IOCO SOLUTIONS LIMITED

GetSpace Location Booking Platform

GetSpace is the solution for companies that want to take their facilities management to the next level.

Reporting on how your offices are actually being used so that you can make better decisions about how your offices are being run.

Improved access and security to your buildings, including health checks.

Features

• Daily health screening
• Covid 19 education and information
• Office density management
• Staff risk management
• Real time reporting
• Employee dashboarding
• Onsite visitor management
• Online bookings for office spaces
• Integrated security
• API integration

Benefits

• Understand employee health and risk
• Educate employees on better health practices

£0.80 to £1.60 a user a month

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at michael.morey@eoh.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

510598295551616

Contact

Mick Morey
0118 206 2938
michael.morey@eoh.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: Smart phone and modern browsers only
• System requirements: Smart phones and modern browsers

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: Variable depending on severity of the question.; Office hours only unless otherwise contracted.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: No
• Support levels: The GetSpace solution is fully supported by iOCO's24/7 Service Desk providing a single point of access for all incidents and requests. The service is available via telephone, email or iOCO SMAX portal. Responses are prioritised and addressed in line with the service levels detailed in the Service Level Agreement document. All engagements have a named Service Manager for engagement and escalations with a Technical Service Manager who attend service review meetings.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: User documentation is available.; Train the trainer is available upon request (online).
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: A ticket must be logged and we will delete upon request, or extract the client's data.; Data is retained for 12 months, unless otherwise requested.
• End-of-contract process: There is no additional cost and no additional services are provided at the end of the contract.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The solution is responsive and works identically across both.; It is implemented as a progressive web app and can be installed like an application on a smart phone or accessed from the browser.
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: GetSpace can be integrated into existing HR and other relevant systems on a custom basis.; Restful API's can be exposed to share data with employment source systems, as well as access control systems (Allow or block entry).
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
  • ODF
  • PDF
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: Basic white labeling is available (colours and logos).; Custom integrations with employee source systems.; Custom integrations with health data providers.; Customizations are available at additional cost by the Sikhona team.

Scaling

• Independence of resources: The solution is hosted on Azure and follows Azure service levels.; Services are elastically scaled based on demand.

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: EOH Mthombo

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: In-house
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
  • Other
• Other data at rest protection approach: All data at rest is encrypted with AES256; ; https://docs.microsoft.com/en-us/azure/azure-sql/database/transparent-data-encryption-tde-overview; ; https://docs.microsoft.com/en-us/azure/cosmos-db/database-encryption-at-rest
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Management users can extract Excel reports directly from the reporting portal.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: Other
• Other protection between networks: All public endpoints are secured via SSL
• Data protection within supplier network: Other
• Other protection within supplier network: All internal endpoints are secured via SSL

Availability and resilience

• Guaranteed availability: 99.95% (due to Azure SLA and running scale out across update and fault domains); ; https://azure.microsoft.com/en-us/support/legal/sla/app-service/v1_4/
• Approach to resilience: Implemented as per Azure SLA requirements.; https://azure.microsoft.com/en-us/support/legal/sla/app-service/v1_4/
• Outage reporting: Email alerts are sent to all active subscribers

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: Only global administrators have full access across the stack. Actors may be granted limited permissions within resource groups only for specified and approved purposed. ; All administration management and support is done by the support team who log into the back-end using active directory credentials which provide role based access to limited functionality.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: Between 6 months and 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Between 6 months and 12 months
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: INFORMATION SECURITY MANAGEMENT SYSTEM ISO/IEC 27001:2013 for the Datacentre

Security governance

• Named board-level person responsible for service security: No
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: All staff sign contracts which include a comprehensive confidentiality agreement, and code of ethics.; Policies are in place to ensure compliance with GDPR (UK) and POPI(South Africa)

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All changes and configurations go through the Change Approval Board, and will then follow a specified change schedule. CAB Considerations include but are not limited to risk and impact assessment, effect and impact on infrastructure and linked services, and capability of the resources.; Full solution life-cycle management change tracking is in place with all requests for change, and changes down to code level recorded against individuals responsible for implementing changes.
• Vulnerability management type: Undisclosed
• Vulnerability management approach: Azure Security Center configured across all subscription resources.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Azure Security Center with threat detection is configured and applied across all subscription resources. ; Azure Frontdoor with WAF rules set to Prevention mode (access blocked on failed rules) applied to front facing web services.
• Incident management type: Undisclosed
• Incident management approach: Incidents are logged on the service desk and assigned the correct level of severity. Critical incidents are automatically escalated to the Incident Manager to oversee resolution. Committed time to resolution is variable dependent on the level of severity.; Incident reporting can be provided as required.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  Though we have a relatively low environmental footprint as a provider of professional services, we see effective environmental stewardship as an important aspect of an organisation’s licence to operate. iOCO is committed to playing its role in addressing the challenges climate change presents and addressing the global economy in the areas where we can. The biggest opportunity we have to increase environmental sustainability is to apply our expertise, resources, research and innovation to create solutions that provide our customers with the technology to improve the efficiency and sustainability of their operations, products and services. iOCO’s work in the digital solutions arena reduces the need for paper and physical transport and, for this reason, supports the environment by reducing the need for fossil fuels and fossil fuel-derived products. Within the Group, our goal is to minimise our direct impact on the environment by operating our facilities and conducting our activities in ways that reduce energy, water, paper consumption, waste and greenhouse gas emissions. We support and comply with the requirements of current environmental legislation and codes of practice associated with industry-best practices. As far as possible, we purchase products and services that minimise damage to the environment and we aim to minimise waste and prioritise waste reuse or recycling.
• Covid-19 recovery:

  Covid-19 recovery

  COVID-19 has been a massively disruptive force—it has caused businesses to close, forced people to work from home, accelerated the rate of technological adoption and pressed organisations to reinvent themselves overnight to remain sustainable and survive. It has also exacerbated issues that existed pre-pandemic. Unsurprisingly, business leaders face considerable challenges as they look to the future and re-evaluate how they will move forward to remain competitive and succeed. The pandemic forced an abrupt shift to remote working, and while businesses are still trying to figure out how people will work in the long term, it is widely predicted that a distributed work environment is here to stay. Digital collaboration has improved immeasurably, and technology has enabled people to connect across countries and time zones. We are taking active steps to keep our people and our customers safe, whilst prioritising our support for critical services. Our teams are working closely with our key contractors, partners and suppliers to ensure they can continue to support our services for consumers and businesses.
• Tackling economic inequality:

  Tackling economic inequality

  Over the past three years, iOCO has spent a significant amount of time building an organisation that is future-fit enabled by best-practice GRC systems and processes and a deeply rooted ethical culture. There has been radical transformation in terms of governance and compliance as a result. With these new policies, measures and controls in place, the EOH/iOCO group has witnessed a fundamental change in the way it is being run and governed under the current leadership. The zero-tolerance approach to unethical behaviour is evidenced in the public stance of the CEO, as well as the extensive actions taken by the leadership team.
• Equal opportunity:

  Equal opportunity

  iOCO has invested in upskilling our own people and supports gender equality through various initiatives including skills development. iOCO encourages our employees to grow the collective mindset to solve together and supports the people to develop their talents and abilities. This will be executed by creating new initiatives with foresight. The objective of people development is four-fold; employee and Company performance, sustainability, digitisation and consideration to global shifts. The development strategy and programmes are delivered through the Learning Hub. In return, iOCO expects our employees to take ownership to direct their own life and work, have the desire to constantly improve skills through learning and practice and have a sense of purpose in their work and something larger. This creates an ecosystem of autonomy, mastery and purpose and the aim to drive a growth mindset impacting the head, heart and hands.
• Wellbeing:

  Wellbeing

  iOCO’s ability to create value depends on the quality of the skills we have at our disposal. The technology industry is characterised by rapid evolution and we need to attract, engage and retain top talent, invest in skills development and career progression while supporting balance and quality of life. Ultimately our objective is to attract, develop, reward and retain the best possible talent to drive business success. We continue to navigate the new reality created by the COVID-19 pandemic. We enhanced our remote working solutions for staff and implemented a slow and gradual reopening of our offices once lockdown eased. To support our people through these trying times, we introduced a number of wellness initiatives and events aimed at employee wellbeing. Despite the significant volatility in the labour market, we were able to attract experienced talent while retaining existing talent.

Pricing

• Price: £0.80 to £1.60 a user a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at michael.morey@eoh.com. Tell them what format you need. It will help if you say what assistive technology you use.