Zipporah Ltd

HAF Event Booking System

Utilise the Zipporah Event Booking system for all your HAF programme bookings. Book for events and activities which your suppliers organise. Allowing you to advertise all events equally and maintain your records of multiple suppliers. Integrate data with their systems and send out attendance lists easily.

Features

• Integrate your HAF numbers to prevent duplicate bookings
• Allow your suppliers access to manage their schedule of activities
• Allow your suppliers access to manage their attendee lists
• Gather all relevant data for your suppliers (Dietary/Special Needs)
• Full reporting suite available
• Automated processes to interact with your HAF suppliers
• Easy to use interface for bookings

Benefits

• Improve process flows with your HAF suppliers
• Make booking processes more efficient
• Automate your workflow processes
• Increased visibility of your HAF programme activities and suppliers
• Booking available 24/7
• Increase community and small business access
• Reduce reporting times by 99%

£8,000 to £15,000 a licence a year

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@zipporah.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

385874150720666

Contact

Scott or Emma
02921 202042
gcloud@zipporah.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: None
• System requirements: Internet browser

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Category A - system is inoperable and business operations are halted. Respond within 1 hour and endeavour to provide a correction or workaround within 4 hours. Category B - system is operational and still useable for business operations. Impact may reflect data issues on input or reporting or an irregular issue which does not affect general usage. Respond within 24 hours and endeavour to provide a correction within 4 working days. Category C - system is operational and useable for business operations. A non-essential function identified. Respond within 24 hours and endeavour to provide a correction within 7 working days.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: Tested with Dragon
• Onsite support: Yes, at extra cost
• Support levels: Zipporah support provides first line support telephone and email support is included within service charge for the annual use of the software solutions. This is support is provided Monday to Friday from 09:00 - 17:00. A dedicated support team is provided to support any issues that you might experience. In addition the up-time guarantee for the service is 99.9% based on 24/7/365 days of the year.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Zipporah’s onboarding package is aimed to ensure that your system is set up and ready to go and that your teams are confident and capable of fully understanding the system and of administering it once it is operational. Zipporah will onboard your team by phasing the implementation, led by an experienced Zipporah project manager. Our aim is to transfer knowledge and skills to your team. As part of our structured and phased approach to skills transfer sessions, we find that our customers benefit most by have shorter training sessions. Initially Zipporah will demonstrate how to set up and configure the system and then arrange for further sessions where your team does the hand on set up, using our Delivery Specialists and Trainers for QA. Zipporah will provide all training materials, user guides and videos as required.
• Service documentation: Yes
• Documentation formats:
  • PDF
  • Other
• Other documentation formats: Video
• End-of-contract data extraction: Zipporah is able to provide the customer with a complete database in Microsoft CSV, XML or Excel formats as standard. We are also able to offer a number of other formats which would be discussed on a case-by-case basis.
• End-of-contract process: There are no additional costs at the end of the contract. Zipporah provide customers with its data in Microsoft formats.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: None
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: Open API standards
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: JAWS
• API: Yes
• What users can and can't do using the API: The Zipporah API layer allows for all aspects of the Zipporah booking and resource management processes to be accessible directly and securely. Zipporah has created front ends which are available through the API structure which allow a start point for clients who want to use them. However we have, for clients with the relevant knowledge and understanding, opened the system for them to utilise the APIs for a range of functions. The services are written as Open APIs and can be called through a range of technologies whether its Javascript or AJAX. The APIs can be used to effectively create a client specific front end, calling the core functionality of the product, allowing it to sit behind existing systems. Alternatively they can call and drop into Zipporah processes through the API or can start processes in other systems such as CRMs or Forms engines. All the logic of Zipporah is provided back through the APIs with no limitations to how they use or present the API data.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: The Zipporah solution is a highly configurable and customisable solution that allows the user to control and customise almost all of public facing elements and back office views as desired. Intuitive tools, provided through the user-interface allows the user the ability to edit buttons, emails and page content so that they can create a solution which has their full look and feel. Users are able to customise a wide-variety of the booking processes, including the toggling of options to have facilities such as 'document upload' or terms and conditions switched on or off. The status and workflow of bookings received can also be defined through customisation of booking types. The system also includes the ability for roles to be defined which determines user access. This customisation of roles allows the system administrator to define who has the authority to customise various elements of the system. Form builders within the module also allow for the customisation of the booking process to define what information you want to capture based on what somebody is looking to book.

Scaling

• Independence of resources: We supply hosting for clients based on their needs or requirements. Clients have independent databases - where we isolate every client through the options provided to us via IIS and put upper limits on each individual site. Zipporah utilise real time monitoring tools to review speed and uptime tolerances of all clients as well as utilising CPU usage alerts which are set to alert Zipporah should any CPU reach 75% utilisation.

Analytics

• Service usage metrics: Yes
• Metrics types: The service metrics we provide are within an array of application specific reporting suites. These reports allow clients to access a wide range of metrics from systems and provide comprehensive and clear information about how the service is functioning.
• Reporting types:
  • Real-time dashboards
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: There are a number of standard reports that contain all system information - the user is able to export these in a number of Microsoft formats.
• Data export formats: CSV
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • XML
  • Spreadsheet
  • JSON

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: The Standard SLA covers: 99.9% monthly network up-time guarantee, 5-hour hardware failure response time Credit allowances for hardware or network failure beyond SLAs 24.7 automated SLA monitoring and notification. On top of this we offer a network guarantee of 99.9% monthly network up-time for our ISP network. In the event of a network fault that takes your server off-line, we will offer a credit allowance.
• Approach to resilience: Available on request.
• Outage reporting: Networks are continuously and automatically monitored. Zipporah are immediately informed of any potential problem so that it is normally rectified before your service is affected. If any complications arise, the support team will be in regular contact to update clients of on-going progress and expected resolution time-frames. This service would usually be provided via email.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: Identity and authentication controls restrict access through the following mechanisms: Authentication federation, Username and password, Two factor authentication, Username and strong password/passphrase enforcement.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: CfA
• ISO/IEC 27001 accreditation date: Initial accreditation date 26 January 2016 Last awarded 25 January 2022
• What the ISO/IEC 27001 doesn’t cover: Everything is covered by our ISO 27001 accreditation.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: The Zipporah information security policy covers all forms of information security such as data stored on computers, transmitted across networks, printed or written on paper, stored on discs and drives, stored in the Cloud or spoken in conversation or over the telephone. All managers are directly responsible for implementing the Policy within their business areas, and for adherence by their staff. It is the responsibility of each employee to adhere to the policy. Disciplinary processes will be applicable in those instances where staff fail to abide by this or any other Zipporah Ltd security policy. It is the policy of the company to ensure that information will be protected against unauthorised access, that confidentiality of information is assured, that integrity of information is maintained, that regulatory and legislative requirements regarding intellectual property rights, data protection and privacy of personal information are met, that business continuity & disaster recovery plans will be produced, maintained and tested, that staff shall receive sufficient information security training and that all risks are identified, measured, communicated, controlled and where necessary, reduced in magnitude. All breaches of information security, actual or suspected are reported and investigated by the Zipporah Security and Risk Committee.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Zipporah use GitHub as our code library which maintains all changes and check-ins performed on Zipporah code, allowing us to compare any check-ins to review what was done. The use of GitHub allows us to manage branching of our solutions to maintain versions for specific clients. Zipporah operate a job monitoring system allowing monitoring of support and development jobs. Jobs are matched to check-ins to reference change and reasons for change. In achieving accreditation for ISO27001:2017 we have processes for designing and writing software including security considerations and impacts. This includes stages of peer review for security and pen testing.
• Vulnerability management type: Undisclosed
• Vulnerability management approach: We have a Cisco ASA 5516 firewall with Firepower. Windows updates through GFI, deploying Critical updates automatically. We obtain all the cyber threats through firesight management and have also been given a portal to Mi5’s Cyber security.
• Protective monitoring type: Undisclosed
• Protective monitoring approach: Our data centre deploys the Cisco Firesight Management Center alongside Cisco 5516x firePOWER IPS, Apps, AMP and URL with Smartnet.
• Incident management type: Undisclosed
• Incident management approach: As part of our ISO 27001 and 9001 certifications Zipporah has a complete process to for Non-Conformance Control, Information Security Incidents & Corrective Actions. Any non conformance report can be submitted via telephone or email. Corrective Actions and Actions to Prevent Recurrence are identified and recorded on the NCR. Once complete NCRs when appropriate are returned to the customer, then filed and reviewed at the Management Review Meeting. Incidents can be reported through a variety of means whether directly to our support system or via telephone. Equally where we have automated tools this may issue us alerts.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  Zipporah has always taken its environmental responsibilities seriously and as such has revised and restructured its working practices and procedures in recent years. We now operate hybrid working practises where our team work from home as well as attending the office when required. This has a positive impact on both the environment and on the well being of our team. Our office procedures include recycling and a no-print policy if possible. We use recycled paper if needed. We limit travel to client sites and attend only if the client requires a face to face meeting – we are client led on this. We are moving to electric company cars later this year. Our offices are fitted with energy saving lighting. Our solutions and products are all online systems and we can implement and support them with no travel to the client sites. The products we provide have no negative impact on the environment and only a positive impact on the environment.
• Covid-19 recovery:

  Covid-19 recovery

  Zipporah takes its social responsibilities seriously and as such ensures it plays a part to assist where possible. During the past 24 months, to combat the COVID crisis and its impact on Local Authorities and their partner organisation, Zipporah further developed its solutions to cater for safe and secure working environments. We listened to our clients and enhanced our resource management solutions to cater for hybrid working functionality that met the demanding needs of hybrid working patterns, including automating slots for office sanitising to take place. Zipporah operate using an hybrid working model that we believe benefits both the company and the employees. Zipporah employees have the option for remote working and travelling to and from the office, especially where public transport is used, has been removed as a barrier. Our offices have been restyled so that social distancing is created in our office space and the number of team members working at the office at one time is managed and monitored. Zipporah ensure we create a safe and secure environment for our team.
• Tackling economic inequality:

  Tackling economic inequality

  Zipporah takes its social responsibilities seriously and as such ensures it plays a part to assist where possible. Where appropriate within a client implementation, we are able to roll out the system to the council's third party users, such as various charities and digital hubs. These can access the system and create their own resources in order to promote their own services, generating income for such charities.
• Equal opportunity:

  Equal opportunity

  Zipporah is an Equal Opportunities employer and as such recruits, employs and manages our team members adhering to our Equal Opportunity Policy. We are proud of our diverse team and we believe this adds to the wealth of knowledge and innovation that allows us to be a market leader within the online resource management and online bookings market place. Zipporah's Directorship is 50% female and the middle management tier is 60% female which, which again we are proud to claim and recognise as a IT employer. We operate a single, transparent pay structure for all team members.
• Wellbeing:

  Wellbeing

  Zipporah operate using an hybrid working model that we believe benefits both the company and the employees. Zipporah listen to its employees and identifies their unique requirements to cater for flexible working options. Zipporah believe that hybrid working assists with work life balancing but also appreciates that this doesn't suit all team members and we ensure that sufficient resources are available for those choosing to work from our office base on a regular or rota basis. Zipporah also provide access to mental health and well being support via our Employee Assistance Programme.

Pricing

• Price: £8,000 to £15,000 a licence a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@zipporah.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.