Queue-IT ApS

Queue-it: Virtual Waiting Room

A virtual waiting room is a cloud-based solution for websites and applications to manage online traffic surges.

When traffic exceeds a site or app's capacity, traffic is redirected to a virtual waiting room using a HTTP 302 redirect, then returned back to the website in a first-come, first-served order.

Features

• 24/7 Website Traffic Management and Peak Protection
• Custom Virtual Queue Design
• Queue System Detailed Reporting Capabilities
• E-mail Notifications
• Online Queue Connectors
• Bots and Abuse Management
• Queueing Notifications and Logs
• Virtual Waiting Room API
• First in first out (FIFO) Queue
• Load Testing for Online Traffic Management Issues

Benefits

• Avoid website crashes and slowdowns during high website demand.
• A fair citizen experience with a custom virtual queue system.
• Streamlined online application management and online registration processes
• Reduce complaints, maintain reputation with reliable website performance.
• Ensure maximum application availability on critical service websites
• Bot protection; mitigate bots and abuse on critical service websites
• Safeguarding measures for government digital infrastructure.
• Ensure website uptime and mobile application uptime during critical events
• Scaling cost reduction
• Fair and accessible government websites through FIFO online queueing system

£15,663 a licence a year

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at misc@queue-it.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

347629176609675

Contact

Mie Schneider
+45 22 53 19 86
misc@queue-it.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: Queue-it is a SaaS solution hosted in AWS. Therefore, no hardware constraints apply. Customers will get a notice about any planned maintenance arrangements that require the suspension of access to the Services in advance.
• System requirements: Queue-it is SaaS, no system requirements

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We provide Mon-Fri 24h support. The response time depends on the Subscription Level: On standard plans response time is less than 4 hours, pro plans response times are less than 2 hours.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AAA
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Web chat
• Web chat support availability: 24 hours, 7 days a week
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: Our chat service we use at Queue-it uses a Voluntary Product Accessibility Template (VPAT), to publish an Accessibility Conformance Report (ACR), which documents an audit of the systems relative to WCAG 2.1 AA performed by a third party accessibility vendor.
• Onsite support: Yes, at extra cost
• Support levels: We have two levels of support that are accessible to all our customers. ; Level 1: email support provided by the support team. Level 2: involve Solutions Architects for complex troubleshooting or project-based involvements. Each customer has a dedicated Solutions Engineer or Architect during the onboarding period. After the onboarding is complete, they have an assigned Account Manager or Customer Success Manager.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Each customer has an assigned Solutions Engineer or Architect to assist them with onboarding. We provide online training, documentation and ad-hoc assistance and advisory required for successful integration and setup.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: Customers can export metrics of the waiting rooms they used as well as the latest versions of their setup configuration. This is managed via the admin platform (GO Platform) and data will be available from the start of the engagement with Queue-it.
• End-of-contract process: Customers should remove Queue-it integration from their website or mobile application and end all the active waiting rooms before the contract expiration date. When the contract ends, their account will be deactivated or switched to a limited-access mode.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Our virtual waiting room is designed to work on desktop, mobile, and mobile applications with no significant difference. Our control panel can be accessed via mobile but is not optimised.
• Service interface: Yes
• User support accessibility: WCAG 2.1 A
• Description of service interface: Customers can interact with Queue-it using the self-service platform called "Go". The platform allows them to set up and monitor their waiting rooms and provides access to their historical data. It has three levels of user access: admin, user and read-only. The changelog allows customers to see the log of their users' activity.
• Accessibility standards: WCAG 2.1 AAA
• Accessibility testing: To deliver accessible products we pay attention to Accessibility throughout our release cycle. We following the standards and documentation created by our Product Accessibility team. We train everyone involved in delivering our products around assistive technology and Accessibility best practices. This includes, designers, engineers, product and program managers, and content writers. We test our products before release using both manual and automated techniques. Conducting regular research with agents, admins and end users who rely on assistive technology to collect feedback and help us prioritize improvements. Systematically tracking both remediation and new feature progress to drive quality improvements. Finally, we listen to feedback from customers.
• API: Yes
• What users can and can't do using the API: Queue-it offers a REST-based API for programmatic access to configure and control the waiting room. The API must be accessed through the customer specific endpoint: https://{CustomerID}.api2.queue-it.net/. HTTPS is required and the CustomerID must be part of the request to ensure that the account is accessed at the correct segment with the required data.; The API endpoint is not scaled to end-user volumes. If data from the API is supposed to be used for end-user functionalities, then access should be created via a server-side service with a cache (e.g. with 15 second flush time). If traffic is excessive, it may be blocked automatically.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: Our service is fully customisable to fit the needs of our clients. The placement of the queue page can be customised, so it is only proecting a specific part of your infrastructure where bottlenecks occur. The design and features of our queue page can be customised based on the needs of the client: to show the expected wait time, number of citizens in line in front of you, send email alert, invite-only queue and more. Our experienced team is ready to support you to meet your needs and requirements.

Scaling

• Independence of resources: We have built the system for fault tolerance and malfunctioning servers an automatically pulled off load balancers and many functions have backup functions. In addition our customers are hosted in logical segments (A, B, C etc.). and hosted on unique hostnames. We can move single customers from one segment to another. For example we move your account to a separate segment, if you give us a heads-up on a huge onsale.

Analytics

• Service usage metrics: Yes
• Metrics types: We provide the metrics about the traffic passing through customers' waiting rooms (e.g. Inflow, Number of visitors currently waiting, Expected wait time, etc.) that allows our customers to assess their usage of our service. In addition to this, we have diagnostics metrics that help customers detect issues in the service setup or website performance.
• Reporting types:
  • API access
  • Real-time dashboards

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Users can export their data from the Queue-it self-service platform where there is a statistics section where users can analyze past performance of waiting rooms and export data from their account.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • .xls
  • .png
  • .jpeg
  • .svg
  • .json
• Data import formats: Other
• Other data import formats: .json

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Queue-it has a bespoke optional Enterprise SLA agreement with availability, uptime and response guaranties. The SLA will refund on monthly fees upon agreement.
• Approach to resilience: Queue-it SaaS has been designed from the offset with a fault tolerant high availability architecture. We have tracked uptime since Q4 2012 using CA App Synthetic Monitor and can provide documentation and historic reports upon request.
• Outage reporting: Outages will be reported on our public status page here: http://status.queue-it.com/ ; As well as in the notifications in the GO platform.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Other
• Other user authentication: Each user signs in using an ID / password. User can be set up with enforced MFA via authenticator app. / text.
• Access restrictions in management interfaces and support channels: Each user can be set up as admin, user, or read-only. The right are handled in the system.
• Access restriction testing frequency: At least every 6 months
• Management access authentication: 2-factor authentication

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: Queue-it delivers a scalable cloud computing SaaS (Software as a Service) queuing platform with high availability and dependability. Helping to protect the confidentiality, integrity, and availability of our customers’ systems and data is of the utmost importance to Queue-it, as is maintaining customer trust and confidence.; Queue-it security governance is inspired by ISO 27001, but are not accredited.
• Information security policies and processes: Queue-it has a strict set of security policies in its employee handbook. Each employee will be taken into the policies upon onboarding. Half yearly awareness training will be conducted and critical topics will be presented on monthly allhand meetings.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Different services are deployed to production on a daily basis, using automated Canary deployments. To minimize the risk, the deployment is done in a stepwise process.; First, it’s deployed to EU Partition A, but only for availability zone A. When it’s observed that no alarms are triggered and no issues are seen, then it’s deployed to EU Partition A availability zone B. If all is still good, then it’s deployed as to additional segments.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Queue-it has an incident management process in order to effectively detect, assess, communicate, and take action on any vulnerabilities within the Queue-it system. The purpose of this process is to ensure that all incidents are effectively and efficiently handled, and that stakeholders external as well as internal are informed and involved.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Queue-it have ~35,000 metrics reported to AWS CloudWatch every minute. Most of them are there for forensic reasons to help identify errors. The most important ones are monitored on region specific dashboards.; Queue-it are using Amazon AWS GuardDuty as threat detection service.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Queue-it defines an incident as an event that causes disruption to or a reduction in the quality of a service which requires an immediate emergency response. An incident can e.g., be caused by a bug in our own software, an infrastructure issue, a hacker attacks, etc. Queue-it has pre-defined processes for common events. In additional, users can report incidents via Queue-it Zendesk system and Queue-it provides incident reports in accordance with its "Queue-it Incident Response Plan"

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Equal opportunity:

  Equal opportunity

  Queue-it core focus is fairness and we bring that into all aspects of our organization. One example is our diversity and inclusion initiatives including a D&I Board who is there to identify and drive initiatives, provide employee support, and advise management on diversity and inclusion to help Queue-it excel on this part of our fairness mission. ; Our values around fairness are also present in how we discuss, build, and use our product. As we transform into a digital society, more and more of our offline world moves online including critical government applications and registrations. We need websites and apps to work as they should. And we need everyone to have fair access to the products or services they need.; Queue-it is helping the world’s leading organizations keep their websites and apps running in a fair and transparent way. Virtual waiting rooms take advantages away from bots and malicious users who are out to game the system. They level the playing field and give real people a more equal chance regardless of their technical capabilities, internet connection, or location

Pricing

• Price: £15,663 a licence a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Queue-it offers a free trial version of our software for integration and internal testing.
• Link to free trial: https://queue-it.com/free-trial/

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at misc@queue-it.com. Tell them what format you need. It will help if you say what assistive technology you use.