Keyzapp

Keyzapp Key Management System

The comprehensive app for tracking keys. Lookup, issue & return keys in seconds, maintain comprehensive audit records, and automatically chase late keys. Fitting your exact processes, Keyzapp is completely paperless. It can be combined with optional contactless fobs for extra speed. Can also be used for tracking other small assets.

Features

  • Works everywhere- Phones, PC, Mac, Tablets (optional self-service kiosks)
  • Optional contactless fobs enable instant key identification & issue
  • Rapid search to find the key you need in seconds
  • Track keys across multiple offices & departments
  • Chase late keys automatically - text and email reminders
  • Instant reporting of key history by key, property or person
  • Permission Levels control access to information
  • Reserve keys in advance to prevent mistakes
  • Flexible processes adapt to fit the way you work
  • API and Integration hooks enable connection to other systems

Benefits

  • Fast, simple and intuitive - minimal staff training required
  • Works with your existing key numbering and storage cabinets
  • Saves staff time- key administration, searching and reconciling key books
  • Faster and less error-prone than logbooks and spreadsheets
  • Improves security- eliminates the need for written records
  • Saves money - Prevents lost keys and replacement locks
  • Prevents lengthy investigations
  • Promotes accountability and removes uncertainty over who has the keys
  • Simplifies and and promotes accurate record-keeping
  • Minimal IT management required

Pricing

£45 per unit per month

  • Free trial available

Service documents

G-Cloud 11

426598401943605

Keyzapp

Phillip Carter

03300885500

phillip.carter@keyzapp.com

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints Normal service operates 24/7 except for planned maintenance notified in advance
System requirements
  • Works on all modern web browsers
  • Optional Contactless scanning on PCs: Requires Windows 7+
  • Optional Contactless scanning on iPhone: Requires iPhone 7+
  • Optional Contactless scanning- Android: Requires NFC capability (most models)
  • Optional Contactless scanning- Windows Phones: Requires NFC (most models)

User support

User support
Email or online ticketing support Email or online ticketing
Support response times We aim to respond to email within 4 working hours (excluding weekends). Out of hours service may be discussed and priced separately.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Telephone and email support during UK business hours. Once in place, we find support is rarely required.

Onsite support or training visits (the majority of customers DO NOT require this) are available at £800+VAT per day + reasonable travel, accommodation and subsistence expenses.

Services falling outside of the scope of standard support are chargeable at £80+VAT per hour. These are always OPTIONAL services and typically used for additional training conducted remotely (subsequent to any training provided as part of initial setup), data migration and integration work.

Additional support may be agreed at extra cost, depending on needs.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started A remote training and setup session is provided as standard, and online support tools and user documentation are subsequently available. Additional training sessions are generally chargeable.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction All data held in the system is exportable to Excel spreadsheets.
End-of-contract process The price of the contract includes licence to use the online software, backup of data, incremental upgrades and standard support.

At the end of the contract term, renewal is assumed unless cancelled by the subscriber.

Upon cancellation, a cancellation date will be agreed and services will become inaccessible after that date. Users will have the ability to download their data in Excel format prior to this date.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install Yes
Compatible operating systems
  • MacOS
  • Windows
Designed for use on mobile devices Yes
Differences between the mobile and desktop service No differences
API Yes
What users can and can't do using the API The API enables organisations to synchronise property/facility details from existing systems.

Web hooks can be sent from the system to alert other systems of key events (e.g. key signed out/in or key becoming overdue)

API setup and support are not provided as part of the standard support package and may require additional support arrangements.
API documentation Yes
API documentation formats PDF
API sandbox or test environment No
Customisation available No

Scaling

Scaling
Independence of resources Active internal monitoring processes and automatic cloud-scaling are in place to ensure service demand is managed effectively, using the Microsoft Azure Platform.

Analytics

Analytics
Service usage metrics Yes
Metrics types The app provides reports on the screens that different employees visit within the app, and the activity of users and individuals with regard to sign keys in and out. These are not only useful for compliance purposes but also aid in the identification of mistakes and gaps in training for specific team members.
Reporting types
  • Real-time dashboards
  • Reports on request

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Staff screening not performed
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations No
Datacentre security standards Supplier-defined controls
Penetration testing frequency Less than once a year
Penetration testing approach In-house
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
  • Other
Other data at rest protection approach Physcial access controls are provided as part of the Microsoft Azure Cloud services upon which our app relies. These are audited across amy different standards. Additional information can be provided as required
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach In-house destruction process

Data importing and exporting

Data importing and exporting
Data export approach The app provides an option to export all data to spreadsheets in Excel format.

Support can proved data in CSV format on request
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability Whilst we do not guarantee specific service levels, we aim to achieve 99.99% availability, and exceeded this for the past 3 years.
Approach to resilience The service operates on the Microsoft Azure cloud platform, with redundancy and fail-over built in across multiple regions. Additional information can be provided on request.
Outage reporting We provide email alerts for any significant service outage

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels Access to management interfaces is controlled by administrator users within the organisation. Our support staff will verify the identity of those contacting us, where a request requires information specific to an organisation to be discussed. Password reset information, for example, is sent to registered email of users within the system.

Within our own support teams, each team member has unique credentials and permissions within our management back-end.
Access restriction testing frequency At least every 6 months
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach The application is programmed with security at the forefront, and uses industry standard techniques practices and protocols. Security practices within our team are reviewed regularly.
Information security policies and processes Keyzapp maintains a data security policy, and holds regular training and checks to ensure that it is followed. The policy covers staff devices, password security, malware, hacking, encryption, data classifications (e.g. confidentiality).

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Keyzapp is a cloud-based system that deploys regular updates to the service. Customers are advised where any planned downtime is expected (this is rare for the majority of updates). We use industry standard source control and can to roll back if required. All changes are assessed by our development team for security impacts.
Should any security vulnerability be identified, it is patched as a matter of priority. From a customer perspective, the service functions as a single component, tracked through update communications. Internally, basic design/configuration for various components documentation is kept and updated as necessary.
Vulnerability management type Supplier-defined controls
Vulnerability management approach The underlying Azure platform is monitored and patched for vulnerabilities constantly. At the product level, potential vulnerabilities are considered in an ongoing process prior to development of any new functionality. Our team follows industry security news very closely, and consistently evaluates any potential risk to our service. Basic vulnerability assessment takes place by the development team prior to any release. Security patches are worked and deployed with maximum priority following their identification.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Potential compromises are assessed through a combination of proactive following of industry news, and active monitoring of the application environment for potential threats. Upon threat discover, containment and the security of customer data is prioritised, prior to any further remedial action. Where a threat is judged to be significant, a plan is put in place to address it. Incidents are responded to with maximum priority (target is within 24 hours) and communications sent to customers as appropriate.
Incident management type Supplier-defined controls
Incident management approach A process is in place for outages, which includes the transmission of backup data via spreadsheet to enable customers to work whilst the problem is being addressed. Customers report incident by calling our well publicised support number, or by email. Incident reports are provided on request. Where the situation warrants it, a communication email will be sent to affected parties.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £45 per unit per month
Discount for educational organisations No
Free trial available Yes
Description of free trial Trials are provided based on the applicability for the organisation applying, usually for less than 300 keys. Trials include use of the system for any number of individuals for 1 month. Trials are provided with a commitment from the purchaser that they will follow our guidance and best-practices.

Service documents

pdf document: Pricing document pdf document: Terms and conditions
Service documents
Return to top ↑