BookingLab

TuME On-Demand Travel (Powered by JRNI)

BookingLab combine a number of smart technologies to deliver Mobility-as-a-Service (MaaS) solutions to support a range of transportation schemes. TuME On-Demand Travel uses complex routing and trusted booking technology to deliver swift transport solutions. Our cloud based infrastructure offers transport availability and dynamic travel costs based on real-time demand.

Features

  • Mobile friendly customer journeys to request and book travel
  • Sophisticated routing algorithms for optimal pickup locations
  • Configurable business rules for operational control
  • Full API integration, seamlessly integrating with travel apps
  • Location driven availability based on real-time travel information
  • Designed to accessibility standards, WCAG 2.1 AA
  • Notification management including email and SMS communication
  • Real-time reporting for operational re-design
  • User profile with upcoming bookings and history
  • Operational dashboard for live vehicle tracking

Benefits

  • Ability to search, plan and book travel 24/7
  • Optimises travel by combining bookings and GPS
  • Reduces congestion, improving air quality
  • Improved customer experience, with seamless, mobile friendly, accessible journeys
  • Automate bookings, reducing administration
  • Reduce fuel costs and private mileage expenses
  • Mitigates rural exclusion by connecting to public transport
  • Encourage sustainable travel by delivering ease of use
  • Built-in reporting and exportable data, providing improved data management
  • Automated communication with users via customisable email and SMS

Pricing

£5000 per unit

  • Education pricing available
  • Free trial available

Service documents

Framework

G-Cloud 11

Service ID

5 6 5 6 0 0 2 9 4 9 5 6 7 9 6

Contact

BookingLab

Chad Duggan

03334440203

chad.duggan@bookinglab.co.uk

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints JRNI is a SaaS solution and any service constraints are handled and managed by the supplier.
System requirements
  • Modern web browser
  • Internet connection to the JRNI service

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Please refer to our Service Level Agreement included with our Terms and Conditions.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.1 AA or EN 301 549
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Core support is provided between 9am – 5pm Monday to Friday.

Our supported customers receive access to our Support Desk; SLAs for response and resolution are included as standard and part of the annual license fee. 'How to' video guides, FAQ knowledge-base and a getting started training manuals available.

As well as proactively monitoring your performance and providing regular platform-wide improvements, our Support Team will answer general queries about the solution, resolve technical issues and manage any escalations.

24/7/365 support available on request only and must be included in an agreed Statement of Work.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started Approved customers are on-boarded through the creation of JRNI Staging and Production Environments.

BookingLab has a highly skilled configuration team who are able to assist with the initial setup and configuration of the system to meet the individual client needs. From this point the client will be able to alter those configurations themselves.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction The JRNI platform can export data in several different ways depending on the receiving platform. SFTP is commonly used for CSV data, but our API can also support secure JSON data streams over HTTPS in and out of the platform. If the existing data transfer options are insufficient, we also employ a tightly-bound micro-services architecture as a core part of our platform, which allows us to create very small and simple bespoke services to send or receive data from almost any 3rd party source.
End-of-contract process Off-boarding follows the publication of automated emails and then the closure of their JRNI account.

It is the customer’s responsibility to download all collected data prior to the project completion. This can be exported directly from the platform admin interface. All booking and customer data can be extracted in a number of formats to ensure a safe and secure migration to any new systems being used. This would be an agreed format between the supplier and buyer.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The JRNI platform is built from the ground up as a mobile-based application. All features and functionality delivered by the product are compatible with both Mobile and Desktop supported browsers.
Service interface No
API Yes
What users can and can't do using the API The JRNI REST API is a HAL based API that allows you to manage all aspects of the JRNI platform.

JRNI is separated into three different APIs:

Public - The public API does not require authentications and it enables you to get information about services, resources, events, add items to the basket, view basket and checkout.

Member - The member API enables you to log in as a member, make bookings and amend or cancel their previously made bookings.

Admin - The admin API enables you to administer the account, such us create or amend people, resources or clients and view bookings.
The request format of the three APIs are:

Full developer documentation can be found at: dev.bookingbug.com
API documentation Yes
API documentation formats
  • Open API (also known as Swagger)
  • HTML
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Examples of areas of the JRNI solution that can be customised include - additional services, additional resources, additional staff members, user levels, hierarchical user structures,notification settings, interface, layout, branding, pre and post booking questions.

Users can customise JRNI via platform configuration or via in-house custom development.

BookingLab has a highly skilled configuration team who are able to assist with the initial setup and configuration of the system to meet the individual client needs. From this point the client will be able to alter those configurations themselves.

Scaling

Scaling
Independence of resources Via a dedicated cloud service or auto scaling policies.

Analytics

Analytics
Service usage metrics Yes
Metrics types JRNI monitors availability from 3 locations; traditional server performance monitoring tools, hypervisor and load-balancer control panel systems ( via Amazon ) and external third-party availability monitoring packages. Other metrics are extracted from the system using report generation processes. We provide information on system uptime; Service Level Agreement metrics; security related metrics.
Reporting types Reports on request

Resellers

Resellers
Supplier type Reseller providing extra features and support
Organisation whose services are being resold JRNI formerly BookingBug Limited

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations Yes
Datacentre security standards Managed by a third party
Penetration testing frequency At least every 6 months
Penetration testing approach ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Each organisation has complete access to their database, extensive Web Services API’s and development tools. All data is completely exportable, transferable and secure.
Data export formats
  • CSV
  • Other
Other data export formats JSON
Data import formats
  • CSV
  • Other
Other data import formats JSON

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability JRNI guarantees that the Booking Service will be available, excluding Downtime caused by Scheduled Maintenance, Emergency Maintenance or a Force Majeure Event, 99.5% of the time in a given calendar month (1st day to last day) ("Service Level"). The Service Level will not apply (and therefore no Service Credits will be applicable) to the extent that any Service Level Failure is caused by a failure of the Customer to comply with any Customer dependency or obligation, detailed in a Statement of Work or Order Form or the Master Subscription Agreement.

If, as recorded at the end of a calendar month, the JRNI Service fails to achieve the Service Level, Customer is eligible to receive a Service Credit as detailed in the table below. The Service Credit percentage will be calculated in relation to the Fees payable in the month in which the Service Level Failure occurred.

Uptime in a calendar month - (Service Credit)
Less than 99.5% but greater than or equal to 99.0% - (5%)
Less than 99.0% but greater than or equal to 95% - (15%)
Less than 95% but greater than or equal to 90% - (50%)
Less than 90% - (100%)
Approach to resilience Available on request.
Outage reporting Monthly report provided via the Customer Success team.

More information available on request.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels Named representatives only by user role.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 Lloyds Register Quality Assurance
ISO/IEC 27001 accreditation date 04/12/2017
What the ISO/IEC 27001 doesn’t cover This certification is held by the service vendor: JRNI, formerly BookingBug Limited.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification Yes
Who accredited the PCI DSS certification Security Metrics
PCI DSS accreditation date 27/11/2017
What the PCI DSS doesn’t cover This certification is held by the service vendor: JRNI, formerly BookingBug Limited.
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards Other
Other security governance standards The platform vendor, JRNI comply with ISO/IEC 27001 and are PCI:DSS Certified.
Information security policies and processes JRNI follow:
Internal audits in line with ISO27001;
Any deviations logged as tickets and fully investigated;
Issues mitigated.
Managed by our Engineering team.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach Service components continue to be tracked and reviewed monthly, with risk assessments on security impacts.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach Servers are built and attached to configuration management systems before being tested and permitted to access data, or accessed by the internet. These systems apply security requirements, including remedial actions found during penetration tests. Monitoring and IDS systems monitor for vulnerable settings, and alert engineers.

Weekly reviews of CVE vulnerabilities are performed. Staff subscribe to updates from core news sources. Security incidents and vulnerabilities are investigated by the ISM and Operations. Issues are dealt with on the associated threat. Key contact points exist with customers.

Patches are deployed on a priority basis, critical patches being deployed as soon as possible.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach JRNI monitors availability from 3 locations; traditional server performance monitoring tools, hypervisor and load-balancer control panel systems ( via Amazon ) and external third-party availability packages.

Real-time Intrusion Detection Systems are installed on all servers. Logs and activities are monitored at 3 levels - On-host, central in-environment, and JRNI central log management locations. This allows for per-server IDS services. File integrity is ensured by the IDS system and server monitoring. Core files that are managed by central configuration management are monitored and reverted if changes are found. Alerts are directed to the Operations team, who operate an on-call 24/7/365 rota.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach BookingLab responds to incidents based on the terms of the Master Service Agreement that is in place between BookingLab and each customer. These terms are agreed as part of the contract process and defines the response process for 4 levels of incident, ranging from P1 (service inoperable) to P4. Incident reports are directed to the customer via an agreed process. This is usually passed between the BookingLab Account Manager and a nominated representative at the customer.

BookingLab and JRNI incorporates automation of issue resolution actions, where possible. Other issues have defined steps stored in an incident management wiki.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks Yes
Connected networks NHS Network (N3)

Pricing

Pricing
Price £5000 per unit
Discount for educational organisations Yes
Free trial available Yes
Description of free trial A 14 day free trial available on request.

Service documents

Return to top ↑