Provision of cloud-based catering management including stock items, recipes, menus, ordering including suggested orders based on future demand, receiving, supplier invoice checking and passing for payment, customer (pupil/parent/diner etc.) menus for ordering choosing paying by either cash or cashless or account. Licence access by power operators, free for pupils, parents.
- Access by any standard browser from any internet-connected device.
- Real-time access by multiple users from multiple sites/centres.
- One hundred levels of power and security.
- Free access for almost unlimited numbers of zero-level users.
- All access to the system via encrypted communication.
- Almost any number of operational centres (e.g. schools, colleges).
- Several optional security features (e.g. DDOS circumvention).
- Open source version for eventual movement of system in-house.
- No need for backups or security beyond normal device protection.
- No expertise needed beyond use of PC, tablet, etc.
- Targetted on-line help for screens.
- Screens tailored by you for different layouts/fonts/colours/languages .
- Fields programmed by you to invoke actions or applications.
- Almost any number of tailored-by-you user environments provided.
- Caterman users can interact with other applications.
- Audit trail provides replication of screens from history.
- User accounts are updated almost immediately when using PayPal etc.
£240 per person per quarter
- Education pricing available
|Software add-on or extension||No|
|Cloud deployment model||Public cloud|
|Service constraints||Service not available in UK between midnight and 1am.|
|Email or online ticketing support||Email or online ticketing|
|Support response times||Response in 24 hours 9.00am to 5.00pm Monday-Friday only.|
|User can manage status and priority of support tickets||Yes|
|Online ticketing support accessibility||None or don’t know|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
Support is provided within the licence fee at a standard level.
There is only one level.
We provide resource as deemed appropriate, and we do not provide anything but application support, i.e. no PC support, no internet connection support, no general computing support. Any support provided which is not related to the application may be chargeable. Telephone support is only for emergency use, and may be chargeable.
|Support available to third parties||Yes|
Onboarding and offboarding
|Getting started||Interactive co-operation, some tasks performed for customer. General handholding for first three months including one month free trial.|
|End-of-contract data extraction||
Customers may obtain a copy of their data at any time in the form of a database or as a series of separate files in either comma-delimited or tab-delimited form suitable for loading into spreadsheets. There is a charge for this, not exceeding 5% of annual licence fee. Certain security measures are required for transfer.
Most data can be extracted by empowered users as reports at any time without charge (a normal activity of the system).
The customer may simply terminate the contract, or take a copy of data, or move the data to an Open Source version of Caterman in-house subject to certain conditions and safeguards including continued payment of 50% of the licence fee until the system ceases to be used.
As part of the contract, the customer must agree to state a date on which, subsequent to Caterman cloud-based use being terminated, ALL customer data held by us is to be destroyed.
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||
Users each have one of many thousand defined Caterman environments.
Different environments may be created by you for different types of user and for different devices if necessary.
|Accessibility standards||None or don’t know|
|Description of accessibility||
Service accessible thru browser by entering the web server URL.
The user device requires accepted standard encryption capability.
|Accessibility testing||None documented as we do not inquire on characteristics of our users.|
|What users can and can't do using the API||APIs are only available to users by arrangement and implementation may be chargeable depending on user requirements.|
|API sandbox or test environment||Yes|
|Description of customisation||
All fields can be tailored by customer power users to change text into other text, other fonts, other colours, different positions on screen, and to invoke by mouse action (click, double click, hover, etc.) or similar an action or an audio or pictorial response or invoke another application (e.g. an inquiry on your in-house personnel system, etc. - any application available on the user device on that network). An example of this is a school power user could invoke from a pupil school meal account screen i.d. field a screen showing the pupils photograph and peral details kept on a storage device in the school accessible only via the school network - e.g. a HTML record in a disk file on a school server mounted as a disk on the user PC (putting photos of children on the internet is not advised).
Some schools might wish to provide environments for users in different languages or with facilities to offer a different language text, or audio as well by mouse action.
|Independence of resources||
Caterman is monitored for any excess response time. The servers are upgraded as required.
System response time depends on user power/security level. Higher priority users take precedence over lower priority users, so system overload manifests first at level zero. Higher power level users are unlikely to be affected before system resources are increased.
|Service usage metrics||No|
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||Up to Baseline Personnel Security Standard (BPSS)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||Yes|
|Datacentre security standards||Managed by a third party|
|Penetration testing frequency||At least every 6 months|
|Penetration testing approach||In-house|
|Protecting data at rest||
|Data sanitisation process||Yes|
|Data sanitisation type||Deleted data can’t be directly accessed|
|Equipment disposal approach||In-house destruction process|
Data importing and exporting
|Data export approach||Many reports are available on demand in format suitable for export to other computer systems. Bespoke export in the form of customer-defined files are available on request subject to a small charge. Please note that all enhancements and extra facilities added to Caterman by any customer will be available to all Caterman cloud customers.|
|Data export formats||
|Other data export formats||Oracle database on termination of contract or move in-house.|
|Data import formats||CSV|
|Data protection between buyer and supplier networks||
|Data protection within supplier network||
|Other protection within supplier network||Encryption.|
Availability and resilience
|Guaranteed availability||One days licence credit for any failure of service between the hours 1am and midnight on any day. No responsibility is accepted for end-user equipment problems, internet connection thru to our servers, internet providers DNS server failure, or any problems arising from matters outside of our control.|
|Approach to resilience||Data is held on mirrored storage in secure datacentres either selected by us or, in some cases, chosen by the customer. Backup copies of the database are taken daily, and a log of all user screen content is kept.|
|Outage reporting||Email alerts for known outages.|
Identity and authentication
|User authentication needed||Yes|
|Other user authentication||
End users must supply two security codes, password and PIN. The password and PIN may be changed at any time by the user. Retrieval of lost password requires intervention supervisor. Optionally, Caterman can require input of codes sent by SMS.
Other security checks include circumstances where a user cannot log-on unless another defined user is already logged on, or can only log on from a particular ip address or range of ip addresses (e.g. a local network, a country, an account operated from only one IP address - users may have more than one account, e.g. one each for office/home).
|Access restrictions in management interfaces and support channels||
End users of Caterman are restricted to system facilities according to a template of authoristaions allowed for a password account/security level.
An end user can have multiple accounts so that, working from the office, the user can utilise certain high level management facilities, but working from home only a restricted set of facilities, and working from a public WiFi access point, only basic facilities.
Support is available to defined email accounts and must contain a code in the subject line to reach the assigned support personnel.
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||User-defined|
|Access to supplier activity audit information||Users have access to real-time audit information|
|How long supplier audit data is stored for||User-defined|
|How long system logs are stored for||User-defined|
Standards and certifications
|ISO/IEC 27001 certification||No|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||Yes|
|Any other security certifications||Dependent on chosen server farm.|
|Named board-level person responsible for service security||Yes|
|Security governance certified||No|
|Security governance approach||Initially, only security-validated personnel have access to user data. All development and testing is carried out on test databases. After the customer is running normally, the control of access to the system is handed to the customer, after which control of the system resides with the customer and access is unavailable to anyone without customer assistance.|
|Information security policies and processes||All software we use is kept up to date regarding virus and other attack vectors. The computer press and internet are monitored for any developments which may threaten attack, and appropriate steps are taken .|
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||
Caterman is subject to periodic updates for all cloud users, and most in-house clients. Comprehensive testing of modified modules is carried out beforehand. Each iteration of entire Caterman is saved by release date as modules interact with each other.
No changes which impact on security are entertained, except where a vulnerability is discovered (unlikely, after so many years).
|Vulnerability management type||Undisclosed|
|Vulnerability management approach||The computer press and other media concerned with computer and data security are monitored and any new threats assessed. Any potential threat is evaluated and any improvement required applied as soon as possible. The only attack point is the central processing server for the customer and, where utilised, distributed access web servers. Vulnerablities on internet connection and user end-devices are not our responsibility, however will be notified to customers where detected. The only interaction with the main server is via browser, and the only functionalities supported by the web servers are html processing by Apache plus one other (undisclosed).|
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||Sophisticated access monitoring is maintained and unauthorised access notified immediately. Logs are maintined for examination of any unauthorised activity, and customers are notified by email if their data might be compromised (unlikely). Depending on when unauthorised activity takes place, response varies from immediate to 12 hours.|
|Incident management type||Undisclosed|
|Incident management approach||
There are no common events, and no events whatsoever attributable to our service for more than five years. Users report incidents by email, or telephone in the event of emergency (may be chargeable if event is not within our area of responsibility).
All customers affected receive a report detailing what the incident was and what impact it had on their service or data, and what steps we took and/or are taking.
|Approach to secure software development best practice||Supplier-defined process|
Public sector networks
|Connection to public sector networks||Yes|
|Price||£240 per person per quarter|
|Discount for educational organisations||Yes|
|Free trial available||Yes|
|Description of free trial||
Full Caterman cloud test bed plus skeleton live Caterman cloud installation. All standard non-chargeable Caterman facilities are available.
Support is non-contractual, and is restricted to low priority as no team is assigned.
The free trial is for 10 users for one month to three months depending on mutual agreement.
|Link to free trial||https://caterman.uk|
|Pricing document||View uploaded document|
|Skills Framework for the Information Age rate card||View uploaded document|
|Service definition document||View uploaded document|
|Terms and conditions document||View uploaded document|