TAAP Visitor Book

TAAP Visitor Book is a solution for every organisation of any size that wants a new modern contactless digital reception.

In just a few seconds it allows Employees, Contractors and Guests to digitally sign in and out using their smartphone.

Its Covid Safe & hygienic for the new normal.


  • Digital Visitor Book
  • One app to sign into any organisation, business or event
  • Hygienic
  • Visitor ID Badge Generation
  • GDPR Compliant Digital Visitor Book
  • Variable Data Entry by Location including Photos
  • Web App/Device App for use on any type of phone
  • Contactless / No Touch so Covid Safe, no touch
  • No special hardware or equipment required


  • Fast and Efficient to Sign In, 1 - 2 seconds
  • Cloud Hosted, no special hardware required
  • Can be live in 30 minutes from order
  • Allows for Guidance / Terms of Entry to be agreed
  • Fire and Safety Instructions provided to guests
  • On Evacuation identify people in building that need assistance
  • Global App and streamlines sign in process
  • Alerts meeting host when guests arrive for a meeting


£55 a unit a month

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Steve.Higgon@ontaap.com. Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 12

Service ID

3 8 2 4 2 8 3 1 0 8 4 2 8 7 6


TAAP LTD Steve Higgon
Telephone: 08452309787
Email: Steve.Higgon@ontaap.com

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
TAAP Visitor Book is built on the TAAP Enterprise Application Platform. You can extend TAAP Visitor Book to include almost any additional digital workflows or FM services you might require.
Cloud deployment model
  • Public cloud
  • Private cloud
  • Hybrid cloud
Service constraints
The solution is being continually extended and their are no constraints or restrictions.
System requirements
  • Reception Service requires browser access to the web
  • People signing in need access to the web
  • The solution will work with all modern mobile phones

User support

Email or online ticketing support
Email or online ticketing
Support response times
We provide normal business working hours support. Support is managed/delivered via an Email Support desk.
User can manage status and priority of support tickets
Phone support
Web chat support
Onsite support
Yes, at extra cost
Support levels
Email support is the primary contact model. If there are significant issues we would revert to telephone support to fix and resolve
Support available to third parties

Onboarding and offboarding

Getting started
Our users are setup by: 1) our Partner Channel, 2) our Direct Sales Channel. Depending on who the end user is, assistance will be provided depending on how they were acquired initially. A user is given a plethora of documentation upon signing up to the TAAP Visitor Book system available online. In addition to FAQs, online group training may be provided via screen share.
Service documentation
Documentation formats
End-of-contract data extraction
TAAP Visitor Book has a configurable retention period; after which data will be auto-purged periodically. However, should a user wish to extract their data before the contract ends, on the proviso there is data in the system prevalent before the retention period is executed, their data will be available securely via an encrypted .zip file (data dump).
End-of-contract process
The TAAP Visitor Book is a SaaS (software as a service) product with a 1 year minimum contract term commitment.
Within the contract price is our base product license for the company and a license fee for each site/location.
An additional cost will be if a company wants to use additional features that would require the 'Pro' version of the product; in which case depending on the requirement, the cost is adjusted accordingly, payable in arrears.
At the end of the contract, login to the system is severed and we will engage with the end user at least 4 weeks before the end of the contract term to gauge their intentions.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
No - its designed for a mobile sign in device and web browser for reception/management.
Service interface
What users can and can't do using the API
Its a service API we can extend for integration with 3rd party apps. This is a costed POA service feature.
API documentation
API sandbox or test environment
Customisation available


Independence of resources
TAAP Visitor Book uses scalable Cloud services. Scalability ensures TAAP Visitor Book application can handle bursts of traffic or resource-heavy jobs. This is handled automatically by scaling up the architecture it's hosted on. Auto-provisioning of more resources means handling more traffic or demand from other users. Therefore, TAAP Visitor Book is unaffected by loads and demands from other users, which is why the product can be used Globally with infinite users.


Service usage metrics
Metrics types
Reports on request.
Reporting types
Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Other data at rest protection approach
The Cloud hosting provider for TAAP Visitor Book includes tools to safeguard data using Encryption at Rest as a security requirement. The the goal of encryption at rest is that data that is persisted on disk is encrypted. The Encryption at Rest designs in Microsoft Azure use symmetric encryption to encrypt and decrypt large amounts of data quickly, therefore protecting the data at all times.
Data sanitisation process
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
Users may export their data from the TAAP Visitor Book web portal; export functionality is provided through any modern web-browser, in .csv export format. However, customer's need to be aware of data retention rules pre-configured by them at the start.
Data export formats
Data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
The Cloud provider for TAAP Visitor Book, Microsoft Azure, offer a 99.9% availability of services as per this link: https://azure.microsoft.com/en-gb/support/legal/sla/summary/. However, this isn't guaranteed as depending on the severity of the issue, outages could last for several hours. TAAP therefore have an inhouse support SLA built into our service contracts with their customer/end-user, reviewed on a case-by-case basis in regard to refunds if the guaranteed levels of availability are not met. More details of this can be provided upon request.
Approach to resilience
Reliable applications are: 1) Resilient - and recover gracefully from failures, and they continue to function with minimal downtime and data loss before full recovery, 2) Highly available (HA) - and run as designed in a healthy state with no significant downtime. Resiliency is achieved by using a Cloud provider that has national and global infrastructure presence. This is referred to as 'Reliability Pillar', building a reliable scalable application in the Cloud is different from traditional application development. While historically software houses may have purchased levels of redundant higher-end hardware to minimise the chance of an entire application platform failing. In the Cloud, TAAP acknowledge up front that failures will happen. Instead of trying to prevent failures altogether, the goal is to minimise the effects of a single failing component, therefore coupled to the TAAP V3 web architecture that sits above specific components in the Cloud, TAAP Visitor Book uses basic system components that aren't reliant on specific features of the Cloud provider, meaning we are Cloud provider agnostic to be up and running in an indifferent region or provider with minimal effort, should the adverse occur.
Outage reporting
Outages are reported through our Support platform so that it's publicly available to our clients when raising a support request. Equally, we have alerting setup so that we are aware of the issue before our end-user. These alerts are real-time email alerts and we have access to the underlying Cloud provider's dashboard / platform to ascertain the matter at first hand.

Identity and authentication

User authentication needed
User authentication
Username or password
Access restrictions in management interfaces and support channels
Restrictions in access within interfaces and support channels are defined by permissions. For instance, a standard operative may be given minimal permissions to access parts of the system, therefore their role will be labelled accordingly. Whilst, a System Administrator or Super User may be given wider permissions and their role will be labelled accordingly. The Role is then applied to the User and this is reviewed periodically for any changes, i.e. starters/leavers and for users who move side-ways in an organisation. All of TAAP's V3 Web Platform features are highly configurable for access control and management via an Admin GUI.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
How long system logs are stored for

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications
Any other security certifications
  • GCHQ certified training in InfoSec and Cyber Awareness
  • GCHQ certified GDPR Practitioners within the business
  • Infosec programme with the aim to get ISO27001 certified

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance approach
TAAP as a business has Governance, by putting in place organisational policies and processes which govern the business's approach to the security of network and information systems. Security Governance is integrated with your business's usual decision making structures and processes; the inhouse Information Security Executives team are involved at all levels to ensure decisions about risk can be made and people are aware of the right security, business and technical knowledge, skills and experience required when planning, building, managing and maintaining information systems and new processing. Clear lines of communication exist within the organisation.
Information security policies and processes
TAAP follow ISO27001 best practice coupled to GDPR best practice to protect rights pertaining to individuals (data subjects). An IT Security Policy identifies the rules and procedures for all individuals accessing and using an organization's IT assets and resources. TAAP have a defined Information Technology (IT) Security Policy identifying rules and procedures for all individuals accessing and using the organisation's IT assets and resources. The reporting structure is top-down; the CEO has approved the IT Security Policy and the overall ISMS (Information Security Management System) programme. There is a nominated team of Information Security Executives who meet at least monthly with documented assessment and improvements, through policies, procedures and information security awareness meetings.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Any change to TAAP Visitor Book goes through a change management process and is version controlled accordingly with a publicly available version release statement demonstrating the product's evolvement over time. Configuration management encompasses an internal process to ensure resources and components are maintained at a consistent state; this consistent state is referred to as a baseline and this is monitored to ensure protection from unauthorised access and changes using change control. Change control encompasses a process that focuses on managing the changes that affect the configurable items to ensure confidentiality, integrity and availability isn't compromised.
Vulnerability management type
Vulnerability management approach
Potential threats to services are discussed continually within the inhouse IT security executives team. Using the methodology of cyclical practice of identifying, classifying, prioritising, remediating, and mitigating software vulnerabilities, TAAP Visitor Book is continually assessed from a security and data protection perspective. Architecturally, the system is hosted with a Cloud vendor, therefore as part of their compliance they will continually patch their underlying infrastructure and services, reviewable here: https://azure.microsoft.com/en-gb/overview/trusted-cloud/. We will receive our information from various online information security bulletins the inhouse security team subscribe to.
Protective monitoring type
Protective monitoring approach
TAAP as a business have various indicators and alerts setup to identify potential compromises, for example: Unusual Outbound Network Traffic, Anomalies In Privileged User Account Activity, Other Log-In Red Flags / Unusual Lockouts, Swells In Database Read Volume, HTML Response Sizes, Large Numbers Of Requests For The Same File, DNS Request Anomalies, to name a few. Response is on-demand, the Information Security Team continually assess and react with immediate effect. A risk register/log is maintained by the team which is used a method for continual improvement to information security to mitigate incidents.
Incident management type
Incident management approach
TAAP have an incident policy and procedure managing IT service disruptions and restoring services within agreed service level agreements (SLAs). The scope of incident management starts with an end user reporting an issue and ends with a service desk team member resolving that issue within a defined and prescribed time period. Users report incidents through a designated Support Desk system; into which a ticket is raised and acknowledged. Incidents are categorised into High/Medium/Low, depending on the severity and impact. Reports are generated weekly as an ongoing compliance measure to ensure all incidents are dealt with accordingly and timely.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
Connected networks
  • Public Services Network (PSN)
  • Police National Network (PNN)
  • NHS Network (N3)
  • Joint Academic Network (JANET)
  • Scottish Wide Area Network (SWAN)
  • Health and Social Care Network (HSCN)


£55 a unit a month
Discount for educational organisations
Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Steve.Higgon@ontaap.com. Tell them what format you need. It will help if you say what assistive technology you use.