Queue-it: Virtual Waiting Room

Service scope

Software add-on or extension: No
Cloud deployment model: Public cloud
Service constraints: Queue-it is a SaaS solution hosted in AWS. Therefore, no hardware constraints apply. Customers will get a notice about any planned maintenance arrangements that require the suspension of access to the Services in advance.
System requirements: Queue-it is SaaS, no system requirements

User support

Email or online ticketing support: Email or online ticketing
Support response times: We provide Mon-Fri 24h support. The response time depends on the Subscription Level: On standard plans response time is less than 4 hours, pro plans response times are less than 2 hours.
User can manage status and priority of support tickets: Yes
Online ticketing support accessibility: WCAG 2.1 AAA
Phone support: Yes
Phone support availability: 24 hours, 7 days a week
Web chat support: Web chat
Web chat support availability: 24 hours, 7 days a week
Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
Web chat accessibility testing: Our chat service we use at Queue-it uses a Voluntary Product Accessibility Template (VPAT), to publish an Accessibility Conformance Report (ACR), which documents an audit of the systems relative to WCAG 2.1 AA performed by a third party accessibility vendor.
Onsite support: Yes, at extra cost
Support levels: We have two levels of support that are accessible to all our customers.
Level 1: email support provided by the support team. Level 2: involve Solutions Architects for complex troubleshooting or project-based involvements. Each customer has a dedicated Solutions Engineer or Architect during the onboarding period. After the onboarding is complete, they have an assigned Account Manager or Customer Success Manager.
Support available to third parties: Yes

Onboarding and offboarding

Getting started: Each customer has an assigned Solutions Engineer or Architect to assist them with onboarding. We provide online training, documentation and ad-hoc assistance and advisory required for successful integration and setup.
Service documentation: Yes
Documentation formats: HTML
End-of-contract data extraction: Customers can export metrics of the waiting rooms they used, as well as the latest versions of their setup configuration. This is managed via the admin platform (GO Platform) and data will be available from the start of the engagement with Queue-it.
End-of-contract process: Customers should remove Queue-it integration from their website or mobile application and end all the active waiting rooms before the contract expiration date. When the contract ends, their account will be deactivated or switched to a limited-access mode.

Using the service

Web browser interface: Yes
Supported browsers: Internet Explorer 11

Microsoft Edge

Firefox

Chrome

Safari

Opera
Application to install: No
Designed for use on mobile devices: Yes
Differences between the mobile and desktop service: Our virtual waiting room is designed to work on desktop, mobile, and mobile applications with no significant difference. Our control panel can be accessed via mobile but is not optimised.
Service interface: Yes
User support accessibility: WCAG 2.1 A
Description of service interface: Customers can interact with Queue-it using the self-service platform called "Go". The platform allows them to set up and monitor their waiting rooms and provides access to their historical data. It has three levels of user access: admin, user and read-only. The changelog allows customers to see the log of their users' activity.
We also have an API available to manage the customers account.
Accessibility standards: WCAG 2.1 AAA
Accessibility testing: To deliver accessible products we pay attention to Accessibility throughout our release cycle. We train everyone involved in delivering our products around assistive technology and Accessibility best practices. This includes, UX designers, engineers, and product managers. We test our products before release using both manual and automated techniques. Conducting regular research with agents, admins and end users who rely on assistive technology to collect feedback and help us prioritize improvements. Systematically tracking both remediation and new feature progress to drive quality improvements. Finally, we listen to feedback from customers.
API: Yes
What users can and can't do using the API: Queue-it offers a REST-based API for programmatic access to configure and control the waiting room. The API must be accessed through the customer specific endpoint: https://{CustomerID}.api2.queue-it.net/. HTTPS is required and the CustomerID must be part of the request to ensure that the account is accessed at the correct segment with the required data.
The API endpoint is not scaled to end-user volumes. If data from the API is supposed to be used for end-user functionalities, then access should be created via a server-side service with a cache (e.g. with 15 second flush time). If traffic is excessive, it may be blocked automatically.
API documentation: Yes
API documentation formats: Open API (also known as Swagger)
API sandbox or test environment: No
Customisation available: Yes
Description of customisation: Our service is fully customisable to fit the needs of our clients. The placement of the queue page can be customised, so it is only protecting a specific part of your infrastructure where bottlenecks occur. The design and features of our queue page can be customised based on the needs of the client: to show the expected wait time, number of citizens in line in front of you, send email alert, invite-only queue and more. Our experienced team is ready to support you to meet your needs and requirements.

Scaling

Independence of resources: We have built the system for fault tolerance and malfunctioning servers are automatically pulled off load balancers and many functions have backup functions. In addition, our customers are hosted in logical segments and hosted on unique hostnames. We can move single customers from one segment to another. For example we move your account to a separate segment, if you give us a heads-up on a huge onsale.

Analytics

Service usage metrics: Yes
Metrics types: We provide the metrics about the traffic passing through customers' waiting rooms (e.g. Inflow, Number of visitors currently waiting, Expected wait time, etc.) that allows our customers to assess their usage of our service. In addition to this, we have diagnostics metrics that help customers detect issues in the service setup or website performance.
Reporting types: API access

Real-time dashboards

Resellers

Supplier type: Not a reseller

Staff security

Staff security clearance: Other security clearance
Government security clearance: None

Asset protection

Knowledge of data storage and processing locations: Yes
Data storage and processing locations: European Economic Area (EEA)

Other locations
User control over data storage and processing locations: Yes
Datacentre security standards: Managed by a third party
Penetration testing frequency: At least every 6 months
Penetration testing approach: Another external penetration testing organisation
Protecting data at rest: Physical access control, complying with CSA CCM v3.0

Physical access control, complying with SSAE-16 / ISAE 3402

Physical access control, complying with another standard

Encryption of all physical media

Scale, obfuscating techniques, or data storage sharding
Data sanitisation process: Yes
Data sanitisation type: Deleted data can’t be directly accessed
Equipment disposal approach: In-house destruction process

Data importing and exporting

Data export approach: Users can export their data from the Queue-it self-service platform where there is a statistics section where users can analyze past performance of waiting rooms and export data from their account.
Data export formats: CSV

Other
Other data export formats: .xls

.png

.jpeg

.svg

.json
Data import formats: Other
Other data import formats: .json

Data-in-transit protection

Data protection between buyer and supplier networks: TLS (version 1.2 or above)
Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability: Queue-it has a bespoke optional Enterprise SLA agreement with availability, uptime and response guaranties. The SLA will refund on monthly fees upon agreement.
Approach to resilience: Queue-it SaaS has been designed from the offset with a fault tolerant high availability architecture. We have tracked uptime since Q4 2012 using Pingdom and can provide documentation and historic reports upon request.
Outage reporting: Outages will be reported on our public status page here: http://status.queue-it.com/
As well as in the notifications in the GO platform.

Identity and authentication

User authentication needed: Yes
User authentication: 2-factor authentication

Username or password

Other
Other user authentication: Each user signs in using an ID / password. User can be set up with enforced MFA via authenticator app. / text.
Access restrictions in management interfaces and support channels: Each user can be set up as admin, user, or read-only. The right are handled in the system.
Access restriction testing frequency: At least every 6 months
Management access authentication: 2-factor authentication

Identity federation with existing provider (for example Google Apps)

Audit information for users

Access to user activity audit information: Users have access to real-time audit information
How long user audit data is stored for: At least 12 months
Access to supplier activity audit information: Users have access to real-time audit information
How long supplier audit data is stored for: At least 12 months
How long system logs are stored for: At least 12 months

Standards and certifications

ISO/IEC 27001 certification: No
ISO 28000:2007 certification: No
CSA STAR certification: No
PCI certification: No
Cyber essentials: No
Cyber essentials plus: No
Other security certifications: No

Security governance

Named board-level person responsible for service security: Yes
Security governance certified: No
Security governance approach: Queue-it delivers a scalable cloud computing SaaS (Software as a Service) queuing platform with high availability and dependability. Helping to protect the confidentiality, integrity, and availability of our customers’ systems and data is of the utmost importance to Queue-it, as is maintaining customer trust and confidence.
Queue-it security governance is inspired by ISO 27001, but are not accredited.
Information security policies and processes: Queue-it has a strict set of security policies in its employee handbook. Each employee will be taken into the policies upon onboarding. Half yearly awareness training will be conducted and critical topics will be presented on monthly allhand meetings.

Operational security

Configuration and change management standard: Supplier-defined controls
Configuration and change management approach: Different services are deployed to production on a daily basis, using automated Canary deployments. To minimize the risk, the deployment is done in a stepwise process.
We have a test/ production environment, and the whole process starts with a code review and approval process.
Then, it’s deployed to EU Partition A, but only for availability zone A. When it’s observed that no alarms are triggered and no issues are seen, then it’s deployed to EU Partition A availability zone B. If all is still good, then it’s deployed as to additional segments.
We also have thorough functional tests.
Vulnerability management type: Supplier-defined controls
Vulnerability management approach: Queue-it has weekly reoccurring tests to identify vulnerability in our external systems. The patches are deployed into production after careful testing. The patches are released based on a pre-defined SLAs.
Protective monitoring type: Supplier-defined controls
Protective monitoring approach: Queue-it has multiple monitoring solutions deployed into our production environment. These notifications are sent to mail, Team or OpsGenie. Our main threat detection is GuardDuty in AWS. We have a 24/7 duty team to react on alerts
Incident management type: Supplier-defined controls
Incident management approach: Queue-it defines an incident as an event that causes disruption to or a reduction in the quality of a service which requires an immediate emergency response. An incident can e.g., be caused by a bug in our own software, an infrastructure issue, a hacker attacks, etc. Queue-it has pre-defined processes for common events. In additional, users can report incidents via Queue-it Zendesk system and Queue-it provides incident reports in accordance with its "Queue-it Incident Response Plan"

Secure development

Approach to secure software development best practice: Supplier-defined process

Public sector networks

Connection to public sector networks: No

Social Value

Equal opportunity

Queue-it’s core focus is fairness, and we bring that into all aspects of our organisation. As part of this commitment, we have an extensive ESG plan (2022-2027), and as a part of that plan we have launched a global ESG group. This group will spearhead various initiatives across Queue-it, including the relaunch of our DE&I group in Copenhagen. We have already established a DE&I board in the U.S. Our ESG initiatives are designed to enhance Queue-it's commitment to fairness, reflecting our dedication to incorporating these principles throughout our organization.

Our values around fairness are also present in how we discuss, build, and use our product. As we transform into a digital society, more and more of our offline world moves online, including critical government applications and registrations. We need websites and apps to work as they should. And we need everyone to have fair access to the products or services they need.

Queue-it is helping the world’s leading organisations keep their websites and apps running in a fair and transparent way. Virtual waiting rooms take advantages away from bots and malicious users who are out to game the system. They level the playing field and give real people a more equal chance regardless of their technical capabilities, internet connection, or location.

Pricing

Price: £16,368 a licence a year
Discount for educational organisations: No
Free trial available: Yes
Description of free trial: Queue-it offers a free trial version of our software for integration and internal testing.
Link to free trial: https://queue-it.com/free-trial/

Features

Benefits

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Pricing

Service documents

Cookies on Digital Marketplace

Queue-it: Virtual Waiting Room

Features

Benefits

Pricing

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Social Value

Pricing

Service documents