Fully Managed WiFi, Engagement and Entertainment Services

Service scope

Service constraints: WiFi SPARK requires an enterprise grade WiFi Network to provide its services over. Considerations will be made of the clients core infrastructure when designing a WiFi SPARK solution but being technology agnostic in our approach gives us the freedom and flexibility to adapt to the project in hand. Whilst telephone and email support is available 24/7, support portal service hours are 9-5, Monday to Friday. Only Samsung and Apple tablets are supported for tablet solutions.
System requirements: Fully licensed by WiFi SPARK so no buyer licensing requirements

Buyer is responsible for buyer's infrastructure licensing

Buyer to provide at its cost suitable mains power supplies

Buyer to ensure mains power remains connected and live 24/7

Buyer to provide suitable rack space if required

Buyer to ensure remote access available as required

Buyer to ensure permissions granted for kit location if appropriate

Only Samsung and Apple tablets are supported for tablet solutions.

If translation required an agreement with The Big word required

User support

Email or online ticketing support: Email or online ticketing
Support response times: Hospedia offers telephone, email support & live chat 24/7/365. Support portal available 9-5 Monday-Friday excluding bank holidays.

Calls answered within 60 seconds. >80% of calls are resolved at first contact. All calls logged on our helpdesk ticketing system and call reference issued.

Response times: Tier 1: Priority1 - Total loss of service - 1hour, Priority2 - Major service degradation - Same-day, Priority3 - Service requests, and minor or cosmetic faults - 2days.

Tier 2: Priority1 - Total loss of service - 30minutes, Priority2 - Major service degradation - Same-day, Priority3 - Service requests, and minor or cosmetic faults - Next-day.
User can manage status and priority of support tickets: No
Phone support: Yes
Phone support availability: 24 hours, 7 days a week
Web chat support: Web chat
Web chat support availability: 24 hours, 7 days a week
Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
Web chat accessibility testing: We have not done any web chat testing for accessibility, however we have conducted testing by running an W3C accessibility automated testing tool against our products. The results informed some of the changes we made to our products.
Onsite support: Onsite support
Support levels: Hospedia has three Priority Levels for support
Priority 1 Total Loss of Service
Priority 2 Major service degradation
Priority 3 Service Requests and minor/cosmetic faults

On escalation from the helpdesk, an engineer will investigate in accordance with the relevant priority response target. Hospedia has on-call engineers that operates 24/7/365 to cover Priority 1 incidents.

Hospedia is able to interrogate systems remotely and can often affect repairs without site visits. This may involve reconfiguration of the network to utilise in-built redundancy or to invoke manual or automatic failover of key components.

Major Incidents – If an event warrants fast-tracking to an enhanced level of response this is invoked by declaring a “Major Incident”. A Major Incident Manager will be appointed to actively manage the situation to an agreed resolution. Enhanced levels of communication and reporting will accompany a Major Incident. There is no cost to this additional service.
Support available to third parties: Yes

Onboarding and offboarding

Getting started: Hospedia will provide a Sales Manager to support and deliver a general introduction to the platform and services. The UX team will be involved in the users/admin introduction to Reporting, SPARK® Analytics Portal, Content Management, and SPARK® Dashboard. User guides and marketing materials are made available for staff to provide to the end users, and training sessions over the telephone or Teams can be organised for staff, if required, free of charge.
User guides, troubleshooting guides and FAQs are linked to on the User Experience Portals that end users can link through to, which are available on our support portal.

Hospedia typically works on a 6-8 week timescale: Week one: Project Initiation - Project kick-off, establish communication plan, confirm project team, agree terms of reference (scoping document), set-up risk register. Week two: Project Planning - Create and circulate project plan, schedule resources, arrange site visits. Week three - five: Project Delivery - Manage project activities, report on progress, manage risks and issues, oversee installation and commissioning. Week six: Project Go Live - UAT, buyer acceptance, As-built documentation. Week seven: Project Closure - Lessons learnt, close project, handover to support and service delivery teams.
Service documentation: Yes
Documentation formats: HTML

PDF
End-of-contract data extraction: Hospedia is fully compliant with the GDPR and the Data Protection Act and keeps data as defined by law. Any request for data reporting, removal/destruction can be fulfilled upon request. The only other context for Data Collection is with reference to RIPA/DRIPA requests for lawful tracking.
Data is accessed via SPARK® Analytics. The client will be given a log in to the Dashboard where real-time data can be viewed instantly, or report on historic data by selecting a date range. All access to data is managed via secure access control mechanisms which ensure only authorised personnel are allowed to view or change the data and all access sessions are logged for audit purposes. All changes are time and user associated.

At the end of the contract, any account information is held for the amount of time required by HMRC and then securely overwritten. With regards to Personally Identifiable Information, the data is held for the amount of time required by the Data Controller. In the event services are no longer required we will securely export any data requested to the Data Controller and hold the data for one calendar month after cessation of the contract and then overwrite the data.
End-of-contract process: On an agreed termination date all services will cease and the buyer, and the buyers end users, will no longer have access to the services. Hardware installed by Hospedia at no cost to the buyer remains the property of Hospedia for the contract duration, and will be removed on the agreed cease date or soon after; this includes managed leased line routers. Hospedia is not responsible for the removal of hardware purchased by the buyer. If services terminate earlier than the end date stated on the call-off contract, the buyer is liable for paying the following charges until the end of the original term stated on the call-off contract, either according to the payment schedule or in a single lump sum: 1) Connectivity monthly costs in full plus any early termination fee, excess construction charges and set up fees; 2) The full cost of the hardware purchased by the Supplier 3) At 90% of the original cost to the buyer: platform costs, vendor support, and licensing. Hospedia shall provide reasonable assistance in transitioning the services to a replacement supplier, chargeable as time and materials to the buyer at the listed rate.

Using the service

Web browser interface: Yes
Using the web interface: Portal User Journey Interface is WCAG 2.0 AA capable. Specifics of journey requirements are defined during Project Definition near the beginning of the buyer journey. The dynamic and unparalleled User Experience Portal delivers powerful communication, increases user engagement through news, multimedia and interactive content.

End users do not make changes to the web interface and they are only using the service for WiFi and entertainment purposes, however we allow customisation for our buyers (the buyer). These include CMS – changes to the images and banners on the User Experience Portal.

It should be noted that as we provide a fully managed service, the buyer isn’t required to make any changes themselves. If changes are required outside the use of the CMS, this will go through our Change Request Procedure and may incur an additional cost depending on the severity and frequency of changes. This is outlined in the rate card.

If the buyer requires CMS access, we will provide login details and necessary training to use the service. Training is free of charge. Changes the buyer will be able to use include changes to images or banners on the User Experience Portal. This is available free of charge.
Web interface accessibility standard: None or don’t know
How the web interface is accessible: We have not done any web chat testing for accessibility, however we have conducted testing by running an W3C accessibility automated testing tool against our products. The results informed some of the changes we made to our products (Listed below.)
Our solutions are custom designed to meet each client's requirements. We encourage clients to use the following standards during the design and scoping process but this isn't always possible due to their branding guidelines or agreed design. This would include: high colour contrast, minimum 16px size font size with support to further scale text within browser settings, button and form field labels, alt text for images, focus indicators when using the keyboard to tab through content and clear HTML markup to identify headings, paragraphs, and links.
Web interface accessibility testing: Our services are rigorously tested through our QA procedure in- house prior to production release than with end users. In terms of assistive technology and accessibility, we base our practices on W3C standards.

For example, we code our software based on their recommendations, so we have descriptive text for all images. Colour contrast is, in most instances, at least 4.5:1. Alt text or a similar solution is used for images that convey meaning. Navigation elements are consistent throughout the site. Form fields have accurate labels. Status updates can be conveyed through a screen reader. Headings are used in logical order.
API: Yes
What users can and can't do using the API: The SPARK® API is a resource rich, proven interface to the SPARK® Managed Service Platform that allows developers to create complex, intuitive and well-designed WiFi on-boarding and analytics services. buyers can develop and host their own user experiences in their own environment using their own developers for true flexibility to stay ahead in innovative WiFi applications.

Three key concepts make up the bulk of the API’s usage. Hotspot - Is the wireless enabled area onto which subscribers can connect sessions. Subscriber: End user access account, optionally contains a username and password. Session: The active connection of a device onto the network, with a direct relationship to a subscriber
Whilst SPARK® has its own in-built portal logic, it may not be exactly what the buyer requires so using the API allows for a fast time to market for new and innovative WiFi applications.

The API is a level3 compliant REST interface, supporting a wide range of HTTP verbs that can manipulate service Resources.
The API supports JSON, XML, and Text payload formatting with discoverable hypermedia links delivered via ATOM as per REST best practice.

There are no restrictions of this service as long as the feeds are made available to us.
API automation tools: Ansible

Other
Other API automation tools: SPARK® API
API documentation: Yes
API documentation formats: PDF
Command line interface: Yes
Command line interface compatibility: Linux or Unix

Windows

MacOS
Using the command line interface: Depending on the deployment, you may be supplied with a SPARK® Gateway in a physical or virtual machine. This is a Redhat based Linux server with our software and configuration applied on top to enable the Hospedia services. If CLI access is required then we can open that up with restricted access. This isn't normally required though as Hospedia take care of the overall management and configuration as part of the managed service.

Scaling

Scaling available: Yes
Scaling type: Manual
Independence of resources: The SPARK® Platform applies bandwidth at an authentication level to allow a fair connection to all. The SPARK® service will efficiently manage each connected session, enforcing pre-agreed bandwidth throttling to help protect overall bandwidth so that individuals cannot consume more than others.
As an option, a higher bandwidth could be offered to the end user as a Premium connection, perhaps for a small fee that the WiFi user would pay that the Buyer agrees. This could also have a different User Experience if required. There is no fee to the buyer to include a premium service.
Usage notifications: Yes
Usage reporting: Email

Analytics

Infrastructure or application metrics: Yes
Metrics types: CPU

Disk

HTTP request and response status

Memory

Network

Number of active instances

Other
Other metrics: User device type

Browser type

Session Count

Portal Activity

Data Transferred

Session dates

Device operating system

Custom field information
Reporting types: API access

Real-time dashboards

Regular reports

Reports on request

Resellers

Supplier type: Not a reseller

Staff security

Staff security clearance: Other security clearance
Government security clearance: Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations: Yes
Data storage and processing locations: United Kingdom
User control over data storage and processing locations: No
Datacentre security standards: Managed by a third party
Penetration testing frequency: At least once a year
Penetration testing approach: Another external penetration testing organisation
Protecting data at rest: Other
Other data at rest protection approach: Hospedia gleans, processes and enriches data on demand, however the data remains yours and logically segregated within our cloud solution.

Hospedia buyer data is held securely behind enterprise level security in our cloud and at rest is encrypted using 256-bit Advanced Encryption Standard (AES).
Hospedia also use Secure Sockets Layer (SSL)/Transport Layer Security (TLS) to protect data in transit between applications and our servers. It's designed to create a secure tunnel protected by 128-bit or higher Advanced Encryption Standard (AES) encryption.
Data sanitisation process: Yes
Data sanitisation type: Explicit overwriting of storage before reallocation

Hardware containing data is completely destroyed
Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery: Yes
What’s backed up: All key functional service components on the WiFi SPARK platform.
Backup controls: Hospedia provides a fully managed service, which includes all required configuration backups and snapshots are taken care of as part of the service. Critical systems within the SPARK® Cloud environment have snapshots and images taken on a regular basis, usually scheduled once per day or once per week.

If the user requires something unique to be configured then that can be arranged. Details of what is being requested will need to be provided to the Service Delivery Manager to arrange this.
Datacentre setup: Multiple datacentres with disaster recovery
Scheduling backups: Supplier controls the whole backup schedule
Backup recovery: Users contact the support team

Data-in-transit protection

Data protection between buyer and supplier networks: Private network or public sector network

TLS (version 1.2 or above)

IPsec or TLS VPN gateway

Bonded fibre optic connections

Legacy SSL and TLS (under version 1.2)

Other
Other protection between networks: Hospedia has extensive experience in providing both public and professional networks and in ensuring security standards are adhered to.
All guest networks operate on their own isolated layer 2 networks to ensure complete traffic separation. Layer 2 client isolation is also configured to ensure wireless devices cannot inter-connect unless provisioned.
Data protection within supplier network: TLS (version 1.2 or above)

IPsec or TLS VPN gateway

Legacy SSL and TLS (under version 1.2)

Other
Other protection within supplier network: The Hospedia service, SPARK®, manages the wireless network end-to-end and includes a packet inspection firewall which protects the internal networks from the connected outside networks by only permitting ingress and egress connections that have been agreed to ensure the service is operational.

Each SSID supports roaming between APs and can be configured with encryption and 802.1x authentication to protect sensitive data and permit secure authorised use for staff and WiFi connected devices.

The Hospedia service includes a fully featured integrated packet inspection firewall which will only permit connectivity for trusted networks and protocols ensuring unauthorised users are denied access.

Availability and resilience

Guaranteed availability: The core SPARK® Managed Service Platform has a targeted availability level of 99.95%. Users are able to request a refund via the online refund form where they detail the service location and issues they have faced. This is then reviewed by staff for a full or partial refund depending on the nature of the issue. All information is captured in the helpdesk system for reference and the user is able to update and review their open cases online.

If they have used any time or used a lot of data, Hospedia will issue a partial refund. This is calculated by working out the price of one days usage and then multiplying that by the amount of days they have used then take that number away from their total refund. Here’s an example calculation of if someone requested a refund from a one year package after using 100 days.
1 Year = £130
£130 / 365 = £0.36 per day * 100 (days used) = £36
£130 - £36 = £94

If the user has not used any time since purchasing, then a full issue is given.
Approach to resilience: The core SPARK® Managed Service Platform is hosted on a highly resilient platform with several levels of redundancy shared across multiple data centres. Further information is available on request.
Outage reporting: All Hospedia services are monitored 24/7 by the SPARK® NMS Network Monitoring System. The system will record service availability metrics such as system uptime with a detailed audit trail for historical analysis. This will form the basis for performance-related measures. When this system detects an unusual event it alerts the Hospedia Support Teams via direct visual alerts, email and SMS text message. Hospedia will then call the nominated technical buyer contact via telephone and email follow up in phone unavailable. In addition, critical alerts are posted automatically to the 24/7 service desk tool called Zendesk™ and a case is created for immediate escalation. An API is available for further integration if required. A buyer dashboard facility is available if required. The SPARK® managed service platform is at the centre of the WiFi SPARK® solution. This is a highly available platform with an availability score of 99.95%. As such, the risk of service outage as a result of the SPARK® managed service is very low and would be measured in minutes.
Any outages that effect users will be displayed on the user experience portal with notice given of 10 days.

Identity and authentication

User authentication: 2-factor authentication

Public key authentication (including by TLS client certificate)

Identity federation with existing provider (for example Google apps)

Limited access network (for example PSN)

Dedicated link (for example VPN)

Username or password

Other
Other user authentication: The buyer/buyer has a selection of authentication methods to allow on the service: social media*, free use form - with data collection*, one-click - no personal data*, MAC authentication - pre-approved authentication, subscriber login - predetermined login details, voucher login - predetermined login details, debit/credit card or PayPal - account based buy-time login*, app, loyalty or database integration - login with your loyalty/database*, email and SMS validation - validated data*.

*Self-registration for end users. This means that WiFi users register through the User Experience Portal by entering details. This is then authenticated and validated before access is granted.
Access restrictions in management interfaces and support channels: Physical and logical access to all areas and platforms is restricted. Hospedia employ a restrict-all security lock down policy. This means that each user only has access to areas essential to their work, both geographically and on the network. User Privilege access is defined roles and authorized by Directors. Hospedia can also lock down access by IP address where appropriate.
Access restriction testing frequency: At least every 6 months
Management access authentication: 2-factor authentication
Devices users manage the service through: Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Access to user activity audit information: No audit information available
Access to supplier activity audit information: No audit information available
How long system logs are stored for: At least 12 months

Standards and certifications

ISO/IEC 27001 certification: No
ISO 28000:2007 certification: No
CSA STAR certification: No
PCI certification: No
Cyber essentials: No
Cyber essentials plus: Yes
Other security certifications: No

Security governance

Named board-level person responsible for service security: Yes
Security governance certified: Yes
Security governance standards: ISO/IEC 27001

Other
Other security governance standards: IASME Cyber Essentials
Information security policies and processes: Hospedia has a comprehensive internal Information Security Policy which covers all data processed and housed through the physical and virtual infrastructure. This policy gives insight into Hospedia's processes regarding the physical security of facilities, Disaster Recovery, Password Requirements, Physical Access, Removable Media, Media Destruction, Environmental Hardening, Patches and Updates, Software Development and Transmission of Data. This is not an exhaustive list of topics.

As well as an internal Information Security Management Plan, Hospedia works with its key buyers in order to develop tailored Information Security Plans. This is to assist in understanding and for efficient management of their data risks.

These policies are owned and developed by the Hospedia Network Operations (NetOps) team which is responsible for security at WiFi SPARK, with close partnership with the Development Team and Management. NetOps in turn report to Senior Management and Board members in order to ensure that these policies are adhered to and that any changes to these practices are measured and controlled.

Operational security

Configuration and change management standard: Supplier-defined controls
Configuration and change management approach: Hospedia operates a structured configuration and change control process as part of its ISO 9001 Quality Management System. This incorporates Change Request forms that need approval by client and a senior manager at Hospedia before changes are approved. Changes are tested in a staging environment before being released to production in an agreed maintenance window. At the detailed level all changes are assessed for potential security implications as part of the controlled development process. All changes are tracked throughout their lifetime in a change log and can be rolled back if required.
Vulnerability management type: Supplier-defined controls
Vulnerability management approach: Hospedia employs a comprehensive SPARK®NMS monitoring solution covering all aspects of the core platform. This monitoring includes operating system and application versions to ensure protection against any known/new threats/vulnerabilities. Patching and updating of all core systems is maintained by a central management server (ansible) which checks for updates nightly. Patches/updates are reviewed and deployed through a managed six-weekly sprint cycle (fortnightly if critical) on the Hospedia staging platform, prior to being pushed out to live production systems to ensure no adverse effects. Hospedia systems run on enterprise platforms that receive patches/updates inline with the vendor release cycles.
Protective monitoring type: Supplier-defined controls
Protective monitoring approach: The solution is monitored 24/7/365 by the SPARK® Network Monitoring System. This records service availability metrics e.g. system uptime, with a detailed audit trail for historical analysis and identifies compromises.
Hospedia has a three-tier priority category and a 24/7/365 telephone service. 80% of calls resolved in first contact. Calls answered in an average of 60 seconds.

Priority-1 - Response: 30 minutes. Target resolution: 1 day.

Priority-2 - Response: Same day.Target resolution: 1 day.

Priority-3 - Response: Next business day. Target resolution: 5 business days.
Alerts generated to staff immediately and an investigation will commence in accordance with priority response target.
Incident management type: Supplier-defined controls
Incident management approach: Hospedia operates a structured Incident Management process as part of its ISO 9001 Quality Management System. This incorporates recording, designation, prioritising and processing incidents following ITIL best-practice standards. Users can report incidents using the 24/7 helpdesk service, via email, telephone and live chat, or on the Support portal between 9-5 Monday-Fridays excluding bank holidays. This creates a case in the service desk where subsequent actions will be logged for traceability. Incidents that meet predefined criteria will be defined as Major Incidents and a separate process followed. Incident Reports are compiled by the Service Delivery Manager as required.

Secure development

Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
Who implements virtualisation: Supplier
Virtualisation technologies used: Other
Other virtualisation technology used: SPARK® Cloud platform
How shared infrastructure is kept separate: The SPARK® Cloud platform separates organisation programmatically within the SPARK® application itself.

Energy efficiency

Energy-efficient datacentres: No

Fighting climate change: Fighting climate change

As a business we are working towards a sustainable organisation with initiatives in planning for net zero emissions.

Transition: Moving our energy supply to Green Energy providers by 2023 and reducing our energy usage through insulation and a policy for low power devices and office environment.

Regenerate: Hospedia is promoting the regeneration of green spaces around our offices and the contribution towards tree planting in the local area around Exeter, supporting initiatives such as the National Trust ""Plant a Tree"" scheme

Sustain: Hospedia will choose suppliers and vendors who source their energy from sustainable sources including our cloud platform providers AWS who we chose due to their commitment to be 100% renewable energy sourced by 2025.
Wellbeing: Wellbeing

At a services level, Hospedia hosts Special Interest Groups whereby staff from hospitals are invited from all departments, to discuss SPARK® Media and how it can be improved for patients/visitors/staff. Engaging like this allows our services to be relevant and provide the most support and engagement for users.

Employees are provided a full benefits package which allows for volunteering/charity and community/wellbeing days and for the employee and immediate family. Community integration is encouraged as is working with our chosen charity. (This year St Petrocks for homeless people). The company also looks after the physical wellbeing of staff through gym membership and access to personal trainers. Mental health is taken very seriously, with nominated mental health practitioners in the business. The financial status of our employees is helped through salary sacrifice schemes and a company bonus plan. Full life cover is provided along with private healthcare and medicash enrolment.

Pricing

Price: £15.28 a user a year
Discount for educational organisations: No
Free trial available: Yes
Description of free trial: Hospedia is willing to enter a Proof of Concept with buyers. This will be for a defined period of time (Usually 30 days) and will have defined KPI's assigned to the PoC

Fully Managed WiFi, Engagement and Entertainment Services

Features

Benefits

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Backup and recovery

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Separation between users

Energy efficiency

Pricing

Service documents

Cookies on Digital Marketplace

Fully Managed WiFi, Engagement and Entertainment Services

Features

Benefits

Pricing

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Backup and recovery

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Separation between users

Energy efficiency

Social Value

Pricing

Service documents