Dootrix

Verso Libraries Self-Service Kiosks

We have developed a simple, fast and intuitive new platform

Built to save space, look good and keep on working, our kiosks offer a lighter weight alternative to traditional self-service mega-kiosks.

Features

  • Barcode scanning
  • RFID
  • Card and contactless payments
  • Receipt printing
  • Connects to all the top library management systems
  • Customer design and branding
  • Works offline and mobile
  • Fully GDPR compliant

Benefits

  • Flexible kiosk solution that can be deployed and redeployed easily.
  • Modern solution for the modern library
  • Easy to use. Extensive research informed the hardware and software.
  • Portable and securable. Use in both main and mobile libraries.
  • Secure, fault tolerant. Operates even when your network is down.

Pricing

£200 to £750 a unit a month

  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at hello@dootrix.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

6 8 4 6 4 0 0 1 9 1 7 3 5 4 2

Contact

Dootrix Dootrix
Telephone: 02392001990
Email: hello@dootrix.com

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
All major LMS solutions
Cloud deployment model
Public cloud
Service constraints
None
System requirements
An LMS System

User support

Email or online ticketing support
Yes, at extra cost
Support response times
Options are available
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 AAA
Phone support
Yes
Phone support availability
9 to 5 (UK time), 7 days a week
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
A single tier of support is included.
Email and telephone support with ticketing portal.
Faulty hardware is replaced next business day.
Quarterly technical account manager meetings.
The platform is fully supported by cloud support engineers.
Support available to third parties
No

Onboarding and offboarding

Getting started
The system is designed to be self setup and operate. As such is easy to use.

We also provide
- onsite training
- online documentation
Service documentation
Yes
Documentation formats
  • HTML
  • ODF
  • PDF
End-of-contract data extraction
There is no data stored on the hardware or software that we provide. All data is stored in the LMS.
End-of-contract process
The contract includes
- Hardware fix or replace as required.
- Cloud service
- Over the air software updates
- Support

Additional costs
- Payment provider fees.

Using the service

Web browser interface
No
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
None
Service interface
No
API
No
Customisation available
Yes
Description of customisation
Branding is customisable.

Also,
- LMS provider
- Payment gateway
- Help text and info (ie. locations of return bins, etc)
- Fees and fines
- Customer 'credit' limits.

Scaling

Independence of resources
The modern cloud architecture auto scales at the function level on demand.

Analytics

Service usage metrics
Yes
Metrics types
- Transaction numbers.
- Support statistics.
Reporting types
Regular reports

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Staff screening not performed
Government security clearance
None

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Yes
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
  • Other
Other data at rest protection approach
We do not store any data on systems.
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
No data is stored on the system.
Data export formats
Other
Data import formats
Other

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
The cloud service is guaranteed 99.5% uptime.
Faulty hardware covered by the SLA will be replace next business day.
Approach to resilience
Available on request.
Outage reporting
Email alerts.

Identity and authentication

User authentication needed
Yes
User authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
  • Other
Other user authentication
Members of the public do not require authentication to use an installed kiosk. Library cards are used for ID.

For the Kiosk to be setup and administered.
Hardware connections are IP restricted.
Connections to the LMS follow the authentication guidelines for the specific system.
Access restrictions in management interfaces and support channels
Username and password, IP restrictions (IF required)
Access restriction testing frequency
At least every 6 months
Management access authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
  • Other
Description of management access authentication
IP restriction.

Audit information for users

Access to user activity audit information
Users receive audit information on a regular basis
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
No
Security governance approach
Our InfoSec policy is documented and reviewed every 6 months and signed off at board level. (available on request)
Information security policies and processes
Our policy is defined and documented by; Head of Dev Ops, Tech lead
Head of Engineering and ultimately signed off by the Technical Director.

This document addresses some of the access requirements to build and manage cloud services and how employees and other parties should interact with them to limit the attack surface and mitigate damage through security segmentation.

There are two aspects to a robust security strategy. Those approaches that relate to the process (activities and means of interaction) and those that relate to the artefact (dynamic and static items under protection). The process governs items such as access to code/assets, deployment and configuration procedures whereas the artefact relates to the security considerations for the delivered application itself. The process is the more generic of the two whereas the artefact considerations must be appropriate for the particular artefact being generated, the context in which it is used and the features being provided.

As such much of this document focuses on the surrounding tools/process of development rather than the developed code itself. For some high level discussion of the application development considerations please see the Technical Implementation section.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
All changes are documented and logged.

Changes are reviewed by Head of Dev Ops, Tech lead, Head of Engineering and singed off by the Technical Director.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Our cloud platform provides auto vulnerability detection and updates.
Our information comes directly from AWS with fixes deployed as soon as they are available.

We also run auto threat detection on all deployments.

Threat modelling tools are used to map out, and prioritise risk on all new developments and existing deployments.

For the standard software component:
- We have a logging system to see potential issues and flags for possible problems

how quickly you deploy patches to your services
- Once something is resolved (fixed, reviewed, tested) we can deploy in a matter of minutes over the air.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
This is a fully managed and auto protected serverless architecture. AWS provide alerts and patching as soon as a potential threat is identified.

We run auto threat detection on all deployments which alerts the team in real time. Threats raise tickets and provide a fill audit of progress.

Threat modelling tools are used to map out, and prioritise risk on all new developments and existing deployments.
Incident management type
Supplier-defined controls
Incident management approach
Online documentation is provided for common issues.
User can report incidents via our support portal and telephone hotline.
Incident reports are available via the portal for all ongoing and close incidents.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Pricing

Price
£200 to £750 a unit a month
Discount for educational organisations
No
Free trial available
Yes
Description of free trial
A kiosk installed for 1 month.
Any costs for bespoke configuration are not included.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at hello@dootrix.com. Tell them what format you need. It will help if you say what assistive technology you use.