BookingsPlus, booking software for Local Government
A lettings website that manages the end-to-end customer booking process for community lettings. Booking software that eliminates manual processes by automating venue booking journeys and administration for local authorities. Digital transformation of community lettings. Helps Councils and Local Government to save time and money, and generate community use and income.
Features
- Online platform managing facility bookings, community bookings and venue hire
- Advertise spaces to communities using photographs, text and virtual tours
- Customisable rules including dynamic pricing, booking workflows and user journeys
- Availability calendars that visualise bookings for single and repeat bookings
- Payment provider integration, accounting system integration and deposit management
- Workflow automation, administration automation
- Detailed analytics, dashboard reporting for business insight and management information
- Dedicated onboarding, complete system setup, ongoing support and training service
- Hirer compliance feature capturing compliance documentation, organise scheduled compliance reviews
- Centralised enterprise facility booking platform offering standardised booking journeys
Benefits
- Improve awareness with venue information, venue availability and venue content
- Market venues and bookable spaces to increase bookings and income
- Customise your interface using customer branding and client-tailored information
- Centralise venue booking across Services to improve customer experience
- Booking data synchronisation, native system integration for seamless data transfer
- Third party venue promotion, venue lettings to increase revenue
- Data visualisation and KPI tracking providing Management Information
- Fully managed implementation, change management, dedicated support and future development
- Efficient compliance information management including prompted renewals and inbuilt prioritisation
- Organisation-wide booking service for all categories of spaces
Pricing
£400 a unit
- Education pricing available
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
7 6 7 6 5 2 9 7 7 9 6 7 5 9 1
Contact
KAJIMA PARTNERSHIPS LIMITED
Chris Smith
Telephone: 01604 677764
Email: G-cloud@kajima.co.uk
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Public cloud
- Service constraints
- No - all upgrades and maintenance are carried out of business hours with minimum disruption to end users.
- System requirements
-
- Access to the internet
- Any major up to date web browser installed
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- Our average response time in January 2024 is 25 minutes. We guarantee a response within one working day, however in reality our team of experts are able to vastly exceed that target.
- User can manage status and priority of support tickets
- No
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- No
- Onsite support
- No
- Support levels
-
Kajima offers 9-5.30pm support on weekdays from a dedicated team. You will also have access to an Account Manager who deals with strategic matters and account-level relationships. Training is incorporated into your support package, and you will have access to a wide-range of online training resources (written and videos), as well as humans that are available to help.
The support service is "second line" support only (i.e. for administration users, whereas "first line" would be for your customers). Customers are entitled to unlimited support. - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
-
We provide comprehensive online training for users. In certain cases we can deliver onsite training if preferred. We provide a comprehensive training resource toolkit, including training videos, written training guides, and an online "knowledge bank" platform.
Our customer services team are available within business hours to support customers with their usage, including addressing immediate training needs. - Service documentation
- Yes
- Documentation formats
-
- HTML
- End-of-contract data extraction
- We will work with customers to extract their data when the contract ends. Customers can do this themselves if preferred, however we will allocate the time and resource necessary to export the data into a useable format. We will store data typically for a couple of weeks after contract termination before deleting permanently, unless instructed otherwise by clients.
- End-of-contract process
-
When a client gives their 30 day notice period, we agree an end of service date when the service will be turned off. Within the notice period, we instruct customers on how to export all of their data from the platform. We will archive data as per customer's requirement. We can export customer content in a database format.
All of the above is within the contract price. Any additional data extractions or requirements above and beyond what is reasonable will require additional charge.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Opera
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- There are no functional differences. Sizing changes for components in the back-end of the system. For hirers, the website renders as any mobile-optimised website would. Mobile devices may not have software installed to handle exported reports e.g. Excel.
- Service interface
- Yes
- User support accessibility
- WCAG 2.1 AA or EN 301 549
- Description of service interface
-
For hirers, the front-end service interface is a website that contains venue information and booking functionality. They also have access to a "user area" which contains their historic activities, bookings, payments etc.
For administrators, the back-end service is a restricted portal that they use to manage the website, including venue information, availability, approval/rejection/amendment of bookings, reporting and more. It is web-based and accessed by login (or single sign on). - Accessibility standards
- WCAG 2.1 AA or EN 301 549
- Accessibility testing
- -
- API
- Yes
- What users can and can't do using the API
- The APIs published are compliant with the Open Data Standard and provide information about the venues and spaces setup on the system. The APIs also support bookings process however the API integration for bookings needs engagement with the consumer as they are not publicly accessible.
- API documentation
- Yes
- API documentation formats
- Open API (also known as Swagger)
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
-
Much of the functionality on the customer site is customisable - for example certain features within the booking process can be turned on or off. The customer journeys have some customisation and can be optimised to fit your desired processes. For example, certain types of customers could be served different pricing levels.
All onsite content is customisable and administrators have complete control over this, for example, imagery. written descriptions, feature lists.
Customisation is discussed during the onboarding process and built into your platform. Customisation to the platform tends to be delivered by our support team under customer instruction.
Scaling
- Independence of resources
- Our AWS infrastructure is set up to have spare capacity to meet with increased demand from all users. We conduct regular reviews of the load placed on our system and adjust capacity as needed. Dashboard reporting provides real-time analytics so reviews happen multiple times per week.
Analytics
- Service usage metrics
- Yes
- Metrics types
- We measure bookings, enquiries, payments, space utilisation. Once a website goes live we assign Google Analytics to the website which provides a wide range of website analytical data e.g. site visits, page visits, time on page etc. Audits track total logins and last logins.
- Reporting types
-
- Real-time dashboards
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Staff screening not performed
- Government security clearance
- Up to Developed Vetting (DV)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- No
- Datacentre security standards
- Managed by a third party
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
- Protecting data at rest
- Encryption of all physical media
- Data sanitisation process
- Yes
- Data sanitisation type
- Deleted data can’t be directly accessed
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
- Data can be exported from the admin section. Each report can be exported, including lists of data. Alternately we can export data on your behalf and securely transfer to you.
- Data export formats
- CSV
- Data import formats
- CSV
Data-in-transit protection
- Data protection between buyer and supplier networks
- TLS (version 1.2 or above)
- Data protection within supplier network
- TLS (version 1.2 or above)
Availability and resilience
- Guaranteed availability
- We guarantee 99.8% availability and offer scaled refunds based on the percentage of monthly fee relative should this target be missed. They are banded and between 2% to 25% are offered. For substantial missing of targets, customers can invoke contract cancellation period. The full SLA can be found in our service documentation.
- Approach to resilience
- The AWS infrastructure is spread across multiple availability zones. The London region has 3 availability zones and we make use of all of these to provide redundancy. The EC2 nodes that provide the compute capacity for the Kubenetes cluster are part of an auto-scaling group. If an instance fails, a new instance is started and added to the cluster to maintain capacity. In addition to this, Kubenetes would see the node had failed and reassign containers scheduled on the failed node to the remaining nodes in the cluster. If there is a fault in a single availability zone the application will continue to function as the instances in the other availability zones will still be available, and the auto-scaling group will bring up new capacity in the unaffected zones. For AWS provided services such as RDS, Elasticsearch, Redis and RabbitMQ these are clustered and we maintain a hot standby in a separate availability zone. In the event that the master becomes unavailable (due to fault or issues with the availability zone) then the hot standby will be promoted to the master. More information is available in our Service Definition Document.
- Outage reporting
- Email alerts are sent to our support teams to report outages. There are dashboards available to our technical teams that report on status. Customers are informed as necessary.
Identity and authentication
- User authentication needed
- Yes
- User authentication
- Username or password
- Access restrictions in management interfaces and support channels
-
On the customer side, only administrators are permitted to access management interfaces. End-users (e.g. hirers) have a different user type and cannot access them.
Customers can choose to configure Single Sign On with Azure or Google, which connects to their corporate accounts for authentication. - Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- Identity federation with existing provider (for example Google Apps)
- Username or password
Audit information for users
- Access to user activity audit information
- Users contact the support team to get audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- User-defined
- How long system logs are stored for
- User-defined
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- PQAL - www.pqal.co.uk
- ISO/IEC 27001 accreditation date
- 20/04/2022
- What the ISO/IEC 27001 doesn’t cover
- N/A
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- Yes
- Who accredited the PCI DSS certification
- SecurityMetrics
- PCI DSS accreditation date
- 26/07/2023
- What the PCI DSS doesn’t cover
- -
- Cyber essentials
- Yes
- Cyber essentials plus
- Yes
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
-
Kajima has a group-wide internal information security policy which is concerned with ensuring data is protected. The policy is shared with all staff and regular refresher training ensures all staff are compliant. The fundamental approaches are:
1) Organisation - To establish the system for information security by drawing up a set of security policies.
2) Human resources - To observe basic measures thoroughly by implementing a set of security policies (the Code of Conduct for Information Security Measures) and security training.
3) Technology - To protect important data using user account control and encryption. The introduction of tools.
4) Physical measures - to establish physical security measures (e.g. room access control and wire locks).
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
-
Any changes to the live services have to go through an internal development, testing and QA process.
During the development process there is peer review and security checks are carried out to ensure that the component deployed to the live service do not create any security risks. - Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
- AWS provide security updates for any patch updates. Github alerts alert us to any patches that are required to be updated. Automated tools carry out security scanning on the underlying code. An annual penetration test process is carried out. Speed of patch deployment depends on the severity of the identified threat. High risk items are delivered in 2 weeks. Medium risk are within 6 weeks. Low risk are within 6 months.
- Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
- The development team has automated tools such as Sonarqube which scans the application code regularly and reports on any vulnerabilities found in the code. The development team reviews these reports and works on addressing them as part of the development process. In addition there is an annual penetration test carried out by an independent CREST-accredited company. This tests aspects of the application for various user journeys with varying levels of access ensuring vulnerabilities covered by the OWASP standard such as CSS, code injection and others can be detected and reported.
- Incident management type
- Supplier-defined controls
- Incident management approach
- We have a pre-defined process - customers report an incident to our Client Services team who log a ticket. The ticket is assigned to an agent who investigates. Where technical input is required, it is escalated to the technical support team. Depending on the severity of the incident, the appropriate action is taken. Incident reports are provided by the Client Services team, and shared with the customer and development stakeholders.
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Public sector networks
- Connection to public sector networks
- No
Social Value
- Social Value
-
Social Value
WellbeingWellbeing
Increased utilisation of community spaces almost entirely positively impacts on health & wellbeing. Increased utilisation of spaces means an increase in the following types of activities, and their associated impacts.
SPORT & PHYSICAL ACTIVITY - Activities that involve exercise directly positively affect physical and mental health, such as yoga, football, dance etc. These activities contribute to healthier lifestyles which reduces pressure on local health services that have been negatively impacted by Covid-19.
SOCIAL ACTIVITY - Activities such as parties, celebrations and hobbies where local people engage with one another. This helps to foster local relationships which are vital for positive mental health and wellbeing, and brings together people with common interests to strengthen communities and their groups.
SUPPORT GROUPS - Increase in support groups such as bereavement support networks provides greater mental health support in local areas, including those affected by Covid-19.
EDUCATION - Educational programmes using local space helps to develop skills in local populations that may be attractive to employers. This in turn improves employability for those out of work. Being in regular employment is vital for positive wellbeing, and therefore these initiatives have a huge impact.
COMMUNITY INTEGRATION
All of the above involves bringing local people together. It gets more people in the same room and leads to improved local relationships and improves community development and resilience.
Pricing
- Price
- £400 a unit
- Discount for educational organisations
- Yes
- Free trial available
- No