BEDDESKCHAIR LTD

BedDeskChair

BedDeskChair addresses the need for effective student accommodation management. It is both an online accommodation and relationship management tool, that simplifies the process of securing suitable accommodation for everyone involved.

BedDeskChair manages the accommodation journey from beginning to end - within a single, consistent easy to use web application.

Features

• Digital onboarding service for students to manage their accommodation journey.
• Focused content sharing time-released to students.
• Online administration portal for accommodation teams to effectively manage students.
• Web-based tools: process accommodation places and signing of lease agreements.
• Communications portal for direct with individual or groups of students.
• Automated feedback directly to students as administrators make key decisions.
• Map centric and visually intuitive design help inform students’ decisions.
• Student engagement monitored and reported throughout the accommodation journey.
• Long-term and short-term (summer lets, conferences) online booking management systems.
• Automated management reporting capability across building portfolio.

Benefits

• Control access to the booking system for students and guests.
• Straightforward, visual presentation to help students make informed decisions.
• Track progress and status of room booking across entire lifecycle.
• Evidence contract acceptance of AST agreement for individual rooms.
• Generate room assignments based on student preferences and bespoke algorithms.
• Status reports, student satisfaction monitoring supports CRM initiatives, general communications.
• Useful content relevant to student’s personal accommodation journey time-released.
• Management of short-term and long-term bookings through the same system.
• Support various profile types based on role/specific access requirements.
• Two-sided portal supporting both students and administrators throughout accommodation lifecycle.

£3.25 to £5.25 a user a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at devneet@beddeskchair.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

940736929889699

Contact

Devneet Atherton
07533967628
devneet@beddeskchair.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: Buyers may wish to be aware there is an initial set up process that will include understanding the client's existing systems, the need for any integrations, bespoke development and the set up of property profiles and content plans.
• System requirements:
  • The BedDeskChair application is delivered via a web based portal.
  • Functionality across all digital devices (Desktop, Mobile, Tablet).

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Normal Business Hours for BedDeskChair services and support will be Monday - Friday 08:00 - 18:00 GMT for all incident, request, and support services.; ; Extended support coverage during likely peak periods of activity during the academic year or during upgrade activities. Such coverage will be established in advance based on need to ensure product services are highly available during university peak periods.; ; Questions will be managed in the following time frames:; ; - Critical: response within 1 hour; - High: response within 4 hours; - Medium: response within 24 hours ; - Low: response within 48 hours
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: BedDeskChair’s support levels listed below are included at no additional cost. ; ; Level 1: Self Support, End-User Customer Support; Super Users, Training, 10x5 Coverage, Extended in peak periods.; ; Level 2: Basic Issues, Software Functionality; 10x5 Coverage, Extended in peak periods.; ; Level 3: In Depth Technical Support; 10x5 Coverage, Extended in peak periods. A technical development team is available.; ; All incidents reported to our team are logged and monitored by a client’s individual account manager. This allows us to react quickly to reports of a similar nature and prioritise development resources efficiently to address service issues being raised.; ; Client incidents will be reported through BedDeskChair either in person, email, or phone; directly to the Account Manager. Students will be able to raise technical incidents within; the application itself. ; ; BedDeskChair will prioritise incidents based on the following categories:; Critical: Application is non-functioning; incident is highly disruptive, core; operations impacted.; High: Application is heavily impacted, but workaround exists, core operation; not impacted.; Low: New request or action that can be scheduled for a specific time or in advance.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Our priority is to ensure there is seamless transition with minimal disruption and this is achieved through careful planning and project management (PRINCE2). ; ; We have a programme that assigns clear and specific roles to ensure good decisions are made and implemented quickly. ; ; The programme ensures we have consistency in decision-making (and escalation, where required). Risk will be managed proactively during the requirement gathering and analysis phase, the onboarding phase, and beyond.; ; The BedDeskChair leadership and project management team will work collaboratively with the client and key stakeholders, with regular meetings, drop in sessions and workshops scheduled throughout Pre and Post-Live stages of the contract. This includes onsite training, online training and user documentation. ; ; The above approach will support BedDeskChair’s regular quarterly review of its service.; ; When delivering customisation, innovation and product development to stakeholders, BedDeskChair adopts a flexible ‘Agile model’ to successfully deliver new features in a way that is structured, time-efficient and secure. ; ; Immediately post-contract, BedDeskChair will start curating building profiles for inclusion within the client's data sets. This includes room-type profiles. Content plans will be put together (in parallel to the curation of building profiles) per client team and per building.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: BedDeskChair will provide digital copies upon request in the appropriate format. Any data not required will be deleted in accordance with our policies.; ; Further information on deletion of data:; Delegated client users will be able to delete or amend individual data fields, or delete entire student profiles (and associated data on the system). In respect of deletion, any deletion action will be preceded by confirmatory prompts. Within the ‘My Admin’ screen, client users will be able to delete their personal data. User permissions can be set so, for instance, ‘Lead/Super Admin’ can delete ‘Building-level Admin’ but not vice versa. Once a deletion has been actioned, a ‘soft delete’ will occur. BedDeskChair will agree a period after which the soft delete will be enforced (by full deletion or anonymisation) allowing for error restoration of data as required. In addition, automatic retention periods can be deployed, after which relevant personal data will be anonymised or deleted permanently from the database.
• End-of-contract process: BedDeskChair will enable clients to download a copy of all their information held on the platform for a period of 14 days after contract expiry. After a period of 30 days BedDeskChair may destroy or otherwise dispose of any of the University Data in its possession unless BedDeskChair receives, no later than ten (10) days, a written request for the delivery to the University of the then most recent back-up of the University Data. The client shall pay all reasonable expenses incurred by BedDeskChair in returning or disposing of University Data.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The baseline functionality has been designed to be the same across mobile and desktop services. The user experience is more immersive on larger screens on account of the map centric interface.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: Our team places a great deal of importance on the user journey both for students and administrators alike. The service interface has tailored pathways for the different user types. The student interface is map-centric with the focus on selecting accommodation options, arrivals and settling in. The supporting administration portal allows admin users to process accommodation places, building and room allocations, as well as handling the presentation and signing of student lease agreements.; ; When an action is taken by an administrator on their portal, the platform automatically communicates what this means to an individual student user and outlines next steps.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: The solution considers accessibility as a matter of high importance. We have aimed to create a solution that is open to everyone with an internet connection and a modern computer, tablet or mobile device. ; ; The solution has been tested against WCAG 2.2 Level AA of conformance to deal with the most significant and most typical barriers for disabled users. ; ; We have taken the required steps to ensure the solution supports the following assistive and adaptive technologies where possible: ; ; - Perceivable; Provide text alternatives for non-text content; Create content that can be presented in different ways, including by assistive technologies, without losing meaning; Make it easier for users to see content; ; - Operable; Make functionality available from a keyboard; Give users enough time to read and use content; Do not use content that causes seizures; Help users navigate and find content; ; - Understandable; Make text readable and understandable; Make content appear and operate in predictable ways; Help users avoid and correct mistakes; ; - Robust; Maximise compatibility with current and future user tools; ; We recognise that an accessible solution is often more usable for all users, not just for people with disabilities.
• API: Yes
• What users can and can't do using the API: There are several elements to our bespoke API deployments.; ; The first is the data we need from the student users and staff who are invited to use the BedDeskChair platform. We believe the best way of collecting this is through an API integration such as SAML. Our teams liaise with clients during onboarding to agree the most appropriate integration given their existing systems.; ; Each year our team will look to curate building profiles of the assets that make up the proposed portfolio for presentation on the BedDeskChair system. We would plan to receive this information either through liaising with the student accommodation team for a direct download or via an appropriate data link between our respective systems for a more seamless transfer. ; ; Finally, there is the data the University will want to take from our application to extract information back into their own systems to suit operational needs. This will be achieved through the creation of appropriate APIs for data streams back into the University's applications to close the feedback loop. We can work with the University to create any number of API end points that provide efficient access to the data held within a clients instance of BedDeskChair.
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: We offer clients the opportunity to run their own instance of the BedDeskChair platform.; ; The baseline product can then be customised either through the addition of modules that add enhanced functionality or through bespoke customisations by our development team to meet any specific requirements our clients have.; ; During an onboarding phase our team work with clients to setup their instance of the platform to work either on standalone basis or integrate where required with their existing systems or operations. ; ; The nature of our setup is that we can be entirely flexible to client requests for customisations to the baseline product.

Scaling

• Independence of resources: Our solution will automatically scale (autoscale) to handle spikes in traffic/usage. As requests increase, the servers will scale horizontally to meet the increased demand.; ; Once a certain percentile of requests are not served within a determined threshold, new servers are automatically deployed to handle the increased load on the system.

Analytics

• Service usage metrics: Yes
• Metrics types: BedDeskChair has a comprehensive My Reports dashboard. Clients can run reports across a number of modules, including My Students, My Buildings, the Library and Message Centre. As well as overview reports, detailed reports can be run at a per building level. ; ; Student profiles with comprehensive information on their booking status and account details are easily accessible.; ; Clients can monitor bookings and occupancy per academic year and on an individual property-by-property basis.; ; Monitor and record site traffic in real time, report on traffic volumes at different booking journey points, as well as also improving upon customer experience through site analytics.
• Reporting types:
  • Real-time dashboards
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Delegated client users can export student and admin data as a CSV download via the ‘My Students’ and ‘My Admin’ screens.; ; The My Reports dashboard provides the client with overview reports that can also be exported from our systems. ; ; We can also work with clients to create any number of API endpoints that provide efficient access to the data held within their instance of BedDeskChair. ; ; We would recommend the major domains follow the high-level navigation of the BedDeskChair site map.We can then create sub domains that produce data streams and further endpoints that might include contracts signed, outstanding payments etc.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: The BedDeskChair platform is presumed to be available 24 hours per day, 7 days a week, 365 days a year (except during properly notified maintenance and upgrade windows). ; ; • Bed Desk Chair can handle a high number of concurrent users during peak periods with no performance degradation.; • Normal Business Hours for BedDeskChair services and support will be Monday - Friday 08:00 - 18:00 GMT for all incident, request, and support services.; • Extended support coverage during likely peak periods of activity during the academic year or during upgrade activities. Such coverage will be established in advance based on need to ensure product services are highly available during university peak periods, for example August Confirmation and Clearing and annual accommodation booking opening dates.; • In the event of an unplanned outage to BedDeskChair then the Service shall be recovered as soon as possible and in any case before the end of the next working day (where a working day is defined 08:00 - 18:00 GMT Monday to Friday). Our recovery time objective (RTO) is 4 hours.; • We are happy to define bespoke refund commitments within our contractual agreement with clients for circumstances where the above commitments are not met.
• Approach to resilience: BedDeskChair has developed bespoke code to create its cloud application, which deployed through a PaaS provider to deploy efficiently, resiliently, securely and at scale. We harness existing infrastructure to provide on-tap computing power to quickly react to peaks and troughs in the levels of; user demand for our application.; ; Heroku, BedDeskChair’s PaaS provider, is a SalesForce product leveraging Amazon AWS hardware infrastructure. This architecture delivers key value benefits to clients in terms of trust, reliability and speed of deployment. Using this approach, BedDeskChair offers a highly focussed solution, backed by system resources, which deliver enterprise-level commitment to clients on the continued operation, stability and maintenance of BedDeskChair. More information on the resiliency of our systems is available on request.
• Outage reporting: Any outages are reported directly by email from the relevant account manager.; ; In the case of an outage, the platform is deployed across multiple data centres using current system images, and data is restored from backups. Heroku reviews platform issues to understand the root cause, impact to customers, and improve the platform and processes.; ; The BedDeskChair platform is presumed to be available 24 hours per day, 7 days a week, 365 days a year (except during properly notified maintenance and upgrade windows). In the event of an unplanned outage to BedDeskChair then the Service shall be recovered as soon as possible and in any case before the end of the next working day (where a working day is defined 08:00 - 18:00 GMT Monday to Friday).; ; BedDeskChair will supply appropriate reports on an annual basis reflecting the Disaster Recovery and Business Continuity tests as undertaken on an annual basis. This will be issued together with any actions recommended/taken to ensure the uninterrupted service delivery of the application.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Public key authentication (including by TLS client certificate)
  • Username or password
• Access restrictions in management interfaces and support channels: The solution shall utilise role-based access control (RBAC) to restrict system access to authorised users. Users are assigned role-based permissions which grants them access to only the system functions they need to perform their jobs. For example, some users are restricted from certain areas of the system or from modifying particular fields (CRUD Levels).
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: Less than 1 month
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Less than 1 month
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Our PaaS hosting partner (Heroku) provide the certification.
• ISO/IEC 27001 accreditation date: Our PaaS hosting partner (Heroku) maintain the certification.
• What the ISO/IEC 27001 doesn’t cover: Our PaaS hosting partner (Heroku) has developed their systems in accordance with ISO27001. Please follow the below links for confirmation of their security and compliance credentials: ; ; https://www.heroku.com/policy/security and; https://www.heroku.com/compliance; ; Heroku regularly performs audits and maintains PCI, HIPAA, ISO, and SOC compliance: https://www.heroku.com/compliance
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: Our PaaS hosting partner (Heroku) provide the certification.
• PCI DSS accreditation date: Maintained by Heroku.
• What the PCI DSS doesn’t cover: Our PaaS hosting partner (Heroku) has developed their systems in accordance with PSI. Please follow the below links for confirmation of their security and compliance credentials: https://www.heroku.com/policy/security and; https://www.heroku.com/compliance ; ; Heroku regularly performs audits and maintains PCI, HIPAA, ISO, and SOC compliance: https://www.heroku.com/compliance
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: BedDeskChair has Information Security Policy documentation.; ; BedDeskChair operates a risk-based approach to information security, continuously evaluating risks to the confidentiality, integrity, and availability of our client’s data. Our approach to information security is intended to align with the ISO27001 standard. ; ; The Information Security Policy shall be communicated to employees and relevant external parties; procedures for appropriate contacts with relevant authorities shall be in place and maintained; procedures for appropriate contacts with special interest groups or other specialist security forums and professional associations shall be in place and maintained accordingly. BedDeskChair will be required to adopt and adhere to this Information Security Policy. When a requirement cannot be adhered to, an Information Security Exception must be developed, defining alternate mitigating information security controls, and adopted by the Board to accept; and this policy must be reviewed and updated at least annually. ; ; The CTO will verify compliance to this policy through various methods, including but not limited to, periodic walkthroughs, business tool reports, internal and external audits, and feedback to the policy owner. ; ; Compliance with this Policy is mandatory, and depending on management’s evaluation of the circumstances, a violation of this policy can result in corrective or disciplinary action, as appropriate.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: In addition to our continuous in-house security testing, we subject our services to independent vulnerability and penetration tests before deployment with any client, and thereafter on an annual basis. ; ; BedDeskChair has adopted a SaaS Agile model to its security and software development cycle. The stages involved in our development model are; Requirement Gathering & Analysis, Design, Development & Testing, Evaluation & Further Testing, Deployment and Maintenance. Our approach is incremental and iterative. ; ; BedDeskChair adopts a PRINCE2 project management approach.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: In addition to our continuous in-house security testing, we subject our services to independent vulnerability and penetration tests before deployment with any client, and thereafter on an annual basis. Full penetration testing will be carried out by a third party and a report will be provided accordingly. Associated remediation activities will be logged, timelines set and subsequently managed. ; ; Penetration testing will take place prior to application deployment, annually and upon a new version release. ; ; Vulnerability testing will take place prior to application deployment, quarterly and upon a new version release.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Firewalls restrict access to systems from external networks. Our infrastructure provides DDoS mitigation techniques including TCP Syn cookies and connection rate limiting. Managed firewalls prevent IP, MAC, and ARP spoofing on the network and between virtual hosts ensure spoofing is not possible. Packet sniffing is prevented by infrastructure including the hypervisor which will not deliver traffic to an interface which it is not addressed to. ; ; Heroku utilises application isolation, operating system restrictions, and encrypted connections to further ensure risk is mitigated at all levels. ; ; Port scanning is prohibited and every instance is investigated by our infrastructure provider.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Client incidents will be reported through BedDeskChair either in person, email, or phone directly to the Account Manager. Students will be able to raise technical incidents within the application itself. ; ; BedDeskChair will prioritise incidents based on the following categories and incidents will be managed and resolved in the following time frames:; ; Critical: Response within 1 hour; resolved within 1 hour; High: Response within 4 hours; resolved within 4 hours; Medium: Response within 24 hours; resolved within 1 business day; Low: Response within 48 hours; resolved within 2 business days; ; Post incident reports will be provided by the Account Director.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  We have reviewed our ongoing activities at a company level and adopted methods to manage our environmental impact and achieve the principles of ISO14001. ; ; Energy Usage: controls in place to use lighting, heating and electrical equipment that are energy efficient and smart meter installation and use learning thermostats to help control usage. ; ; Energy Tariffs: seeking green energy tariffs and encouraging our home working team members to do the same. ; ; Recycling: actively encouraged throughout our organisation. Separate bins for different waste types, refill ink cartridges, provide cups and glasses for drinks and water filters to avoid use of plastic bottles. ; ; Travel: environmentally friendly travel measures is actively encouraged. ; ; Electric Charging: at our principal business address for staff usage. ; ; Home Working: promoted, and the digital nature of our product lends itself to significant remote working to cut down travel. ; ; Electronic Communication: encourage staff and consultants to use electronic communication where possible to reduce travel. ; ; Supplier Checks: check the sustainability credentials of any new suppliers. Plans to introduce a green procurement policy as the business grows. ; ; Building Credentials: work with clients to highlight the BREEAM credentials of individual buildings promoted to students through our application. ; ; Sustainable Transport: BedDeskChair incorporates a student notice board where we encourage the promotion of sustainable methods of transport.; ; Location Based Accommodation Selection: map-centric user interface enables students to easily select accommodation located close to relevant academic facilities, reducing need to travel. ; ; Paperless Organisation: Our application equals a paperless booking process. ; ; Cycling Promotion: help building operators promote cycling, can advertise the number and location of cycle spaces/stores within a building profile. ; ; Responsible Energy Usage: assist students in understanding what they can do to reduce their energy consumption.; ; The current system reflects the start-up size of our organisation. We therefore propose conducting a review of this policy every quarter.
• Equal opportunity:

  Equal opportunity

  It is BedDeskChair policy not to discriminate against its employees on the basis of their gender, sexual orientation, marital or civil partner status, gender reassignment, race, religion or belief, colour, nationality, ethnic or national origin, disability or age, pregnancy (together the “Protected Characteristics”) or trade union membership or the fact that they are a part-time worker or a fixed-term employee. ; ; The company is committed to ensuring that its employees and applicants for employment shall not be disadvantaged by any policies or conditions of service which cannot be justified as necessary for operational purposes. The company will appoint, train, develop, reward, and promote on the basis of merit and ability. ; ; All employees have personal responsibility for the practical application of the company’s Diversity and Equality Policy, which extends to the treatment of job applicants, employees, customers and visitors. Special responsibility for the practicable application of the company’s Diversity and Equality Policy falls upon managers, supervisors and HR personnel involved in the recruitment, selection, promotion and training of employees. ; ; The company’s grievance procedure is available to any employee who believes that they may have been unfairly discriminated against. An employee will not be victimised in any way for making such a complaint in good faith. Complaints of this nature will be dealt with seriously, in confidence and as soon as possible. ; ; The policy and procedure do not form part of any employee’s contract of employment, and it may be amended at any time. The company may also vary any parts of this procedure, including any time limits, as appropriate in any case.

Pricing

• Price: £3.25 to £5.25 a user a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at devneet@beddeskchair.com. Tell them what format you need. It will help if you say what assistive technology you use.