Zipporah Ltd

Rooms, Facilities and Desk Management Bookings

Room, Facility and Desks Management Booking is the complete bookings and management solution for all your rooms, desks, facilities, equipment and more. Scalable, flexible and hardware independent, the browser based solution can be used by internal and external clients, is easy to use and features comprehensive reporting. Better workspace management.


  • Complete online bookings capabilities
  • Manage all rooms, desks, catering, tasks and catering
  • Manage all charge bands and payments
  • Multiple User access for management of facilities
  • Single, multiple bookings with all dependent equipment
  • Daily, weekly, monthly, and facility calendar view
  • Reporting suite,financial, utilisation, bookings, and facilities requirement
  • Payments methods, cash, cheque, subscription, online, invoice, internal recharge
  • Supports portal search and book off calendar
  • Scalable System


  • Transaction costs reduced through automation of services
  • Additional access channels, live updates, reduces missed, better resource use
  • Single server license, limitless facilities, rooms, desks and users
  • Direct integration to finance systems eliminates re-keying of data
  • Browser based so no need for product specific apps
  • Overview of all Facilities Operations
  • Analyse Performance, usage, spend and ROI
  • Intuitive and user friendly design
  • Facilitates excellent cost saving opportunities
  • Maximises good use of space


£14400 per licence per year

Service documents


G-Cloud 11

Service ID

5 7 0 3 5 1 6 5 2 4 1 2 4 6 0


Zipporah Ltd

Jonathan or Jobe

02920 647048

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints None
System requirements Internet browser

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Zipporah support requests will fall into two categories dependent on the severity of the problem. Category A: The failure of the services to function in accordance with the specification renders the Customer’s system inoperable and business operations are halted. Category B: The Services contain errors or omissions or functional problems that the Customer is able to work around. Category A response time: Respond within 1 hour, every endeavour will be made to correct the issue(s) within 1 working day. Category B response time: Respond within 24 hours, every endeavour will be made to correct the issue(s) within 7 working days.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Onsite support
Support levels Zipporah support provides first line support telephone and email support is included within service charge for the annual use of the software solutions. This is support is provided Monday to Friday from 08:30 - 17:30. A dedicated support team is provided to support any issues that you might experience. In addition the up-time guarantee for the service is 99.9% based on 24/7/365 days of the year.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Zipporah uses a phased approach to deliver a controlled and logical project roll out to make the process of on-boarding as straightforward as possible. Every project is led by an experienced Zipporah project manager who will co-ordinate a cross functional team within Zipporah and liaise with client side staff. Initially Zipporah will provide a base lined version of the system in order to ensure an understanding of the client's full requirements and how the system delivers these. This will form the basis of meetings between Zipporah and the various business users to identify system changes and configurations needed. These will be confirmed by the client and Zipporah through a clear document for both parties to sign-off. Zipporah provides training for system end users as a 'train the trainer' approach. We provide user guides where each process and function is detailed and explained. The training sessions are a 'hands on' experience with scenarios set for attendees to ensure a full understanding of how to use the system. Zipporah also provide a Product Specialist resource who users can contact as well as videos showing step by step guides. Zipporah will work with existing suppliers to migrate data as needed.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction Zipporah is able to provide the customer with a complete database in Microsoft CSV, XML or Excel formats as standard. We are also able to offer a number of other formats which would be discussed on a case-by-case basis.
End-of-contract process There are no additional costs at the end of the contract. Zipporah provide customers with it's data in Microsoft formats.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service None.
Service interface Yes
Description of service interface Customers are able to access Zipporah's services in a number of ways, all of which can be wholly accessed from any internet enabled device - booking, cancelling, amending details or otherwise. Customers are also able to raise, review and update support cases through our online portal, again, wholly accessible by any internet enabled device.
Accessibility standards WCAG 2.1 AA or EN 301 549
Accessibility testing Zipporah test accessibility for assistive technology using a broad range of methods. We constantly strive to improve our customer service and journey, ensuring the system is accessible to the broadest range of users - while booking, confirming, amending, cancelling or reporting cases and more.
What users can and can't do using the API Through Zipporah's API, users are able to perform any actions relating to their bookings - such as search, book, amend, cancel etc. The API will automatically utilise all business rules and configuration setup to ensure valid results. Any API required would be attached to the relevant Zipporah solutions purchased by the client.
API documentation Yes
API documentation formats
  • PDF
  • Other
API sandbox or test environment Yes
Customisation available Yes
Description of customisation The Zipporah solution is a highly configurable and customisable solution that allows the user to control and customise almost all of public facing elements and back office views as desired.

Intuitive tools, provided through the user-interface allows the user the ability to edit buttons, emails and page content so that they can create a solution which has their full look and feel.

Users are able to customise a wide-variety of the booking processes, including the toggling of options to have facilities such as 'document upload' or terms and conditions switched on or off. The status and workflow of bookings received can also be defined through customisation of booking types.

The system also includes the ability for roles to be defined which determines user access. This customisation of roles allows the system administrator to define who has the authority to customise various elements of the system.

Form builders within the module also allow for the customisation of the booking process to define what information you want to capture based on what somebody is looking to book.


Independence of resources We supply individual hosting for clients based on their needs or requirements. Clients therefore have their own, dedicated server which ensures no interference with the solution. Clients are able to opt for shared hosting, with client specific, independent databases - where we isolate every client through the options provided to us via IIS and put upper limits on each individual site. Zipporah utilise real time monitoring tools to review speed and uptime tolerances of all clients as well as utilising CPU usage alerts which are set to alert Zipporah should any CPU reach 75% utilisation.


Service usage metrics Yes
Metrics types The service metrics we provide are within an array of application specific reporting suites. These reports allow clients to access a wide range of metrics from systems and provide comprehensive and clear information about how the service is functioning.
Reporting types
  • Real-time dashboards
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach There are a number of standard reports that contain all system information - the user is able to export these in a number of Microsoft formats.
Data export formats
  • CSV
  • Other
Other data export formats
  • XML
  • Excel
  • PDF
Data import formats
  • CSV
  • Other
Other data import formats
  • XML
  • Spreadsheets

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability The Standard SLA covers: 99.9% monthly network up-time guarantee, 5-hour hardware failure response time Credit allowances for hardware or network failure beyond SLAs 24.7 automated SLA monitoring and notification. On top of this we offer a network guarantee of 99.9% monthly network up-time for our ISP network. In the event of a network fault that takes your server off-line, we will offer a credit allowance.
Approach to resilience Available on request.
Outage reporting Networks are continuously and automatically monitored. Zipporah are immediately informed of any potential problem so that it is normally rectified before your service is affected. If any complications arise, the support team will be in regular contact to update clients of on-going progress and expected resolution time-frames. This service would usually be provided via email.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels Identity and authentication controls restrict access through the following mechanisms: Authentication federation, Username and password, Two factor authentication, Username and strong password/passphrase enforcement.
Access restriction testing frequency At least once a year
Management access authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 CfA
ISO/IEC 27001 accreditation date 24/01/2019
What the ISO/IEC 27001 doesn’t cover Everything is covered by our ISO 27001 accreditation.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications
  • ISO 27001
  • Cyber Essentials

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes The Zipporah information security policy covers all forms of information security such as data stored on computers, transmitted across networks, printed or written on paper, stored on discs and drives, stored in the Cloud or spoken in conversation or over the telephone. All managers are directly responsible for implementing the Policy within their business areas, and for adherence by their staff. It is the responsibility of each employee to adhere to the policy. Disciplinary processes will be applicable in those instances where staff fail to abide by this or any other Zipporah Ltd security policy. It is the policy of the company to ensure that information will be protected against unauthorised access, that confidentiality of information is assured, that integrity of information is maintained, that regulatory and legislative requirements regarding intellectual property rights, data protection and privacy of personal information are met, that business continuity & disaster recovery plans will be produced, maintained and tested, that staff shall receive sufficient information security training and that all risks are identified, measured, communicated, controlled and where necessary, reduced in magnitude. All breaches of information security, actual or suspected are reported and investigated by the Zipporah Security and Risk Committee.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Zipporah use SVN as our code library which maintains all changes and check-ins performed on Zipporah code, allowing us to compare any check-ins to review what was done. The use of SVN allows us to manage branching of our solutions to maintain versions for specific clients. Zipporah operate a job monitoring system allowing monitoring of support and development jobs. Jobs are matched to check-ins to reference change and reasons for change. In achieving accreditation for ISO27001:2017 we have processes for designing and writing software including security considerations and impacts. This includes stages of peer review for security and pen testing.
Vulnerability management type Undisclosed
Vulnerability management approach We have a Cisco ASA 5516 firewall with Firepower. Windows updates through GFI, deploying Critical updates automatically. We obtain all the cyber threats through firesight management and have also been given a portal to Mi5’s Cyber security.
Protective monitoring type Undisclosed
Protective monitoring approach Our data centre deploys the Cisco Firesight Management Center alongside Cisco 5516x firePOWER IPS, Apps, AMP and URL with Smartnet.
Incident management type Undisclosed
Incident management approach As part of our ISO 27001 and 9001 certifications Zipporah has a complete process to for Non-Conformance Control, Information Security Incidents & Corrective Actions. Any non conformance report can be submitted via telephone or email. Corrective Actions and Actions to Prevent Recurrence are identified and recorded on the NCR. Once complete NCR’s when appropriate are returned to the customer, then filed and reviewed at the Management Review Meeting.

Incidents can be reported through a variety of means whether directly to our support system or via telephone. Equally where we have automated tools this may issue us alerts.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No


Price £14400 per licence per year
Discount for educational organisations No
Free trial available No

Service documents

Return to top ↑