IOCO SOLUTIONS LIMITED

GetSpace Location Booking Platform

GetSpace is the solution for companies that want to take their facilities management to the next level.

Reporting on how your offices are actually being used so that you can make better decisions about how your offices are being run.

Improved access and security to your buildings, including health checks.

Features

• Daily health screening
• Covid 19 education and information
• Office density management
• Staff risk management
• Real time reporting
• Employee dashboarding
• Onsite visitor management
• Online bookings for office spaces
• Integrated security
• API integration

Benefits

• Understand employee health and risk
• Educate employees on better health practices

£0.80 to £1.60 a user a month

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at michael.morey@ioco.tech. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

486171837002205

Contact

Mick Morey
0118 206 2938
michael.morey@ioco.tech

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: Smart phone and modern browsers only
• System requirements: Smart phones and modern browsers

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: Variable depending on severity of the question.; Office hours only unless otherwise contracted.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: No
• Support levels: The GetSpace solution is fully supported by iOCO's24/7 Service Desk providing a single point of access for all incidents and requests. The service is available via telephone, email or iOCO SMAX portal. Responses are prioritised and addressed in line with the service levels detailed in the Service Level Agreement document. All engagements have a named Service Manager for engagement and escalations with a Technical Service Manager who attend service review meetings.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: User documentation is available.; Train the trainer is available upon request (online).
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: A ticket must be logged and we will delete upon request, or extract the client's data.; Data is retained for 12 months, unless otherwise requested.
• End-of-contract process: There is no additional cost and no additional services are provided at the end of the contract.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The solution is responsive and works identically across both.; It is implemented as a progressive web app and can be installed like an application on a smart phone or accessed from the browser.
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: GetSpace can be integrated into existing HR and other relevant systems on a custom basis.; Restful API's can be exposed to share data with employment source systems, as well as access control systems (Allow or block entry).
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
  • ODF
  • PDF
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: Basic white labeling is available (colours and logos).; Custom integrations with employee source systems.; Custom integrations with health data providers.; Customizations are available at additional cost by the Sikhona team.

Scaling

• Independence of resources: The solution is hosted on Azure and follows Azure service levels.; Services are elastically scaled based on demand.

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: EOH Mthombo

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: In-house
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
  • Other
• Other data at rest protection approach: All data at rest is encrypted with AES256; ; https://docs.microsoft.com/en-us/azure/azure-sql/database/transparent-data-encryption-tde-overview; ; https://docs.microsoft.com/en-us/azure/cosmos-db/database-encryption-at-rest
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Management users can extract Excel reports directly from the reporting portal.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: Other
• Other protection between networks: All public endpoints are secured via SSL
• Data protection within supplier network: Other
• Other protection within supplier network: All internal endpoints are secured via SSL

Availability and resilience

• Guaranteed availability: 99.95% (due to Azure SLA and running scale out across update and fault domains); ; https://azure.microsoft.com/en-us/support/legal/sla/app-service/v1_4/
• Approach to resilience: Implemented as per Azure SLA requirements.; https://azure.microsoft.com/en-us/support/legal/sla/app-service/v1_4/
• Outage reporting: Email alerts are sent to all active subscribers

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: Only global administrators have full access across the stack. Actors may be granted limited permissions within resource groups only for specified and approved purposed. ; All administration management and support is done by the support team who log into the back-end using active directory credentials which provide role based access to limited functionality.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: Between 6 months and 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Between 6 months and 12 months
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: INFORMATION SECURITY MANAGEMENT SYSTEM ISO/IEC 27001:2013 for the Datacentre

Security governance

• Named board-level person responsible for service security: No
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: All staff sign contracts which include a comprehensive confidentiality agreement, and code of ethics.; Policies are in place to ensure compliance with GDPR (UK) and POPI(South Africa)

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All changes and configurations go through the Change Approval Board, and will then follow a specified change schedule. CAB Considerations include but are not limited to risk and impact assessment, effect and impact on infrastructure and linked services, and capability of the resources.; Full solution life-cycle management change tracking is in place with all requests for change, and changes down to code level recorded against individuals responsible for implementing changes.
• Vulnerability management type: Undisclosed
• Vulnerability management approach: Azure Security Center configured across all subscription resources.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Azure Security Center with threat detection is configured and applied across all subscription resources. ; Azure Frontdoor with WAF rules set to Prevention mode (access blocked on failed rules) applied to front facing web services.
• Incident management type: Undisclosed
• Incident management approach: Incidents are logged on the service desk and assigned the correct level of severity. Critical incidents are automatically escalated to the Incident Manager to oversee resolution. Committed time to resolution is variable dependent on the level of severity.; Incident reporting can be provided as required.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Covid-19 recovery
  • Wellbeing

  Covid-19 recovery

  The COVID-19 pandemic was a wake-up call for businesses. It made one thing abundantly clear: We did not have the continuity plans in place to deal with a crisis right out of the gates. It also taught us that we are more capable, more resourceful, and more adaptable than we thought possible. ; ; Knowing what we know now, the question becomes: What can you do differently to protect your business and its workers? ; ; GetSpace was born out of this question. It was born from asking how we would do things differently if we got the answers earlier. It was born from a desire to see the economy reopened, and from a vision to be able to manage any crisis going forward.

  Wellbeing

  At its heart, GetSpace provides insight into how the crisis affects staff, ensures compliance with legislation, and to provide inputs into managing business continuity risk. It is available to businesses to allow them to identify and track their high-risk populations, and to proactively ensure that their offices are opened and managed in as low-risk manner as possible.; ; GetSpace has a host of features available to the user including daily screening, risk profiling, crisis education, nearest test centres, and booking office and desk space. On the management side GetSpace enables supervised, on-site check in and screening, full reporting, and track and trace capability.

Pricing

• Price: £0.80 to £1.60 a user a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at michael.morey@ioco.tech. Tell them what format you need. It will help if you say what assistive technology you use.