GOSS Interactive Ltd

GOSS Room Bookings

The no-code GOSS Room Bookings solution enables organisations to manage room bookings: checking criteria-specific availability, viewing calendars, making and editing bookings, searching, managing recurring meetings.


  • Uses proven GOSS Booking technology to manage requests.
  • Use for range of assets: rooms, spaces, desks etc.
  • Configure: capacity, facilities, include floor plans etc.
  • Device responsive: Use on mobile, tablet or desktops.
  • Range of reports included as standard.
  • 24/7/365 service requests via self-service.
  • Multi-faceted searching: search specific availability or across various types.
  • Self-service and assisted service for managing bookings.
  • Centrally manage details from across your organisation.
  • Administrator roles for power users.


  • Reduce operational costs via efficient online end-to-end processing.
  • Dashboards show room utilisation, average duration, peak times etc.
  • Administrators can lock down/protect specific rooms.
  • Audit of actions and responses.
  • Staff Security groups control who can book specific rooms.
  • Send customer emails/MyAccount updates.
  • Comprehensive search types include detailed criteria-based searches.
  • Shortlisted calendar views give visual display.
  • Recurring bookings. Secured access to view certain rooms.
  • Local Authority, Police, Housing Associations, Central Government Authorities/Agencies, NHS.


£795 to £1,295 an instance a month

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at enquiries@gossinteractive.com. Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 12

Service ID

4 9 9 7 5 6 8 4 2 2 3 7 0 9 5


GOSS Interactive Ltd Simon Smith
Telephone: +44 844 880 3637
Email: enquiries@gossinteractive.com

Service scope

Software add-on or extension
Cloud deployment model
Public cloud
Service constraints
Planned maintenance will be agreed as required. Support available for GOSS-trained users.
System requirements
  • An appropriate modern browser such as:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari (11.3)

User support

Email or online ticketing support
Email or online ticketing
Support response times
Support response will vary in line with the Software Service purchased and the incident severity/nature. Responses from 30 mins to 4 hours. UK-based Service Helpdesk open 8am to 6pm Monday to Friday excluding Bank holidays for emails, webchat where applicable. Online ticketing available 24/7/365. Hosting Monitoring provided 24/7/365. Please refer to detailed support SLAs in the GOSS Service Definition document.
User can manage status and priority of support tickets
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
WCAG 2.1 AA or EN 301 549
Web chat accessibility testing
Internal QA testing
Onsite support
Yes, at extra cost
Support levels
The GOSS Support provided within the GOSS Cloud Software Service fee includes:

- Service monitoring and maintenance by a team of dedicated Network Support Engineers, maintaining and supporting the hosting infrastructure 24/7/365.

- Application updates and patching as required by new software releases and relevant to software service level chosen.

- Dependent upon Software Service Level purchased, user support will be provided for GOSS-trained users by either (1) online 24/7/365 ticketing, (2) office hours webchat, (3) office hours email, (4) office hours Help Desk support, or a combination of these. Incidents are allocated a priority level appropriate to the incident/issue and responded to accordingly.

Please see the GOSS Service Definition for further details.

Where applicable, a dedicated Client Support Technician is allocated, however all Help Desk staff are trained to support all clients. An Account Manager is allocated to each GOSS client and will be in regular contact, ensuring ongoing customer satisfaction. Support upgrades and additional support and consultancy can be provided based on a day rate or Service increase if required. Please refer to the GOSS Pricing and Service Definition Documents.
Support available to third parties

Onboarding and offboarding

Getting started
Project Management: A Project Manager and Account Manager are assigned, and will review any client requirements for specific configuration and support. A deployment plan is generated in agreement with the client which covers the deployment of the requested Cloud Service, together with any optional modules and known configuration requirements. The on-boarding deployment process commences, whilst the training consultation takes place to ensure the training programme meets the needs of the range of trainees. Customers are provided a selection of training dependent upon their specific needs, with certain training being mandatory. This can include online webinars, onsite training, offsite training. User documentation includes: online context sensitive help to a help website, training guides. Help site provided via Cloud Software Service and training guides when training provided.
Service documentation
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
As detailed in the online GOSS Client Service Manual, the secure offboarding data extract process will be agreed as part of the Client Exit Plan and agreed within the Client Call-Off Contract. GOSS can provide a data extract in a structured, commonly used and machine readable format. Once complete and after the agreed retention period, data will be destroyed in line with GOSS ISO 27001 information security policies.
End-of-contract process
The GOSS Exit Plan is deployed as per the initial Call-Off Agreement in line with GOSS ISO 27001 processes. The Leaver Checklist process actions are performed within the termination period and include: Data Extraction and Transfer, Financial Settlements, GOSS/Support Systems Access Disabled, GOSS Internal System Updates, Decommissioning of Servers, Supply Certificate of Destruction. Whether an exit occurs as a result of Contract Expiry or Termination, GOSS Interactive will ensure a continued service, as defined in the original contract, is maintained throughout the notice period, that relevant data is held, transferred, returned and destroyed securely, that knowledge and documentation transfer takes place as required, and that costs, timescales, governance and legal requirements are clear and transparent.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
The citizen portals/sites delivered using this software service are responsively designed so that content pages will automatically resize appropriate to the device accessing the page, be this a desktop, tablet or mobile device, enabling citizens to view sites as required.
Service interface
Description of service interface
Both staff and customers use browser-based device responsive & accessible sites/intranet/portals to access relevant content/digital services/account info as required.
Accessibility standards
WCAG 2.1 AA or EN 301 549
Accessibility testing
For all products, services and themes, GOSS checks non-functional requirements (i.e. performance, security and accessibility) at various stages of the software development lifecycle; from simple component performance and security testing to large solution-based performance/penetration testing. The testing of mark-up validity (W3C Compliance) and browser/device compatibility helps to make sure the interface is usable for assistive technology users and beyond.

Before building solutions, we can run testing sessions with users of assistive technology, to check the design usability by creating prototypes enabling users to click through the designs to see which areas are working and showing alternative solutions (A/B tests). We ensure GOSS solution-managed websites are WCAG 2.1 AA compliant and verify this using various accessibility validators and testers to ensure compliance with the standard. As there are a huge number of commercially available assistive technologies on the market, it would be impossible to test all, so our approach is to ensure compliance with the international standard, that these assistive technologies will themselves support and comply with. GOSS Cloud Software Services include accessible site themes/portals tested to WCAG 2.1 AA, and GOSS clients use a range of assistive technologies to gain access to the websites/intranets and portals.
Customisation available
Description of customisation
After initial configuration as part of the onboarding (such as users and data retention policies), buyers can configure a range of solution components depending upon the GOSS Application used. This can include:
• Customer email templates using the integrated Communication Template Manager
• Report Views on provided performance dashboards
• Rooms and facilities
• Capacity and upload floorplans
• Room Availability
• Room access/booking permission


Independence of resources
The infrastructure allows us to seamlessly increase resources for a particular service or expand the resilience and capacity by adding more virtual machines to the environment. Tenants of the platform are fully segregated using logical security controls, dedicated private networks and dedicated resource reservations. Each individual server and service is carefully calibrated to achieve optimum efficiency and performance. The data of different users is not placed in any shared storage. Services are scaled to meet client transactional volumetric requirements and anticipated growth, in line with the suggested fair usage policy, as detailed in the Service Definition Document.


Service usage metrics
Metrics types
Monthly Availability performance reports shared with all Cloud clients. Performance dashboards can be deployed to share performance information such as room utilisation, average times, peak times of use.
Reporting types
Real-time dashboards


Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Dashboard reports to CSV
Data export formats
Data import formats
Other data import formats
  • JSON (Config data)
  • HTML (Email templates)

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection between networks
We aim to implement the Transport Layer Security protocol (TLS version 1.2) to protect data in transit for all services and service access. We also apply certificate and TLS hardening best practices wherever necessary.
Where HTTPS cannot be used, such as some connections between our service and 3rd party suppliers (or your own systems) we implement IPSec VPN gateways. IPSec VPN gateways are also used for non-http based integrations.
GOSS can work with individual clients to ascertain and meet protection needs, based on their individual security/service requirements. Please note additional GOSS Cloud Support fees may be applicable.
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection within supplier network
Data flows and storage from different clients are segregated from one another, flowing across dedicated networks and stored in dedicated locations for each client using security best practices recommended by the cloud provider. All traffic and storage will be kept within the cloud provider’s secure networks and not traverse the internet unencrypted. Any data that is stored outside of the cloud provider, such as offsite backups, are encrypted with industry standard encryption methods such as GPG.

Availability and resilience

Guaranteed availability
99.95% Site availability with 99.99% Network Availability.
24/7/365 hosting support.
See GOSS Terms and Conditions for Service Credit schedule relating to Site/Network availability.
Approach to resilience
The GOSS Cloud Services infrastructure is powered by various public cloud providers including Amazon Web Services and Google Cloud Platform, enabling GOSS to deliver a cloud-agnostic, high performance, high security and most of all highly reliable platform for the delivery of client services. Further details on our approach to availability and resilience is available upon request and will be detailed in the online client Services Manual provided to all GOSS clients.
Outage reporting
GOSS Incident ticketing system is used. GOSS provides monthly reports confirming site availability. GOSS will provide access to the GOSS Online Support System to allow clients to check performance against support issue SLAs. Our service report covers site availability and Priority 1 incident management information reported to our Support Service Desk. Other updates such as planned maintenance, upgrades, patches, User Voice, and security are summarised on the GOSS website through the GOSS Support portal.

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
Other user authentication
2-factor authentication for site registration only. 3rd party (i.e. Google, social media etc) via GOSS Expansions. VPN expansion available. See Pricing/Service Definition for more details.
Access restrictions in management interfaces and support channels
Management Interfaces are controlled by a powerful and granular user management system. Support is provided only to GOSS-trained staff as listed in the GOSS Support System. Support provide fixes only, any system config is subject to the GOSS ISO certified change control procedure which requires sign-off by system admin as defined in the GOSS Service Manual.
Access restriction testing frequency
At least once a year
Management access authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
How long system logs are stored for

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
Alcumus ISOQAR
ISO/IEC 27001 accreditation date
Initially 27/7/16 and re-certification on 20 February 2019.
What the ISO/IEC 27001 doesn’t cover
Nothing, please note that 3rd party hosting service provision is covered by the 3rd party's own ISO 27001 certification.
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications
Any other security certifications
Cyber Essentials Plus

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes
GOSS are certified in ISO 27001:2013 for Information Security Management and ISO 9001:2015 for Quality Management. All GOSS Staff are inducted and regularly trained in all relevant ISO Information Security Policies and processes as defined in the GOSS Information Security Manual. GOSS employs an ISO Manager who (reporting into the MD) is responsible for ensuring the ongoing training, deployment, enhancement of the company ISO policies and to ensure that all staff comply. Internal and external audits take place regularly to ensure ongoing compliance. The GOSS secure staff Intranet includes links to the GOSS Information Security Manual, information asset list, statement of applicability and other information. There is also secured access to additional information and processes such as the Disaster Recovery Plan/Business Continuity Plan. The Information Security Manual (ISMS) details the company Security Policy, various staff/team responsibilities, risk management, asset management, HR Security, physical/environmental security, access control, operational control, Business Continuity Management. The Senior Management team are informed of any new ISO information/issues which are then shared as appropriate across the various teams - however ALL staff have a responsibility to ensure their actions are compliant with both ISO policies and procedures.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
All changes are assessed in line with our ISO 9001:2015 Change Control Process (details available on request), including security issues/risks/impact. Covers major releases, patches and hot fixes as required. All components are logged and managed via Subversion to enable a full roll back to previous versions. Subversion records changes made including user-ID, date and change reason. Code Changes audit trail includes the ability to compare versions across the entire delivery platform including templates, style sheets, JavaScript and application code. Staged deployment process across various environments. Hot fixes may be supplied and deployed as required to address urgent security issues.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
GOSS ISO 27001:2013 process: regularly monitor and scan servers, computers and network for vulnerabilities. Should any be found it is policy to assess for severity, impact and urgency and mitigate the issues as required.
Constant monitoring across all major security bulletins ensures that our Development/Network Engineers are immediately notified should problems arise. Actively review OWASP news feeds to learn, adapt to, implement latest security standards in all GOSS products and services.
Network Engineers monitor security bulletins from relevant vendors and organisations such as CERT UK, US CERT, Cisco, Red Hat, Microsoft and VMware.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
GOSS ISO 27001:2013 process following industry best practice: Network Engineers monitor security bulletins from relevant vendors and organisations such as CERT UK, US CERT, Cisco, Red Hat, Microsoft and VMware and take positive action where required in line with the GOSS ISO Security Manual. A centralised site availability monitoring system is used to automatically alert engineers in and out of hours, depending on the impact and the severity of the event. An event will automatically get escalated if an on call engineer does not investigate within a certain period of time as per our Incident Management Policy and SLA.
Incident management type
Supplier-defined controls
Incident management approach
The GOSS ISO 27001 Security Manual details the Incident Management Policy for the management and reporting of security incidents. The objective is to minimise the damage from security incidents and to monitor and learn from such incidents. Process for incident management covering software, hosting or client support related issues including documented call-out procedure and escalation procedure. Support process defines incident priorities and response/resolution timescales. Users report incidents via 24/7/365 online ticketing system, or via email, phone or LiveChat during stated help desk hours.
Incident reports and updates are provided via the GOSS online ticketing and reporting system.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks


£795 to £1,295 an instance a month
Discount for educational organisations
Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at enquiries@gossinteractive.com. Tell them what format you need. It will help if you say what assistive technology you use.