The Access Group

Access Gamma

Developed by UK visitor attraction experts, Access Gamma is designed to solve operational inefficiencies and give you greater insight to help you reduce costs, drive sales and deliver a better customer experience.
The all-in-one system means you can manage all your commercial operations in one place with easy-to-use features.

Features

• Fully integrated, modular system providing visitor attractions
• With Access Gamma, you can manage ticketing and admissions
• Modules for retail and catering, bookings and events
• Membership Management
• Website integration via API
• Income handling includes integrated Gift Aid management
• Microsoft Office integration for simple filing of correspondence

Benefits

• Touch screen data entry
• Sell tickets and retail items from the same POS units
• Integration with Accounts Systems
• Link bookings across multiple resources (rooms/equipment/staff)
• Invoicing options including part payments
• Margin by Product Reports
• Electronic ordering and goods received

£900 a user a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Natalie.GilesGrant@theaccessgroup.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

755356527432496

Contact

Natalie Giles-Grant
01206322575
Natalie.GilesGrant@theaccessgroup.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: None
• System requirements: Internet Access via supported browsers (html5 enabled)

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Support is offered 7 days a week 08:00-18:00hrs as standard. All calls are put into a priority category which recommended response times as detailed below; ; P1 cases 1 hour; P2 cases 2 hours; P3 cases 4 hours; P4 cases 1 business day
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Support levels covered as part of annual fee are: P1 (critical) - For tickets logged by telephone, immediate response, for tickets logged by other means, response within 1 working hour. Tickets transferred to a product expert within 1 working hour. ; P2 (high) - For tickets logged by telephone, immediate response, for tickets logged by other means, response within 1 working hour. Tickets transferred to a product expert within 1 working hour. ; P3 (normal) - For tickets logged via the Call Management Centre a response will be given within 2 working hours by a product specialist. For tickets logged via email a response will be given within 3 working hours by a product specialist.For tickets logged via telephone a response will be given immediately and assigned to a product specialist within 4 working hours. ; P4 (low) - For tickets logged via the Call Management Centre a response will be given within 4 working hours by a product specialist. For tickets logged via email a response will be given within 4 working hours by a product specialist. For tickets logged via telephone a response will be given immediately and assigned to a product specialist within 6 working hours.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: At the start of the implementation Access will appoint a Lead Consultant that will be assigned to your project. The Lead Consultant will provide an on-site visit t outline the project and will remain a point of contact throughout the implementation. To support the implementation Access also provide a named On-Boarding consultant who works closely with the Lead Consultant. They will ensure that the project is progressing and provide a secondary contact who is office based and can be contacted at any time. Access provide as part of any implementation a comprehensive range of services available directly from Access UK. Services that Access can provide as part of the implementation stage are: • Project Management • Data Conversion • Education and Training • Consultancy • Technical Consultancy • User acceptance Testing support • Account Management • Help Videos
• Service documentation: Yes
• Documentation formats:
  • PDF
  • Other
• Other documentation formats:
  • Excel
  • CSV
• End-of-contract data extraction: The client will receive a back up of their data following the end of the contract.
• End-of-contract process: At the end of the contract, and if the subscription fee is not renewed, the customer can extract the data into a given format (normally Excel or SQL backup). Support can be provided to extract data on a time and materials basis. Data is then deleted 90 days after your subscription end date.

Using the service

• Web browser interface: No
• Application to install: Yes
• Compatible operating systems: Windows
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Gamma mobile provides streamlined functions for stock control purposes and some sales functions.; ; All key functions can be used on tablet devices.
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: ThankQ CRM provides a REST API allowing web integration with ecommerce platforms for bookings / membership and retail ; ; The API has all key features of the system available as standard.
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: We also have a Professional Services team that can be used to configure the Gamma application.

Scaling

• Independence of resources: Gamma can be hosted using ALTO. This is a load-balanced service,which monitors the web servers continuously and will dynamically reassign requests if one of these servers crashes.

Analytics

• Service usage metrics: Yes
• Metrics types: Gamma has a comprehensive range of standard reports, metrics and KPI reports, which can be added to or modified by the customer to suit their needs.
• Reporting types:
  • Real-time dashboards
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Information from Gamma can be easily exported directly from the system, through a standard suite of reports and export formats. Many of our customers simply export to Excel, CSV or PDF file.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • Excel
  • XML
• Data import formats:
  • CSV
  • Other
• Other data import formats: Excel

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: We will use commercially reasonable efforts to make the software available 24 hours a day, seven days a week, except for unavailability during emergency or routine maintenance. Our monthly availability has not dropped below 99.8% in any 4 week period in the last 12 months
• Approach to resilience: We operate a dual active-passive environment and all hardware components are provided at N+2 level or greater. More details are available on request.
• Outage reporting: Users can subscribe to email alerts giving updates on scheduled maintenance and outages. At any time a user can view the status dashboard on a webpage.

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: We operate role profile based Access Control - based on least privilege access. This applies to all our services.
• Access restriction testing frequency: At least every 6 months
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: ISOQAR
• ISO/IEC 27001 accreditation date: 01/09/2014
• What the ISO/IEC 27001 doesn’t cover: Nothing is excluded from the standard ISO 27001 certificate
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: All controls included within Annex A of the ISO27001:2013 standard. Statement Of Applicability (SOA) available on request.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: All change management is undertaken in line with ISO27001:2013 using JIRA for audit purposes.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Patched and audited by our patch management system. All non-critical OS patches are applied within one calendar month of release, first into pre-production and then into production, as part of the scheduled maintenance window. AV Updates - Signatures are updated hourly. / Rules are reviewed at minimum every 3 months. Logs are reviewed at minimum every 3 months. Access staff responsible for the maintenance of our hosting services subscribe to industry newsletters, belong to various security forums and we additionally receive notifications from our vendors.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: We have traffic monitoring and content based alerting which alerts on changes to the site and/or traffic flows implemented at infrastructure and application level. We proactively monitor third party suppliers (hardware, OS, application/web and database server software) vulnerability reporting and security fix availability. Any vulnerabilities found and fixes provided by third party suppliers are patched by our infrastructure team in a timescale appropriate for their level of severity. Any penetration test findings are fixed by Development in a timescale appropriate for their level of severity. Our infrastructure response is within 1 hour in the SLA period 8am-8pm Monday – Friday.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: We operate a robust incident management process in line with ISO27001:2013 Staff are encouraged to report all incidents using a pre-defined process using a form available on our Company Collaborate site Incident reports will be provided following forensics and closure.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Wellbeing:

  Wellbeing

  Access places specific emphasis on the health and wellbeing of its staff and provides a “Well-being” hub in workspace that provides support for Mental Health, Finances, Social, Physical, Emotional and purpose. Assistance from Health Assured is available for all staff and there are training resources for “working in the new normal” and “Mental health and wellbeing” . Access also has “well-being” champions throughout the organisation. This is supported by monthly employee “check in” surveys and offers of flexible working for staff to meet caring commitments.

Pricing

• Price: £900 a user a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Natalie.GilesGrant@theaccessgroup.com. Tell them what format you need. It will help if you say what assistive technology you use.