Bramble Hub Limited

Bramble Hub Gladstone - Leisure Management Software

Gladstone360, is the next generation in Leisure Management Software. A browser based solution, developed firmly with the tablet in mind it is an off the shelf product that allows operators to design their perfect solution and deliver it on any device allowing front line staff to interact directly with customers.


  • Powerful and dynamic CRM solution for any size leisure facility.
  • Customiseable and flexible booking engine for classes, activities and events
  • Future proofed consumer Mobile app for iOS and Android.
  • Advanced Course Management and School Swimming solution
  • Powerful Retention Management solution
  • GDPR ready Prospecting and Marketing solution
  • Dynamic and flexible Point of Sale
  • Access control management solution
  • Powerful KPI and data management dashboard solution
  • Easy to use, integrated, Health outcome and management solution


  • Seamless user and consumer experience with fewer clicks.
  • Increase facility income and revenue through faster transactions
  • Increase revenue through improved booking management
  • Improved data and data access
  • Enhanced brand management with with our powerful, modern modules
  • Efficiency savings from better facility management.
  • Improved consumer communications
  • Undertand your customer needs.
  • First class customer engagement.
  • Get more people, more active, more often!


£34.00 per user per month

  • Education pricing available

Service documents


G-Cloud 11

Service ID

6 1 7 3 9 1 4 7 9 0 5 7 6 8 1


Bramble Hub Limited

Roland Cunningham

+44 (0) 2077350030

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints The Gladstone contract includes a maintenance window each night between 2.30am and 4.00am and this includes a server reboot and any required patching.
System requirements
  • OS Windows 7 or above
  • Ie11 or above
  • Microsoft SQL 2012 or above
  • Windows 2012R2 or above

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Critical = 30 mins, High = 1 Hour, Medium = 2 hours, Low = 4 hours.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.1 AA or EN 301 549
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Onsite support
Support levels • Monday to Friday 7am to 7pm coverage.
• At the weekend there is an answer machine service that is responded to twice a day.
• An extended support option is available which covers Monday to Sunday 7am to 11pm (POA).
• 24hour web logging and tracking
• A web-based Password Generator for quicker access to Daily Password and Setup/Supplier codes
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Training will be delivered in a variety of ways – by recorded Webex sessions which are available on Gladstone’s website, live remote training or by group delivery of training on site to the main configurers of SLL or by Webex sessions. Training documentatio will be provided along with eLearning and recorded webinars and online help.

Gladstone’s e-Learning project is increasing the information available online all the time.

A training day is from 10.00 through to 16:00 with an hour for lunch and breaks. A maximum of the 8 identified and selected ‘super users’ is allowed.
Service documentation Yes
Documentation formats
  • PDF
  • Other
Other documentation formats
  • Word
  • Excel
End-of-contract data extraction An FTP user account will be created and passed directly to nominated representative, who will then copy this data across to their own network within a 2-week period. Beyond this 2-week period the account will be deleted, the zip file will also be deleted
Gladstone will place a backup of this database into our normal backup location for a period of a further 4 weeks, after this time the backup will be deleted
The Gladstone Helpdesk and CRM systems will be updated to indicate buyer are no longer a customer and should not be supported with any questions about the system, the exception to this being if help is required in gaining access to the FTP website for copying their data across
At the end of the 2-week period Gladstone Business Support will contact buyer to confirm that they have a copy of the data and if they have any other questions
Following a further 2-week period any reference to the customer in the Gladstone domain user accounts, files and folders, data backups and websites will be permanently deleted ls of how users extract their data when the contract ends
End-of-contract process Firewall rule on the portal will be de-activated, removing access for users
All user accounts on the Gladstone domain will be de-activated
If applicable, all VPN accounts for remote workers will be de-activated
Any internal or external facing websites will be stopped so they can no longer be accessed
A fresh back of database will be taken and added to a password protected zip file and placed on the Gladstone FTP website - then above process kicks in.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Access for users on mobile devices is via browser and the system is designed to render according to the size of device being used. A mobile app is available for the users customer that allows booking of activities.
Service interface No
What users can and can't do using the API API can be used to interface with any 3rd party web pages and systems.
API documentation Yes
API documentation formats HTML
API sandbox or test environment Yes
Customisation available Yes
Description of customisation User interface can be customised with logo and colour theme. Consumer UI can be fully customised and branded in line with buyers requirements.


Independence of resources Our solution has been tested to accommodate the highest possible user requirement.


Service usage metrics Yes
Metrics types Service uptime / downtime reports
Reporting types
  • Real-time dashboards
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest Other
Other data at rest protection approach Gladstone use Key size AES256 to protect data at rest. NTFS permissions and IP White Listing.
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Data can be imported using excel / CSV / IFD
Data export formats
  • CSV
  • Other
Other data export formats
  • Excel SX
  • Text
  • Rich Text format
  • HTML
  • PDF
Data import formats
  • CSV
  • Other
Other data import formats
  • DAT
  • XML

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability Gladstone have partnered with Rackspace to supply our hosting platform to ensure the best service for our customers. This includes a guaranteed 99.95% Network Uptime which. In addition, the Gladstone system includes a fully redundant SQL cluster for all SQL instances, a fully redundant Hypervisor Cluster for VMs (Virtual Machines). In addition to Gladstone’s proactive monitoring. The system benefits from the data Centre’s ‘Rack-watch Platinum’ service. This includes 24/7 hardware monitoring and alerts to any failures. Hardware, Anti-Virus, backups and selected services are all monitored for uptime and availability.
Approach to resilience The infrastructure is monitored 24/7. Automatic recovery/resolution will initiate on any critical infrastructure failures upon alarm trigger. More details available on request
Outage reporting Gladstone have online hosting reporting tools to show uptime, planned maintenance and outages. This is available for customers to log in to view and will show the current status.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Username or password
  • Other
Other user authentication IP white listing
Access restrictions in management interfaces and support channels Username and password based on user groups
Access restriction testing frequency At least every 6 months
Management access authentication
  • Username or password
  • Other
Description of management access authentication IP white listing

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 NQA
ISO/IEC 27001 accreditation date 1/3/2019
What the ISO/IEC 27001 doesn’t cover N/A
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification Yes
Who accredited the PCI DSS certification Self certified under SAQ - D
PCI DSS accreditation date 25/10/2018
What the PCI DSS doesn’t cover Gladstone utilises payment redirect to PCI compliant provider
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes ISO27001

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Full change control will be in place throughout thecontract. This will take the form of an RFC (request for change) document which will include timelines, why the change is required, the impact of the change and any additional costs incurred for implementing the change. In each instance an RFC will be presented to the Project Board to review to ensure clarity on any impacts to the project, including costs and timelines, and to then sign-off on whether the change is acceptable or not.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Annual Pen test is carried out by an independent accredited 3rd party on all external web apps, and internal apps. Inaddition an RDS breakout test is also carried out. The reports are avaliable.
Protective monitoring type Supplier-defined controls
Protective monitoring approach The service is audited for all authentication successful and failed. Key event log IDs are also monitored. Applocker is also employed with event log monitoring. Automatic emails are used with the above to proactively alert any suspicious activity.

Gladstone are ISO27001 certified and have an procedure specifically for Operations Security IO-12, that outlines how Gladstone deal with logging and monitoring
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Security incidents are reported to our security officer and then actioned in accordence with our ISO27001 process and Data protection legistation.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No


Price £34.00 per user per month
Discount for educational organisations Yes
Free trial available No

Service documents

Return to top ↑