Pentagull Ltd

ESB HWRC Booking and Permit System

ESB Household Waste Recycling Centre (HWRC) Booking and Permit System brings together our HWRC Booking and Waste Permit products to create one incredibly priced one stop shop for managing both these processes. HWRC bookings and waste permit requests are all catered for in one place.

Features

  • Online application facility
  • Data management module for GDPR compliance
  • DVLA checking of vehicle registration number to determine suitability
  • Automatic notifications to customer via email and optional text messages
  • Site operatives dashboard for ease of vehicle checking/recording no-shows
  • Online booking and cancellation facility
  • Blacklist functionality to deal with misuse
  • Reminder emails/texts sent at predefined intervals before the booking
  • Address checking ensuring only local residents gain access
  • Flexible booking schedules allowing sites to operate individual opening hours

Benefits

  • Huge savings on manual administration
  • Quickly react to service or council changes
  • No limit to the total number of system bookings allowed
  • Provides automation of manual and time-consuming processes
  • Can be tailored to your organisation
  • Ability to close resources and change opening hours quickly
  • Reduction in number of unauthorised vehicles
  • Provides your team a single point of management
  • Ability to constrain bookings based on predefined limit of visits
  • Ability to to predict site usage patterns

Pricing

£4,995.00 an instance a year

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@pentagull.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

6 4 6 6 6 4 1 9 8 6 1 3 5 1 9

Contact

Pentagull Ltd Stuart Gilbert
Telephone: 0845 680 7147
Email: sales@pentagull.co.uk

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
Maintenance Windows:- Maintenance windows for regular maintenance and product updates are always scheduled outside normal working hours.

We aim to give at least 48 hours’ notice of any planned maintenance work that we intend to undertake.

Product Schedules:- Product roadmap and related information is available on request.
System requirements
  • Supported web-browsers
  • Working LAN, firewall and internet connectivity

User support

Email or online ticketing support
Email or online ticketing
Support response times
Each support issue will be raised as a ‘ticket’ on our help desk system and the appropriate resolution will be scheduled and communicated to the client. Our service desk is staffed by knowledgeable staff providing first level support, this is backed up by unrestricted access to our second and third level support provided by our experienced consultancy and development teams.

Priority A: 1 hour.
Priority B: 4 hours.
Priority C: 1 day.

By agreement for weekends and bank holidays.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Support is standard and included within the licence charge. All customers benefit from the same excellent level of support. Each customer will be provided with a dedicated Account Manager and full access to support channels.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Pentagull will create a training plan based on evaluation of the functionality that has been specified within the ESB platform. We anticipate that there will be differing roles and responsibilities so this will be organised based on their individual tasks and access rights to the system. Pentagull will assess the numbers of users to be trained as well as the timeframe for rollout, based on this assessment we will select the most suitable delivery method. We have a variety of training methods:

• Individual training – one on one basis walking the user individually through the procedure of carrying out ordinary tasks
• Group training – as above but with multiple users
• Train the trainer – a more concentrated programme which accounts for the above but with the intention of permitting an individual to carry out internal training themselves.
• Classroom training – located at the offices of the client (with the tools to facilitate it) or at the office of Pentagull.

These training methods would be through a combination of onsite training, online training, and access to our extensive online documentation site.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
The service has in-built functionality to extract information in various formats available to the users.
Additionally if required we will provide a data extraction service tailored to the individual needs of the customer
End-of-contract process
All client data returned to client.All client access deactivated.Relevant secure processes fully applied.Final invoice prepared.

Using the service

Web browser interface
Yes
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
None
Service interface
Yes
User support accessibility
WCAG 2.1 AA or EN 301 549
Description of service interface
The service interface has been designed to be simple, consistent and as predictable as possible. We use common UI elements, have tried to avoid unnecessary ones and use concise language in our labels and messaging. Page layouts are consistent and structured based on importance, which helps draw attention to the most significant pieces of information. Our service interface communicates readily what’s happening, we use various UI elements to communicate status and next steps which can reduce frustration for users. We anticipate the end goals that our users bring, so we create the relevant defaults that reduce the burden for users.
Accessibility standards
WCAG 2.1 AA or EN 301 549
Accessibility testing
Use of accessibility tools such as JAWS have been tested for use with browser form UI. Labels and field content have been verified for speech output. We also utilise the WAVE suite of evaluation tools to ensure our content is accessible for people with disabilities.
API
No
Customisation available
Yes
Description of customisation
The ESB platform provides the functionality to perform in-depth customisation straight out of the box. You can rename and add new fields and sections to your processes with ease. PDF templates can be created and amended to be automatically produced by the system along with bespoke email notifications for your staff or customers. Our in-built granular permission set allows for precise access changes to processes as staff and situations change without having to resort to contacting Pentagull thus ensuring you have control to deal with variations in the work. More experienced users can go even further and amend the rules that govern the automation for your processes. This allows you to continually make changes in the life-cycle of your process ensuring it remains fit for purpose and effective all without incurring any additional costs. All this customisation is available with no coding knowledge required, the platform is designed to be used by anyone with basic computer literacy and a few days training.

Scaling

Independence of resources
A series of key performance metrics are constantly monitored, ranging from low level operating system counters to high level application layer metrics. This allows us to automatically respond to increases in demand by scaling up the resources allocated to the application before any impact is felt by end-users. By partnering with Amazon Web Services we are able to leverage the vast resources of their Elastic Compute Cloud
(EC2) to ensure that we can continually exceed our capacity requirements.

Analytics

Service usage metrics
Yes
Metrics types
As a web application our primary performance metric is the page response time. This is carefully monitored to ensure it stays within acceptable levels. In addition to the HTTP response metrics, a number of lower-level metrics are monitored to ensure the application stack remains healthy and responsive. These include CPU usage, memory usage and disk I/O metrics.
Reporting types
Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Yes
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least every 6 months
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
A wide variety of formats and platforms are supported for secure data export
Data export formats
CSV
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
Service Availability - 99.9% up-time per month
Service Availability - 24 hours per day (all days)
Response time for accessing screens - within 3 seconds (99% of the time)
Response time for system searches - within 5 seconds (97% of the time)

Pentagull will work with each of our customers on an individual basis to determine if a recompense model is required to meet the needs of the specific council or public department/ organisation. We strive to exceed, wherever possible, our SLA targets for service levels.
In the unlikely event of failure to meet our SLA targets we would invoke the agreed process which would award an appropriate level of service credits by way of compensation.
Approach to resilience
Our service is hosted on infrastructure provided by Amazon Web Services, who provide a monthly uptime percentage of 99.99%. To achieve maximum resiliency, we utilise all 3 AWS London data centres (known as Availability Zones) as either active or DR locations. This means that in the event of total data centre failure we are able to resume service using one or both of the alternate locations. Impacts to service delivery caused by more routine events such as server patching, server reboots and failure of individual components are mitigated through the use of load balancing and redundant storage. At the network level, AWS provides multiple carrier-independent feeds to each of its data centres.
Outage reporting
Customer's are contacted directly by a member of the company.
Email alerts can be setup upon request from Pentagull monitoring tools.
The email alerts service is hosted using infrastructure that is totally independent from that which is used to host the service, ensuring that even a catastrophic failure of AWS infrastructure does not affect our ability to communicate with our customers.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
Access is restricted to designated support staff at a level required for them to perform their role.
In terms of management interfaces there is an escalation process in place whereby senior staff can interface if required.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
Between 6 months and 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
Between 6 months and 12 months
How long system logs are stored for
Between 6 months and 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
World Certification Services
ISO/IEC 27001 accreditation date
26/02/2020
What the ISO/IEC 27001 doesn’t cover
There are no exclusions in Pentagull ISMS Statement of Applicability (Annex A) ISO 27001:2013 covers all aspects of Information Technology Security
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
As part of our ISO27001 certification, Pentagull applies its comprehensive ISMS (Information Security Management System) throughout the Company. The ISMS manager reports all incidents directly to the board of directors. All policies which form part of the ISO 27001 system are applied to staff as part of their induction to the Company and their yearly reviews. Any policy changed outside this time frame is applied when required.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Change control to our ESB platform’s core is managed through the practice of continuous integration (CI). Each build is tracked through formal version control process supported by a software version control system. Each new release has formal unit, integration, security and regression testing and is released into test environments before subsequently making into the live environment.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Our vulnerability management process is based on industry standards combined with advice from our own hardware/software suppliers. We regularly review our infrastructure to ensure we identify and categorise components based on risk/impact.

Patching is automated where it’s practical to do so, outside of this there we have a robust patch management procedure including a named individual responsible for patch management. All patches are applied within 7 days of release.

In order to keep abreast of the latest infrastructure threats we obtain information from multiple sources - our own hardware, software and infrastructure suppliers, additionally from a number of industry outlets.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
We employ proactive monitoring of various logs to detect unusual patterns of activity. This includes traffic and request patterns, authentication attempts and analysis of source IP addresses.

Our Incident Management System is used to manage and respond to any suspected compromise. This provides us with a structured way of handling potential security issues at each step of the investigation, and ensuring timely disclosure to our customers where appropriate. All suspected security incidents are investigated within 24 hours and co-ordinated by our Security Officer.
Incident management type
Supplier-defined controls
Incident management approach
Customers are able to report incidents using our support portal, this is logged directly into our support desk system with automated RAG categorisation and escalation of priority items.

Workflow within this system is also capable of routing specific problems or customers to an individual or team.

The teams also have access to a knowledge based system that enables for rapid diagnosis of problems.

We proactively monitor incidents on a regular basis to highlight any mitigation that we can put in place to reduce the likelihood of re-occurrence.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Social Value

Fighting climate change

Fighting climate change

Pentagull recognises that the current climate crisis is the global community’s biggest challenge to date. No corner of the globe is immune from the devastating consequences of climate change and society needs to act now.
As part of our commitment to fighting climate change, Pentagull has net zero carbon plan in place that will ensure we will become carbon neutral by 2024. For more details on this please see our website. Subsequently any contract procured on this framework would be actively contributing to that commitment.
Additionally, as our software licensing model is not based on number of users and is delivered via a public cloud, this enables any organisation taking up this service the flexibility to have end-users working from home. This brings about a reduction in employees carbon footprint if they are not required to travel into the office.
Tackling economic inequality

Tackling economic inequality

As a micro business any contract procured through this framework would be contributing to helping Pentagull to grow.
It would also create employment opportunities for individuals in our local catchment area of Blackpool, which is one of the 20% most deprived districts/unitary authorities in England.
We are committed to training all our employees to a minimum of NVQ level 4 and have recently employed an apprentice and supported him to attain this level of qualification.
Wellbeing

Wellbeing

As our software licensing model is not based on number of users and is delivered via a public cloud, this enables any organisation taking up this service the flexibility to have end-users working from home. This brings about inherent advantages such as better work-life balance, increased motivation and greater flexibility which all contributes to employee wellbeing.

Pricing

Price
£4,995.00 an instance a year
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@pentagull.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.