Hallpad Ltd

Hallpad Accommodation Management

Hallpad makes life easier for accommodation providers, offering either an allocation or self-selection model for student or similar accommodation. You can manage complex student eligibility criteria, securely collect deposits and other payments, and deliver fast turnaround times in easy to operate software that is intuitive for all users

Features

• Online application form or self-selection of accommodation
• Drag and Drop Allocation Process
• Student can accept Terms online and make Deposit Payments
• Communicate with students in bulk or individually via email/SMS
• Full history of interactions with each student
• Full set of real-time management reports
• Room swaps and transfers
• Optionally integrate with your student records and finance systems
• Optional modules for inventory, maintenance, induction, incidents, group bookings

Benefits

• Application form configured to match your requirements and branding
• No need for student to enter details you already have
• Quickly monitor the progress of all students through your process
• Easy allocation, or optionally automated allocation of students to rooms
• Flexibility to create multiple room and lease types
• Issue leases online to the student and collect deposits
• Graphical overview of your accommodation to identify vacancies
• Automatically remind students to respond to offers, pay deposits etc.
• Report on all aspects of the application/allocation/payment process
• No per user or per room pricing

£11,000 to £26,000 an instance a year

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at brian@hallpad.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

970605205337036

Contact

Brian Horisk
01334303401
brian@hallpad.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: None
• System requirements: Web browser - Chrome, Safari, Firefox or Edge

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Online ticketing support is provided Monday-Friday during UK business hours, excluding bank holidays.; ; Out-of-hours support is available at additional cost.; ; Response time varies according to the priority of the issue.; ; P1 - System completely non operational: 1 Hour; P2 - Partial system failure severely affecting customer; operations: 4 Hours; P3 - System Operational with minor difficulty or procedural issues: 24 hours; P4 - Scheduled services, preventative maintenance, customisation including billable system configuration changes: 1 Week
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: We provide the client with full contact details for their technical account manager at the start of each project. This approach allows us to flexibly adapt our work practices to deliver consistent levels of service to customers. ; Post go-live we will schedule regular catch-up meetings (initially weekly, then monthly) with the project team to address any issues arising, potential improvements and new features.; As part of ongoing support we will agree a Service Level Agreement which outlines response times and service levels. ; We maintain our own client facing ticketing system which will allow the client to record and report issues 24/7/365. Once reported all tickets are classified in line with the SLA and then allocated to a developer. Support tickets are monitored from initial creation through to testing, approval and deployment. Each admin user is provided with login details to our system, allowing them to monitor and read on-screen summaries and progress reports. Reports can be generated by authorised persons at any time.; UK business hours support is included in the annual cost. Out-of-hours support can be provided at additional cost.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: To help users start using our service, we provide:; - excel templates for bulk upload of site and room configuration; - lease templates and room allocations; - onsite or remote training for key admin users; - documentation for key processes.; ; A technical account manager will work with the client to configure the service according to the needs of their application process, preferred payment provider and any interfaces with student records or finance systems.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Hallpad can provide a full export of user data in the users preferred format - usually CSV or Excel.
• End-of-contract process: There are no additional end-of-contract costs.; ; Export of user data at the end of the contract is included in the normal annual cost.; ; Data held on Hallpad's cloud will be deleted at an agreed point after the end of the contract - usually 30 days.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The student portal is designed to work responsively on mobile devices - there is no difference in functionality for these devices.; ; Most of the admin portal will also behave responsively on mobile devices, although some data-heavy tables are best used on a desktop/laptop.
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: No
• Customisation available: Yes
• Description of customisation: The student portal design can be customised to suit your branding, and the application form and application process can be customised to suit your application workflow.; ; Customisation will be performed by Hallpad during the configuration process.; ; Once the system is set up, an admin user can control ; - the text content of the student portal e.g. instructions and explanatory text; - options in the application form; - lease templates, site and room configuration, email templates etc

Scaling

• Independence of resources: Each installation is single-tenant for the customer, so that no other users will be using the same resources.

Analytics

• Service usage metrics: Yes
• Metrics types: Metrics on the students using the process are supplied via standard reports that can be run at any time by an admin.; ; We can also provide reports on admin usage and service uptime on request.
• Reporting types:
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: All Hallpad reports are exportable to Excel or CSV format.; ; Our optional custom reporter module allows for export of all user-accessible fields.
• Data export formats:
  • CSV
  • Other
• Other data export formats: Excel
• Data import formats:
  • CSV
  • Other
• Other data import formats: Excel

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Our SLA for availability is 99.9%, excluding scheduled downtime agreed between the Hallpad and the customer.; ; We will consider credits if this guarantee is not met, but have not yet needed to offer these to any customer.
• Approach to resilience: Depends on hosting infrastructure chosen - Available on request
• Outage reporting: Service availability is monitored by our team with automated alerts to them for any issues.; ; If these issues are likely to affect a customer, they will be contacted by email.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: Management interface access is provided only to nominated users, who authenticate using a unique username and strong randomly generated password. We can restrict by IP where possible and provide MFA for all or only more privileged accounts. ; ; Support is available to named individuals only.; ; User accounts in our support system are regularly reviewed.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: Although we have not been through the certification process, we are working to ensure that our processes and systems for security governance are in line with the ISO27001 standard.
• Information security policies and processes: A comprehensive risk assessments is maintained before and during each project. This process allows us to identify, manage and mitigate any risks and/or potential future risks to the service. Risk specific information is then collated into a project specific register which sets out clear actions and persons responsible for the management of each risk.; ; Our policies include: Information risk management; secure configuration, network security, management of user privileges, user education and awareness, incident management, malware protection, monitoring and automated scanning.; ; Information security is part of our overall business continuity practices. A named Director is responsible for confirming that security policies and processes are updated and followed every 6 months. All incidents must be reported to this director.; ; All staff are trained on our business continuity policies, procedures and cyber defences at induction. Our staff handbook has specific sections on data protection. They are also provided with refresher training on a yearly basis and informed whenever there are changes to our practices. ; Our developers have specific training on developing secure applications.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Initial configuration follows a strict process defined by our set-up guide.; ; Potential functionality or configuration changes must be agreed by Hallpad and the customer. Our developers have specific training on developing secure applications and must assess each change for security impact. All code changes are checked by a second developer and go through QA testing.; ; These are deployed to a staging server for sign-off by the customer before deployment at an agreed time.; ; The actual system code is held in a secure private git repository so that changes can be tracked through the lifetime of the code.
• Vulnerability management type: Undisclosed
• Vulnerability management approach: We subscribe to CISA and vendor email alerts and monitor slack and other channels for specific software that we use to be aware of potential threats.; We use a third-party service for weekly scanning to ensure servers are patched and securely configured.; Potential threats would usually be assessed on their CVE severity - critical threats will be patched on staging servers within 7 days and production servers within 14 days; High within 30 days, and Medium or Low within 90 days.
• Protective monitoring type: Undisclosed
• Protective monitoring approach: We use monitoring to identify any anomalies in usage - high traffic, CPU usage etc, and have alerts to a Slack channel for errors caused by e.g. SQL injection attempts.; Repeated login failures lead to accounts being blocked.; If there is a potential compromise we can do an immediate rollback of code to a known good version or compare the code with the repository.; ; Support team will respond within SLA time-frames as a minimum, but for potential compromises will respond on a best endeavours basis outside normal support hours.
• Incident management type: Supplier-defined controls
• Incident management approach: Users should report incidents via their normal support channels - online issue tracker, phone or email.; Issues will be assessed by the first responder, prioritised according to severity and dealt with in line with our SLA.; For high priority incidents, the customer will be supplied with an Incident Response by email from a senior member of staff during and after the incident.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  To reduce our own environmental impact, we; • Use remote working/working from home wherever possible to keep travel to a minimum. We did this even before the pandemic, but have now closed our office and are a fully remote business, except for monthly in-person meet-ups. This has removed the need for three staff to commute.; • Where travel is required, travel by rail rather than car or air where possible. We deliberately chose an office near a train station.; • In cities, we use cycle hire facilities where available to get around; • Purchasing environmentally friendly materials when appropriate e.g. recycled paper, re-usable toner cartridges; • Reducing Energy Usage by increased Energy Efficiency in all new hardware purchases; • Using raw materials in a manner that reduces waste - Keep printing of documents to a minimum; Use electronic communication where possible; ; Our development team has recently completed a tree-planting day, planting more than 250 native saplings on a piece of land near our former office in Cupar. As they grow, these trees will not only offset some of our carbon impact, but will also add 200m to to the length of a wildlife corridor in between arable land.; ; We have recently worked as suppliers on two projects which are significantly helping Scotland meet its climate targets.; - For Scottish Procurement, we worked with sustainability experts to deliver the Sustainable Procurement Tools platform. ; - For Crown Estate Scotland, we developed the ScotWind Evaluation Platform, to score the Scotwind bids to lease areas of Scotland’s seabed for wind farms. This secure online platform enabled rigorous bid review by globally-spread teams and scores bids based on project concept, delivery plans, capability and experience and financial strength.

Pricing

• Price: £11,000 to £26,000 an instance a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at brian@hallpad.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.