The Access Platform

The Access Platform

For global education providers who want to recruit more numerous and diverse students, The Access Platform enables student-led content and conversations online, providing a more personal and authentic experience to potential applicants, creating a sense of belonging before arriving on campus, whilst saving staff time and reducing risk.


  • Chat enables prospects to have chat conversations with student ambassadors.
  • Content enables user-generated content generation directly from students.
  • FAQ helps create authentic, student answers to common questions
  • Analytics gives insight on what prospective students care about
  • CRM integration
  • Safeguarding features like automated keyword detection
  • Reporting and Student Ambassador Management Tools
  • Content Schedule for automated user-generated content creation.
  • Optional data collection fields from prospective students
  • Mobile app and website widgets.


  • Content: Easy and automated user-generated content creation
  • Content: Fast one-click publishing to social media and websites
  • Content: Reduce risk with separate creation and publishing process
  • Chat: Safe and transparent peer-to-peer chat conversations
  • Chat: Free lead generation from social media and website.
  • Chat: Build relationships with prospective students globally.
  • FAQ: Easy editing and publishing tools to improve content.
  • FAQ: Easy written content generation from students
  • Mobile App: Collaborate with your student ambassadors from anywhere
  • Reporting: Easy and fast oversight and student ambassador management


£4000 to £20000 per licence per year

Service documents


G-Cloud 11

Service ID

1 6 8 8 8 6 0 1 8 9 1 2 9 6 0


The Access Platform

George Olesen

+44 (0) 20 3026 4663

Service scope

Software add-on or extension
Cloud deployment model
Public cloud
Service constraints
System requirements
  • Access to any commonly used browser (Chrome, Safari, Firefox, etc)
  • IOS or Android phone.
  • Ability to embed an iframe widget on website.

User support

Email or online ticketing support
Email or online ticketing
Support response times
During business hours, typically within 5 minutes.
On weekends, typically within 1 hour
During the hours between 10pm-7am GMT, typically within 9 hours as we don't currently have 24-hour support.
User can manage status and priority of support tickets
Phone support
Phone support availability
9 to 5 (UK time), 7 days a week
Web chat support
Web chat
Web chat support availability
24 hours, 7 days a week
Web chat support accessibility standard
WCAG 2.1 AA or EN 301 549
Web chat accessibility testing
Our web chat is supported by Intercom. We've worked with a specialist company in order to comply with WCAG 2.1 AA.
Onsite support
Onsite support
Support levels
We provide account management and onboarding at no additional cost. Support is provided at both technical and non-technical levels.
Support available to third parties

Onboarding and offboarding

Getting started
We do an onsite Implementation Session for UK customers.
We do an online Implementation Session for non-UK customers.
We provide online training resources and videos for different groups of users.
Service documentation
Documentation formats
End-of-contract data extraction
We are a Data Processor, our customers are the Data Controller. Customers can extract their data at any time by downloading it from the dashboard or via an API integration.
End-of-contract process
Our contracts have an annual licence model.
If a customer wishes to not renew, we ensure they are extracted all of their data from the service, removed any widgets on their website, communicated appropriately with stakeholders and then we delete all of their data from our system.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
Our widgets (hosted on universities' websites) are responsive for mobile devices, including tablets. Separately, we have a mobil app for student ambassadors, but they engage with the service in a different way to admin users, who access the dashboard through a browser.
Service interface
Description of service interface
Mobile app for ambassadors.
Dashboard website for admin users.
Widget on university website for prospective students.
Accessibility standards
WCAG 2.1 AA or EN 301 549
Accessibility testing
We've worked with a 3rd party to test that our service is WCAG 2.1 AA compliant.
What users can and can't do using the API
We allow API integration to CRM for the automated transfer for user data.
API documentation
API documentation formats
Open API (also known as Swagger)
API sandbox or test environment
Customisation available
Description of customisation
Input branding preferences like a logo and colours. Further customisations are available using CSS overrides.


Independence of resources
We use autoscaling website and application server clusters and CDN technologies to ensure our service scales automatically to cope with spikes in demand.


Service usage metrics
Metrics types
We report on all key metrics around service usage both at the aggregated level across the whole service and the individual Ambassador level.
Reporting types
  • Real-time dashboards
  • Regular reports


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
CSV or API integration to CRM.
Data export formats
Data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
99.9% availability over the contract period.
If we are less than 99.5% available for 3 months in a row, a customer can terminate their contract.
Approach to resilience
We use Amazon Web Services which is a highly reputable IaaS provider with a proven track record of availability.
We have certified AWS Solutions Architects in the team and expert advisors to ensure we architect our environment following appropriate best practices. We use PaaS services like the Elastic Load Balancer, Autoscaling, S3, SES etc to help us make our architecture resilient against single points of failure.
Outage reporting
Email alerts are sent to customers in the event we experience downtime with a full incident report.

Identity and authentication

User authentication needed
User authentication
Username or password
Access restrictions in management interfaces and support channels
All management interfaces require a username and password to authenticate. We place a minimum length and complexity requirements on passwords. Users must authenticate with our system in order to access support channels.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
Between 6 months and 12 months

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance approach
We follow industry best practice for security include ISO27001. We have a strategic advisor specifically to help us with the security and health of our tech stack. We conduct quarterly penetration testing to ensure we don't introduce any new vulnerabilities as we enhance the service.
Information security policies and processes
Our service incorporates 'privacy by design' principles. Only one developer has access to the production database, and all technical staff undergo data protection training. We have security sessions and 'refreshers' each quarter, and a personal at board level accountable for information security. We have a reporting process for infractions.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
We have a quality assurance process that includes both manual and automated testing and dedicated members of staff. All development work goes through this process, and is tested against a test plan that includes compliance with our own security and data protection policies in line with CCM and ISO27001. Our product management team monitors all parts of our platform through the five-stage lifecycle.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
We use monitoring tools such as New Relic and PM2 to assess the stability and security of our services around the clock. Security threats are triaged, with 'yellow' threats being patched within 24 hours and 'red' threats immediately. Our standard security release cycle is once per week.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
All traffic and requests are logged using New Relic and PM2 and we monitor for unusual activity. If a compromise is detected, the relevant system is disabled or limited immediately while investigation takes place. If our system has been compromise, we work on a patch immediately.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
We have a disaster management policy and a support policy that cover all incidents on the service. Users can report incidents via web chat, bug tracking tools, by email or on the phone. We give an initial report within one hour with a prognosis. We provide reports at least once every 24 hours during the response process. We write a full written report after the incident has been resolved.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks


£4000 to £20000 per licence per year
Discount for educational organisations
Free trial available
Description of free trial
We can offer a free trial on a case by case basis where there are specific success criteria that are necessary as part of the procurement process.
Link to free trial (request a demo)

Service documents

Return to top ↑