Fully Managed WiFi Service
Guest WiFi service delivery platform that safely onboards your staff and visitors onto the filtered internet. Fully branded and customisable User Experience Portals with multiple authentication options, including via social media login. Functionality for Customer Behaviour Analysis, Event Promotion, ROI and App Integration. Extensive User Support and Project Management.
- Complete solution from design, installation and management
- Guest WiFi networks with bandwidth management & network management
- Enterprise grade, best of breed hardware and equipment
- Bespoke User Experience Portal design and customisation
- Integration with other services such as apps, surveys and CRM
- Friendly WiFi Scheme accredited content filtering internet content filtering
- Business intelligence through SPARK® Analytics
- Hospital Radio, Freeview TV, Films, Newspapers and Magazines over WiFi
- User engagement and return on investment opportunities
- GDPR and legal compliance with 24/7 exceptional support
- One provider to manage your entire solution
- Multiple networks for public, guest & corporate with different parameters
- Robust solution with 99.99% availability
- White labelled and fully customisable to promote the businesses brand
- Eliminates disparate systems with app integration
- Safe, secure and compliant connectivity
- Real-time data and analytics to build customer profiles
- Streaming services with no bandwidth constraints over the network
- Drive customer loyalty with targeted messaging
- 24/7 technical support and network monitoring from technical experts
£15.28 per user per year
- Education pricing available
- Free trial available
- Pricing document
- Skills Framework for the Information Age rate card
- Service definition document
- Terms and conditions
WiFi SPARK Limited
0344 848 9555
|Service constraints||Maximum 100 words|
|Email or online ticketing support||Email or online ticketing|
|Support response times||
WiFi SPARK offer a telephone and email support service that is available 24 hours a day on every day of the year, including public holidays. This service is manned by support personnel who have been trained by WiFi SPARK, and are based in a UK service centre.
Calls will be answered within a target average time of 60 seconds.
At least 80% of calls will be resolved at first contact.
All calls will be logged on our helpdesk ticketing system and a call reference issued.
|User can manage status and priority of support tickets||No|
|Phone support availability||24 hours, 7 days a week|
|Web chat support||No|
|Onsite support||Onsite support|
WiFi SPARK has three Priority Levels for support
Priority 1 Total Loss of Service
Priority 2 Major service degradation
Priority 3 Service Requests and minor/cosmetic faults
On escalation from the helpdesk, an engineer will investigate in accordance with the relevant priority response target. WiFi SPARK has on-call engineers that operates 24/7/365 to cover Priority 1 incidents.
WiFi SPARK is able to interrogate systems remotely and can often affect repairs without site visits. This may involve reconfiguration of the network to utilise in-built redundancy or to invoke manual or automatic failover of key components.
Major Incidents – If an event warrants fast-tracking to an enhanced level of response this is invoked by declaring a “Major Incident”. A Major Incident Manager will be appointed to actively manage the situation to an agreed resolution. Enhanced levels of communication and reporting will accompany a Major Incident.
Additional services such as events support can be provided, and will be costed on a per-case basis.
For critical components there may be opportunities to purchase additional support from the equipment manufacturer or we may agree to hold spares on-site for a rapid fix. This can be discussed further with our sales team.
|Support available to third parties||Yes|
Onboarding and offboarding
|Getting started||WiFi SPARK will provide an Account Manager to support and deliver a general introduction to the platform and services and our MarComms team will be involved in the users/admin introduction to Reporting, SPARK® Analytics Portal, Content Management, and SPARK® Dashboard. User guides and marketing materials can be made available, and training sessions over the telephone or Webex organised, if required.|
|End-of-contract data extraction||
WiFi SPARK is fully compliant with the GDPR and the Data Protection Act and keeps data as defined by law. Any request for data reporting, removal or destruction can be fulfilled upon request. The only other context for Data Collection is with reference to RIPA/DRIPA requests for lawful tracking.
Data can be accessed via SPARK® Analytics. The client will be given a log in to the Dashboard where real-time data can be viewed instantly, or report on historic data by selecting a date range. All access to data is managed via secure access control mechanisms which ensure only authorised personnel are allowed to view or change the data and all access sessions are logged for audit purposes. All changes are time and user associated. Reports can also be scheduled to email approved addresses with data for regular intervals such as weekly or monthly or real-time direct to the customers CRM system. This can be agreed at the time of contract.
|End-of-contract process||At the end of the contract, equipment that is purchased by the client will remain the property of the client. Unless otherwise requested, WiFi SPARK will not reclaim equipment. Any account information is held for the amount of time required by HMRC and then securely overwritten. With regards to Personally Identifiable Information, the data is held for the amount of time required by the Data Controller. In the event services are no longer required we will securely export any data requested to the Data Controller and hold the data for one calendar month after cessation of the contract and then overwrite the data.|
Using the service
|Web browser interface||Yes|
|Using the web interface||Portal User Journey Interface is WCAG 2.0 AA capable. Specifics of journey requirements are defined during Project Definition near the beginning of the customer journey. The dynamic and unparalleled User Experience delivers powerful communication, increases user engagement through news, multimedia and interactive content.|
|Web interface accessibility standard||None or don’t know|
|How the web interface is accessible||No details of accessible interface|
|Web interface accessibility testing||None|
|What users can and can't do using the API||
The SPARK® API is a resource rich, proven interface to the SPARK® Managed Service Platform that allows developers to create complex, intuitive and well-designed WiFi on-boarding and analytics services. Customers can develop and host their own user experiences in their own environment using their own developers for true flexibility to stay ahead in innovative WiFi applications.
Three key concepts make up the bulk of the API’s usage:
• Hotspot: Is the wireless enabled area onto which subscribers can connect sessions
• Subscriber: End user access account, optionally contains a username and password
• Session: The active connection of a device onto the network, with a direct relationship to a subscriber
Whilst SPARK® has its own in-built portal logic, it may not be exactly what the customer requires so using the API allows for a fast time to market for new and innovative WiFi applications.
The API is a level3 compliant REST interface, supporting a wide range of HTTP verbs that can manipulate service Resources.
The API supports JSON, XML, and Text payload formatting with discoverable hypermedia links delivered via ATOM as per REST best practice. The API-interface is developer friendly returning descriptive messages with embedded links to the API documentation.
|API automation tools||
|Other API automation tools||SPARK® API|
|API documentation formats|
|Command line interface||Yes|
|Command line interface compatibility||
|Using the command line interface||Depending on the deployment, you may be supplied with a SPARK® Gateway in a physical or virtual machine. This is a Redhat based Linux server with our software and configuration applied on top to enable the WiFi SPARK services. If CLI access is required then we can open that up with restricted access. This isn't normally required though as WiFi SPARK take care of the overall management and configuration as part of the managed service.|
|Independence of resources||
The SPARK® Platform applies bandwidth at an authentication level to allow a fair connection to all. The SPARK® service will efficiently manage each connected session, enforcing pre-agreed bandwidth throttling to help protect overall bandwidth.
As an option, a higher bandwidth could be offered as a Premium connection, perhaps for a small fee. This could also have a different UX if required.
|Infrastructure or application metrics||Yes|
|Supplier type||Not a reseller|
|Staff security clearance||Staff screening not performed|
|Government security clearance||Up to Security Clearance (SC)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||No|
|Datacentre security standards||Managed by a third party|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||Another external penetration testing organisation|
|Protecting data at rest||Other|
|Other data at rest protection approach||
WiFi SPARK gleans, processes and enriches data on demand, however the data remains yours and logically segregated within our cloud solution.
WiFi SPARK customer data is held securely behind enterprise level security in our cloud and at rest is encrypted using 256-bit Advanced Encryption Standard (AES).
WiFi SPARK also use Secure Sockets Layer (SSL)/Transport Layer Security (TLS) to protect data in transit between applications and our servers. It's designed to create a secure tunnel protected by 128-bit or higher Advanced Encryption Standard (AES) encryption.
|Data sanitisation process||Yes|
|Data sanitisation type||
|Equipment disposal approach||Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001|
Backup and recovery
|Backup and recovery||Yes|
|What’s backed up||All key functional service components on the WiFi SPARK platform.|
|Backup controls||If the user requires something unique/bespoke to be configured then that can be arranged.|
|Datacentre setup||Multiple datacentres with disaster recovery|
|Scheduling backups||Supplier controls the whole backup schedule|
|Backup recovery||Users contact the support team|
|Data protection between buyer and supplier networks||
|Other protection between networks||
WiFi SPARK has extensive experience in providing both public and professional networks and in ensuring security standards are adhered to.
All guest networks operate on their own isolated layer 2 networks to ensure complete traffic separation. Layer 2 client isolation is also configured to ensure wireless devices cannot inter-connect unless provisioned.
|Data protection within supplier network||
|Other protection within supplier network||
SPARK® manages the wireless network end-to-end and includes a packet inspection firewall which protects the internal networks from the connected outside networks by only permitting ingress and egress connections that have been agreed to ensure the WiFi SPARK service is operational.
Each SSID supports roaming between APs and can be configured with encryption and 802.1x authentication to protect sensitive data and permit secure authorised use for staff and WiFi connected devices.
The WiFi SPARK service includes a fully featured integrated packet inspection firewall which will only permit connectivity for trusted networks and protocols ensuring unauthorised users are denied access.
Availability and resilience
|Guaranteed availability||The core SPARK® Managed Service Platform has a targeted availability level of 99.95%. Users are able to request a refund via the online refund form where they detail the service location and issues they have faced. This is then reviewed by staff for a full or partial refund depending on the nature of the issue. All information is captured in the helpdesk system for reference and the user is able to update and review their open cases online.|
|Approach to resilience||The core SPARK Managed Service Platform is hosted on a highly resilient platform with several levels of redundancy shared across multiple data centres. Further information is available on request.|
|Outage reporting||All WiFi SPARK services are monitored 24/7 by the SPARK®NMS Network Monitoring System. The system will record service availability metrics such as system uptime with a detailed audit trail for historical analysis. This will form the basis for performance-related measures. When this system detects an unusual event it alerts the WiFi SPARK Support Teams via direct visual alerts, email and SMS text message. In addition, critical alerts are posted automatically to the 24/7 service desk tool called Zendesk™ and a case is created for immediate escalation. An API is available for further integration if required. A customer dashboard facility is available if required. The SPARK® managed service platform is at the centre of the WiFi SPARK® solution. This is a highly available platform with an availability score of 99.99%. As such, the risk of service outage as a result of the SPARK® managed service is very low and would be measured in minutes.|
Identity and authentication
|Other user authentication||
There are many different authentication methods that clients could choose from:
• Social media - such as Facebook or Twitter*
• Free use registration form - with data collection*
• One-click login - with no personal data*
• MAC authentication - pre-approved authentication
• Subscriber login - predetermined login details
• Voucher login - predetermined login details
• Debit/Credit card or PayPal - account based buy time login*
• App, loyalty or database integration - login with your loyalty/database account*
• Email and SMS validation - validated data*
*Self-registration options for end users.
|Access restrictions in management interfaces and support channels||Physical and logical access to all areas and platforms is restricted. WiFi SPARK employ a restrict-all security lock down policy. This means that each user only has access to areas essential to their work, both geographically and on the network. User Privilege access is defined roles and authorized by Directors. WiFi SPARK can also lock down access by IP address where appropriate.|
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||2-factor authentication|
|Devices users manage the service through||Directly from any device which may also be used for normal business (for example web browsing or viewing external email)|
Audit information for users
|Access to user activity audit information||No audit information available|
|Access to supplier activity audit information||No audit information available|
|How long system logs are stored for||At least 12 months|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||British Assessment Bureau|
|ISO/IEC 27001 accreditation date||May 2019|
|What the ISO/IEC 27001 doesn’t cover||Nothing|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Who accredited the PCI DSS certification||Security Metrics|
|PCI DSS accreditation date||6/5/2014|
|What the PCI DSS doesn’t cover||We have PCI Level 4 on SAQ C-vt, and are not covered outside this classification.|
|Other security certifications||No|
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||
|Other security governance standards||IASME Cyber Essentials|
|Information security policies and processes||
WiFi SPARK has a comprehensive internal Information Security Policy which covers all data processed and housed through the physical and virtual infrastructure. This policy gives insight into WiFi SPARK's processes regarding the physical security of facilities, Disaster Recovery, Password Requirements, Physical Access, Removable Media, Media Destruction, Environmental Hardening, Patches and Updates, Software Development and Transmission of Data. This is not an exhaustive list of topics.
As well as an internal Information Security Management Plan, WiFi SPARK works with its key customers in order to develop tailored Information Security Plans. This is to assist in understanding and for efficient management of their data risks.
These policies are owned and developed by the WiFi SPARK Network Operations (NetOps) team which is responsible for security at WiFi SPARK, with close partnership with the Development Team and Management. NetOps in turn report to Senior Management and Board members in order to ensure that these policies are adhered to and that any changes to these practices are measured and controlled.
WiFi SPARK is also working towards the ISO 27001 accreditation and actively executes practices from this guideline.
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||WiFi SPARK operates a structured configuration and change control process as part of its ISO 9001 Quality Management System. This incorporates Change Request forms that need approval by client and a senior manager at WiFi SPARK before changes are approved. Changes are tested in a staging environment before being released to production in an agreed maintenance window. At the detailed level all changes are assessed for potential security implications as part of the controlled development process. All changes are tracked throughout their lifetime in a change log and can be rolled back if required.|
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||WiFi SPARK employs a comprehensive SPARK®NMS monitoring solution covering all aspects of the core platform. This monitoring includes operating system and application versions to ensure protection against any known/new threats/vulnerabilities. Patching and updating of all core systems is maintained by a central management server (ansible) which checks for updates nightly. Patches/updates are reviewed and deployed through a managed six-weekly sprint cycle (fortnightly if critical) on the WiFi SPARK staging platform, prior to being pushed out to live production systems to ensure no adverse effects. WiFi SPARK systems run on enterprise platforms that receive patches/updates inline with the vendor release cycles.|
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||
The solution is monitored 24/7/365 by the SPARK® Network Monitoring System. This records service availability metrics e.g. system uptime, with a detailed audit trail for historical analysis.
WiFi SPARK has a three-tier priority category and a 24/7/365 telephone service. 80% of calls are resolved in first contact. Calls are answered in an average of 60 seconds.
Response: 30 minutes
Target resolution: 1 day
Response: Same day
Target resolution: 1 day
Response: Next business day
Target resolution: 5 business days
Alerts are generated to staff immediately and an investigation will commence in accordance with the priority response target.
|Incident management type||Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402|
|Incident management approach||WiFi SPARK operates a structured Incident Management process as part of its ISO 9001 Quality Management System. This incorporates the recording, designation, prioritisation and processing of incidents following ITIL best practice standards. Users can report incidents using the 24/7 helpdesk service or via email to the support teams. This will create a case in the service desk application where all subsequent actions will be logged for full traceability. Incidents that meet predefined criteria will be defined as Major Incidents and a separate MI process will be followed. Incident Reports are compiled by the Service Delivery Manager as required.|
|Approach to secure software development best practice||Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)|
Separation between users
|Virtualisation technology used to keep applications and users sharing the same infrastructure apart||Yes|
|Who implements virtualisation||Supplier|
|Virtualisation technologies used||VMware|
|How shared infrastructure is kept separate||The SPARK® Cloud platform separates organisation programatically within the SPARK® application itself.|
|Price||£15.28 per user per year|
|Discount for educational organisations||Yes|
|Free trial available||Yes|
|Description of free trial||WiFi SPARK is willing to enter a Proof of Concept with buyers. This will be for a defined period of time (Usually 30 days) and will have defined KPI's assigned to the PoC|