SMARTSPACE GLOBAL LTD

SmartSpace Workplace Platform - Modular workplace solution

SmartSpace Workplace integrates seamlessly with your existing software and hardware ecosystem including room display panels, MS Office 365, Exchange servers and Active Directory. Choose from room, desk and visitor management modules. Connect your employees with the Mobile App providing, market leading wayfinding, reservations, check in functions and 'find my nearest'

Features

  • Simple integration via plug-in or web application
  • Detailed reporting, Measured, Analysed & optimised data for your workspce
  • Smart & informative wayfinding and location-based services
  • Modular, intuitive desk, meeting room, visitor and resource management
  • Mobile application for Android and iOS
  • Manage assets & resources
  • Fully integrated parking systems, payment and CRM
  • Bespoke client configuration
  • Open API Integration
  • User administration console

Benefits

  • Quickly find a desk, room, meeting, colleague or service
  • Mobile application for a connected employee experience
  • Seamlessly manage visitors, providing an enhanced experience
  • Scale-able solution to address daily workplace challenges
  • Integrate with existing technology
  • Extensive space & desk utilisation and occupancy reporting
  • Manage digital content & publish to multiple channels
  • Improve user experience without leaving your email
  • Fully integrated parking systems, payment and CRM

Pricing

£12 to £20 per licence per month

  • Education pricing available

Service documents

G-Cloud 11

774538920155757

SMARTSPACE GLOBAL LTD

Steven Black

+44 (0)845 094 5686

commercial@smartspaceplc.com

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints We have a structured planned maintenance schedule that operates out of business hours (local time).
System requirements
  • Cloud solution does not require any particular hardware to function
  • Touchscreen, mobile devices or tablets (iOS or Android) are optional

User support

User support
Email or online ticketing support Email or online ticketing
Support response times 2 Business Hours
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support Web chat
Web chat support availability 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard WCAG 2.1 AA or EN 301 549
Web chat accessibility testing Chat software used follows the VPAT (Voluntary Product Accessibility Template), which documents an audit of the chat systems in regards to the audited framework, the WCAG 2.0 guidelines, and is has been used to address the requirements of Section 508 Standards. It does not utilise audio only or video-only content.
Onsite support Yes, at extra cost
Support levels We have three levels of technical support, ranging from troubleshooting to in depth root cause analysis and resolution.

Client manager is allocated as day to day relationship manager.

Priority levels for support:
Urgent - Error is mission critical and work cannot continue without resolution of the error
High - Severe loss of Service, with no available workaround
Medium - Minor loss of Service but the impact is inconvenient as opposed to critical
Low - Mildly inconvenient or superficial loss of function

Standard support is included in the SaaS costs. Additional layers of support are priced based on client need.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started Standard training materials are provided, and dependant on the complexity and size of implementation specific training can be provided.

Onsite training and webinars are provided at additional costs when requested and all user documentation is provided as part of our continual support.
The onsite training provides personal training sessions for up to 10 people in any one sitting.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction Booking, user and reporting data can be provided in machine-readable format.
End-of-contract process An exit transition plan will be developed in line with client's requirements, including planning for data transfer.

All costs shall be calculated on a time & material basis.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install Yes
Compatible operating systems
  • Android
  • IOS
  • MacOS
  • Windows
  • Other
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Responsive designs can sometimes provide different levels of functionality but typically all features are mapped.

All services are designed to work on mobile devices, Android and iOS
API Yes
What users can and can't do using the API Many of the aforementioned activities are mapped against API end points for client integration.
API documentation Yes
API documentation formats Open API (also known as Swagger)
API sandbox or test environment No
Customisation available Yes
Description of customisation Branding on mobile channels and mobile applications can be changed at cost

Scaling

Scaling
Independence of resources We have automatic scale-up and down profiles applied to hosted services in the cloud.
Independence of resources.
Service availability is kept operational through App server and database storage replication or scaling, as required. Post incident metrics assist in planning larger resource.

Analytics

Analytics
Service usage metrics Yes
Metrics types Describe service metrics
Reporting types
  • Real-time dashboards
  • Regular reports

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
  • Other
Other data at rest protection approach All data is stored on a dedicated Azure instance with access restricted to individuals with a legitimate need to access. All data is encrypted and held in the UK under our control.
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach Typically data can be exported as a CSV.
In some cases the data is anonymised
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network Other
Other protection within supplier network Internal virtual networking within Azure has no connectivity to the outside internet at large.

Availability and resilience

Availability and resilience
Guaranteed availability We provide SLA-backed guaranteed uptime of 99.5% for all cloud-based platform services.
Contractual SLAs for ongoing support and maintenance services are also provided to ensure continued operation and client satisfaction.
If there are any periods in which SLAs are not achieved then we would be prepared to agree a service credit arrangement.
Approach to resilience Available upon request
Outage reporting Outages are reported to our support team by means of email and an online portal accessible to authorised users.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
Access restrictions in management interfaces and support channels Authentication is required for access into the support help desk, into the Azure hosting portal and all source control repositories.

An access control list is defined to govern what users can do and at what level.
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information No audit information available
Access to supplier activity audit information No audit information available
How long system logs are stored for Between 6 months and 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach We are engaged and working towards ISO 9001, ISO 27001 and PCI DSS certification
Information security policies and processes Security policy brief: All policies are within the guidelines held within the ISMS manual. This information security policy is a key component of Information security management framework. It sets the requirements & responsibilities for maintaining information security within the business. Information security events are reported to the ISMS Manager by the Head of Department as quickly as possible. The Company outlines in its Framework Agreement that all employees, contractors and third party users of information systems and services shall be required to note and report any observed or suspected security weaknesses in systems or services.

All information is classified as confidential and therefore access rights are granted in line with job role & responsibilities.

Security policy auditing tool and reporting:
This function is held on file in a secured area within our SharePoint, all non-conformance are reported on a monthly basis to the management meeting and are rated based on severity. Ticketing system is used to monitor the improvements and actions. The owner of the non-conformance is detailed within the form completed. These are also reviewed by way of an annual audit. Non-conformance remain on the list until they have been satisfied and signed off by the ISMS Manager.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach We control releases through automated and manual tests run against DEV and UAT environments and releases are signed off prior to being released to production. Source code is versioned / branched using GIT source control repositories, with all builds being versioned within TeamCity.
Vulnerability management type Supplier-defined controls
Vulnerability management approach A monthly vulnerability scan against the a large number of criteria is carried out against all production systems. Criteria contain, but are not limited to: OWASP Top 10 (2017), XSS, Authentication & Session Management, SQL injection, XML XE vulnerabilities, Information Disclosure or DoS vulnerabilities. All vulnerabilities are classified into High, Medium, Low, which High defects being resolved within 30 days.
Protective monitoring type Undisclosed
Protective monitoring approach Continual monitoring of application service health is performed on all hosted services. If an issue is identified then the team is contacted straight away and we then formulate an action plan.
Incident management type Undisclosed
Incident management approach We operate a support help desk that allows clients to communicate with our support engineers.

Incident response and management are documented in our ISMS, and a summary can be provided upon request.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £12 to £20 per licence per month
Discount for educational organisations Yes
Free trial available No

Service documents

pdf document: Pricing document pdf document: Service definition document pdf document: Terms and conditions
Service documents
Return to top ↑