BookingLab

JRNI Booking Service formerly BookingBug

BookingLab deliver a cloud based appointments, queuing, events and course booking solution for public sector use. Built on JRNI, our enterprise platform provides organisational wide booking capability to rationalise existing systems and remove or minimise manual processes. JRNI enables self-service and automation, simplifying complicated and high-volume booking and scheduling requirements.

Features

  • Trusted reusable booking journey templates for public sector use
  • Manage bookings, staff and resource availability in a single system
  • Centralised Customer View for customer relationship management
  • Accessibility standards to WCAG 2.1 AA for customer journeys
  • Configurable business rules providing service control and flexibility
  • Booking notifications via email and optional SMS configuration
  • Booking reporting and data management tools for analysis
  • Event and course types with complex ticketing and waiting lists
  • API integration options, pre-built Office 365 and payments
  • Drive appointment allocation using location data (GIS)

Benefits

  • Ability to take bookings 24/7, providing customer convienience
  • Reduce systems with single platform for appointments, resources, events
  • Improved customer experience, with seamless, mobile friendly, accessible journeys
  • Increased uptake, by providing access across all contact channels
  • Provide customer choice and convenience, greatly improving satisfaction
  • Reduced calls and avoidable contact, freeing resource and administration
  • Possible to include spatial logic to drive field workforce productivity
  • Trusted reusable packages to minimise cost and delivery time
  • Smart business logic and appointment allocation, improving resource utilisation
  • Automated communication with customers, via customisable email and SMS

Pricing

£3000 per unit

  • Education pricing available
  • Free trial available

Service documents

Framework

G-Cloud 11

Service ID

3 1 6 3 8 8 8 4 8 0 4 7 7 4 9

Contact

BookingLab

Chad Duggan

03334440203

chad.duggan@bookinglab.co.uk

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
JRNI is a SaaS solution and any service constraints are handled and managed by the supplier.
System requirements
  • Modern web browser
  • Internet connection to the JRNI service

User support

Email or online ticketing support
Email or online ticketing
Support response times
Please refer to our Service Level Agreement included with our Terms and Conditions.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Core support is provided between 9am – 5pm Monday to Friday.

Our supported customers receive access to our Support Desk; SLAs for response and resolution are included as standard and part of the annual license fee. 'How to' video guides, FAQ knowledge-base and a getting started training manuals available.

As well as proactively monitoring your performance and providing regular platform-wide improvements, our Support Team will answer general queries about the solution, resolve technical issues and manage any escalations.

24/7/365 support available on request only and must be included in an agreed Statement of Work.
Support available to third parties
No

Onboarding and offboarding

Getting started
Approved customers are on-boarded through the creation of JRNI Staging and Production Environments.

BookingLab has a highly skilled configuration team who are able to assist with the initial setup and configuration of the system to meet the individual client needs. From this point the client will be able to alter those configurations themselves.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
The JRNI platform can export data in several different ways depending on the receiving platform. SFTP is commonly used for CSV data, but our API can also support secure JSON data streams over HTTPS in and out of the platform. If the existing data transfer options are insufficient, we also employ a tightly-bound micro-services architecture as a core part of our platform, which allows us to create very small and simple bespoke services to send or receive data from almost any 3rd party source.
End-of-contract process
Off-boarding follows the publication of automated emails and then the closure of their JRNI account.

It is the customer’s responsibility to download all collected data prior to the project completion. This can be exported directly from the platform admin interface. All booking and customer data can be extracted in a number of formats to ensure a safe and secure migration to any new systems being used. This would be an agreed format between the supplier and buyer.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
The JRNI platform is built from the ground up as a mobile-based application. All features and functionality delivered by the product are compatible with both Mobile and Desktop supported browsers.
Service interface
No
API
Yes
What users can and can't do using the API
The JRNI REST API is a HAL based API that allows you to manage all aspects of the JRNI platform.

JRNI is separated into three different APIs:

Public - The public API does not require authentications and it enables you to get information about services, resources, events, add items to the basket, view basket and checkout.

Member - The member API enables you to log in as a member, make bookings and amend or cancel their previously made bookings.

Admin - The admin API enables you to administer the account, such us create or amend people, resources or clients and view bookings.
The request format of the three APIs are:

Full developer documentation can be found at: dev.bookingbug.com
API documentation
Yes
API documentation formats
  • Open API (also known as Swagger)
  • HTML
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
Examples of areas of the JRNI solution that can be customised include - additional services, additional resources, additional staff members, user levels, hierarchical user structures,notification settings, interface, layout, branding, pre and post booking questions.

Users can customise JRNI via platform configuration or via in-house custom development.

BookingLab has a highly skilled configuration team who are able to assist with the initial setup and configuration of the system to meet the individual client needs. From this point the client will be able to alter those configurations themselves.

Scaling

Independence of resources
Via a dedicated cloud service or auto scaling policies.

Analytics

Service usage metrics
Yes
Metrics types
JRNI monitors availability from 3 locations; traditional server performance monitoring tools, hypervisor and load-balancer control panel systems ( via Amazon ) and external third-party availability monitoring packages. Other metrics are extracted from the system using report generation processes. We provide information on system uptime; Service Level Agreement metrics; security related metrics.
Reporting types
Reports on request

Resellers

Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
JRNI formerly BookingBug Limited

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Yes
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least every 6 months
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Each organisation has complete access to their database, extensive Web Services API’s and development tools. All data is completely exportable, transferable and secure.
Data export formats
  • CSV
  • Other
Other data export formats
JSON
Data import formats
  • CSV
  • Other
Other data import formats
JSON

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
JRNI guarantees that the Booking Service will be available, excluding Downtime caused by Scheduled Maintenance, Emergency Maintenance or a Force Majeure Event, 99.5% of the time in a given calendar month (1st day to last day) ("Service Level"). The Service Level will not apply (and therefore no Service Credits will be applicable) to the extent that any Service Level Failure is caused by a failure of the Customer to comply with any Customer dependency or obligation, detailed in a Statement of Work or Order Form or the Master Subscription Agreement.

If, as recorded at the end of a calendar month, the JRNI Service fails to achieve the Service Level, Customer is eligible to receive a Service Credit as detailed in the table below. The Service Credit percentage will be calculated in relation to the Fees payable in the month in which the Service Level Failure occurred.

Uptime in a calendar month - (Service Credit)
Less than 99.5% but greater than or equal to 99.0% - (5%)
Less than 99.0% but greater than or equal to 95% - (15%)
Less than 95% but greater than or equal to 90% - (50%)
Less than 90% - (100%)
Approach to resilience
Available on request.
Outage reporting
Monthly report provided via the Customer Success team.

More information available on request.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
Named representatives only by user role.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
Lloyds Register Quality Assurance
ISO/IEC 27001 accreditation date
04/12/2017
What the ISO/IEC 27001 doesn’t cover
This certification is held by the service vendor: JRNI, formerly BookingBug Limited.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
Yes
Who accredited the PCI DSS certification
Security Metrics
PCI DSS accreditation date
27/11/2017
What the PCI DSS doesn’t cover
This certification is held by the service vendor: JRNI, formerly BookingBug Limited.
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
No
Security governance approach
Follow ISO27001.
Information security policies and processes
JRNI follow:
Internal audits in line with ISO27001;
Any deviations logged as tickets and fully investigated;
Issues mitigated.
Managed by our Engineering team.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Service components continue to be tracked and reviewed monthly, with risk assessments on security impacts.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Servers are built and attached to configuration management systems before being tested and permitted to access data, or accessed by the internet. These systems apply security requirements, including remedial actions found during penetration tests. Monitoring and IDS systems monitor for vulnerable settings, and alert engineers.

Weekly reviews of CVE vulnerabilities are performed. Staff subscribe to updates from core news sources. Security incidents and vulnerabilities are investigated by the ISM and Operations. Issues are dealt with on the associated threat. Key contact points exist with customers.

Patches are deployed on a priority basis, critical patches being deployed as soon as possible.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
JRNI monitors availability from 3 locations; traditional server performance monitoring tools, hypervisor and load-balancer control panel systems ( via Amazon ) and external third-party availability packages.

Real-time Intrusion Detection Systems are installed on all servers. Logs and activities are monitored at 3 levels - On-host, central in-environment, and JRNI central log management locations. This allows for per-server IDS services. File integrity is ensured by the IDS system and server monitoring. Core files that are managed by central configuration management are monitored and reverted if changes are found. Alerts are directed to the Operations team, who operate an on-call 24/7/365 rota.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
BookingLab responds to incidents based on the terms of the Master Service Agreement that is in place between BookingLab and each customer. These terms are agreed as part of the contract process and defines the response process for 4 levels of incident, ranging from P1 (service inoperable) to P4. Incident reports are directed to the customer via an agreed process. This is usually passed between the BookingLab Account Manager and a nominated representative at the customer.

BookingLab and JRNI incorporates automation of issue resolution actions, where possible. Other issues have defined steps stored in an incident management wiki.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
Yes
Connected networks
NHS Network (N3)

Pricing

Price
£3000 per unit
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
A 14 day free trial of one of three SME versions of the software available on request.

Service documents

Return to top ↑