Skip to main content

Help us improve the Digital Marketplace - send your feedback

HUBSTAR SYSTEMS LIMITED

HubStar Connect (Formerly Smartway2) - Room, Desk and Car Park Booking

HubStar Connect (formerly Smartway2) provides next-generation scheduling for booking meeting rooms, desks, parking, lockers. Boost attendance, collaboration and employee experience with hybrid working tools, including return to office (RTO), key events, visitor management, utilisation analytics, sensors and space management. Works with Outlook, mobile, Teams. ISO and WCAG 2.1AA accessibility compliant

Features

  • Room and Desk Booking
  • Social and Professional Collaboration
  • Visitor Management
  • Meeting Room Panels
  • iOS and Android Mobile Applications
  • Digital Signage
  • Active Directory Integration and Single-Sign-On
  • Outlook and Teams Integration
  • Floor Plan Integration
  • Catering and IT Services

Benefits

  • Improve Meeting Room, Desk Utilisation and Occupancy
  • Agile and Hybrid Working, and return to office strategies
  • Flexible and Scalable Cloud Solution
  • On Demand Booking using panels, kiosks and mobile apps
  • Reduce no-shows, eradicate waste
  • Quick and Easy to Configure and Deploy/Zero footprint installation
  • Low total cost of ownership
  • Streamlines the Visitor Experience
  • Integrate with existing systems using our bi-directional API
  • Create a more collaborative office environment

Pricing

£5 to £350 a unit a year

  • Education pricing available
  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at mhiles@hubstar.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

8 5 0 4 1 2 6 1 8 4 8 4 3 7 6

Contact

HUBSTAR SYSTEMS LIMITED Martin Hiles
Telephone: 01494 230039
Email: mhiles@hubstar.com

Service scope

Software add-on or extension
No
Cloud deployment model
Private cloud
Service constraints
No
System requirements
  • Internet Access
  • Access via any currently supported browser
  • Any version of Outlook 2016 +, OWA, Online and On-Prem
  • Mobile Device

User support

Email or online ticketing support
Email or online ticketing
Support response times
Application support is provided Monday to Friday between 9:00 and 17:30 by telephone and email Users can log issues 24/7 on our portal. The customer also has access to a dedicated CSM (Client Service Manager) who is the same consultant who has specific experience with that clients system configuration. This means that issues can be resolved quicker than traditional ticketing systems. resolution can therefore be addressed in minutes. We continue to monitor our portal out of hours as we have three global support centers.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Onsite support
Support levels
Application support - Monday to Friday between 9:00 and 17:30 by telephone and email. Users can log issues 24/7 on our portal.
HubStar will respond to Support requests from the Customer as soon as possible with a target of not more than 4 hours of receiving a request.

Level 1 - Resolution within 6 hours - An Error that:
• Prevents the Services from processing a time-critical business process
• Completely prevents one or more users from accessing
• Customer Data or putting new Customer Data into the
• Services
• Causes loss or corruption of Customer Data.
Level 2 – Resolution within 3 working days - An Error that:
• Hinders a business process but is not necessarily time critical
Examples:
• Unable to generate a standard report for a non-time critical business process
• Room panel is off-line
Level 3 – Resolution within 60 business days – An error that:
• Affects an important function of Services, but not vital for it to be resolved in the short term and/or where a reasonable work-around is available.
Examples:
• Unable to generate a standard report
Support is included within the annual subscription license.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
HubStar Connect is a zero-footprint installation. The onboarding process is as-follows.
Stakeholder Workshop – Remote or On-site
• Appointment of dedicated CSM and Account Team
• Agree Client representatives.
• Agree Scope of Implementation
• Confirm Program and Timescales
• Define workflow
• Identify users & roles
• Specify Rules and Restrictions
• Discuss integration with AD, SSO and Exchange with IT representatives
Data Collection:
• Client populates data collection template
• Meeting Room Information (capacity, equipment etc.)
• Desks and Floorplans
• Confirm attributes and filtering options
• Define Users / User Groups
• Hours of operation
• Discuss Data Migration Strategies
Implementation:
• Creation of AWS instance
• Remote configuration of database
• Configure Categories & Colours
• Population of resource data
• Configuration of Business Rules
• Enable Notifications
• Build Catering & Other Services
• Approval Process Validation and Testing
• Demonstrate configured system to stakeholders
• Gain acceptance of configured system via UAT
Plan Go-Live:
• Training services can be provided remotely or on-site
• End-User guides are provided and reflect the customers branding, rules and configuration
• Administrator and end-user training are provided
Post Go-Live:
• Handover to support
• Co-ordinate quarterly account reviews
Service documentation
Yes
Documentation formats
  • PDF
  • Other
Other documentation formats
  • Word
  • Excel
  • Powerpoint
End-of-contract data extraction
The customer has access to their data for the length of the relationship. This is available within the application and can be accessed anytime by the clients approved admin team, which may include members of Facilities, IT and HR.
The data can be exported to Excel and the client can define what parameters, events, triggers and activities they would like to export, all of which is entirely configurable to export requirements.

In addition and if necessary we will also support the customer in their migration strategy and once the database is destroyed, it will remain in our back-ups for a further 30 days.
End-of-contract process
In addition to what has been described in the previous question, at the end of the term, and by prior agreement the database will be destroyed. The data remains available from termination via our back-ups, for 30 days until when access to the client’s data can still be made available upon request. Once removed from our servers the data is no longer available. There are no additional costs for these activities.

Using the service

Web browser interface
Yes
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
The user-experience is exactly the same on all interfaces.
Service interface
Yes
User support accessibility
WCAG 2.1 AA or EN 301 549
Description of service interface
The user can interact with the application using a number of methods. 1. Any currently supported Web browser. 2. Native Apps on iOS and Android. 3. Any version of Outlook 2016 and later - OWA, O365, Online and On-Prem. 4. Hardware Apps - Kiosk, Panels, 3rd Party panels and Desk PUC's. 5. Microsoft Teams on desktop, mobile and Web.
Accessibility standards
WCAG 2.1 AA or EN 301 549
Accessibility testing
Independent audit of our user interfaces and certification. In addition we have worked with our larger customers to identify additional areas for consideration which form part of our ongoing continuous improvement and Software Development Cycle.
API
Yes
What users can and can't do using the API
HubStar Connect is delivered with a fully documented JSON Web Services API, complete with Code Examples. We also have a Partner and reporting API.

The API provides a speedy method of integrating with other systems and services, such as Video Conferencing, Catering, Visitor Management , HR and Accounting systems, Sensors, and Business Intelligence Analytics, Reporting Platforms and Smart Building and IOT requirements. Additional API endpoints can be created as required.
API documentation
Yes
API documentation formats
  • Open API (also known as Swagger)
  • HTML
  • PDF
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
HubStar Connect has an admin console allowing authorised users to Create or Modify;
• Custom Fields and Custom Forms
• Business rules
• Email and In-app notifications
• Reports
• Approval Workflows
• Services and Lead-times
• Meeting Categories and Colours, branding and look and feel
• Look and Feel (Branding)
• Hierarchy
• Access Rights and Group Policy
• Resource Types
• Floor Plans.

The customer has access to all of the same configuration tools that we would use to initially configure the system. Training will be provided to make the customer as self sufficient as possible.
In addition, the Customer has access to the entire data log and can extract data at anytime.
Lastly the customer is in full control of their integrations, so can sever connections, or make changes as and when necessary.

Scaling

Independence of resources
HubStar Connect is hosted internationally by Amazon Web Services (AWS) with EU locations in London and Dublin. Load balancers and scaling groups are in place to allow for scalability. Ongoing performance monitoring is in place to ensure the suitability of the running stack to the observed load and activity and we have customer databases with over a hundred thousand users and tens of thousands of resources.

Analytics

Service usage metrics
Yes
Metrics types
Access to metrics is made available in two forms.
Dashboard Reporting
• ‘Just’ dashboards deliver insights on rooms, desks and parking usage, user activity and performance
• ‘Think’ dashboards provide insights on multiple space scheduling elements, focusing on occupancy and utilisation
Service Reports
• Services, Quantities and Costs
• No-Shows
• Inventory
• Requests and Approvals
• Booking requests
• Audit Log
• Attendance Report
• Live Availability
• Live Reservations
• Location Usage
• Reservations Awaiting Approval
The end user can create their own custom reports.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2019
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Other
Other data at rest protection approach
Data is stored in an encrypted RDS instance in AWS to AES-256 standard. Databases and PII within the data is also encrypted
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
This is easily done via the reporting module into Excel, or via our API.
Data export formats
  • CSV
  • Other
Other data export formats
PDF
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Globally we use Amazon Web Services (AWS) for both production and DR. DR testing for both environments is performed annually. Minimum system uptime for Production Systems is 99.5%, measured monthly.
Our continuity objectives are stated in terms of the amount of time it would take to resume normal operations in case of a major event. Note that minor events will have a much faster recovery time.

A major event is one which renders all of the systems at one site unusable. For a major event involving client-facing systems, our DR Recovery Time Objective (RTO) is 8 hours, while our Recovery Point Objective (RPO) is 24 hours. Note that client systems are also designed with local resilience so that no single component failure will cause a substantial outage or loss of data.

Service credits are available for failure to meet SLA. Service credits will be accumulated on a calendar-year basis, and any credit will be applied to the annual bill immediately following the end of the prior calendar quarter.
Approach to resilience
We provide load balancing architecture - details can be made available upon request.
The application leverages AWS load balancing and dynamic routing components to ensure lowest latency and highest availability.
Application servers are split between two (at least) availability zones within each region to ensure continuity of service should one availability zone become unavailable.
Elastic load balancers distribute the traffic across the available servers.
Servers are grouped under auto scaling groups which allows for the increase in processing capability if the application is put under stress.
Databases are backed up daily, with transaction log archiving allowing for point in time recovery in between these daily backups.
Backups are encrypted (AES-256) and are kept for 7 days. They are stored in AWS.
Outage reporting
Email alerts will be sent for Planned Maintenance Works, Upgrades and Outages. Email alerts are sent to Client Administrators and Technical contacts, to advise of plans, remedies, and general communications. if an unplanned Outage occurs or if, the client reports an Outage, an internal ticket will be raised to bring the service back online and a review of the Outage will be undertaken in compliance with our ISO 27001 processes and procedures. Depending on the severity, additional communications in writing or the creation of a Route, Cause and Analysis report (RCA) will be prepared for the customer.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
Access is controlled as follows;
• Multi-factor authentication for named admin users to the hosted environment
• Support Portal - dedicated client users with username and password
• An email alert goes to the support agent with a unique ID
• Access levels are reviewed periodically
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
British Assessment Bureau
ISO/IEC 27001 accreditation date
06/09/2019
What the ISO/IEC 27001 doesn’t cover
No exclusions
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
No
Cyber essentials plus
No
Other security certifications
Yes
Any other security certifications
  • ISO 27001:2017
  • Expect SOC 2 Type 2 accreditation by Q4 2024

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
We expect to obtain SOC 2 compliance by Q4 2024
Information security policies and processes
HubStar is committed to the establishment and maintenance of the Information Security Management System (ISMS) described in our Information Security Policy and implemented to meet the requirements of BS EN ISO/IEC 27001:2017.

All members of staff within the ISMS impacted business areas shall strictly adhere to the policies and security procedures, which support the Information Security Policy.
The objectives of the ISMS are to:
• Meet legislative and regulatory requirements
• Design, develop and run secure resilient applications
• Identify and manage Information Security and Cyber Risks
• Identify and manage risks within the supply chain

These intrinsically include:
• Continual review and improvement of the ISMS and Controls
• Comply with Customer security requirements
• Report on the effectiveness of the ISMS and controls to the CEO
• Provide assurance that Information Security is inherent within Business as usual activities

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
HubStar operate a thorough Change Request Process, and once a change request has been raised, it is documented and discussed as part of weekly triage. The request is placed on our CR system. The enhancement is addressed as follows;
• Evaluation
• Development
• Code Review
• Quality Assurance
• Deploy

Security needs to be considered at various stages. This translates into security gates throughout the process, as follows;
• Secure Requirement Review
• Risk Test Planning
• Secure Design Review
• Code Review
• Penetration testing
Changes are deployed as part of our normal deployment methodology.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
This is part of the Hosting team duties, key team members are subscribed to relevant patch notifications, and depending on the severity and feasibility will deploy patches during the next maintenance windows after internal testing to ensure no adverse effect to the application.
Key members of the Security Office and engineering team are subscribed or follow security bulletins and release notes as well as the OWASP top 10 threats list.
Depending on the nature of the patch/vulnerability, mitigations may be put in place until the patch can be deployed (through Web application firewall, or some other mechanism).
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Automated alerts go to relevant parties in HubStar. In the case of an availability or performance metric alert, the support team will be notified. In the case of an intrusion or intrusion attempt, the security officer and team will be notified. A triage will take place to classify, prioritise and assign the incident. Classification will fall into one of four categories.
Critical, Significant, Minor, Negligible
Checks are performed automatically on the application, and automated alerts are dispatched to the team in case of availability events.
Non critical are patched within next maintenance window. Critical within 30 days following successful testing
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Application Issue -
For every incident a ticket is always raised via the Portal, Email or Telephone. These tickets are categorised – Critical, Medium or Low. The issue is addressed as per our SLA. A Root cause analysis is carried out for critical issues and communicated back to the customer.

Hardware Issues:
Hardware supplied by Smartway2 will be covered by their subscription plan. Faulty units should be returned to Smartway2 for assessment. Where appropriate, replacements will be returned to client within 5 working days of receipt of faulty unit, subject to availability.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Social Value

Social Value

Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

Fighting climate change

Buildings account for 37% of global carbon emissions [Source: UN 2022 Global Status Report for Buildings and Construction] and approximately half of commercial real estate is underutilised. HubStar helps improve utilisation by up to 30% and reduce annual carbon emissions by 270kg per desk, by identifying which spaces across the office real estate portfolio are underutilised; and by identifying opportunities to reduce energy consumption by ‘soft closing’ zones, floors or buildings, sometimes on specific days of the week where attendance is low.

By leveraging HubStar’s scheduling capabilities to match employees with the most efficient spaces, organisations can influence the flow of people in order to reduce enable soft closing or repurposing of space, to support decarbonisation goals, while improving workplace experience
HubStar’s ability to predict occupancy also support waste reduction efforts in other areas, for example ordering the correct amount of food on any given day for the cafeteria.

Covid-19 recovery

HubStar solutions supported many organisations during the pandemic by enabling social distancing and health checks, leveraging its rules engine to automatic compliance, perform contact tracing and support cleaning schedules.

Albeit there is less demand now for such stringent health and safety features today, HubStar equips organisations to rapidly adapt to future health and safety concerns, via existing, highly configurable functionality that includes the ability to configure booking rules, policies and workflows, as well as audit trail reporting.

HubStar’s utilisation insight also enables a data-driven approach to designing safer public and work spaces, to reduce the chance of infection and provide employees with peace of mind.

Tackling economic inequality

HubStar supports employers to build learning cultures that foster education, skills development and training, by ‘advertising’ learning events to attract attendance, providing the ability to measure attendance and by ensuring learning happens in environments that are conducive to success.

Equal opportunity

HubStar is committed to encouraging equality, diversity and inclusion among our workforce, and eliminating unlawful discrimination.The aim is for our workforce to be truly representative of all sections of society and our customers, and for each employee to feel respected and able to give their best.
The organisation - in providing goods and/or services - is also committed against unlawful discrimination of our clients and their staff members.

Wellbeing

Those who are responsible for caring for others, those who live further away from city centres and those who suffer from disabilities can achieve greater flexibility by using HubStar to determine when they should come into the office; as well as using the technology to find an appropriate space that caters to their individual requirements.
Wellbeing

Loneliness is now considered a greater threat to health than smoking or alcohol, while numerous studies by organisations like Gallup find that work is typically the greatest source of friendship; while having a friend at work improves performance, productivity and health.

HubStar helps organisations rebuild social connection by making it easy to find friends and arrange in-person meet-ups, whether team get-togethers or social events. HubStar also provides data to inform the re-design of spaces that better support collaboration and socialising.

As well as helping to foster friendships by bringing people together face-to-face, HubStar enables regular contact with ‘weak ties’ that have been shown to improve mental health and Wellbeing.

Wellbeing is further supported by managing hybrid occupancy to ensure the appropriate level of social ‘buzz’, in order that the experience of visiting the office is worthwhile and revitalising; or for those who visit for quiet focus time, meets that requirement effectively.

Pricing

Price
£5 to £350 a unit a year
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
We offer trials from 2 weeks to 1 month.
Access to all parts of Room and Desk Booking are provided.
Link to free trial
We offer a Proof of Concept for eligible opportunities

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at mhiles@hubstar.com. Tell them what format you need. It will help if you say what assistive technology you use.