GLADSTONE MRM LIMITED

Leisure Management Solution

Market leading SaaS Cloud LMS to manage any health facility or gym. With powerful data analytics operators can make informed decisions to drive operational effectiveness. Combined with flexible member app and payments our solutions provide the ultimate user experience and simultaneously work to drive sales and reduce attrition for operators.

Features

• Dynamic, responsive, fully managed and hosted SaaS solution
• Microsoft Azure Gold Partner Platform: ISO and Cyber Essentials Accredited
• Self Service Member apps: PWA, iOS and Android.
• Market leading Course, Swimming Lesson & Health Outcome modules
• Powerful Retention Management including NPS
• Fully integrated Prospecting and Marketing solution
• Dynamic and flexible Electronic Point of Sale (ePOS)
• Access control management solution and digital check in
• Built-in KPI, Business Intelligence (Reporting) with AI, machine learning, app
• Integrated Gateway: Direct Debit and Card Subscriptions (RCP) and transactions

Benefits

• Seamless user and consumer experience with minimal clicks.
• Maximise facility income and profit with swift and easy transactions
• Increase revenue through feature rich booking management
• Reduce burden on staff with friction free self-service
• Enhanced brand management with with our powerful, modern modules
• Efficiency savings from improved operational management.
• Automation of manual processes saving significant resourcing
• First class customer engagement; better communications, more purchases, greater utilisation
• Improved data and data access to make informed business decisions.
• Secure and Safe: Always on latest version and security releases

£83.00 to £550.00 a licence a month

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at dblythe@gladstonesoftware.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

292198615854460

Contact

Deborah Blythe
07881013859
dblythe@gladstonesoftware.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: The Gladstone contract includes a maintenance window each night between 2.30am and 4.00am and this includes a server reboot and any required patching.
• System requirements:
  • OS Windows 10 or above
  • Microsoft SQL 2012 or above
  • Windows 2012R2 or above
  • Static IP address

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: The application support services provided by Gladstone Customer Services is based on 4 priority levels and the target response and resolution times are provided on a reasonable endeavours basis and are not contractually binding. Each Case will be assessed based on 4 levels of case priority: critical, high, medium and low. The initial response time service targets are as follows: within 30 minutes for critical cases, 1 hour for high, 2 hours for medium and 4 hours for low.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: • 24hour web logging and tracking; • Mon - Friday 7am to 7pm coverage ; • Weekend 10am - 4pm with answer machine service; • An extended support option is available which covers Monday to Sunday 7am to 11pm (POA).; • Dedicated Account Manager to support cases and escalate as needed; • A web-based Password Generator for quicker access to Daily Password and Setup/Supplier codes; • Dedicated training support desk for configuration and user support.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Gladstone offer a range of end user training tailored to the buyer or project requirements. ; ; Gladstone can offer a ‘train the trainer’ approach, allowing your configuration team to carry out the end user training. Should you prefer, Gladstone can deliver the end user training. ; ; A variety of digital (e-learning), and trainer led (remote and onsite) training can be deployed, depending on your requirements.; ; Onsite face to face training sessions are for a maximum of 6 delegates. Remote training sessions are for a maximum of 6-8 delegates.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
  • Other
• Other documentation formats:
  • Webinars
  • E-learning
• End-of-contract data extraction: Data can be exported using excel / CSV / PDF / IFD.
• End-of-contract process: An SFTP user account will be created and passed directly to nominated representative to copy this data across to their own network within a 2-week period. Beyond this 2-week period the account zip file will be deleted. ; ; Gladstone will place a backup of this database into our normal backup location for a period of a further 4 weeks, after this time the backup will be deleted. The Gladstone Helpdesk and CRM systems will be updated to indicate buyer are no longer a customer and should not be supported with any questions about the system, the exception to this being if help is required in gaining access to the SFTP website for copying their data across. ; ; At the end of the 2-week period Gladstone Business Support will contact buyer to confirm that they have a copy of the data and if they have any other questions. ; ; Following a further 2-week period any reference to the customer in the Gladstone domain user accounts, files and folders, data backups and websites will be permanently deleted ls of how users extract their data when the contract ends. ; ; If Gladstone support required fees may apply in line with service days provided.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems: Windows
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Access for users on mobile devices is via a browser. The system is designed to render according to the size of device being used. Gladstone also offers a powerful consumer app (progressive web app) which also renders to the device size and is used for booking classes and activities.
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: Gladstone offer a modern open RESTful API to allow any 3rd party web page or web system integrations. ; ; Gladstone provide client or 3rd party account access to API's for client development. ; ; Full scoping of integrations required ahead of procurement or development.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • Other
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: User interface can be customised with logo and colour theme. Consumer UI can be fully customised and branded in line with buyers requirements.; ; The CRM can be configured and customised to the operational requirements of the buyer, making the solution the most flexible on the market.

Scaling

• Independence of resources: Our solution has been tested to accommodate the highest possible user requirement.; ; Our cloud environment splits customers into different pools to limit the impact of this. These pools auto scale based on usage so no single customer can reduce the performance of another. For SQL - all DB's have a usage cap so they cannot consume all the resources in the Azure pool.

Analytics

• Service usage metrics: Yes
• Metrics types: Service uptime and downtime reports.; Case support summary reports
• Reporting types:
  • Real-time dashboards
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
  • Other
• Other data at rest protection approach: https://docs.microsoft.com/en-us/azure/security/fundamentals/physical-security
• Data sanitisation process: No
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Data can be imported using excel / CSV / PDF / IFD.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • PDF
  • Excel
• Data import formats:
  • CSV
  • Other
• Other data import formats: API

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Gladstone uses Azure to host the cloud platform. We utilise Azure PaaS offerings including Azure SQL which offers a 99.95% availability. At this time Gladstone do not offer an SLA in house, the infrastructure we use contains resources backed by Microsoft's SLA.
• Approach to resilience: The infrastructure is monitored 24/7. Automatic recovery/resolution will initiate on any critical infrastructure failures upon alarm trigger. More specific detail is available on request.
• Outage reporting: Gladstone will notify any customers of downtime. We offer a live performance dashboard which is available publicly. The performance dashboard app is powered by DataDog.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password
  • Other
• Other user authentication: SSO: It is our intention to integrate with a 3rd party like OKTA or Auth0 to provide the best and most secure authentication method possible. Both these companies allow for integrations into Azure AD amongst others and will help manage the authentication life cycle for us. By partnering with these companies to manage authentication, not only will it make sure Gladstone’s solution is always market leading for security, it will also allow customers to integrate freely with their API’s to manage authentication tokens themselves.
• Access restrictions in management interfaces and support channels: The Gladstone solution can only be accessed by authorised users. This is achieved using multiple authentications methods: IP whitelisting, Active Directory log, SSO and username and password. Remote worker VPN's can be supplied as required for people wishing to access the solution securely outside of the network or using a 4G/5G device
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password
  • Other
• Description of management access authentication: SSO: It is our intention to integrate with a 3rd party like OKTA or Auth0 to provide the best and most secure authentication method possible. Both these companies allow for integrations into Azure AD amongst others and will help manage the authentication life cycle for us. By partnering with these companies to manage authentication, not only will it make sure Gladstone’s solution is always market leading for security, it will also allow customers to integrate freely with their API’s to manage authentication tokens themselves

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: NQA
• ISO/IEC 27001 accreditation date: 12/10/2021
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: NCC Group Security Services Limited
• PCI DSS accreditation date: 01/09/2022
• What the PCI DSS doesn’t cover: AOC has been completed. ; ; Document available on request
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Gladstone are committed to preserving the confidentiality, integrity and availability of all the physical and electronic information assets throughout the organisation in order to preserve its reputation, competitive edge, cash-flow, profitability, legal, regulatory and contractual compliance and commercial image.; ; To achieve this, Gladstone operate within the ISO27001 and ISO9001 framework and are fully accredited. The ISMS details the organisation’s direction and commitment to the security of information within the ISMS Scope. For this purpose, Gladstone have a dedicated ISMS Manager that ensures that non-compliances and exceptions are handled as defined in the ISMS procedures.; ; ISMS applies to all areas of our business and offices and includes all Gladstone equipment, whether used on Gladstone premises, client or other networks. Our ISMS considers external and internal issues that are relevant to our purposes, the needs and expectations of interested parties, and the interfaces and dependencies between our activities and those of other organisations.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Full change control will be in place throughout the contract. This will take the form of a request for change document (RFC) which includes timelines, why the change is required, the impact of the change and any additional costs incurred for implementation. In each instance an RFC will be presented to the Project Board to review to ensure clarity on any impacts to the project, costs and timelines, and then sign-off on whether the change is acceptable or not. For the cloud platform, we use Infrastructure as code so all changes are reviewed before check-in and stored in source control.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Annual Pen test is carried out by an independent accredited 3rd party on all external web apps, and internal apps. In addition, an RDS breakout test is also carried out. The tests are completed by suitably qualified 3rd party ; Hedgehog Security and reports are available on request.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: The service is audited for all authentication successful and failed. Key event log IDs are also monitored. Applocker is also employed with event log monitoring. Automatic emails are used with the above to proactively alert any suspicious activity.; ; Gladstone are ISO27001 certified and have an procedure specifically for Operations Security IO-12, that outlines how Gladstone deal with logging and monitoring.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Security incidents are reported to our security officer and then actioned in accordance with our ISO27001 process and GDPR / Data protection legislation.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Gladstone is committed to playing its part in reducing carbon footprint and strive for energy efficiency. We want to play our part in global sustainability and in turn, delivering cleaner greener

  Equal opportunity

  Gladstone is committed to equality of opportunity in all its employment practices, policies and procedures. To this end, within the framework of the law, we are committed wherever practicable to achieving and maintaining a workforce, which broadly reflects the local catchment area within which we operate. No employee or potential employee will therefore receive less favourable treatment due to their race, creed, colour, nationality, ethnic origin, age, religion, gender, gender reassignment, sexual orientation, marital status, membership or non-membership of a trade union or, unless justifiable, disability.; ; Gladstone can provide a copy of our Equal Opportunities Policy upon request.

  Wellbeing

  The solution we offer supports the active encouragement and participation in health activities, making health more accessible. As a strategic partner of UK active and Sport England, we strive, through engaging software, to get the nation more active, more often.

Pricing

• Price: £83.00 to £550.00 a licence a month
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at dblythe@gladstonesoftware.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.