Honeywell Building Technologies

Honeywell Vector (tm)

Vector is a mobile app allowing the user to use multiple features from wayfinding, comfort requests, rate my space, security and access control, engagement framework, room booking, desk booking all on iOS and Android.

Features

  • Indoor navigation, resource booking and Wayfinding
  • Comfort Request
  • Rate my space
  • Security
  • Access
  • Room booking
  • Desk booking
  • Engagement framework
  • Space Utilisation

Benefits

  • allow people to navigate buildings an estates easily
  • change comfort settings form your mobile phone
  • feedback on spaces direct to the FM or estates team
  • Photo ID on mobile for security passes
  • Bluetooth access on mobile through HID access readers
  • book rooms for meeting s or events on your mobile
  • book desk for hot desking work statuions on your mobile
  • publish content to masses on alerts/events
  • understand how your spaces are used to work better

Pricing

£2 to £12 per user per year

Service documents

G-Cloud 10

293514685011785

Honeywell Building Technologies

Lance Hills

01344656855

lance.hills@honeywell.com

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints None
System requirements Honeywell Enterprise Buildings Integrator software required

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Support response times

within 24 hrs 24/7 365
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Yes, at extra cost
Support levels Site technician support, global service desk support. Cost is provided at point of tender dependent on size of contract. Technical account managers will be provided.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started Onsite training is provided at an extra cost, online and user documentation is provided as standard.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction Data can be extracted upon request in a CSV or XLM format.
End-of-contract process The users and company profile are retired, if required any data held by Honeywell will be deleted and or send to the end user in a CSV or XML format.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Chrome
Application to install Yes
Compatible operating systems
  • Android
  • IOS
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Desktop used for dashboards and reporting.
Mobile app used for comfort requests and wayfinding.
Accessibility standards None or don’t know
Description of accessibility ..
Accessibility testing None
API Yes
What users can and can't do using the API APIs are not public facing.
API documentation No
API sandbox or test environment No
Customisation available No

Scaling

Scaling
Independence of resources All users information/data/permissions are held separately

Analytics

Analytics
Service usage metrics Yes
Metrics types User log in & log out, time and attendance, space rating, too hot / too cold and occupancy.
Reporting types Real-time dashboards

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations European Economic Area (EEA)
User control over data storage and processing locations No
Datacentre security standards Supplier-defined controls
Penetration testing frequency At least once a year
Penetration testing approach In-house
Protecting data at rest Physical access control, complying with another standard
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Users make a request to the support team who extract the data on their behalf.
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability Agreed with customer during contract negotiation.
Approach to resilience Information available on request
Outage reporting Using email alerts to an admin team and all users

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels 2 factor authentication for web apps and dedicated link (Microsoft ExpressRoute) for virtual machines with user name and passwords.
Access restriction testing frequency At least once a year
Management access authentication 2-factor authentication

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for Between 6 months and 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for Between 6 months and 12 months
How long system logs are stored for Between 1 month and 6 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications Adhere to ISA 62443 cyber security standards

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards Other
Other security governance standards (NIST) SP 800-171 and NIST SP 800-53, the International Organization for Standardization/ISO 27001, Cyber Essentials Certificate (CEC), Payment Card Industry (PCI), Sarbanes-Oxley (SOX), Customs-Trade Partnership Against Terrorism (C-TPAT), (AEO), Chemical Facility Anti-Terrorism Standard (CFATS), and Health Insurance Portability and Accountability Act (HIPAA), among other requirements.
Information security policies and processes Honeywell implements global policies, standards, and procedures covering security, hardware and software harmonized through a unified compliance framework to ensure compliance with all laws in all countries where we do business.
The Honeywell compliance framework is aligned to National Institute of Standards and Technology (NIST) SP 800-171 and NIST SP 800-53, the International Organization for Standardization/ISO 27001, Cyber Essentials Certificate (CEC), Payment Card Industry (PCI), Sarbanes-Oxley (SOX), Customs-Trade Partnership Against Terrorism (C-TPAT), Her Majesty's Revenue and Customs Authorised Economic Operator (AEO), Chemical Facility Anti-Terrorism Standard (CFATS), and Health Insurance Portability and Accountability Act (HIPAA), among other requirements.
Honeywell internal controls (physical and logical access, environmental, change management, backup and retention, remote access, firewall management, logging and monitoring, batch processing, segregation of duties, host hardening/vulnerability management, security operations/incident management) are tested by management semi-annually and validated independently by Corporate Audit, Risk Assessment and through regulatory audits throughout the year. PCI DSS self-assessments are conducted annually, vulnerability scanning is conducted quarterly and penetration testing is conducted annually.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Honeywell uses a central system to manage configuration changes.
Infrastructure configuration changes are classified as normal, standard, expedited and emergency. The process is tailored for each change type.
The Change Advisory Board (CAB) reviews changes composed of personnel from many functional areas. The CAB may decide to approve, reject or postpone a change.
Vulnerability management type Supplier-defined controls
Vulnerability management approach To ensure compliance with Honeywell security standards, Honeywell identifies, reports, and corrects server flaws using automated reports and addressed in an expeditious manner by system administration and management.
Windows systems are maintained on a monthly patch cycle. System software components such as applications, database management systems, and web server software undergo security patches and version upgrades as means of software maintenance.
Honeywell has a fully-staffed, 24X7 Security Operations Center, protecting against and monitoring for incidents with an array of tools and techniques.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Honeywell has a fully-staffed, 24X7 Security Operations Center, protecting against and monitoring for incidents with an array of tools and techniques.
When an event occurs, an assessment occurs regarding severity.
If the breach is material, the Honeywell data owner is notified.
The Honeywell data owner identifies all Honeywell business owners/program managers.
The Honeywell business owner is accountable to notify the customer of event details, based on the guidance of the Legal and Export Control teams.
Incident management type Supplier-defined controls
Incident management approach Honeywell has formal review processes which govern the implementation of the incident response plan.
This process incorporates personal data privacy breach response capabilities.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £2 to £12 per user per year
Discount for educational organisations No
Free trial available No

Documents

Documents
Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑