Target Information Systems Limited

Gatehouse: Visitor Manager & Contractor Control

Gatehouse is a contractor control database to manage visit bookings to your location(s) for Visitors and Contractors. Gatehouse manages Inductions & Assessments, Risk Assessment and Method Statement Reveiew/Approvals, Permits to Work Tracking, Vehicles on Site and Fire Registers. Gatehouse manages Contractor Compliance and thier Insurances, Certifications & Accreditations.


  • Supplier Onboarding Process - PQQ, Insurances, Certification, RAMS
  • Database of staff who invite Visitors and Contractors to Site(s)
  • Database of Contractor Companies and their Compliance Documentation
  • Database of Contractors, their bookings, Inductions, visit site and RAMS
  • Diary Management Dashboard for Visitors and Contractors
  • Visitor & Contractor Booking
  • Alerts & Escalations: RAMS, CHAS, CDM, NEc3 – Compliance Covered
  • Sign Out & Return Issued Items process
  • Document & Digital Asset Storage
  • Site Fire Register


  • Significant saving in time and management of Contractor information
  • Automated document renewal for insurances and accreditation
  • Automated & Remotely Viewed Inductions & Assessments
  • Compliance Evidence for Audit Purposes
  • Automated Health & Safety Questionnaires
  • Booking emails. Visitors and Contractors Inductions and RAMS uploading
  • Track and Trace of Issued Items such as keys/PTW
  • Live site fire register


£9750 to £24500 per instance

  • Education pricing available

Service documents

G-Cloud 10


Target Information Systems Limited

Phil Atkinson

07702 248 948

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints No. Gatehouse requires any modern browser on PC, Tablet or Smartphone with a connection to the Internet.
System requirements
  • Any modern browser
  • A connection to the Internet

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Support response times We provide a response within an hour to support emails Monday to Friday 9am to 5.30pm excluding bank holidays.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support Web chat
Web chat support availability 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard WCAG 2.0 AAA
Web chat accessibility testing Target has worked with clients to enable a range of users to access our databases.
Onsite support Yes, at extra cost
Support levels All support matters are to be first raised to the support email: Target provides application support between the hours of 9.00am and 5.30pm Monday to Friday excluding Bank Holidays. A support matter emailed to the support email can be followed up with a call in office hours to: 01226 212 056. Support incidents are split into three priorities: Priority One This is where an application is unavailable and users are unable to access the system. This will be responded to in one hour in business hours and have a resource dedicated to the problem until it is resolved. Target will work 24/7 on this problem until it is resolved. Priority Two This is for intermittent, non-critical support matters where the application is available and an error is occurring which does not affect normal usage of the system. Priority two matters will be responded to within four business hours, and typically resolved within 72 hours. Priority Three For minor matters such as layout issues, spelling mistakes in graphical text or minor amends; these will either be resolved within seven working days or scheduled for an agreed date/time
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Gatehouse is Mobilised fit for purpose to store all required information and documents.

The mobilisation is complete with face to face training onsite and then by free training over webinar. We are here to help our clients along the entire journey towards gaining Control, Visibility, and Compliance with Contractors.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction The data can be exported, upon request at the end of the contract. There may be an additional cost to provide the data in the required format
End-of-contract process As you Data Processor we are here to help. Upon notice to end the agreement arrangement will be made to export the data.

The data is provided in CSV with a link to the related documents.

If the data is required in a specific formay there may be an additional charge.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The layout is different but the same functionality and information is available.
Accessibility standards WCAG 2.0 AAA
Accessibility testing Target has carried out accessibility testing with a variety of public sector clients using a variety of methods. If you have specific requirements we would be happy to meet them.
Customisation available No


Independence of resources Access to the applications are load balanced.


Service usage metrics Yes
Metrics types Total number of Internal Users. Total Number of Visitors and Contractors. Disk storage usage and data transfer usage available on request.
Reporting types
  • Real-time dashboards
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest Physical access control, complying with another standard
Data sanitisation process No
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Users are currently not able to export their own data. If you have a requirement to do this we will be able to help.
Data export formats Other
Other data export formats Not able. We can provider an export tool if required.
Data import formats Other
Other data import formats Users can not upload data into Gatehouse.

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability Target provide 99.95% availability
Approach to resilience Available on request
Outage reporting Target has real-time monitoring tools. Outages are reported to client via email alerts and our website.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels Permission based user accounts & access.
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach Acting as your Data Processor, Target takes security very seriously. We have a Information Security Policy and our systems are pentration tested annually. Our data centres are audited and/or certified by various internationally-recognized attestation and certification compliance standards.
Information security policies and processes Target has a nominated Data Security Manager who is a board level Director. We have an Information security policy which is an element of the ISO27001 accrediation that we are working towards. Target signs a GDPR contract to act on behalf our customers as their Data Processor.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Target is accreditted with ISO9001:2008 and the change management process is part of the Quality Management System.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach Target operates real-time server monitoring to attempt to track and trace unsual activity to our servers. This is also supported by our datacentre staff who are also on hand to help manage potential threats. provide our regular testing and we deploy repairs immediately on being made aware of issues.
Protective monitoring type Supplier-defined controls
Protective monitoring approach We identify potential compromises by moniyoring server activity and maintaining detailed logs. These logs are reviewed periodically. We would respond immediately upon finding a potential compromise.
Incident management type Supplier-defined controls
Incident management approach As we work towards ISO27001 we are developing pre-defined processes for common events. Users would currently report any incident via This would typically happen after automated processes have notified us. We provide incidents reports via email and via notification on our website.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No


Price £9750 to £24500 per instance
Discount for educational organisations Yes
Free trial available No


Pricing document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑