Civica UK Limited

Civica Workspace Booking

Civica Workspace Booking is a desk booking solution that simplifies the management of shared workspace to support a safe return to the office or adoption of blended working practices.


  • Cloud hosted with secure single sign-on integration with AzureAD
  • Desk booking for any number of countries and facilities
  • Modern responsive web application, works on desktop and mobile devices
  • Visibility of who else has booked a desk
  • Book quickly for yourself and/or others
  • Single or recurring bookings
  • Upload maps to see the position of desks
  • Filter desks by features such as wheelchair accessibility, raised desk
  • Manual or automatic desk selection
  • Comprehensive reporting


  • Demonstrate compliance with organisation’s workspace usage policy
  • Controlled provisioning of access to shared workspaces
  • Reduced administration burden around desk allocation
  • Ability to identify potential exposure to Covid-19 risks
  • Improved understanding of workspace occupancy
  • Support employees who wish to return to the office
  • Secure, cloud hosted, zero footprint to manage
  • Centralise management of multiple office and locations
  • Help attract and retain a modern workforce


£35,000 a licence a year

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 13

Service ID

6 4 2 4 9 5 9 8 0 9 1 6 9 8 8


Civica UK Limited Civica UK Limited
Telephone: +44 (0) 3333 214 914

Service scope

Software add-on or extension
Cloud deployment model
Public cloud
Service constraints
System requirements
Microsoft Azure license

User support

Email or online ticketing support
Email or online ticketing
Support response times
Civica offers three service levels: Core, Extended and Bespoke each with variable service hours ranging from 09:00 to 17:00 Monday to Friday excluding English public holidays to full 24x7x365. Our Core service response and resolution times depend on the severity of the incident and are as follows:
a) Priority Level 1 (Critical): 1-hour to respond, 1 day to resolve
b) Priority Level 2 (Major): 2-hours to respond, 2 days to resolve
c) Priority Level 3 (Intermediate): 2-hours to respond, 8 days to resolve
d) Priority Level 4 (Minor): 2-hours to respond, 20 days to resolve
User can manage status and priority of support tickets
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Yes, at extra cost
Support levels
1) Core: 09:00 to 17:00 Mon-Fri excluding English Public holidays; suitable for most business-critical applications.
2) Extended: 08:00 to 18:00 Mon-Fri excluding English Public holidays.
3) 24x7: full 24x7x365 support.
4) Bespoke: customised set of service hours that meets unique business requirements.

Different business needs require flexibility in response and resolution times:
1) Core: resolution times are P1: 1 day, P2: 2 days, P3: 8 days and P4: 20 days.
2) Enhanced: resolution times are P1: 4 hours, P2: 8 hours, P3: 4 days and P4: 10 days.
3) Bespoke: a customised set of response and resolution times that meets your unique business requirements.

Severity Levels for Incidents are defined as follows:
a) Priority Level 1 (Critical) - reported problem causes a halt to the client’s core business processes and no work-around is available.
b) Priority Level 2 (Major) - reported problem causes degradation of the client’s core business processes and no reasonable work-around exists.
c) Priority Level 3 (Intermediate) - reported problem impacts the client’s operational environment; it does not affect core business processes; a work-around is available.
d) Priority Level 4 (Minor) - a non-critical problem causing some disruption with little or no impact on client operation.
Support available to third parties

Onboarding and offboarding

Getting started
See Service Definition Document.
Service documentation
Documentation formats
End-of-contract data extraction
Historical booking information can be extracted using the reporting capabilities. Civica will delete all information at contract end.
End-of-contract process
Integration with client AzureAD will be removed and client data will be deleted from the database.

Using the service

Web browser interface
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
Service interface
User support accessibility
WCAG 2.1 AA or EN 301 549
Customisation available


Independence of resources
This is managed by MS Azure tools.


Service usage metrics
Metrics types
In built reports on desk bookings.
Reporting types
Real-time dashboards


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
Protecting data at rest
Physical access control, complying with another standard
Data sanitisation process
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
This is achieved via the reporting tools provided.
Data export formats
Data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Please see MS Azure Public Cloud SLA.
Approach to resilience
Please see standard MS Azure Public Cloud details.
Outage reporting

Identity and authentication

User authentication needed
User authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
Only authorised support staff will have access to the system. Civica support staff do not access customer data as a matter of course. Only in rare cases of support or maintenance, after explicit permission granted by the customer, will support staff log in to customers applications or look at customer data. All case access (even when read only) through the application is audited. All direct database access by support staff must be authorised by a support manager. Access privileges are revoked when such access is no longer relevant.
Access restriction testing frequency
At least once a year
Management access authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Access to user activity audit information
No audit information available
Access to supplier activity audit information
No audit information available
How long system logs are stored for
Less than 1 month

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
Alcumus ISOQAR
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Cyber essentials
Cyber essentials plus
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes
Civica has a fully audited and tested Information Security Management System which underpins our ISO27001:2013 certificate. The policies and procedures have been independently audited and practices are audited by external auditors. New staff are inducted into the ISMS when they start; other staff are regularly reminded about their responsibilities and managers are required to ensure that their staff adhere to the policies. Staff are advised when policies are updated. The senior management of the company owns the ISMS and the Information Security Management Representative delivers day-to-day management of the system. All staff are reminded that they are individually responsible for security. The data security theme is delivered through staff / team meetings, training sessions, shared documents and via email. Continuous improvement in the delivery of security is encouraged. Risk assessments are regularly carried out and the competency of the delivery of the ISMS is measured though internal auditing and management review.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
All significant, non-routine changes to Organisational information processing facilities (hardware and software) are subject to change control. A procedure (from our ISMS) ensures that segregation of duties in in place for the requesting, authorizing and implementation of a change. All changes should be applied first to a test platform, and a "recover position" is defined for each change. Changes are tracked and documented within the company. At all times the security of our infrastructure and customer data are at the forefront of any consideration of a change request and our Information Security Manager is responsible for the process.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
We have a qualitative approach to risk management. This covers (a) the categorisation of assets across six major headings including information assets (and these include client data), software assets (these include application software) and physical assets (these include networks); (b) the identification of assets within each category at a level appropriate to risk assessment; and (c) the assessment of possible threats to and vulnerabilities of each asset and its likelihood and impact on the business either directly or indirectly. The risk assessment is carried out at least annually and is reviewed when changes are processed through the Change Control process.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Daily checklists are in place to monitor malicious activities like failed login attempts, attempts to access the system from an unknown IP etc. We also have automatic monitoring tools in place to warn of issues.
The Information Security Manager gets advice from qualified technical staff and the Top Management, as necessary, to analyse and understand any incidents and to identify appropriate actions to contain it and to implement contingency plans. A request will then be made to take appropriate actions to recover from the incident, and to implement contingency plans.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
There is a specific procedure for responding to security event in our ISMS. We are committed to sharing information about any such breaches; most of our customers specify their requirements for notification times to be detailed in contractual arrangements. Our starting point is to alert the customer as soon as is possible after such a breach has been confirmed.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks

Social Value

Fighting climate change

Fighting climate change

Civica’s Environment and Social Governance team provides clear focus for the ongoing development and implementation of our environmental policy, which is supported by our ISO 14001 environmental standard. We are committed to working with our staff, customers, suppliers and partners to recognise and reduce the impact we all have on the environment. This goes hand-in-hand with optimising our services to support environmental and community initiatives.

Through the delivery our services, we support fighting climate change by:
- Helping employees improve their own environmental footprint at work. Initiatives include: environmental policy training; Single use plastic reduction; electric vehicle salary sacrifice; cycle to work scheme; solar panel and LED lighting installation; tree planting scheme, offsetting carbon emissions. We also encourage and advise employees on positive activity at home and in their personal lives.
- Working with suppliers to deliver environmentally sound processes and incorporate sustainable criteria into product/service specifications.
- Operating socially responsible purchasing, considering sustainable procurement, environmental and social effects and reduced consumption.
- Selecting suppliers, goods and services that demonstrate environmentally sustainable, socially responsible and ethically sound standards.
- Leading by example/raising awareness with customers via activities such as: reducing our single use plastic consumption by 70% within the next 5 years; prioritising use of green energy in our facilities; promoting recycling through our ‘Zero to Landfill’ and ‘Zero Print’ schemes; working towards carbon neutrality with workforces and facilities to reduce carbon consumption over the next 10-years.
- Working with customers to develop innovative software-based services that reduce property/power requirements.
- Meeting/exceeding environmental legislation through ISO audits.

We have a Carbon Reduction Plan in place and a commitment to achieve Net Zero by 2040 at the latest. We are reviewing our energy mix and the materials we use, and working with partners to plant a Civica Forest.
Covid-19 recovery

Covid-19 recovery

In the spring of 2020, Civica were an early signatory to the C-19 Business Pledge. We focused on safeguarding our people and communities and ensuring the successful ongoing provision of our business-critical software and services.

Supporting customers: Alongside business as usual for our customers, we have worked hard to support the national and local level response through practical, innovative and updated software capability. We have delivered a range of new capabilities quickly, such as those listed below, and continue to provide system advice, configuration and data insights to ensure effective action.
- COVID-19 App (the first of its kind in the UK and Ireland) was developed and launched with the Northern Ireland Department of Health, and helped reduce the pressure on the 111 helpline.
- Developed local track and trace solution for London Borough of Redbridge, enabling it to support localised contact tracing/escalations.
- Community Helper software - built on the iCasework platform to help local authorities co-ordinate rapid support for vulnerable people while minimising safeguarding risks.
- Our Trac e-recruitment software was used to help NHS recruiters get the right candidates into posts quickly and fast-track DBS checks.
- Supporting social housing tenants - assisted teams to re-focus resources and provide vital support to tenants.
- Supporting Revenues and Benefits teams - software solutions for the two largest UK government measures, Business Rates Grant fund and the Council Tax Hardship fund.

Supporting employees: We proactively provide guidance and support for our people, from keeping remote workers engaged, to our mental health champions and free-to-access Employee Assistance programme. We have adopted a blended working model enabling colleagues to work safely and flexibly at various locations and hub offices, enhanced how we communicate, and continue to look for new ways to share ideas and inspiration.
Tackling economic inequality

Tackling economic inequality

Create opportunities for entrepreneurship and help organisations to grow:
Civica is committed to working with its customers to deliver value into the community by supporting young people, developing skills and mentoring businesses to attract inward investment and growth that brings with it employment and skills.

We support innovation through our NorthStar innovation lab, a company-wide initiative focused on enhanced client outcomes by applying fresh ideas on data, automation and new technologies. We work with our customers to co-create public services that are fit for today and for the future. Our Civica NorthStar innovation lab creates physical and virtual opportunities for us to jointly explore trends and technologies.

Create employment and training opportunities:
Civica is a member of the 5% Club, and aims to have 5% of its UK work force as either apprentices, graduates or work experience students by the end of 2025. We employ apprentices and graduates into a number of different disciplines and locations, with a focus on ensuring they are long term employees of Civica.

Support educational attainment:
Learning and development is at the core of the Civica Quality Management Framework. We believe in investing in our people and are proud of our Investors in People Gold accreditation and in being a top rated Glassdoor Employer.

We run our own Civica Academy for employee development and skills enhancement, which delivered over 220,000 hours of training during 2021. We provide our own apprenticeship programme (team leader level 3) for our aspiring and current managers that are considered stars of the future.

We are working on building some new apprenticeship standards such as the UX degree apprenticeship. This will benefit not only Civica’s Digital Team but all companies and customers that need UX talent.
Equal opportunity

Equal opportunity

Civica is a 2022 Financial Times Diversity Leader and is ‘Gold’ Investors in People accredited, demonstrating our commitment to promoting equal opportunity by tackling inequality in employment, skills and pay in our workforce. We proactively implement equal opportunities for employment and personal development among diverse groups and local areas, and ensure rights for all staff are always protected. This is led by our Group Diversity and Inclusion (D&I) team, championed by our CEO who is also our Chief Diversity Sponsor. The strategy and policy manages:
- Interview training, focusing on unconscious bias/equal opportunity.
- Anonymising CVs and ensuring interview panels represent minority groups.
- Using a decoder to ensure job advertisements use gender and culturally neutral language.
- Attracting/recruiting from minority backgrounds/disadvantaged groups across the organisation, especially into under-represented areas.
- Advertising vacancies in a wide variety of places and diversity/disability portals (including; BME jobs, Disability jobs and LGBT job sites), to increase gender diversity and ethnicity.
- Company-wide Diversity & Inclusion network, including affinity groups relating to under-represented groups.
- Mandatory Diversity & Inclusion training for all staff.
- Pay equity reviews addressing inequality and UK gender pay gap.
- Flexible Working to encourage higher uptake for women, working parents and disabled groups.
- Partner with a social innovator company to help recruit and support employees with Autism Spectrum Disorder.

We gather and analyse data on our performance from regular surveys such as ENPS, IIP, Pulse survey, employee engagement surveys.

Our D&I team monitor the take-up, use and effectiveness of our measures, such as the number of new recruits from minority backgrounds, women, parents and diverse groups, and provide statistics for our Annual Review on performance against targets. For example, we report on the number of people attending training sessions and the split of male to female attendees.


Civica actively promote a mentally healthy workplace and workforce through our 40+ Mental Health Champions (MHC) and our ‘Health and Wellbeing’ policy, encouraging a flexible and realistic work/life balance. We integrate mental health and general wellbeing in all that we do from recruitment and ‘First Impressions’ to appraisals and strategic management.

Our ‘Health and Wellbeing’ policy and programme for all employees provide a foundation to support both the mental and physical health of our staff. Examples include:
- Employee Assistance Programme and online Wellbeing Hub, which provides 24/7 access to websites, e-mail, phone and face-to-face counselling on all personal issues.
- Aviva DigiCare+ Workplace App providing external mental health consultancy.
- Mental Health Champions who support colleagues’ wellbeing in the workplace.
- RedArc Personal nurse service.
- Management Coaching - managers are trained in GROW (Goals, Reality, Options and Will) and in being Health and Wellbeing Advisors, supporting employees with mental/physical health needs.
- Health assessments/advice aimed at improving physical health.
- Cycle to Work scheme to aid physical and mental health.
- Weekly fruit drop for offices, encouraging a healthier diet.
- We provide free eye tests for all VDU users, encourage staff to take advantage of NHS flu vaccinations services, and support people wishing to use the NHS Stop Smoking Service.

We also support our customers’ and communities’ physical and mental wellbeing through: Employee ‘Donate-a-Day’ to local charities; Local events organised through “Charity Champions”; Directors providing guidance to local community health and wellbeing projects; Supporting social housing tenants to re-focus resources and provide vital support to tenants.

Suppliers/subcontractors are subject to Civica’s Sub-contractor Selection Process as defined in our ISO9001 Quality Management System, which includes criteria for assessing health and wellbeing policies and their promotion.


£35,000 a licence a year
Discount for educational organisations
Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.