defaults that reduce the burden for users.|
|Accessibility standards||WCAG 2.1 AA or EN 301 549|
|Accessibility testing||Use of accessibility tools such as JAWS have been tested for use with browser form UI. Labels and field content have been verified for speech output.|
|What users can and can't do using the API||The API is provided as an HTTPS endpoint accepting either SOAP or JSON requests. It supports creation, viewing and updating of work items, which are the generic unit of data storage within the ESB platform. Configuration of the platform must be carried out via the web-based System Configuration module. Once configured, the API can be used to access and manipulate data.|
|API documentation formats|
|API sandbox or test environment||Yes|
|Description of customisation||The ESB platform provides the functionality to perform in-depth customisation straight out of the box. You can rename and add new fields and sections to your processes with ease. PDF templates can be created and amended to be automatically produced by the system along with bespoke email notifications for your staff or customers. Our in-built granular permission set allows for precise access changes to processes as staff and situations change without having to resort to contacting Pentagull thus ensuring you have control to deal with variations in the work. More experienced users can go even further and amend the rules that govern the automation for your processes. This allows you to continually make changes in the life-cycle of your process ensuring it remains fit for purpose and effective all without incurring any additional costs. All this customisation is available with no coding knowledge required, the platform is designed to be used by anyone with basic computer literacy and a few days training.|
|Independence of resources||
A series of key performance metrics are constantly monitored, ranging from low level operating system counters to high level application layer metrics. This allows us to automatically respond to increases in demand by scaling up the resources allocated to the application before any impact is felt by end-users. By partnering with Amazon Web Services we are able to leverage the vast resources of their Elastic Compute Cloud
(EC2) to ensure that we can continually exceed our capacity requirements.
|Service usage metrics||Yes|
|Metrics types||As a web application our primary performance metric is the page response time. This is carefully monitored to ensure it stays within acceptable levels. In addition to the HTTP response metrics, a number of lower-level metrics are monitored to ensure the application stack remains healthy and responsive. These include CPU usage, memory usage and disk I/O metrics.|
|Reporting types||Reports on request|
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||Up to Baseline Personnel Security Standard (BPSS)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||Yes|
|Datacentre security standards||Managed by a third party|
|Penetration testing frequency||At least every 6 months|
|Penetration testing approach||In-house|
|Protecting data at rest||
|Data sanitisation process||Yes|
|Data sanitisation type||Deleted data can’t be directly accessed|
|Equipment disposal approach||Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001|
Data importing and exporting
|Data export approach||A wide variety of formats and platforms are supported for secure data export|
|Data export formats||
|Other data export formats|
|Data import formats||
|Other data import formats||XML|
|Data protection between buyer and supplier networks||
|Data protection within supplier network||
Availability and resilience
|Guaranteed availability||Service Level Agreements and remedies therein are contract specific|
|Approach to resilience||Our service is hosted on infrastructure provided by Amazon Web Services, who provide a monthly uptime percentage of 99.99%. To achieve maximum resiliency, we utilise all 3 AWS London data centres (known as Availability Zones) as either active or DR locations. This means that in the event of total data centre failure we are able to resume service using one or both of the alternate locations. Impacts to service delivery caused by more routine events such as server patching, server reboots and failure of individual components are mitigated through the use of load balancing and redundant storage. At the network level, AWS provides multiple carrier-independent feeds to each of its data centres.|
|Outage reporting||Service outages, whether unplanned or as part of scheduled maintenance, are communicated to customers via email alerts. Each customer may nominate a number of key personnel who will receive such alerts. The email alerts service is hosted using infrastructure that is totally independent from that which is used to host the service, ensuring that even a catastrophic failure of AWS infrastructure does not affect our ability to communicate with our customers.|
Identity and authentication
|User authentication needed||Yes|
|Access restrictions in management interfaces and support channels||
Access is restricted to designated support staff at a level required for them to perform their role.
In terms of management interfaces there is an escalation process in place whereby senior staff can interface if required.
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||
Audit information for users
|Access to user activity audit information||Users contact the support team to get audit information|
|How long user audit data is stored for||At least 12 months|
|Access to supplier activity audit information||Users contact the support team to get audit information|
|How long supplier audit data is stored for||At least 12 months|
|How long system logs are stored for||At least 12 months|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||World Certification Services|
|ISO/IEC 27001 accreditation date||June 2019|
|What the ISO/IEC 27001 doesn’t cover||There are no exclusions in Pentagull ISMS Statement of Applicability (Annex A) ISO 27001:2013 covers all aspects of Information Technology Security.|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||Yes|
|Any other security certifications||Cyber Essentials|
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||ISO/IEC 27001|
|Information security policies and processes||As part of our ISO27001 certification, Pentagull applies its comprehensive ISMS (Information Security Management System) throughout the Company. The ISMS manager reports all incidents directly to the board of directors. All policies which form part of the ISO 27001 system are applied to staff as part of their induction to the Company and their yearly reviews. Any policy changed outside this time frame is applied when required.|
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||Change control to our ESB platform’s core is managed through the practice of continuous integration (CI). Each build is tracked through formal version control process supported by a software version control system. Each new release has formal unit, integration, security and regression testing and is released into test environments before subsequently making into the live environment.|
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||
Our vulnerability management process is based on industry standards combined with advice from our own hardware/software suppliers. We regularly review our infrastructure to ensure we identify and categorise components based on risk/impact.
Patching is automated where it’s practical to do so, outside of this there we have a robust patch management procedure including a named individual responsible for patch management. All patches are applied within 7 days of release.
In order to keep abreast of the latest infrastructure threats we obtain information from multiple sources - our own hardware, software and infrastructure suppliers, additionally from a number of industry outlets.
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||
We employ proactive monitoring of various logs to detect unusual patterns of activity. This includes traffic and request patterns, authentication attempts and analysis of source IP addresses.
Our Incident Management System is used to manage and respond to any suspected compromise. This provides us with a structured way of handling potential security issues at each step of the investigation, and ensuring timely disclosure to our customers where appropriate. All suspected security incidents are investigated within 24 hours and co-ordinated by our Security Officer.
|Incident management type||Supplier-defined controls|
|Incident management approach||
Customers are able to report incidents using our support portal, this is logged directly into our support desk system with automated RAG categorisation and escalation of priority items.
Workflow within this system is also capable of routing specific problems or customers to an individual or team.
The teams also have access to a knowledge based system that enables for rapid diagnosis of problems.
We proactively monitor incidents on a regular basis to highlight any mitigation that we can put in place to reduce the likelihood of re-occurrence.
|Approach to secure software development best practice||Supplier-defined process|
Public sector networks
|Connection to public sector networks||No|
|Price||£4995 to £9995 per unit per year|
|Discount for educational organisations||Yes|
|Free trial available||No|