BONDAP LTD

Room and hot desk booking system

Room and Desk Booking is a workplace management system for room, desk and other resource booking. The suit enables booking on web, mobile, via signage and kiosk devices as well as directly from O365 and G-suite applications. SSO, AD, MS Teams and Sensor systems all connect via the integration engine.

Features

• Easy-to-use Visual Online room & resource booking with calendar
• Meeting room booking, hot desk booking and car park booking
• Insightful reports including room utilisation, voting and meeting management
• Visitor Management across single and multi-tenant sites
• Workplace sensor systems and smart building integration
• Video conference integration including Microsoft Teams
• Works on desktop, laptop, tablet, mobile phone devices
• An appropriate security structure to prevent data breaches
• Delivers alerts via SMS, App, Email, onscreen messaging
• Support a high number of concurrent licence holders / users

Benefits

• prevent double bookings of rooms & resources
• easily allow your users to manage their room bookings
• authorise access to certain rooms & resources
• implement seamless Visitor Management with secure self service check-in
• save time by eliminating repetitive manual tasks
• enable roles and groups for faster deployment, integrate API
• book rooms, hot desks, resources... from multiple devices/locations, applications
• quickly manage content on the move, use dashboards, files uploading
• integrate occupancy sensor systems for live view of estate usage
• customise interface, generate and send invoices

£4 to £3,500 a licence a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at uk@bondap.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

405061460999918

Contact

Pavel Novikov
+447458148897
uk@bondap.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: B-SAFE is a modular software. This means each B-SAFE module can work as a standalone module but can be seamlessly integrated with others to provide organisations with one system for solving common, Governance, Risk and Compliance Challenges. Please refer to the G-Cloud Catalogue.
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Hybrid cloud
• Service constraints: Access to the internet and a modern internet browser.
• System requirements: Browser: IE 11/Edge/Chrome/Firefox/Safary/Opera/Chromium based

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Priority 1 (urgent) - up to 30 minutes;; Priority 2 - up to 1.5 hours;; Priority 3 - up to 4 hours;; Priority 4 - up to 9 hours.; 24/7
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Yes, at an extra cost
• Web chat support availability: 24 hours, 7 days a week
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: Automated accessibility test
• Onsite support: Yes, at extra cost
• Support levels: Basic support - free:; *Standard maintenance (including bug-fixing, system upgrades, software updates, secure updates, etc.); *Access to video-tutorials for users ; * Access to all relevant documentation and User Manual in an electronic format.; * User support using ticket system or email support weekdays between 8am and 6pm; ; Advanced support - 1000 GBP /year:; * All the Basic support +; * Support by phone weekdays between 8am and 6pm; * 2 online training session (3 hours each) for system users (up to 10 users) with “train the trainer scheme”:; -system configuration and settings;; -user roles and rights;; -system general functionality;; -specific modules functionality;; -user control (change-log);; -reporting capabilities, interactive charts;; -customisation capabilities;; -ticket system usage.; ; Around the clock ticket system or email support - 10000 GBP/ year:; * All the Advanced support +; * Support by ticket system or email support 24/7; ; Around the clock phone and chat support - 20000 GBP/ year:; * All the Advanced support +; * Support by phone and chat support 24/7; ; Onsite support - 1000 GBP/ visit:; It can be a training session or any other onsite support customer requires; ; Additional online training sessions - 100 GBP/ hour; ; Chat support - 1000 GBP/ year
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: All clients receive direct support in on-boarding specific to their requirements. We provide onsite training, online training, user documentation and video tutorials. Training can be arranged as required, however our system is designed with intuitiveness and user-friendliness in mind, and formal training is rarely required.; We also provide migration services and integration with other customer systems.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • ODF
  • PDF
• End-of-contract data extraction: Users can use built-in export features to extract data any time during the contract.; At the contract end/exit we place the encrypted archive with full Customer’s data extraction on our secure private cloud. The data is transferred/exchanged via secure communication channels which are protected by best practice encryption.; Then the customer can download it using given credentials.; Once the customer confirms successful receiving of its data, we securely destruct all customer's data on all our servers.
• End-of-contract process: Services included in the price at the end of the contract:; - Customers data export in sql and/or csv format as an encrypted archive and data fields and dependencies description; - Placing archive on our own private secure cloud; - Sending credentials to the customer to download and extract archive; - Date of customer data destruction agreement; - Customer data destruction; Additional services can be provided by customer's request at the additional cost. ; Additional requirements for delivery of the data in non-standard file formats or with transformations applied will be chargeable per the standard rate card.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
  • Other
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: All the system functionality available equally for mobile, desktop and tablet devices
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: HTML5 responsive design
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: Automated accessibility test
• API: Yes
• What users can and can't do using the API: Read and Write data to the system, subject to permissions. ; For example: ; -users can create and manage users and permissions through the API, -create and manage entries in all core system modules (incidents, audits, assessments, offsites, SSoW, work permits, etc.) through the API, ; -pull entries from each module using filters through the API.; API keys can be created with different permission levels and restriction of access to any module/any function.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
  • ODF
  • PDF
  • Other
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: B-SAFE has an outstanding level of customisation available to customers – permissions, forms, workflows, fields, reports, dashboards, chart filtering, branding, system messages and emails templates, reports templates, etc. All modifications are available inside the system without need to communicate with the service provider. ; Configurability can be assigned to general or admin users of according to our client's requirements.

Scaling

• Independence of resources: We use load balancer (for HA subscription - high availability multi-cloud) and automatic scaling of backend services are used to ensure demand is met for each client.; For each installation we deploy dedicated secured containerized instance/virtual machines which are guaranteed a minimum level of resources from the physical host and ensures customers are logically separated at the application/OS/Hypervisor layer. We continually operate with 100%+ spare physical capacity in our hosting capability.; We provide component redundancy Full N+1 or Fault tolerant (2N or 2N+1) dependent on subscription level.

Analytics

• Service usage metrics: Yes
• Metrics types: Metrics supplied are based on client requirements. ; For example: Logins, session length; changes; number of users, active users; number of entries added by module; number of entries logged per user; number of cases and assessments closed in time; cases, assessments outdated; percentage of cases investigated in time, financial results, premiums per department/user/claimant/etc.; The system provides an effective summary analysis and reporting capability, including straightforward reporting tools for cumulative summaries, identification of trends, hot-spots, areas of concern etc.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Built-in export functionality with an option to extract filtered entries so data can be exported directly from the website in a variety of formats from any module.
• Data export formats:
  • CSV
  • ODF
  • Other
• Other data export formats:
  • TXT
  • JSON
  • Excel/Word
  • PDF
• Data import formats:
  • CSV
  • ODF
  • Other
• Other data import formats:
  • TXT
  • JSON
  • Excel/Word

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection between networks: WireGuard VPN
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Standard subscription: 99,9% System Availability (but we regularly achieve 100% uptime); HA subscription: 99,99% System Availability
• Approach to resilience: We use load balancer (for HA subscription - high availability multi-cloud). We provide component redundancy Full N+1 or Fault tolerant (2N or 2N+1) dependent on subscription level.; We utilise multiple resilience arrangements, including availability zones allow us to provide redundancy across phisically separated loacations, and regularly practice disaster recovery scenarios. For security reasons, full details are available on request.
• Outage reporting: Email alerts

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: Management access is limited based on client requirements using pre-defined roles based access.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Certification Assurance International
• ISO/IEC 27001 accreditation date: 09/05/2022
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: Yes
• CSA STAR accreditation date: 11/05/2022
• CSA STAR certification level: Level 1: CSA STAR Self-Assessment
• What the CSA STAR doesn’t cover: NA
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • Independent Annual Attack and Penetration Testing
  • Independent Vulnerability test

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • CSA CCM version 3.0
  • ISO/IEC 27001
• Information security policies and processes: Production information never replicated and stored in non production environments. Administrator access to production environments is limited to a handful of senior, named individuals.; All data is encrypted in transit and at rest.; We have a Segregation of duties policy.; B-SAFE has a documented ISMS policy which is continually reviewed and redistributed to employees on an annual basis. Information Security events are recorded in a central database and reviewed by board-level management with actions and follow-ups implemented as required.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: All changes are requested through the Access/System Change Request process, requiring authorisation from senior IT management.; Configuration, change management, incident response and protective monitoring are all demonstrated in our compliance with the ISO-27001 information security standard and CSA CCM v3.0.; In addition to our ISO-27001 compliance, and our use of independent 3rd party penetration tests, we operate an assumed breach model and use active red-team penetration testing and vulnerability management as part of our Operational Security Assurance (OSA).
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: We use software such as: Oracle Vulnerability Scanning Service that routinely checks:; - Compute instances (hosts).; - Containers.; using the following vulnerability sources:; - National Vulnerability Database (NVD).; - Open Vulnerability and Assessment Language (OVAL).; - Center for Internet Security (CIS).; It can identify:; - Ports that are unintentionally left open.; - OS packages that require updates and patches.; - OS configurations that hackers might exploit.; - Industry-standard benchmarks published by the Center for Internet Security (CIS).; - hosts compliance with the section 5 (Access, Authentication, and Authorization) benchmarks defined for Distribution Independent Linux.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: We use Real Time Monitoring (RTM) on cloud level:; Metrics related to the activity level and throughput of compute instances, to the up/down status, health, observability, log, configuration, capacity.; Execution level:; We collect user activity logs such as access log.; Backup log level:; We backup logs to avoid overwrite buy 3-rd party.; ; Once a serious compromise is discovered we applying the maximum set of emergency strict rules.; The most serious compromises will be resolved within 12 hours, others will be resolved approximately within 72 hours.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: We have an Information Security and Data incident reporting policy. ; We make use of our own software platform for incident reporting using an online form. Incidents are then automatically escalated to a fortnightly director meeting for review.; We register all the discovered incidents including minor.; If a major incident occurs: information about the incident will be sent via e-mail (or other specified contact) to the Data subject (Customer or third party) and to the corresponding authority when applicable (ICO).; Incidents impacting clients will be communicated on an ad-hoc basis if and when they occur.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  We care about the environment and our own carbon footprint.; We practise an employment model that delivers a positive impact on local communities, the economy and environment of the world, decrease resource use and as a result carbon footprint, waste and emissions.; We have been able to achieve Carbon Neutrality, moreover we achieved “net zero” in one of our recent projects through the following:; ISO 5001 certified data centers, 100% green energy; reduction of devices and resources used;; full avoiding of work trips: all the contacts between team members and the customer were remote, including implementation and training;; use of renewable energy;; control of our supply chain to use products that produced by companies caring about the environment;; planting trees.; And our plan and a strong intention is to become “carbon negative” in the next 10 years.
• Covid-19 recovery:

  Covid-19 recovery

  We Help local communities to manage and recover from the impact of COVID-19: ; We are opening several vacancies for programmers and managers and provide training for new staff and sometimes candidates; We are developing a plan for returning back to work for staff after COVID-19, including those worst affected and requires changes in a workplace / schedule etc.; We provide consulting and implement solutions for businesses to enable remote working, e-commerse, etc.; We provide access to psychological help prophylactic for our staff free of charge; Remote working was implemented for the whole staff; ; We create new businesses, new jobs and new skills:; We are developing partnership programms, incuding possibility for our products reselling and integration; As we practice remote work, we provide employment and training opportunities for those who are located in deprived areas; Relevant staff gets training in cyber security, data protection, ISO 9001, ISO 27001, health and safety, etc.
• Tackling economic inequality:

  Tackling economic inequality

  We have a Diversity and Equality policy in place.; As a company own and driven by woman, we understand the importance of the issue and we are committed to encouraging equality and diversity among our workforce, and eliminating unlawful discrimination, including inequality in employment, skills and pay. And our employment policy helps to gain it: we have two almost anonymous opportunities for job candidates:; 1. People who have good working experience and education can immediately apply for a job and pass an interview through our corporate chat (it is anonymous because interviewers do not know who is applying and in the case of successful interview applicants’ documents will be checked just to confirm they exist - no additional evaluation).; 2. People who do not have good working experience can take part in our remote training program - it’s free and at the end of the program successful participants receive a job offer from our company. Exam is anonymous and consists of two parts: computer test (pass/fail) and chat interview.; All our staff has equal access to the training opportunities. We monitor pay roles and identify any inequalities by gender, race, etc.; BONDAP LTD is committed to engaging suppliers that consistently operate in accordance with our values, comply with national laws and regulations and meet the company’s requirements for health and safety, quality management, environment, ethics, anti-corruption and social responsibility, including human rights and labor standards.
• Equal opportunity:

  Equal opportunity

  Support for the unemployed (including disadvantaged or minority groups) to gain access to employment opportunities. As described above our company provides huge opportunities for unemployed to gain a job through our special training program, that is absolutely free and at the end of the program successful participants receive a job offer from our company.
• Wellbeing:

  Wellbeing

  We take a positive approach to rewarding workers at a level that can help tackle poverty - our company commits to paying at least the living wage for all employees in this contract. We do not exploit workers (e.g. in relation to matters such as the inappropriate use of zero hours contracts or “umbrella” companies). We support employee volunteering. ; We have a Health and Safety policy in place to:; Ensure the business complies with all legislation relating to health and safety; Eliminate or minimise all workplace hazards and risks as far as is reasonably practicable; Provide information, instruction and training to enable all workers to work safely; Supervise workers to ensure work activities are performed safely; Consult with and involve workers on matters relating to health, safety and wellbeing; Provide appropriate safety equipment and personal protective equipment; Provide a suitable injury management and return to work program

Pricing

• Price: £4 to £3,500 a licence a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: 7 days Free trial version can be provided by request. It includes all core modules and is fully functional.; Free trial access does not allow for customisation and roles management, no administrator access and only email notifications (no sms, voice, push notifications).

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at uk@bondap.com. Tell them what format you need. It will help if you say what assistive technology you use.