Decision Time Meetings (formerly MinutePad) is a feature rich, easy to use platform which supports and enables your governance principles, saving time and money in the process. The system is designed to help any organisation with their meetings and governance requirements.
- Create complex agendas in minutes
- Meeting information and board packs are distributed instantly to participants
- Email notifications and alerts sent directly from the system
- Schedule meetings in advance and notify participants instantly
- Ability for meeting participants to work offline or online
- Very easy to use interface for meeting participants and organisers
- Manage attendance / RSVP data in the system
- Read, annotate, highlight and draw on documents electronically
- Detailed but easy to understand access permissions
- Tasks and ToDo lists both personal and attached to meetings
- Simple navigation ensures all information is easily accessible
- Add notes, draw and highlight pages of interest
- Access all past, present and future meetings in one place
- Information kept in a secure password protected system
- Be better prepared for your meetings and make better decisions
- Access vital company information from the document library
- Create meetings quickly with all details and attached documents
- Save paper, save time and save costs
- Ensure everyone has the same information and the latest version.
- Excellent, responsive support from knowledgeable staff.
£25.00 per user per month
- Education pricing available
- Free trial available
Decision Time Ltd
|Software add-on or extension||No|
|Cloud deployment model||Public cloud|
|System requirements||None - wide range of device and operating systems supported.|
|Email or online ticketing support||Email or online ticketing|
|Support response times||
Hardware and service / service issues are monitored 24/7 automatically and on-call staff alerted to any failure of the system.
Our quality assured support is available Monday to Friday 8:00am to 5:30pm excluding bank and public holidays during those times questions are generally answered within an hour.
Outside those hours the help-desk is monitored for urgent or critical issues and responses are on a best endeavour basis.
|User can manage status and priority of support tickets||Yes|
|Online ticketing support accessibility||None or don’t know|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
The system is monitored 24/7 to automatically detect failures of the software or hosting infrastructure and to alert on-call senior staff who respond to investigate to restore functionality immediately.
User support calls are handled by our helpdesk and can be emailed at any time or telephoned during office hours. All requests generate a ticket which is managed to completion and can be monitored and updated by the customer through a web portal.
Outside normal office hours support tickets are processed by our on call team and we will provide a target resolution of 4 hours of any critical, significant or minor impact issue. General queries and change requests will be addressed on the following office working day.
Critical - System failure or critical processes are non-functional: 1 hour response, up to 4 hours fix.
Significant - Major functionality severely impaired while many operations continue: 1 hour response, up to 6 hours fix.
Minor - Partial, non-critical loss of functionality, non-urgent queries or non-urgent user access issues: 4 hours response, 2 days fix.
Low - Issues not affecting key functionality and low priority user queries : 1 day response, up to 1 week fix.
|Support available to third parties||Yes|
Onboarding and offboarding
|Getting started||Online Training, Onsite Training, Help Documentation, Telephone and Ticketing support|
|Other documentation formats||Video|
|End-of-contract data extraction||Under our standard terms and conditions we require 30 days notification of termination. Once notified we will arrange an export of the customer data in the format that has been agreed at the contract initiation stage.|
Decision Time will provide export and migration services as may have been expressly agreed by the Parties, and as described in the Service Definition.
The scope and cost of the migration will be agreed at the project initiation stage.
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||None - same interface across all platforms.|
|Accessibility standards||None or don’t know|
|Description of accessibility||
The interface and site uses HTML standards and accessibility best practices in general and should be accessible to a wide range of users. However because the purpose is to present documents uploaded but the customer on a wide range of tablet and mobile devices it is not feasible for the site to manage the accessibility of this content.
We are happy to work with customers with accessibility requirements for their board members and staff to find specific solutions.
|Accessibility testing||None to date.|
|What users can and can't do using the API||
The API is not provided for normal user access but for integration with other web services or internal systems used by customers.
The API mainly provides outbound information about meetings and documents that have been appropriately marked as public (for example).
Other uses include the ability to automatically upload files or create meetings which is used for integration or importing legacy data.
Standard documentation is not currently provided since the use of the API is specific and tailored to each customer.
|API sandbox or test environment||Yes|
|Description of customisation||
Significant levels of customisation are built into the system from simple branding to the definition of meeting templates, committees, attendee groups, cover pages, email contents etc. These can all be customised by an authorised administrator for the customer.
Decision Time Meetings (formerly MinutePad) also has increasing number of frameworks and features for more bespoke tailoring of functionality to a customer specific requirement. For example the inclusion of a simple form engine and APIs etc. These types of feature are used by our development and support staff to configure more complex customisation.
|Independence of resources||Using a scalable infrastructure and capacity monitoring and management we are able to stay ahead of user demand. Load balancing solutions are also available and increasingly used.|
|Service usage metrics||Yes|
Administrators can see metrics on number of meetings, users, last login dates also attendance information.
Other metrics are available on request including full details of who accessed a meeting pack and when.
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||Up to Security Clearance (SC)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||No|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||Another external penetration testing organisation|
|Protecting data at rest||
|Other data at rest protection approach||
ISO 27001 certified data centre appropriate for Official data
Comprehensive CCTV coverage with footage retained for 90 days
Biometric and/or RFID badge controlled access to data halls
Physical access limited to specific necessary personnel.
Also key customer data - documents, and notes, are stored encrypted and obfuscated within the database.
|Data sanitisation process||Yes|
|Data sanitisation type||Deleted data can’t be directly accessed|
|Equipment disposal approach||In-house destruction process|
Data importing and exporting
|Data export approach||
Meeting packs can be exported as PDF documents containing all meeting and agenda information and all documents.
Individual documents and agenda details can also be exported as PDF.
|Data export formats||
|Other data export formats|
|Data import formats||
|Other data import formats|
|Data protection between buyer and supplier networks||
|Data protection within supplier network||
Availability and resilience
|Guaranteed availability||As a minimum, the standard service will be available for 99.9% of the time between 8.30am and 5.30pm Monday to Friday, excluding bank/public holidays. With the exception of planned maintenance, the service will be available (but not guaranteed) on a 24x7 basis.|
|Approach to resilience||We use a variety of standard techniques including redundancy to ensure resilience and to continually strengthen and improve availability. More specific information is available on request.|
Outage reports are sent by email and text to the support team and displayed on a private dashboard.
Customers are generally notified by email of any significant outages affecting them.
Identity and authentication
|User authentication needed||Yes|
|Access restrictions in management interfaces and support channels||
In most cases management interfaces such as the creation of users, changing their permissions etc. is carried out by a specified administrative user within the customer's organisation and authorised by their username and password.
The support team are instructed not to make direct changes to, for example, the permissions of a meeting or a user unless absolutely necessary and then only after we have contacted the appropriate meeting organiser by phone or email to confirm.
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||
Audit information for users
|Access to user activity audit information||Users contact the support team to get audit information|
|How long user audit data is stored for||At least 12 months|
|Access to supplier activity audit information||Users contact the support team to get audit information|
|How long supplier audit data is stored for||At least 12 months|
|How long system logs are stored for||Between 6 months and 12 months|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||BMTRADA|
|ISO/IEC 27001 accreditation date||July 2016|
|What the ISO/IEC 27001 doesn’t cover||Our certification covers Development and support of web based products for public, private and voluntary sectors.Anything outside of this scope is not covered.|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||No|
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||ISO/IEC 27001|
|Information security policies and processes||
As part of our ISO27001 implementation we have developed an Information Security Policy Manual (ISMS). This ISMS applies to all information assets held by Decision Time. It applies to all users who undertake work for Decision Time or use any part of the IT infrastructure whether as an employee, a contractor, partner agency, external consultant or 3rd party IT supplier.
The scope of the Policy applies to the provision of software solutions from the company Head office at Antrim. A separate ISO27001 certification is held by our hosting provider and covers all of their hosting and infrastructure provision.
The ISMS, statements of policy, individual policies are communicated regularly to all staff and are audited both internally by the management team, by third-party consultants and externally by the awarding body.
Acceptable Usage Policy
Access Control Policy
Asset Mgt Policy
Business Continuity Policy
Change Control Policy
Data Protection Policy
Incident Management Policy
Information Retention, Archiving and Disposal policy
Information Security Policy
Maintenance and Capacity
Mobile Device Policy
Project Management and Secure Development Policy
Risk Assessment Process
Vulnerability Management Policy
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||
Server and infrastructure information is tracked through a set of secure documents detailing access controls etc and the configuration details. changes to these are agreed by the Technical Director prior to rollout and assessed for their security implications as required.
Changes to software are handled through a distributed revision / version control system that maintains a history of changes and their authors and allows easy reversion and roll-back when necessary.
A "Pull Request" process controls any changes to the master branch of the code ensuring that changes are reviewed by Senior Developers for quality, bugs and security.
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||
Our vulnerability management policy sets out a process to ensure that technical vulnerabilities are managed in proactive manner.
This includes periodic penetration testing by our own staff and by external consultants as necessary, Automated update processes Log monitoring and perimeter testing and monitoring tools.
This is an evolving process with additional checks and procedures implemented where identified by the technical team.
|Protective monitoring type||Undisclosed|
|Protective monitoring approach||
There are automated and manual protective monitoring processes in place but it would not be appropriate to disclose them.
More details can be provided to customers on request.
|Incident management type||Supplier-defined controls|
|Incident management approach||
A specific Incident Management policy is in place. The purpose of this policy is as follows:
1) To ensure that incidents are identified and logged;
2) To ensure that incidents are investigated;
3) To ensure that corrective measures are identified and introduced.
All staff are individually responsible for reporting information security incidents.
All incidents are reported to the Technical Director or in his absence the Business Director. He/she will then ensure that an appropriate investigation is undertaken and details communicated to any affected customers.
A full process for investigation and reporting is documented in the policy.
|Approach to secure software development best practice||Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)|
Public sector networks
|Connection to public sector networks||Yes|
|Connected networks||Joint Academic Network (JANET)|
|Price||£25.00 per user per month|
|Discount for educational organisations||Yes|
|Free trial available||Yes|
|Description of free trial||Full access to the software for a maximum of 3 users and 3 meetings plus online training session for Meeting Organisers. Trial period 4 weeks|
|Pricing document||View uploaded document|
|Skills Framework for the Information Age rate card||View uploaded document|
|Service definition document||View uploaded document|
|Terms and conditions document||View uploaded document|