TAAP LTD

TAAP Smart Facilities Management for Desk Booking and Room Booking

TAAP Smart Facilities Management is an asset management resource tracking tool to help organisations manage booking desks, booking rooms, booking Car Parking Spaces, and other organisational facilities.

It builds upon the TAAP Room Booking product with optional customising to meet client specific requirements, delivering solutions without clients having to compromise.

Features

• Digital Asset Management (Room booking, Desk booking, Car Parking, etc...)
• One app for Visitor Sign In, Rooms, Desk etc...
• Contactless Sign In, Room and Desk Allocation Checking
• Visitor ID Digital or Printed Badge Generation
• GDPR Compliant Digital Services
• Variable Data Entry by Location including Photos
• Web App/Device App for use on any type of phone
• Contactless / No Touch so Covid Safe, no touch
• User Mapping to Resource by Site, Building, Location, Floor etc...
• Biometric Access, Proximity Sign In, Geo Fence Sign Out

Benefits

• Fast and Efficient to Sign In, 1 - 2 seconds
• Cloud Hosted, no special hardware required
• Can be live in 30 minutes from order
• Allows for Guidance / Terms of Entry to be agreed
• Fire and Safety Instructions provided to guests
• On Evacuation identify people in building that need assistance
• Global App and streamlines sign in process
• Alerts meeting host when guests arrive for a meeting
• Real Time Visibility of Assets and Utilisation Levels
• Advanced Searching and Booking Options (helping Healthcare with Clinic Bookings)

£55 a unit a month

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Steve.Higgon@ontaap.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

242269824754585

Contact

Steve Higgon
08452309787
Steve.Higgon@ontaap.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: TAAP Smart is built on the TAAP Enterprise Application Platform. You can extend TAAP Smart to include almost any additional digital workflows or FM services you might require.
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Hybrid cloud
• Service constraints: The solution is being continually extended and their are no constraints or restrictions.
• System requirements:
  • Reception Service requires browser access to the web
  • People signing in need access to the web
  • The solution will work with all modern mobile phones

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We provide normal business working hours support. Support is managed/delivered via an Email Support desk.
• User can manage status and priority of support tickets: No
• Phone support: No
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Email support is the primary contact model. If there are significant issues we would revert to telephone support to fix and resolve
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Our users are setup by: 1) our Partner Channel, 2) our Direct Sales Channel. Depending on who the end user is, assistance will be provided depending on how they were acquired initially. A user is given a plethora of documentation upon signing up to the TAAP Visitor Book system available online. In addition to FAQs, online group training may be provided via screen share.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: TAAP Visitor Book has a configurable retention period; after which data will be auto-purged periodically. However, should a user wish to extract their data before the contract ends, on the proviso there is data in the system prevalent before the retention period is executed, their data will be available securely via an encrypted .zip file (data dump).
• End-of-contract process: The TAAP Visitor Book is a SaaS (software as a service) product with a 1 year minimum contract term commitment.; Within the contract price is our base product license for the company and a license fee for each site/location. ; An additional cost will be if a company wants to use additional features that would require the 'Pro' version of the product; in which case depending on the requirement, the cost is adjusted accordingly, payable in arrears.; At the end of the contract, login to the system is severed and we will engage with the end user at least 4 weeks before the end of the contract term to gauge their intentions.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: No - its designed for a mobile sign in device and web browser for reception/management.
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: Yes
• What users can and can't do using the API: Its a service API we can extend for integration with 3rd party apps. This is a costed POA service feature.
• API documentation: No
• API sandbox or test environment: Yes
• Customisation available: No

Scaling

• Independence of resources: TAAP Visitor Book uses scalable Cloud services. Scalability ensures TAAP Visitor Book application can handle bursts of traffic or resource-heavy jobs. This is handled automatically by scaling up the architecture it's hosted on. Auto-provisioning of more resources means handling more traffic or demand from other users. Therefore, TAAP Visitor Book is unaffected by loads and demands from other users, which is why the product can be used Globally with infinite users.

Analytics

• Service usage metrics: Yes
• Metrics types: Reports on request.
• Reporting types: Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Other
• Other data at rest protection approach: The Cloud hosting provider for TAAP Smart includes tools to safeguard data using Encryption at Rest as a security requirement. The the goal of encryption at rest is that data that is persisted on disk is encrypted. The Encryption at Rest designs in Microsoft Azure use symmetric encryption to encrypt and decrypt large amounts of data quickly, therefore protecting the data at all times.
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Users may export their data from the TAAP Visitor Book web portal; export functionality is provided through any modern web-browser, in .csv export format. However, customer's need to be aware of data retention rules pre-configured by them at the start.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: The Cloud provider for TAAP Smart, Microsoft Azure, offer a 99.9% availability of services as per this link: https://azure.microsoft.com/en-gb/support/legal/sla/summary/. However, this isn't guaranteed as depending on the severity of the issue, outages could last for several hours. TAAP therefore have an inhouse support SLA built into our service contracts with their customer/end-user, reviewed on a case-by-case basis in regard to refunds if the guaranteed levels of availability are not met. More details of this can be provided upon request.
• Approach to resilience: Reliable applications are: 1) Resilient - and recover gracefully from failures, and they continue to function with minimal downtime and data loss before full recovery, 2) Highly available (HA) - and run as designed in a healthy state with no significant downtime. Resiliency is achieved by using a Cloud provider that has national and global infrastructure presence. This is referred to as 'Reliability Pillar', building a reliable scalable application in the Cloud is different from traditional application development. While historically software houses may have purchased levels of redundant higher-end hardware to minimise the chance of an entire application platform failing. In the Cloud, TAAP acknowledge up front that failures will happen. Instead of trying to prevent failures altogether, the goal is to minimise the effects of a single failing component, therefore coupled to the TAAP V3 web architecture that sits above specific components in the Cloud, TAAP Visitor Book uses basic system components that aren't reliant on specific features of the Cloud provider, meaning we are Cloud provider agnostic to be up and running in an indifferent region or provider with minimal effort, should the adverse occur.
• Outage reporting: Outages are reported through our Support platform so that it's publicly available to our clients when raising a support request. Equally, we have alerting setup so that we are aware of the issue before our end-user. These alerts are real-time email alerts and we have access to the underlying Cloud provider's dashboard / platform to ascertain the matter at first hand.

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: Restrictions in access within interfaces and support channels are defined by permissions. For instance, a standard operative may be given minimal permissions to access parts of the system, therefore their role will be labelled accordingly. Whilst, a System Administrator or Super User may be given wider permissions and their role will be labelled accordingly. The Role is then applied to the User and this is reviewed periodically for any changes, i.e. starters/leavers and for users who move side-ways in an organisation. All of TAAP's V3 Web Platform features are highly configurable for access control and management via an Admin GUI.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • GCHQ certified training in InfoSec and Cyber Awareness
  • GCHQ certified GDPR Practitioners within the business
  • Infosec programme with the aim to get ISO27001 certified

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: TAAP as a business has Governance, by putting in place organisational policies and processes which govern the business's approach to the security of network and information systems. Security Governance is integrated with your business's usual decision making structures and processes; the inhouse Information Security Executives team are involved at all levels to ensure decisions about risk can be made and people are aware of the right security, business and technical knowledge, skills and experience required when planning, building, managing and maintaining information systems and new processing. Clear lines of communication exist within the organisation.
• Information security policies and processes: TAAP follow ISO27001 best practice coupled to GDPR best practice to protect rights pertaining to individuals (data subjects). An IT Security Policy identifies the rules and procedures for all individuals accessing and using an organization's IT assets and resources. TAAP have a defined Information Technology (IT) Security Policy identifying rules and procedures for all individuals accessing and using the organisation's IT assets and resources. The reporting structure is top-down; the CEO has approved the IT Security Policy and the overall ISMS (Information Security Management System) programme. There is a nominated team of Information Security Executives who meet at least monthly with documented assessment and improvements, through policies, procedures and information security awareness meetings.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Any change to TAAP Visitor Book goes through a change management process and is version controlled accordingly with a publicly available version release statement demonstrating the product's evolvement over time. Configuration management encompasses an internal process to ensure resources and components are maintained at a consistent state; this consistent state is referred to as a baseline and this is monitored to ensure protection from unauthorised access and changes using change control. Change control encompasses a process that focuses on managing the changes that affect the configurable items to ensure confidentiality, integrity and availability isn't compromised.
• Vulnerability management type: Undisclosed
• Vulnerability management approach: Potential threats to services are discussed continually within the inhouse IT security executives team. Using the methodology of cyclical practice of identifying, classifying, prioritising, remediating, and mitigating software vulnerabilities, TAAP Visitor Book is continually assessed from a security and data protection perspective. Architecturally, the system is hosted with a Cloud vendor, therefore as part of their compliance they will continually patch their underlying infrastructure and services, reviewable here: https://azure.microsoft.com/en-gb/overview/trusted-cloud/. We will receive our information from various online information security bulletins the inhouse security team subscribe to.
• Protective monitoring type: Undisclosed
• Protective monitoring approach: TAAP as a business have various indicators and alerts setup to identify potential compromises, for example: Unusual Outbound Network Traffic, Anomalies In Privileged User Account Activity, Other Log-In Red Flags / Unusual Lockouts, Swells In Database Read Volume, HTML Response Sizes, Large Numbers Of Requests For The Same File, DNS Request Anomalies, to name a few. Response is on-demand, the Information Security Team continually assess and react with immediate effect. A risk register/log is maintained by the team which is used a method for continual improvement to information security to mitigate incidents.
• Incident management type: Undisclosed
• Incident management approach: TAAP have an incident policy and procedure managing IT service disruptions and restoring services within agreed service level agreements (SLAs). The scope of incident management starts with an end user reporting an issue and ends with a service desk team member resolving that issue within a defined and prescribed time period. Users report incidents through a designated Support Desk system; into which a ticket is raised and acknowledged. Incidents are categorised into High/Medium/Low, depending on the severity and impact. Reports are generated weekly as an ongoing compliance measure to ensure all incidents are dealt with accordingly and timely.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: Yes
• Connected networks:
  • Public Services Network (PSN)
  • Police National Network (PNN)
  • NHS Network (N3)
  • Joint Academic Network (JANET)
  • Scottish Wide Area Network (SWAN)
  • Health and Social Care Network (HSCN)

Social Value

• Social Value:

  Social Value

  Fighting climate change

  Fighting climate change

  100% Cloud to help combat climate change, global warming and CO emissions.

Pricing

• Price: £55 a unit a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Steve.Higgon@ontaap.com. Tell them what format you need. It will help if you say what assistive technology you use.