HubStar Connect (Formerly Smartway2) - Room, Desk and Car Park Booking
HubStar Connect (formerly Smartway2) provides next-generation scheduling for booking meeting rooms, desks, parking, lockers. Boost attendance, collaboration and employee experience with hybrid working tools, including return to office (RTO), key events, visitor management, utilisation analytics, sensors and space management. Works with Outlook, mobile, Teams. ISO and WCAG 2.1AA accessibility compliant
Features
- Room and Desk Booking
- Social and Professional Collaboration
- Visitor Management
- Meeting Room Panels
- iOS and Android Mobile Applications
- Digital Signage
- Active Directory Integration and Single-Sign-On
- Outlook and Teams Integration
- Floor Plan Integration
- Catering and IT Services
Benefits
- Improve Meeting Room, Desk Utilisation and Occupancy
- Agile and Hybrid Working, and return to office strategies
- Flexible and Scalable Cloud Solution
- On Demand Booking using panels, kiosks and mobile apps
- Reduce no-shows, eradicate waste
- Quick and Easy to Configure and Deploy/Zero footprint installation
- Low total cost of ownership
- Streamlines the Visitor Experience
- Integrate with existing systems using our bi-directional API
- Create a more collaborative office environment
Pricing
£5 to £350 a unit a year
- Education pricing available
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
8 5 0 4 1 2 6 1 8 4 8 4 3 7 6
Contact
HUBSTAR SYSTEMS LIMITED
Martin Hiles
Telephone: 01494 230039
Email: mhiles@hubstar.com
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Private cloud
- Service constraints
- No
- System requirements
-
- Internet Access
- Access via any currently supported browser
- Any version of Outlook 2016 +, OWA, Online and On-Prem
- Mobile Device
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- Application support is provided Monday to Friday between 9:00 and 17:30 by telephone and email Users can log issues 24/7 on our portal. The customer also has access to a dedicated CSM (Client Service Manager) who is the same consultant who has specific experience with that clients system configuration. This means that issues can be resolved quicker than traditional ticketing systems. resolution can therefore be addressed in minutes. We continue to monitor our portal out of hours as we have three global support centers.
- User can manage status and priority of support tickets
- No
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- No
- Onsite support
- Onsite support
- Support levels
-
Application support - Monday to Friday between 9:00 and 17:30 by telephone and email. Users can log issues 24/7 on our portal.
HubStar will respond to Support requests from the Customer as soon as possible with a target of not more than 4 hours of receiving a request.
Level 1 - Resolution within 6 hours - An Error that:
• Prevents the Services from processing a time-critical business process
• Completely prevents one or more users from accessing
• Customer Data or putting new Customer Data into the
• Services
• Causes loss or corruption of Customer Data.
Level 2 – Resolution within 3 working days - An Error that:
• Hinders a business process but is not necessarily time critical
Examples:
• Unable to generate a standard report for a non-time critical business process
• Room panel is off-line
Level 3 – Resolution within 60 business days – An error that:
• Affects an important function of Services, but not vital for it to be resolved in the short term and/or where a reasonable work-around is available.
Examples:
• Unable to generate a standard report
Support is included within the annual subscription license. - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
-
HubStar Connect is a zero-footprint installation. The onboarding process is as-follows.
Stakeholder Workshop – Remote or On-site
• Appointment of dedicated CSM and Account Team
• Agree Client representatives.
• Agree Scope of Implementation
• Confirm Program and Timescales
• Define workflow
• Identify users & roles
• Specify Rules and Restrictions
• Discuss integration with AD, SSO and Exchange with IT representatives
Data Collection:
• Client populates data collection template
• Meeting Room Information (capacity, equipment etc.)
• Desks and Floorplans
• Confirm attributes and filtering options
• Define Users / User Groups
• Hours of operation
• Discuss Data Migration Strategies
Implementation:
• Creation of AWS instance
• Remote configuration of database
• Configure Categories & Colours
• Population of resource data
• Configuration of Business Rules
• Enable Notifications
• Build Catering & Other Services
• Approval Process Validation and Testing
• Demonstrate configured system to stakeholders
• Gain acceptance of configured system via UAT
Plan Go-Live:
• Training services can be provided remotely or on-site
• End-User guides are provided and reflect the customers branding, rules and configuration
• Administrator and end-user training are provided
Post Go-Live:
• Handover to support
• Co-ordinate quarterly account reviews - Service documentation
- Yes
- Documentation formats
-
- Other
- Other documentation formats
-
- Word
- Excel
- Powerpoint
- End-of-contract data extraction
-
The customer has access to their data for the length of the relationship. This is available within the application and can be accessed anytime by the clients approved admin team, which may include members of Facilities, IT and HR.
The data can be exported to Excel and the client can define what parameters, events, triggers and activities they would like to export, all of which is entirely configurable to export requirements.
In addition and if necessary we will also support the customer in their migration strategy and once the database is destroyed, it will remain in our back-ups for a further 30 days. - End-of-contract process
- In addition to what has been described in the previous question, at the end of the term, and by prior agreement the database will be destroyed. The data remains available from termination via our back-ups, for 30 days until when access to the client’s data can still be made available upon request. Once removed from our servers the data is no longer available. There are no additional costs for these activities.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Opera
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- The user-experience is exactly the same on all interfaces.
- Service interface
- Yes
- User support accessibility
- WCAG 2.1 AA or EN 301 549
- Description of service interface
- The user can interact with the application using a number of methods. 1. Any currently supported Web browser. 2. Native Apps on iOS and Android. 3. Any version of Outlook 2016 and later - OWA, O365, Online and On-Prem. 4. Hardware Apps - Kiosk, Panels, 3rd Party panels and Desk PUC's. 5. Microsoft Teams on desktop, mobile and Web.
- Accessibility standards
- WCAG 2.1 AA or EN 301 549
- Accessibility testing
- Independent audit of our user interfaces and certification. In addition we have worked with our larger customers to identify additional areas for consideration which form part of our ongoing continuous improvement and Software Development Cycle.
- API
- Yes
- What users can and can't do using the API
-
HubStar Connect is delivered with a fully documented JSON Web Services API, complete with Code Examples. We also have a Partner and reporting API.
The API provides a speedy method of integrating with other systems and services, such as Video Conferencing, Catering, Visitor Management , HR and Accounting systems, Sensors, and Business Intelligence Analytics, Reporting Platforms and Smart Building and IOT requirements. Additional API endpoints can be created as required. - API documentation
- Yes
- API documentation formats
-
- Open API (also known as Swagger)
- HTML
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
-
HubStar Connect has an admin console allowing authorised users to Create or Modify;
• Custom Fields and Custom Forms
• Business rules
• Email and In-app notifications
• Reports
• Approval Workflows
• Services and Lead-times
• Meeting Categories and Colours, branding and look and feel
• Look and Feel (Branding)
• Hierarchy
• Access Rights and Group Policy
• Resource Types
• Floor Plans.
The customer has access to all of the same configuration tools that we would use to initially configure the system. Training will be provided to make the customer as self sufficient as possible.
In addition, the Customer has access to the entire data log and can extract data at anytime.
Lastly the customer is in full control of their integrations, so can sever connections, or make changes as and when necessary.
Scaling
- Independence of resources
- HubStar Connect is hosted internationally by Amazon Web Services (AWS) with EU locations in London and Dublin. Load balancers and scaling groups are in place to allow for scalability. Ongoing performance monitoring is in place to ensure the suitability of the running stack to the observed load and activity and we have customer databases with over a hundred thousand users and tens of thousands of resources.
Analytics
- Service usage metrics
- Yes
- Metrics types
-
Access to metrics is made available in two forms.
Dashboard Reporting
• ‘Just’ dashboards deliver insights on rooms, desks and parking usage, user activity and performance
• ‘Think’ dashboards provide insights on multiple space scheduling elements, focusing on occupancy and utilisation
Service Reports
• Services, Quantities and Costs
• No-Shows
• Inventory
• Requests and Approvals
• Booking requests
• Audit Log
• Attendance Report
• Live Availability
• Live Reservations
• Location Usage
• Reservations Awaiting Approval
The end user can create their own custom reports. - Reporting types
-
- API access
- Real-time dashboards
- Regular reports
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Conforms to BS7858:2019
- Government security clearance
- Up to Security Clearance (SC)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
-
- United Kingdom
- European Economic Area (EEA)
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- Another external penetration testing organisation
- Protecting data at rest
-
- Physical access control, complying with CSA CCM v3.0
- Physical access control, complying with SSAE-16 / ISAE 3402
- Encryption of all physical media
- Other
- Other data at rest protection approach
- Data is stored in an encrypted RDS instance in AWS to AES-256 standard. Databases and PII within the data is also encrypted
- Data sanitisation process
- Yes
- Data sanitisation type
-
- Explicit overwriting of storage before reallocation
- Deleted data can’t be directly accessed
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
- This is easily done via the reporting module into Excel, or via our API.
- Data export formats
-
- CSV
- Other
- Other data export formats
- Data import formats
- CSV
Data-in-transit protection
- Data protection between buyer and supplier networks
- TLS (version 1.2 or above)
- Data protection within supplier network
- TLS (version 1.2 or above)
Availability and resilience
- Guaranteed availability
-
Globally we use Amazon Web Services (AWS) for both production and DR. DR testing for both environments is performed annually. Minimum system uptime for Production Systems is 99.5%, measured monthly.
Our continuity objectives are stated in terms of the amount of time it would take to resume normal operations in case of a major event. Note that minor events will have a much faster recovery time.
A major event is one which renders all of the systems at one site unusable. For a major event involving client-facing systems, our DR Recovery Time Objective (RTO) is 8 hours, while our Recovery Point Objective (RPO) is 24 hours. Note that client systems are also designed with local resilience so that no single component failure will cause a substantial outage or loss of data.
Service credits are available for failure to meet SLA. Service credits will be accumulated on a calendar-year basis, and any credit will be applied to the annual bill immediately following the end of the prior calendar quarter. - Approach to resilience
-
We provide load balancing architecture - details can be made available upon request.
The application leverages AWS load balancing and dynamic routing components to ensure lowest latency and highest availability.
Application servers are split between two (at least) availability zones within each region to ensure continuity of service should one availability zone become unavailable.
Elastic load balancers distribute the traffic across the available servers.
Servers are grouped under auto scaling groups which allows for the increase in processing capability if the application is put under stress.
Databases are backed up daily, with transaction log archiving allowing for point in time recovery in between these daily backups.
Backups are encrypted (AES-256) and are kept for 7 days. They are stored in AWS. - Outage reporting
- Email alerts will be sent for Planned Maintenance Works, Upgrades and Outages. Email alerts are sent to Client Administrators and Technical contacts, to advise of plans, remedies, and general communications. if an unplanned Outage occurs or if, the client reports an Outage, an internal ticket will be raised to bring the service back online and a review of the Outage will be undertaken in compliance with our ISO 27001 processes and procedures. Depending on the severity, additional communications in writing or the creation of a Route, Cause and Analysis report (RCA) will be prepared for the customer.
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Identity federation with existing provider (for example Google Apps)
- Username or password
- Access restrictions in management interfaces and support channels
-
Access is controlled as follows;
• Multi-factor authentication for named admin users to the hosted environment
• Support Portal - dedicated client users with username and password
• An email alert goes to the support agent with a unique ID
• Access levels are reviewed periodically - Access restriction testing frequency
- At least once a year
- Management access authentication
-
- 2-factor authentication
- Identity federation with existing provider (for example Google Apps)
- Username or password
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- User-defined
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- British Assessment Bureau
- ISO/IEC 27001 accreditation date
- 06/09/2019
- What the ISO/IEC 27001 doesn’t cover
- No exclusions
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- No
- Cyber essentials plus
- No
- Other security certifications
- Yes
- Any other security certifications
-
- ISO 27001:2017
- Expect SOC 2 Type 2 accreditation by Q4 2024
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
-
- ISO/IEC 27001
- Other
- Other security governance standards
- We expect to obtain SOC 2 compliance by Q4 2024
- Information security policies and processes
-
HubStar is committed to the establishment and maintenance of the Information Security Management System (ISMS) described in our Information Security Policy and implemented to meet the requirements of BS EN ISO/IEC 27001:2017.
All members of staff within the ISMS impacted business areas shall strictly adhere to the policies and security procedures, which support the Information Security Policy.
The objectives of the ISMS are to:
• Meet legislative and regulatory requirements
• Design, develop and run secure resilient applications
• Identify and manage Information Security and Cyber Risks
• Identify and manage risks within the supply chain
These intrinsically include:
• Continual review and improvement of the ISMS and Controls
• Comply with Customer security requirements
• Report on the effectiveness of the ISMS and controls to the CEO
• Provide assurance that Information Security is inherent within Business as usual activities
Operational security
- Configuration and change management standard
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Configuration and change management approach
-
HubStar operate a thorough Change Request Process, and once a change request has been raised, it is documented and discussed as part of weekly triage. The request is placed on our CR system. The enhancement is addressed as follows;
• Evaluation
• Development
• Code Review
• Quality Assurance
• Deploy
Security needs to be considered at various stages. This translates into security gates throughout the process, as follows;
• Secure Requirement Review
• Risk Test Planning
• Secure Design Review
• Code Review
• Penetration testing
Changes are deployed as part of our normal deployment methodology. - Vulnerability management type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Vulnerability management approach
-
This is part of the Hosting team duties, key team members are subscribed to relevant patch notifications, and depending on the severity and feasibility will deploy patches during the next maintenance windows after internal testing to ensure no adverse effect to the application.
Key members of the Security Office and engineering team are subscribed or follow security bulletins and release notes as well as the OWASP top 10 threats list.
Depending on the nature of the patch/vulnerability, mitigations may be put in place until the patch can be deployed (through Web application firewall, or some other mechanism). - Protective monitoring type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Protective monitoring approach
-
Automated alerts go to relevant parties in HubStar. In the case of an availability or performance metric alert, the support team will be notified. In the case of an intrusion or intrusion attempt, the security officer and team will be notified. A triage will take place to classify, prioritise and assign the incident. Classification will fall into one of four categories.
Critical, Significant, Minor, Negligible
Checks are performed automatically on the application, and automated alerts are dispatched to the team in case of availability events.
Non critical are patched within next maintenance window. Critical within 30 days following successful testing - Incident management type
- Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
- Incident management approach
-
Application Issue -
For every incident a ticket is always raised via the Portal, Email or Telephone. These tickets are categorised – Critical, Medium or Low. The issue is addressed as per our SLA. A Root cause analysis is carried out for critical issues and communicated back to the customer.
Hardware Issues:
Hardware supplied by Smartway2 will be covered by their subscription plan. Faulty units should be returned to Smartway2 for assessment. Where appropriate, replacements will be returned to client within 5 working days of receipt of faulty unit, subject to availability.
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Public sector networks
- Connection to public sector networks
- No
Social Value
- Social Value
-
Social Value
- Fighting climate change
- Covid-19 recovery
- Tackling economic inequality
- Equal opportunity
- Wellbeing
Fighting climate change
Buildings account for 37% of global carbon emissions [Source: UN 2022 Global Status Report for Buildings and Construction] and approximately half of commercial real estate is underutilised. HubStar helps improve utilisation by up to 30% and reduce annual carbon emissions by 270kg per desk, by identifying which spaces across the office real estate portfolio are underutilised; and by identifying opportunities to reduce energy consumption by ‘soft closing’ zones, floors or buildings, sometimes on specific days of the week where attendance is low.
By leveraging HubStar’s scheduling capabilities to match employees with the most efficient spaces, organisations can influence the flow of people in order to reduce enable soft closing or repurposing of space, to support decarbonisation goals, while improving workplace experience
HubStar’s ability to predict occupancy also support waste reduction efforts in other areas, for example ordering the correct amount of food on any given day for the cafeteria.Covid-19 recovery
HubStar solutions supported many organisations during the pandemic by enabling social distancing and health checks, leveraging its rules engine to automatic compliance, perform contact tracing and support cleaning schedules.
Albeit there is less demand now for such stringent health and safety features today, HubStar equips organisations to rapidly adapt to future health and safety concerns, via existing, highly configurable functionality that includes the ability to configure booking rules, policies and workflows, as well as audit trail reporting.
HubStar’s utilisation insight also enables a data-driven approach to designing safer public and work spaces, to reduce the chance of infection and provide employees with peace of mind.Tackling economic inequality
HubStar supports employers to build learning cultures that foster education, skills development and training, by ‘advertising’ learning events to attract attendance, providing the ability to measure attendance and by ensuring learning happens in environments that are conducive to success.Equal opportunity
HubStar is committed to encouraging equality, diversity and inclusion among our workforce, and eliminating unlawful discrimination.The aim is for our workforce to be truly representative of all sections of society and our customers, and for each employee to feel respected and able to give their best.
The organisation - in providing goods and/or services - is also committed against unlawful discrimination of our clients and their staff members.Wellbeing
Those who are responsible for caring for others, those who live further away from city centres and those who suffer from disabilities can achieve greater flexibility by using HubStar to determine when they should come into the office; as well as using the technology to find an appropriate space that caters to their individual requirements.
Wellbeing
Loneliness is now considered a greater threat to health than smoking or alcohol, while numerous studies by organisations like Gallup find that work is typically the greatest source of friendship; while having a friend at work improves performance, productivity and health.
HubStar helps organisations rebuild social connection by making it easy to find friends and arrange in-person meet-ups, whether team get-togethers or social events. HubStar also provides data to inform the re-design of spaces that better support collaboration and socialising.
As well as helping to foster friendships by bringing people together face-to-face, HubStar enables regular contact with ‘weak ties’ that have been shown to improve mental health and Wellbeing.
Wellbeing is further supported by managing hybrid occupancy to ensure the appropriate level of social ‘buzz’, in order that the experience of visiting the office is worthwhile and revitalising; or for those who visit for quiet focus time, meets that requirement effectively.
Pricing
- Price
- £5 to £350 a unit a year
- Discount for educational organisations
- Yes
- Free trial available
- Yes
- Description of free trial
-
We offer trials from 2 weeks to 1 month.
Access to all parts of Room and Desk Booking are provided. - Link to free trial
- We offer a Proof of Concept for eligible opportunities