Centerprise International Ltd

Centerprise Room and Resource Management System by GoBright

The Centerprise Room booking and Reservation Service
by GoBright, is a highly flexible smart workplace solution suite, designed to allow booking of resources such as meeting rooms/spaces and work desks, supplemented by way finders and interactive maps, and a visitor management solution, all unified under a single cloud-based platform.

Features

  • Room Booking
  • Desk Booking
  • Visitor Management & Badge Printing
  • AV Room Control
  • Workplace Analytics
  • Interactive map kiosk
  • Meeting Room Service Handling
  • Digital Signage
  • Integration with Office365, Exchange and Google G Suite
  • Integration for Linak based height adjustable desks

Benefits

  • Book meeting rooms or desks either remotely or locally
  • 5 ways to book - Outlook/ web/ mobile/RFID/kiosk.
  • Book services for rooms, such as food/drink/room layouts.
  • Pre-book visitors to the building.
  • Control AV equipment in the room manually/automatically
  • Digital Signage solution allows for display of images or videos
  • Desk cleaning feature for desks
  • Gain detailed analytics on room and desk use.
  • Facilities Managers can open/close specific spaces for booking
  • Visitor attendance lists to support track and trace

Pricing

£27.50 to £2,000,000 a unit a year

  • Education pricing available
  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tendersteam@centerprise.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

4 6 1 1 8 7 3 3 6 1 5 1 7 3 3

Contact

Centerprise International Ltd Tenders Team
Telephone: 01256 378 000
Email: tendersteam@centerprise.co.uk

Service scope

Software add-on or extension
No
Cloud deployment model
  • Public cloud
  • Private cloud
  • Hybrid cloud
Service constraints
If integrating with O365, Exchange or Google, a user with room impersonation rights needs to be set up as a requirement.
System requirements
Suitable network points are required for hardware

User support

Email or online ticketing support
Email or online ticketing
Support response times
Multiple service tiers available.
Standard level provides response within 15 minutes, Monday - Friday 9:00 - 17:30
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
1. Overview.
There are 3 Service Desk packages: Silver, Gold and Platinum. Service Hours are 09:00 to 17:30 Monday to Friday (excluding UK Bank Holidays); Gold Service Hours are 08:00 to 20:00 Monday to Friday (excluding UK Bank Holidays); and Platinum Service Hours are 24x7x365.

2. Incident Target Resolution.
Priority 1 - High. Service is completely unavailable or there is a critical impact on the Customer’s business operation: 4 hours.
Priority 2 - Medium. The Service is severely degraded or there is a significant impact on the Customer’s business operation: 8 hours.
Priority 3 - Low. The quality of the Service is degraded and is affecting one or more users: 16 hours.
Priority 4 - Service Request. Customer is seeking a change to the Service: 5 working days.

3. Service Credits.
A Service Credit regime is used to recompense the Customer for failures to meet the agreed Service Level. Service Credits are valued as a percentage of the related Service Charges for the month.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Getting started guides available on GoBright website.
We provide base level online training and user documentation. As an additional service, if required, onsite or offsite training can be provided (at a cost).
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
At the end of the contract, should the user wish to extract their data, then all data is held in Exchange, and can be extracted from there.
End-of-contract process
If no renewal is made, access to the Gobright portal is suspended from the licence end date. Hardware devices will no longer communicate with the Gobright cloud platform.

Using the service

Web browser interface
Yes
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Yes
Compatible operating systems
  • Android
  • IOS
  • MacOS
  • Windows
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
There are no material differences between mobile and desktop services.
Service interface
Yes
Description of service interface
Settings available in web portal
Accessibility standards
None or don’t know
Description of accessibility
Documentation is accessed via an online portal. Compliance and accessibility standards are currently being reviewed by the vendor.
Accessibility testing
None
API
Yes
What users can and can't do using the API
Details available from GoBright on request
API documentation
Yes
API documentation formats
PDF
API sandbox or test environment
No
Customisation available
Yes
Description of customisation
Users can choose the modules needed for their requirement

Scaling

Independence of resources
We use Cloud technologies that are designed to insure appropriate resources are at all times allocated to the most intensive processes. In the case of the GoBright service, we use Microsoft Azure as the Cloud hyperscaler.

Analytics

Service usage metrics
Yes
Metrics types
Analytics on room/desk use, list of historical bookings, list of room desk live status are all available.
Reporting types
Real-time dashboards

Resellers

Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
GoBright

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Physical access control, complying with CSA CCM v3.0
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Booking data can be exported to .csv, although if integrated with O365, Exchange or Google, this will not be necessary as the organisation on would still have all booking data here anyway
Data export formats
CSV
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Other
Other protection within supplier network
Logical separation of data through VRFs (Virtual Routing and Forwarding).

Availability and resilience

Guaranteed availability
SLAs are customer and contract dependant.
Approach to resilience
All core components are deployed across geo-redundant sites with services load balanced across sites. An individual site is capable of running all services under load in the event of a critical failure of the other. This failover is automatic.
Outage reporting
There is a public dashboard available.

Identity and authentication

User authentication needed
Yes
User authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
All management platforms are segregated physically and separate to production cloud systems. Access is strictly limited, conforming to both best practice and security regulation requirements.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Less than 1 month
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
Between 1 month and 6 months
How long system logs are stored for
Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
Alcumus ISOQAR
ISO/IEC 27001 accreditation date
24th June 2008 (re-issued 12th February 2018)
What the ISO/IEC 27001 doesn’t cover
N/A - Everything is covered by our ISO 27001 certification
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
Yes
Who accredited the PCI DSS certification
SecurityMetrics
PCI DSS accreditation date
10th November 2018
What the PCI DSS doesn’t cover
N/A - Everything is covered by our PCI DSS certification
Other security certifications
Yes
Any other security certifications
Cyber Security Essentials Plus

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
Cyber Security Essentials Plus
Information security policies and processes
In-line with the requirements of ISO 27001 and 20000, we've developed policies and procedures to support both standards and comply with the requirements of ISO 9001. E.g, our Information Security Policy includes the following internal policies/procedures:

•IT Security Business Continuity Policy
•Information Security Policy – Suppliers
•CCTV Policy
•CI Forensic Policy
•Corporate Hospitality and Bribery Act
•Access Control Policy
•Policy Against Malicious Code
•Child Protection Policy
•Policy on the Secure Handling, Use, Storage, Retention and Destruction of Disclosure Information
•Clear Desk Policy
•Cryptographic Policy.

The Information Security Policy has been produced and accepted by the Board. The policy is visible to all staff on SharePoint and all staff sign Appendix E of the policy, which is retained in the employee’s HR file. The importance of Information Security and the policy is covered in employee inductions and the Staff handbook.

Security responsibilities are defined within our Information Security policy, which records the following managers:

•Service Delivery Manager (Information Security Manager)
•Security Controller
•Group Quality Manager
•Users – to comply with the IT Security Policy.

Security Responsibilities are defined in the individual’s job description and employment contract.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
All Change Management procedures are audited as part of our Information Security accreditations and all change logs are kept and audited as part of this process. We have clearly defined procedures for both customer and supplier-initiated changes and all change requests are available for real-time review via our service management system.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Multiple tools are used to block and monitor potential threats to the environment. If patches are required, they are rolled out via automation tools to the environment through change control process where the criticality and impact is assessed and approved.
Protective monitoring type
Undisclosed
Protective monitoring approach
Potential compromises will be detected by the SIEM. An alert will be created should the SIEM directives be triggered by various correlated events. Upon receipt of alert, the SOC team will investigate the incident. Depending on the criticality, a level 1 (highest) is investigated within 15 minutes.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
We follow ITIL V3 for our incident management. Incidents can be reported via phone, web or email into our ticketing system. Incident reports are provided through the ticketing system with details provided around root cause analysis and remediation steps.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Pricing

Price
£27.50 to £2,000,000 a unit a year
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
30 day trial access to the GoBright platform.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tendersteam@centerprise.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.