G-Cloud 11 services are suspended on Digital Marketplace

If you have an ongoing procurement on G-Cloud 11, you must complete it by 18 December 2020. Existing contracts with SMARTSPACE GLOBAL LTD are still valid.
SMARTSPACE GLOBAL LTD

SmartSpace Workplace Platform - Modular workplace solution

SmartSpace Workplace integrates seamlessly with your existing software and hardware ecosystem including room display panels, MS Office 365, Exchange servers and Active Directory. Choose from room, desk and visitor management modules. Connect your employees with the Mobile App providing, market leading wayfinding, reservations, check in functions and 'find my nearest'

Features

  • Simple integration via plug-in or web application
  • Detailed reporting, Measured, Analysed & optimised data for your workspce
  • Smart & informative wayfinding and location-based services
  • Modular, intuitive desk, meeting room, visitor and resource management
  • Mobile application for Android and iOS
  • Manage assets & resources
  • Fully integrated parking systems, payment and CRM
  • Bespoke client configuration
  • Open API Integration
  • User administration console

Benefits

  • Quickly find a desk, room, meeting, colleague or service
  • Mobile application for a connected employee experience
  • Seamlessly manage visitors, providing an enhanced experience
  • Scale-able solution to address daily workplace challenges
  • Integrate with existing technology
  • Extensive space & desk utilisation and occupancy reporting
  • Manage digital content & publish to multiple channels
  • Improve user experience without leaving your email
  • Fully integrated parking systems, payment and CRM

Pricing

£12 to £20 a licence a month

  • Education pricing available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at <removed>@23b15d03-223e-40a5-99ae-8ed744723d7a.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 11

Service ID

7 7 4 5 3 8 9 2 0 1 5 5 7 5 7

Contact

SMARTSPACE GLOBAL LTD <removed>
Telephone: <removed>
Email: <removed>@23b15d03-223e-40a5-99ae-8ed744723d7a.com

Service scope

Software add-on or extension
No
Cloud deployment model
Private cloud
Service constraints
We have a structured planned maintenance schedule that operates out of business hours (local time).
System requirements
  • Cloud solution does not require any particular hardware to function
  • Touchscreen, mobile devices or tablets (iOS or Android) are optional

User support

Email or online ticketing support
Email or online ticketing
Support response times
2 Business Hours
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
WCAG 2.1 AA or EN 301 549
Web chat accessibility testing
Chat software used follows the VPAT (Voluntary Product Accessibility Template), which documents an audit of the chat systems in regards to the audited framework, the WCAG 2.0 guidelines, and is has been used to address the requirements of Section 508 Standards. It does not utilise audio only or video-only content.
Onsite support
Yes, at extra cost
Support levels
We have three levels of technical support, ranging from troubleshooting to in depth root cause analysis and resolution.

Client manager is allocated as day to day relationship manager.

Priority levels for support:
Urgent - Error is mission critical and work cannot continue without resolution of the error
High - Severe loss of Service, with no available workaround
Medium - Minor loss of Service but the impact is inconvenient as opposed to critical
Low - Mildly inconvenient or superficial loss of function

Standard support is included in the SaaS costs. Additional layers of support are priced based on client need.
Support available to third parties
No

Onboarding and offboarding

Getting started
Standard training materials are provided, and dependant on the complexity and size of implementation specific training can be provided.

Onsite training and webinars are provided at additional costs when requested and all user documentation is provided as part of our continual support.
The onsite training provides personal training sessions for up to 10 people in any one sitting.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
Booking, user and reporting data can be provided in machine-readable format.
End-of-contract process
An exit transition plan will be developed in line with client's requirements, including planning for data transfer.

All costs shall be calculated on a time & material basis.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
Yes
Compatible operating systems
  • Android
  • IOS
  • MacOS
  • Windows
  • Other
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Responsive designs can sometimes provide different levels of functionality but typically all features are mapped.

All services are designed to work on mobile devices, Android and iOS
Service interface
No
API
Yes
What users can and can't do using the API
Many of the aforementioned activities are mapped against API end points for client integration.
API documentation
Yes
API documentation formats
Open API (also known as Swagger)
API sandbox or test environment
No
Customisation available
Yes
Description of customisation
Branding on mobile channels and mobile applications can be changed at cost

Scaling

Independence of resources
We have automatic scale-up and down profiles applied to hosted services in the cloud.
Independence of resources.
Service availability is kept operational through App server and database storage replication or scaling, as required. Post incident metrics assist in planning larger resource.

Analytics

Service usage metrics
Yes
Metrics types
Describe service metrics
Reporting types
  • Real-time dashboards
  • Regular reports

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
  • Other
Other data at rest protection approach
All data is stored on a dedicated Azure instance with access restricted to individuals with a legitimate need to access. All data is encrypted and held in the UK under our control.
Data sanitisation process
Yes
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Typically data can be exported as a CSV.
In some cases the data is anonymised
Data export formats
CSV
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
Other
Other protection within supplier network
Internal virtual networking within Azure has no connectivity to the outside internet at large.

Availability and resilience

Guaranteed availability
We provide SLA-backed guaranteed uptime of 99.5% for all cloud-based platform services.
Contractual SLAs for ongoing support and maintenance services are also provided to ensure continued operation and client satisfaction.
If there are any periods in which SLAs are not achieved then we would be prepared to agree a service credit arrangement.
Approach to resilience
Available upon request
Outage reporting
Outages are reported to our support team by means of email and an online portal accessible to authorised users.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
Access restrictions in management interfaces and support channels
Authentication is required for access into the support help desk, into the Azure hosting portal and all source control repositories.

An access control list is defined to govern what users can do and at what level.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

Access to user activity audit information
No audit information available
Access to supplier activity audit information
No audit information available
How long system logs are stored for
Between 6 months and 12 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
No
Security governance approach
We are engaged and working towards ISO 9001, ISO 27001 and PCI DSS certification
Information security policies and processes
Security policy brief: All policies are within the guidelines held within the ISMS manual. This information security policy is a key component of Information security management framework. It sets the requirements & responsibilities for maintaining information security within the business. Information security events are reported to the ISMS Manager by the Head of Department as quickly as possible. The Company outlines in its Framework Agreement that all employees, contractors and third party users of information systems and services shall be required to note and report any observed or suspected security weaknesses in systems or services.

All information is classified as confidential and therefore access rights are granted in line with job role & responsibilities.

Security policy auditing tool and reporting:
This function is held on file in a secured area within our SharePoint, all non-conformance are reported on a monthly basis to the management meeting and are rated based on severity. Ticketing system is used to monitor the improvements and actions. The owner of the non-conformance is detailed within the form completed. These are also reviewed by way of an annual audit. Non-conformance remain on the list until they have been satisfied and signed off by the ISMS Manager.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
We control releases through automated and manual tests run against DEV and UAT environments and releases are signed off prior to being released to production. Source code is versioned / branched using GIT source control repositories, with all builds being versioned within TeamCity.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
A monthly vulnerability scan against the a large number of criteria is carried out against all production systems. Criteria contain, but are not limited to: OWASP Top 10 (2017), XSS, Authentication & Session Management, SQL injection, XML XE vulnerabilities, Information Disclosure or DoS vulnerabilities. All vulnerabilities are classified into High, Medium, Low, which High defects being resolved within 30 days.
Protective monitoring type
Undisclosed
Protective monitoring approach
Continual monitoring of application service health is performed on all hosted services. If an issue is identified then the team is contacted straight away and we then formulate an action plan.
Incident management type
Undisclosed
Incident management approach
We operate a support help desk that allows clients to communicate with our support engineers.

Incident response and management are documented in our ISMS, and a summary can be provided upon request.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Pricing

Price
£12 to £20 a licence a month
Discount for educational organisations
Yes
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at <removed>@23b15d03-223e-40a5-99ae-8ed744723d7a.com. Tell them what format you need. It will help if you say what assistive technology you use.