...
The solutions and products provided by ROOMZ are installed by local or multinational companies working in any type of sectors, from education to health, finance, watch maker or NGOs. By such a fact, architecture, hardware and software have to be thought in order to follow the highest security standards. This starts with a good decoupled architecture.
Architecture
todo: schema
Infrastructure
ROOMZ Ecosystem is hosted on Microsoft Azure.
The main system is running on Microsoft Azure West Europe (Netherlands) and there is a geo-replication on Microsoft Azure North Europe (Ireland).
Architecture
The architecture is composed of 3 parts:
Booking System
ROOMZ Portal
ROOMZ DevicesDevice
Booking System
The booking system is owned by the client and is where the information about the reservation of the resourced are stored. Depending on the booking system manufacturer, resources such as meeting room, desk or equipments equipment in general are managed in a different way than users. They have their own lifecycle and data. As ROOMZ is only interested by the agenda of the resources, the access to any other type of information can be blocked by the customer's IT. In the Booking System Configuration you will find what is the minimal configuration ROOMZ requires in order to have access to those agendas.
...
From (date and time)
To (date and time)
Organizer
Subject
Creation Date
Private flag
Attachment(Optional ; only used for showing images for Exchange / Exchange online and ROOMZ Connector)
From and To are the minimal information required in order to have the knowledge about the reservation status of a resource. It is possible then to specify if the Organizer and/or the Subject must be read in order to be present on the ROOMZ Display. The Creation Date is used for Analytics purpose. When available, the Private flag is used in order to hide the Subject of the meeting when it has been considered as confidential. Also optional, the Attachment can be read when custom image have to be sent to the ROOMZ Display.
...
Those information are read by the ROOMZ Portal in order to render a picture. When a new picture is generated, it overwrites the previous one. Depending on the template chosen (daily vs. weekly template) and the utilization of myROOMZ, the information about one meeting such as the Organizer or the Subject have a maximal lifetime of one week month on the ROOMZ Portal.
For the long-therm term analytics, only the From, To and Creation Date are keep on the ROOMZ Portal.
If the organization is using myROOMZ, the information's lifetime is handled differently.
Communication protocol / data format
The communication protocol (e.g. REST, SOAP, ..), encryption (HTTPS, TLS, ...) and the data format (e.g. JSON, XML, ...) are defined by the booking system.
Certificates
ROOMZ only supports the Certificates Authorities (CAs) used by Microsoft Azure.
ROOMZ Portal
The Portal (https://portal.roomz.io is where all the intelligence is located. This is where organization administrator will configure, maintain and analyze workspaces.
...
Infrastructure maintenance and security updates are managed by Microsoft
Application maintenance, scalability and updates are managed by ROOMZ
Devices updates are managed by ROOMZ
All Microsoft related certifications (ISO, SOC, GDPR) can be found at the following address: Service Trust Portal Home Page (microsoft.com)
Infrastructure On-Premise
...
user information
first name
last name
email
token (external OAuth provider) or password hash
user preferences
organization information
name of the organization
name of the buildings including address
name of the floors
name of the workspaces
booking system credentials
booking system resource identifier
live booking system resource information (for generating picture for the ROOMZ Display). This includes for all displayed meeting the following information
start date
end date
subject (optional)
organizer (optional)
creation date
private flag
attachment
live presence coming from the ROOMZ Sensors
for analytics purpose, the following information are saved for long-term for a workspace
meeting information (start date, end date, creation date)
presence/non-presence
desk reservation (in case of myROOMZ hosted)
subscriptions
Process
Once an account has been created on the ROOMZ Portal, the user will create Workspaces (e.g room or desk) located in a Floor located in a Building. For each Workspace it is possible to activate/deactivate Features. Some features require to associate the workspace to the agenda of a booking system resource and/or to associate ROOMZ Devices. Once the workspace is configured, following scenarios:
...
The ROOMZ Sensor has the same properties as the ROOMZ Display but it is not possible to interact with it. Also, the following measurements are read:
Temperature
Humidity
Noise (this is just a number representing the noise level. It is not possible to record any voice)
VOC
Network configuration
The network configuration of the ROOMZ Devices must be configured in order communicate with the ROOMZ Server. We are providing 3 ways of editing the network configuration:
...
In this context, ROOMZ provides for the bookable desk an option to store the booking information internally (ROOMZ Hosted). This allows the customer to avoid to create a booking system resource for each desk in the booking system.
Information's lifetime
When using ROOMZ Hosted, he data is retained up to 2 years in case of analytics re-computing. After this period, the data is completely removed. It is also possible with the application to book a workspace in the future. In order to be efficient and to have a good user experience, ROOMZ contains the upcoming bookings of each workspace. The upcoming booking timeframe depends on the customer’s configuration on the ROOMZ PortalMyROOMZ saves upcoming reservations in the cache. Depending on the settings (privacy), the data is anonymised at midnight or after 3 months. After that, the anonymised data is stored in the system for up to two years.
Basic and Advanced ROOMZ Analytics only work with anonymised data that is not older than 2 years.
By default, the data is anonymised at midnight, if the customer wishes to keep the non-anonymised data for 3 months (reasons for this can be billing, COVID and others), this can be adjusted in the settings.
Customer exiting
Data lifetime
...
Even with a good architecture and best practices applied, . This is why penetration tests are regularly executed by external companies specialized into security.
...