The Access Platform

The Access Platform

For global education providers who want to recruit more numerous and diverse students, The Access Platform enables student-led content and conversations online, providing a more personal and authentic experience to potential applicants, creating a sense of belonging before arriving on campus, whilst saving staff time and reducing risk.

Features

  • Chat enables prospects to have chat conversations with student ambassadors.
  • Content enables user-generated content generation directly from students.
  • FAQ helps create authentic, student answers to common questions
  • Analytics gives insight on what prospective students care about
  • CRM integration
  • Safeguarding features like automated keyword detection
  • Reporting and Student Ambassador Management Tools
  • Content Schedule for automated user-generated content creation.
  • Optional data collection fields from prospective students
  • Mobile app and website widgets.

Benefits

  • Content: Easy and automated user-generated content creation
  • Content: Fast one-click publishing to social media and websites
  • Content: Reduce risk with separate creation and publishing process
  • Chat: Safe and transparent peer-to-peer chat conversations
  • Chat: Free lead generation from social media and website.
  • Chat: Build relationships with prospective students globally.
  • FAQ: Easy editing and publishing tools to improve content.
  • FAQ: Easy written content generation from students
  • Mobile App: Collaborate with your student ambassadors from anywhere
  • Reporting: Easy and fast oversight and student ambassador management

Pricing

£4000 to £20000 per licence per year

Service documents

G-Cloud 11

168886018912960

The Access Platform

George Olesen

+44 (0) 20 3026 4663

hellotap@theaccessplatform.com

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints None.
System requirements
  • Access to any commonly used browser (Chrome, Safari, Firefox, etc)
  • IOS or Android phone.
  • Ability to embed an iframe widget on website.

User support

User support
Email or online ticketing support Email or online ticketing
Support response times During business hours, typically within 5 minutes.
On weekends, typically within 1 hour
During the hours between 10pm-7am GMT, typically within 9 hours as we don't currently have 24-hour support.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), 7 days a week
Web chat support Web chat
Web chat support availability 24 hours, 7 days a week
Web chat support accessibility standard WCAG 2.1 AA or EN 301 549
Web chat accessibility testing Our web chat is supported by Intercom. We've worked with a specialist company in order to comply with WCAG 2.1 AA.
Onsite support Onsite support
Support levels We provide account management and onboarding at no additional cost. Support is provided at both technical and non-technical levels.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started We do an onsite Implementation Session for UK customers.
We do an online Implementation Session for non-UK customers.
We provide online training resources and videos for different groups of users.
Service documentation Yes
Documentation formats HTML
End-of-contract data extraction We are a Data Processor, our customers are the Data Controller. Customers can extract their data at any time by downloading it from the dashboard or via an API integration.
End-of-contract process Our contracts have an annual licence model.
If a customer wishes to not renew, we ensure they are extracted all of their data from the service, removed any widgets on their website, communicated appropriately with stakeholders and then we delete all of their data from our system.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Our widgets (hosted on universities' websites) are responsive for mobile devices, including tablets. Separately, we have a mobil app for student ambassadors, but they engage with the service in a different way to admin users, who access the dashboard through a browser.
Service interface Yes
Description of service interface Mobile app for ambassadors.
Dashboard website for admin users.
Widget on university website for prospective students.
Accessibility standards WCAG 2.1 AA or EN 301 549
Accessibility testing We've worked with a 3rd party to test that our service is WCAG 2.1 AA compliant.
API Yes
What users can and can't do using the API We allow API integration to CRM for the automated transfer for user data.
API documentation Yes
API documentation formats Open API (also known as Swagger)
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Input branding preferences like a logo and colours. Further customisations are available using CSS overrides.

Scaling

Scaling
Independence of resources We use autoscaling website and application server clusters and CDN technologies to ensure our service scales automatically to cope with spikes in demand.

Analytics

Analytics
Service usage metrics Yes
Metrics types We report on all key metrics around service usage both at the aggregated level across the whole service and the individual Ambassador level.
Reporting types
  • Real-time dashboards
  • Regular reports

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance None

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least every 6 months
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach CSV or API integration to CRM.
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability 99.9% availability over the contract period.
If we are less than 99.5% available for 3 months in a row, a customer can terminate their contract.
Approach to resilience We use Amazon Web Services which is a highly reputable IaaS provider with a proven track record of availability.
We have certified AWS Solutions Architects in the team and expert advisors to ensure we architect our environment following appropriate best practices. We use PaaS services like the Elastic Load Balancer, Autoscaling, S3, SES etc to help us make our architecture resilient against single points of failure.
Outage reporting Email alerts are sent to customers in the event we experience downtime with a full incident report.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels All management interfaces require a username and password to authenticate. We place a minimum length and complexity requirements on passwords. Users must authenticate with our system in order to access support channels.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for Between 6 months and 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach We follow industry best practice for security include ISO27001. We have a strategic advisor specifically to help us with the security and health of our tech stack. We conduct quarterly penetration testing to ensure we don't introduce any new vulnerabilities as we enhance the service.
Information security policies and processes Our service incorporates 'privacy by design' principles. Only one developer has access to the production database, and all technical staff undergo data protection training. We have security sessions and 'refreshers' each quarter, and a personal at board level accountable for information security. We have a reporting process for infractions.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach We have a quality assurance process that includes both manual and automated testing and dedicated members of staff. All development work goes through this process, and is tested against a test plan that includes compliance with our own security and data protection policies in line with CCM and ISO27001. Our product management team monitors all parts of our platform through the five-stage lifecycle.
Vulnerability management type Supplier-defined controls
Vulnerability management approach We use monitoring tools such as New Relic and PM2 to assess the stability and security of our services around the clock. Security threats are triaged, with 'yellow' threats being patched within 24 hours and 'red' threats immediately. Our standard security release cycle is once per week.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach All traffic and requests are logged using New Relic and PM2 and we monitor for unusual activity. If a compromise is detected, the relevant system is disabled or limited immediately while investigation takes place. If our system has been compromise, we work on a patch immediately.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach We have a disaster management policy and a support policy that cover all incidents on the service. Users can report incidents via web chat, bug tracking tools, by email or on the phone. We give an initial report within one hour with a prognosis. We provide reports at least once every 24 hours during the response process. We write a full written report after the incident has been resolved.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £4000 to £20000 per licence per year
Discount for educational organisations No
Free trial available Yes
Description of free trial We can offer a free trial on a case by case basis where there are specific success criteria that are necessary as part of the procurement process.
Link to free trial Theaccessplatform.com (request a demo)

Service documents

pdf document: Pricing document pdf document: Service definition document pdf document: Terms and conditions
Service documents
Return to top ↑