Optus Homes

Tenant Self-Serve App

OptusApp is the powerful tenant self-serve solution designed by social landlords, for social landlords. A license service offering a turnkey solution accessed by landlords on demand and integrated solution in landlord's own branding. No need for long term binding contracts.

Features

• Secure API integration to landlords HMS & CRM
• Native app (iOS & Android) plus tenants web portal
• Repairs Reporting and visit scheduling
• Rent history and rent payment (Allpay, PayPoint, etc..)
• TSM & STAR surveys -- create and send
• ASB reporting with geo-location
• 2-way tenant/landlord messaging
• Community events and document access
• Azure hosted (UK) for security and scalability
• Development completed -- easy deployed

Benefits

• 24/7 tenant self-serve -- reducing costly phone calls
• 60% tenant uptake
• Easy tenant & group communications -- 2-way messaging
• Staged feature rollout to meet landlords needs
• Suitable for all landlords (very small to very large)
• All date in landlords control (GDPR compliant)
• New features added annually
• No develpment fees
• No additional fees for Support and Maintenance
• Try-Before-you-Buy with FoC trial.

£1.50 a user

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gerry@optus-homes.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

943367890401677

Contact

Gerry Kelly
07775816163
gerry@optus-homes.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: APIs and integration service provided so that OptusApp can be integrated to any existing HMS, CRM or repairs scheduling system. Already pre integrated with all major social housing payment gateway systems.
• Cloud deployment model: Public cloud
• Service constraints: No significant constraints. ; ; OptusApp has a policy of transparency and partnering. We will integrate with any existing systems that a landlord requires, whether cloud-base or traditional on-premises.
• System requirements: Any HMS or CRM system

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Our SLAs offer a response time of 30 minutes for any P1 issues
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Onsite support
• Support levels: OptusApp is a SaaS offering, and includes all Support and Maintenance at no additional cost to clients (fully inclusive). Support is provided via Freshdesk ticketing system and followed-up with personal phone calls or meetings as required. SLA are detailed in full in every contract.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We provide demonstration versions of our service, try-before-you-buy period, online training and full documentation sets. We also assist with data import where required.
• Service documentation: Yes
• Documentation formats:
  • PDF
  • Other
• Other documentation formats:
  • Postman for API
  • Any specific standard required by clients.
• End-of-contract data extraction: Throughout the contract, all data is retained by the client in their own existing IT environments. Any copies of personal data held by OptusApp is at the permission of the client, and is accessible by the client on demand (via API). If required OptusApp can assist a client in extracting any data.
• End-of-contract process: OptusApp does not charge any data ingress or data egress fees. ; ; All data is accessible by the client on demand (via API), and if requested OptusApp will assist a client in extracting any required data (no additional fees apoply).

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • MacOS
  • Windows
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: OptusApp offers a tenant self-serve solution with both a smartphone app and a web-browser interface. Both are alternative user-interfaces to a common backend -- ie same login credentials, etc...; ; We also offer a Landlords Console (web-based) to allow clients to manage or customise their tenant facing solution.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: Landlords Console which allows our clients (ie landlords) customise and manage their tenant facing app or portal. Some additional product features are also made available via the Landlords Console (survey engine, etc..).
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: Testing via existing and perspective clients (landlords) and their consumers.
• API: Yes
• What users can and can't do using the API: OptusApp offers users (ie clients) both a comprehensively documented API solution (Postman), and also, where required, a full API integration service. With our API, users can interface to our backend (MS Azure) and access all app/portal features.; We are also open to clients developing additional features for access via our API.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • Other
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Our service is customisable for individual clients. Much of the customisation can be done by clients themselves, and some customisation will be done by OptusApp. ; Customisation can include the selection or deselection of any app features, feature layout in the UI, role definition and assignment, data routing, service branding, etc...

Scaling

• Independence of resources: OptusApp uses a microservices architecture technology, hosted in Azure cloud (UK). Scalability is guaranteed.

Analytics

• Service usage metrics: Yes
• Metrics types: To be agreed with each individual client -- but would include uptime, consumer traffic volumes, feature usage, etc...
• Reporting types:
  • API access
  • Regular reports

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Physical access control, complying with CSA CCM v3.0
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Via API on demand.
• Data export formats:
  • CSV
  • Other
• Other data export formats: Other formats on request (eg ODF)
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: Private network or public sector network
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: A minimum of 99.9% up-time can be guaranteed subject to SLA contract. Service credits are also be part of contract, usually on a pro rata basis for downtime.
• Approach to resilience: Microservices architecture hosted in Azure cloud, but details available on request.
• Outage reporting: A combination of email alerts and API notifications. Additionally, personal calls to key contacts at Enterprise Edition clients.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Public key authentication (including by TLS client certificate)
  • Username or password
• Access restrictions in management interfaces and support channels: For Enterprise Edition clients, portal access and permissions are granted by a primary authorised user. Support requests can be by email or via API notifications. These are verified by response and also copying to the primary authorised user. Additional verifications (eg phone call or 2 factor authentication) can be implemented per client specific requests.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: GDPR central to our security governance and internal staff training.; Not yet fully certified, but working towards both ISO 27001 and Cybersecurity+ certification.
• Information security policies and processes: Security policies are overseen board level. We have appointed non-executive directors with specific responsibilities to guide the company on security issues, including an ex-IT director for large public & private sector landlords, and also an ex-Microsoft executive with strong industry credentials (see www.optus-homes.com/about). We are completing internal data security procedural manuals to encompass the following (all staff will be required to complete and update periodically): Access Management. Short Term & Long Term Storage of Personal Data Transmission of Personal Data Individual Security Responsibilities Procedures for Physical Security Laptops and Mobiles - Security Procedures · VPN Principles and Usage Personal Mobile Devices Data Security Concerning Projects & Application Development Environments. Reporting of Suspected Security Incidents Non- Disclosure Policies

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Product Management oversee our change management processes but with sign-off being required by a board member. We use Microsoft Gold Certified development partners and their input on potential security impacts is sought as part of the change management process. Client approval is also sought for changes to Enterprise Edition instances. Changes are tracked enabling rollback if required.
• Vulnerability management type: Undisclosed
• Vulnerability management approach: Threats are classified as "Critical" (patches applied urgently -- ie same day), or "Non-Critical" (available patches applied within 10 working days). Security notifications are received from our cloud hosting providers and directly from the OS.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Microsoft Azure monitoring tools and feedback from our Microsoft CSP hosting provider alert us to any potential compromises. If a compromise is confirmed (internal procedure), response processes will include a triage process to assess potential damage or exposure. Immediate escalation to board level mandatory with mitigation of further damage and ultimate rectification. Relevant clients and stakeholders are notified.
• Incident management type: Supplier-defined controls
• Incident management approach: A) Receipt of incident notification ; b) Immediate escalation to Board Level ; c) Initial assessment report ; d) Stakeholders containment and recovery call (internal management, Azure, CSP, development partners, etc..) ; e) Implementation of recovery ; f) Notification -- stakeholders and relevant clients (if not previously notified) by formal incident report. ; g) Notification of ICO if GDPR breach has occurred) h) Hypercare plan to test recovery implementation and prevent recurrence.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Tackling economic inequality

  Self-serve is an established route for lower income consumers to reduce time and costs when reporting repairs or ASB, accessing documentation or general communication with their landlord.

  Equal opportunity

  All consumers can access the full feature set of OptusApp via a smartphone app or web portal. There are no costs to consumers -- our clients are landlords and they offer the service free-of-charge to their tenants.

  Wellbeing

  The reassurance and confirmation that an issue has been reported (eg Antisocial Behaviour incident) brings a sense of achievement and wellbeing. Tenants get push notifications and reassurance of an audit trail when repairs such ad Damp & Mould have been reported. Also, where appropriate, tenants can real-time a schedule visit date to rectify the reported issue.

Pricing

• Price: £1.50 a user
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Unlimited usage and full feature set. Usually limited to 30 days free trial.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gerry@optus-homes.com. Tell them what format you need. It will help if you say what assistive technology you use.