LOCALPAD LTD

Localpad

We are the leading provider of private accommodation management software in the UK. Our software empowers public sector organisations, including councils and the NHS, to maintain a searchable database of high-quality properties that clients/colleagues can utilise. It supports with managing accreditation schemes, preventing homelessness, and assists in housing colleagues.

Features

• Manage and advertise details of properties online
• Manage property standards including checking safety certificates like gas
• Tenant message board: find roommates, advertise spare rooms, etc
• In-house CRM mails landlords individually or in bulk, seamlessly.
• Custom branded public facing website
• In-depth reports and usage statistics
• Document uploading and management
• Automated alerts to landlords when certificates expiry
• Property review system
• Password protected, UK hosted, ensuring privacy and security.

Benefits

• Automation of many time consuming tasks
• Reduced reliance on your own IT resources
• Flexibility to adapt to changing requirements
• Enhance the customer journey, improving their engagement
• Single hub: all private housing matters in one comprehensive resource
• Works across multiple devices, capturing most users
• Enhance your organisation's overall public image
• Securely access your service any-time from anywhere
• No requirement for lengthy updates or costly upgrades
• highly intuitive and user friendly

£8,250 a licence

• Education pricing available

Service documents

• Pricing document

  PDF

• Service definition document

  ODT

• Terms and conditions

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at lloyd@localpad.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

925292751164281

Contact

Lloyd Cowburn
07976568421
lloyd@localpad.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: Software maintenance is scheduled every other Wednesday morning, during which time the service may be unavailable for up to 20 minutes between 7 a.m. and 8 a.m. Typically, the actual downtime for maintenance is less than 5 minutes.
• System requirements:
  • Internet Access
  • Modern web browser (chrome, firefox, edge etc.)

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Based on severity, we aim to initially respond within 2 to 24 hours and resolve issues as quickly as possible thereafter. Both response and resolution times depend on issue severity. For example, we respond to outages or emergencies within 2 hours (however usually this is immediate in reality) and aim to resolve them within 24 hours. Localpad will make reasonable efforts to ensure staff can be contacted via email or phone during emergencies outside of business hours, including weekends and bank holidays.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Localpad support begins at a self-service level, where users can access information from user guides, video tutorials, documentation, and knowledgebase articles available in our support software. The next step is reaching out to our support desk via the ticketing system, email, or phone for assistance with basic issues. More complex or technical issues that can't be resolved promptly will be escalated to our developers for further investigation. The support team will then relay updates to the customer as soon as they become available.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: For website administrators, we offer a variety of training methods for the software. As a minimum, new customers receive two 2-hour training sessions (held either online or in person) included in their first annual licence fee. Additionally, we provide onboarding checklists, email and helpdesk support for specific queries (with a higher volume expected from new customers), telephone support, and user guides accessible within the online control site panel, covering a wide range of topics. Many of these user guides are designed not only for our customers but also for their end users to facilitate a smoother, simpler onboarding experience for landlords and letting agents.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • ODF
  • PDF
• End-of-contract data extraction: Data will be automatically deleted 90 days after the termination date, or sooner upon request. If required, data can be returned to the customer in an industry-standard format at the end of the contract. Currently, this format is XML, but we may use other methods/formats where necessary. We follow a data deletion routine to ensure all data is removed from our database after contract termination and can provide a signed guarantee confirming this process has been completed.
• End-of-contract process: The annual licence fee covers the creation, setup, and maintenance of the website platform where properties can be advertised, as well as access to the control site for managing the listings. This includes reasonable customisation, taken from a 10-hour Development Team budget per customer, and support for troubleshooting issues. Additional modules and features can be purchased separately.; ; If a customer does not renew their contract agreement, the service continues unless cancelled and will be invoiced annually. Cancellations outside of contract require a 6-month notice period. Cancellations of additional modules also require their own 6-month notice period.; ; Once a switch-off date has been agreed, the website will be taken down on the specified date, and any associated user accounts will be disabled. The customer will receive a final invoice during the notice period to settle any outstanding balances.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The desktop site is responsive and adjusts according to the user's screen size. When the screen size is set for mobile or tablet use, the user interface transforms to offer the easily accessible links and menus you would expect to see from a mobile application while still preserving the organisation's branding.
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: No
• Customisation available: Yes
• Description of customisation: Users can customise reports, adverts, and their user interface colours on the control site through settings. Admins have the same capabilities but can also create or customise mailshots to reach out to landlords/tenants. For a fee, admins can customise additional webpages using Localpad's content management system. We also offer free features that can be enabled upon request, as well as bespoke admin features that can be explored for an additional fee.

Scaling

• Independence of resources: We use Microsoft IIS to host our solution, with our sites organised into application pools. Each pool has a maximum resource limit on our server. If a pool exceeds its threshold, an alert is triggered to help us identify the user(s) causing the high usage alert. These high-demand users are then temporarily placed in their own pool with slightly higher resource allocation to accommodate their increased usage without affecting other customers.

Analytics

• Service usage metrics: Yes
• Metrics types: Localpad's control site includes a statistics feature with charts and reports detailing tenant and landlord registrations, as well as data on full-page property views, search result displays, and map results. Search statistics are based on frontend search criteria. Additionally, we can use Google Analytics to capture more metrics such as page views, clicks, and reach where required.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Other
• Other data at rest protection approach: We use AES256 encryption to protect sensitive data both at the field level in our SQL server and for uploaded documents while at rest.
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Data can be exported from reports on the control site in either CSV or Excel file formats. Admins can request data extraction from the database, which requires elevated permissions.
• Data export formats:
  • CSV
  • ODF
• Data import formats:
  • CSV
  • ODF

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Localpad offers telephone and email helpdesk support during business hours (9:00 a.m. to 5:00 p.m. on weekdays, excluding weekends and bank holidays). For emergencies outside of business hours, Localpad will make reasonable endeavours to ensure support staff can be reached via email or phone. All support services are provided remotely unless specifically agreed otherwise. If Localpad needs to provide in-person support to the customer, the rate is £600 per day. Localpad is not responsible for providing support for faults or errors caused by improper use of the platform, but we strive to ensure the platform remains available 99% of the time throughout the year. Customers will receive at least 7 days' written notice of scheduled maintenance, except in cases of emergency access needs.
• Approach to resilience: Localpad is hosted on dedicated UK servers provided by OVH, ensuring reliable service. We replicate our data across three servers on an ongoing basis. Data replication occurs at the following intervals: SQL data is continuously mirrored to our backup server and every 10 minutes to a secondary backup server. Uploaded files, documents, and server configurations are backed up daily to all backup servers. We use a failover IP service to direct our traffic. If our main server fails and cannot be fixed promptly, we can switch our IP address to point to our backup server, which will host the software until the primary server is restored. Data is backed up and encrypted daily to redundant storage, with an immutable copy created once a week.
• Outage reporting: Email alerts are sent in case of a service outage, and a public dashboard is available to review past outages and average uptime.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: We use a role-based authentication system to restrict access for specific user roles. Additionally, we enforce further restrictions to ensure administrator controls are accessible only from a predefined list of IP addresses.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Username or password
  • Other
• Description of management access authentication: IP address restirctions

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: We proactively manage security governance by incorporating secure design practices, conducting weekly vulnerability scans on our software and servers, and having external CREST-approved penetration testers assess our software and hosting annually. We have a security policy for all staff and implement a minimum privilege approach for all users where possible.
• Information security policies and processes: Our internal security policy encompasses several key areas such as 'Acceptable Use' to guide the use of company resources, 'Network Security' to outline network and firewall configurations, 'Access Control' for the configuration of passwords and multi-factor authentication, 'Data Management' to ensure GDPR compliance, and 'Remote Access' to configure external access to our network correctly. We provide security and data protection reminders to all employees every six months. As a smaller organisation with a flat structure, any breaches or violations of our security policies are reported directly to our development manager or CEO.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: We monitor our servers using an external provider called DataDog, giving us real-time insights into application and server usage, as well as alerts and emails if any thresholds are exceeded. We conduct weekly vulnerability scans on our servers and software to consistently meet minimum security requirements. Any identified high or urgent vulnerabilities are promptly resolved, and the scan is rerun afterward to confirm resolution and ensure no new issues have been introduced. We update our software every two weeks, deploying new releases to a sandbox environment for one week prior to launch.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We conduct weekly scans using Acunetix to detect recent vulnerabilities, including those in the OWASP top 10. We also subscribe to security updates from providers like Acunetix, SSLLabs, and AppCheckNG. Patches are deployed based on their severity: urgent patches are applied as soon as possible, even if this temporarily disrupts service. Patches categorised as 'Critical' or 'High risk' by the vendor must be installed within 14 days of release. Medium-risk vulnerabilities must be patched within 21 days, while low-risk vulnerabilities must be addressed within 1 calendar month.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We use DataDog to analyse our log files, enabling us to monitor, aggregate, and trigger real-time alerts based on a range of indicators. We respond to incidents as quickly as possible, including overnight. If a potential compromise is detected, we first investigate further to confirm whether a compromise has indeed occurred. If so, we promptly notify the ICO and any impacted customers. During this process, we either resolve the issue or take the service offline to prevent escalation whilst working on the resolution.
• Incident management type: Supplier-defined controls
• Incident management approach: We have a pre-defined process for handling incidents. Users can report any incidents to us via email, telephone, or the support desk. If an incident is reported by phone, the details will be re-confirmed in a support ticket. Incident reports are provided ad-hoc where they are required, usually via email or through the software. If required, we can also provide reports by mail.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  We actively fight climate change by incorporating multiple sustainable living projects into our software, helping to enhance the quality of private rental sector properties and promote eco-friendly behavior among tenants and local residents. For instance, our Go Local initiative provides new tenants with local information and resources to help them settle in and engage with the community. Additionally, the Sustainable Living Locally section on our websites connects users with local sustainable businesses, giving them easy access to resources like sustainable shops and local recycling options. Our platform also supports Eco-Friendly Living by allowing landlords to highlight eco-friendly features on property listings, such as double glazing, recycling facilities, sustainable heating, and energy-efficient boilers. We have completed social value e-learning and support local projects and organisations that our customers are involved with, including the Hedgehog Friendly Campus scheme and a local hospice. In-house, we appoint a Chief Sustainability Officer annually, responsible for improving our environmental impact each year. We follow an environmental and social responsibility policy aimed at reducing our business' impact on the environment. Part of our mission is to aspire to minimise human impact on our environment by choosing local, ethical, and sustainable goods and services. We strive for carbon neutrality and aim to save the earth's resources and our own, through recycling, sourcing products locally, reducing our environmental footprint, and raising money for local charities.

  Covid-19 recovery

  Our business supports Covid-19 recovery in a variety of ways. during the pandemic, we incorporated fields into our software that informed potential tenants of any relevant Covid-19 policies and these can still be switched on and off where required today. In the office, we have facilitated a safe return over recent years while also offering flexible working options, including remote work and work-from-home opportunities. This approach supports sustainable travel and provides further flexibility for our team.

  Tackling economic inequality

  Our business tackles economic inequality by employing staff local to each project area, including students, to raise awareness of relevant projects. We also participate in an internship scheme with the local university to source staff. Whenever possible, we hire permanent staff from the scheme or the local area and always aim to use local suppliers. We ensure to provide relevant training to our employees. Additionally, we completed the government's Help to Grow scheme to enhance our operations. We focus on increasing supply chain resilience and capacity by identifying and managing cybersecurity risks in contract delivery, including throughout the supply chain. We collaborate with customers to address security issues and implement new measures and fields to minimise the success of scammers and other security threats. This approach has been extended to our entire customer base, utilising tools to raise awareness and bolster security.

  Equal opportunity

  Our business advocates for equal opportunities by influencing staff, suppliers, customers, and communities through the delivery of our contracts to support people with disabilities and those that are differently abled. Our software enables providers to register the mobility features of their properties, allowing site users to search for accommodation based on these specific fields to meet their accessibility requirements. We also offer accessible front-end websites for an inclusive user experience. Additionally, our equal opportunities policy guides our commitment to fostering fairness and inclusion in all aspects of our work.

  Wellbeing

  Our business prioritises health and wellbeing by participating in the Working Well East Riding (WWER) Health and Wellbeing Network, collaborating with local businesses to support a healthy workforce. We also regularly host team events to enhance morale and cultivate a supportive work environment.; By supporting students and communities to offer homestay or digs accommodation, we further our effort to reduce homelessness and increase access to affordable housing. We provide resources and case studies to help with integration into local communities, including connections with community groups, religious organisations, and charities. Our software also enables homestay and resident landlords to populate their listings with relevant information for potential tenants finding a successful living situation, including house agreements. We also engage with the local community to share information and raise awareness of the opportunity to rent out a room in their own properties.

Pricing

• Price: £8,250 a licence
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  ODT

• Terms and conditions

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at lloyd@localpad.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.