Skip to main content

Help us improve the Digital Marketplace - send your feedback

CINOLLA SOFTWARE LIMITED

Cinolla Activity Centre Software

A Booking Platform for Activity Centres, Outdoor Education Centres and Country Parks. The system includes unique group booking management features and includes CRM, Resource and Staff management.
Supports facility hire and memberships.

Features

  • Bookings platform including online booking and payments
  • Group bookings including activity scheduling
  • Staff rotas, allocation and qualifications
  • Customer relationship management (CRM) functionality
  • Email sending and receiving using powerful templating
  • Powerful Custom Forms module including worfklows
  • Resource management
  • Flexible memberships module
  • Facility hire and accommodation bookings
  • Extensive pre-built report Library

Benefits

  • Eliminate disconnected spreadsheet with a single source of data
  • Online rota simplifies communication with staff
  • Online booking frees up your customer service teams
  • Easily review customer correspondence from a booking
  • Group booking features can streamline important participant information

Pricing

£4,320 to £7,200 a unit a year

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at hello@cinolla.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

3 2 3 7 3 5 2 8 4 0 9 6 2 1 5

Contact

CINOLLA SOFTWARE LIMITED Sales Team
Telephone: 01202 937620
Email: hello@cinolla.com

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
NA
System requirements
Service constraints are managed by Cinolla

User support

Email or online ticketing support
Email or online ticketing
Support response times
Please refer to our Terms of Service Document
User can manage status and priority of support tickets
No
Phone support
No
Web chat support
No
Onsite support
No
Support levels
Core business support is provided via email support between 9am and 5pm Monday to Friday (excluding bank holidays).

Users can access our Knowledge Base for information on specifics of using our platform.

Screen-share calls are available on request to help customers make the most of the platform.

Our team monitor the general availability of the platform 24/7.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Our team will work with customers via an initial series of screen-share calls to ensure the customer understands the capabilities of the system and how to best configure the system to meet their requirements.

Our Knowledge Base can be used for detailed instructions on how to use specific functionality of the system.
Service documentation
Yes
Documentation formats
HTML
End-of-contract data extraction
There is a screen to enable an account owner to run a series of exports for most of the data in the system.

Data stored in files or customer data not available via the export screen will be provided by Cinolla within 1 month of the end of the contract.
End-of-contract process
Cinolla will assist the customer to ensure they have their exported data (upon request).

Cinolla will delete the data from the system within 60 days of the end of the contract or sooner if requested by the customer.

Using the service

Web browser interface
Yes
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Mobile support is focussed on end customer user to enable online booking via mobile.

Desktop version is focussed on internal users.
Service interface
No
User support accessibility
WCAG 2.1 A
API
No
Customisation available
Yes
Description of customisation
An administrator of the system can customise a variety of setup options including price tariffs, resource setup, line items, email templates, custom forms.

For the online booking there are options around data capture required for each course/event/item sold. The basic colour scheme can be chosen plus detailed CSS overrides can be added. The menu structure of the online booking portal can be customised.

There are options to customise the generated documents also (booking confirmations, receipts, invoices) and other fully bespoke documents.

These customisations are all done via the administration screens, access to which can be controlled via custom defined system roles.

Scaling

Independence of resources
Our service runs as a single common platform across all customers, we use granular auto-scaling, multi-zone availability and detailed monitoring to ensure a reliable service to all users.

Analytics

Service usage metrics
Yes
Metrics types
For online booking portal, it is possibly to add your own analytics or tracking to your booking portal to allow analytics to be visible in your chosen analytics provider.

We don't provide analytics for internal users usage, but we do have audit trail logging of actions users take.

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
No
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Many of the Cinolla reports provide either CSV or PDF or both as export formats
Data export formats
CSV
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Cinolla has a stated availability of 99.5% excluding downtime caused by Scheduled Maintenance, Emergency Maintenance or a Force Majeure event.
This availability has been met every year for the last 3 years.
We do not offer refunds for any outages.
Approach to resilience
Available on request
Outage reporting
Cinolla use email to communicate with customers with regards to either any planned maintenance or unplanned outages.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
Access restrictions in management interfaces and support channels
Authentication via username, password and two factor authentication.

Authorisation of users is achieved via system roles which are assigned to users. The customer can create and configure system roles to suit their business needs.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
Yes
Who accredited the PCI DSS certification
Self Assessment
PCI DSS accreditation date
13/07/2023
What the PCI DSS doesn’t cover
NA
Cyber essentials
Yes
Cyber essentials plus
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
No
Security governance approach
Follow ISO27001
Information security policies and processes
Cinolla follow policies and processes in line with ISO27001.

These policies and processes are used seek continuous improvement in our security posture.

Any identified issues are mitigated and our engineering team takes the lead on these mitigation measures.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
All changes made to Cinolla service components are tracked and reviewed with security impact assessments carried out on all changes.

Detailed testing is carried out in our staging environment before being released to the production environment.

Cinolla maintain an update log for functionality improvements or fixes that would be visible to customers, and the Cinolla Knowledge base will give customers information on how to use current functionality.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Cinolla use regular security scanning to cover potential vulnerabilities such as open ports, cross site scripting vulnerabilities or cookie data security (and many other potential issues).

Cinolla run monitoring and IDS systems including automated network level blocking of known malicious hosts.

Operating systems and code frameworks are consistently reviewed for any required patches which are applied as appropriate.

Our external penetration is carried out as a minimum annually, with a core set of functionality tested every year plus additional testing as appropriate for example if a new module or service is introduced.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Cinolla use a combination of monitoring tools operating at the different levels in the system such as the load balancer(s), network level traffic and server monitoring tools.

Real-time Intrusion Detection Systems (IDS) are installed and running at all times including the ability to auto apply network level blocks to any suspicious external hosts. Additional third party tools are used to continuously monitor system traffic and any potential threats.

File integrity is also monitored in real time via our IDS.

Alerts are sent to our engineering team who operate an on call rota 24/7 365 days per year.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Cinolla use an established processed for common events. Users can report events via email to our support team.

If a major incident occurred which involved service interruption, Cinolla will update users when the issue is resolved and the reasons for it.

Any planned outages will be notified in advance via email to the key users at each customer.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Social Value

Social Value

Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity

Fighting climate change

Cinolla are committed to helping to fight climate change.

We use AWS data centres and one study by 451 Research (Oct 2019) found that AWS' infrastructure is five times more energy efficient that the average in Europe. Our use of auto-scaling infrastructure helps us to be more energy efficient and we our customers can reduce printing needs significantly by switching to screen based reports within Cinolla.

Our flexible work policy can reduce travel on days that staff work at home. Our shared office has invested in a range of environmental friendly measures such as waste recycling.

Tackling economic inequality

Cinolla believe the SMEs such as ourselves can make a significant contribution to tackling economic inequality. Cinolla are committed to paying a fair and competitive salary to our staff, to invest in staff training and development to allow staff progression.

Cinolla is used by a lot of charity organisations who contribute to tackling economic inequality. Cinolla enables these charities to be more cost effective and streamline their operations and therefore indirectly contribute to the good work many of our customers are doing.

Equal opportunity

Cinolla is an Equal Opportunities employer and is committed to following complying with relevant guidelines and legislation such as the Equality Act 2010.

Pricing

Price
£4,320 to £7,200 a unit a year
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at hello@cinolla.com. Tell them what format you need. It will help if you say what assistive technology you use.