OpenPlay provides an online booking system and management system for sports and community venues and activities. These includes facilities such as sports halls, rooms, football pitches and general space as well as activities such as holiday camps, classes and courses.


  • Online Booking
  • EPOS
  • Real-time reporting
  • CRM
  • Email Marketing
  • Payment Gateway
  • Community management
  • Automated marketing


  • Increase revenue through automatic promotion of availability
  • Reduce administration costs and telephone calls
  • Build a local community
  • Improved user experience and engagement
  • Better reporting and analytics


£49 per licence per month

  • Education pricing available
  • Free trial available

Service documents

G-Cloud 9



Sam Parton

0203 816 0404

Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to Xero (accounting)
Oracle and Microsoft Dynamics (ERPs)
Cloud deployment model Public cloud
Service constraints None
System requirements
  • Computers or tablets with access to internet
  • Licence for our software (annual)

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Within 24 hours during week, next working day on weekends
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Our support is either email or telephone based depending on the package our clients have bought. Telephone support (9am to 6pm Mon-Fri) is available for clients on our gold or diamond packages). Email support is available for other clients. We are responsive with support and aim to always get back to customers within 24 hours.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started Documentation and video tutorials. Onsite training is included initially and charged thereafter. We also do webinars and screen share calls for training.
Service documentation Yes
Documentation formats
  • PDF
  • Other
Other documentation formats Video Tutorials
End-of-contract data extraction Via csv
End-of-contract process We handover all bookings and customer data to the clients via csv and migrate data or purge data from our system at our clients request

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10+
  • Firefox
  • Chrome
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service More condensed view but we also have two standalone mobile apps to help our users and clients.
Accessibility standards WCAG 2.0 AAA
Accessibility testing N/A
What users can and can't do using the API They can create their own front-end system using our API and call out any data e.g. venues, activities. Users can make, amend and cancel bookings through our API and make standalone mobile applications
API documentation Yes
API documentation formats PDF
API sandbox or test environment Yes
Customisation available Yes
Description of customisation We can fully white-label our whole platform and booking system to high-ticket clients. Widgets and booking calendars can also be customised (for free) as well as email notifications and templates (additional cost)


Independence of resources We have load balancing on our servers (AWS) and scale up our server power as we need to. We have increase the size of our time as our revenue increases.


Service usage metrics Yes
Metrics types Fully reporting dashboard with other 20 reports including:
Number of users
Most active users
Sales by staff
Usage rates by resource
Attendance rates by activities
Sales by day
Online vs offline booking ratios
Customer demographics breakdowns
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Reseller providing extra features and support
Organisation whose services are being resold Stripe (payment gateway)

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance None

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • European Economic Area (EEA)
  • Other locations
User control over data storage and processing locations No
Datacentre security standards Managed by a third party
Penetration testing frequency At least every 6 months
Penetration testing approach In-house
Protecting data at rest Physical access control, complying with CSA CCM v3.0
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach Via csv downloads or pdf
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks Private network or public sector network
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability 99% uptime SLA
Approach to resilience We host our data through Amazon Web Services (AWS) with data backed up in two other locations around the world.
Outage reporting Email alerts

Identity and authentication

Identity and authentication
User authentication needed No
Access restrictions in management interfaces and support channels It depends on the country, but we do integrate with external checks such as Captcha and telephone number checking servers (e.g. Twilio)
Access restriction testing frequency At least every 6 months
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information You control when users can access audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information You control when users can access audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 ISO Certified under ZA012553
ISO/IEC 27001 accreditation date July 2016
What the ISO/IEC 27001 doesn’t cover N/A
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification Yes
Who accredited the PCI DSS certification Through our payment gateway (
PCI DSS accreditation date Now
What the PCI DSS doesn’t cover It's level 1 so covers everything
Other security accreditations No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation Yes
Security governance standards ISO/IEC 27001
Information security policies and processes We are ISO registered and on top of the suite of security processes through AWS we take additional protection through Cloudflare which includes DDOS. All data is encrypted on our servers (such as passwords).

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach This depends on the particular client. If they migrate data from an existing booking system, we upload the relevant data vis csv (bookings, customers etc) and purge any such records in csv files. This process is done instantly.
Vulnerability management type Supplier-defined controls
Vulnerability management approach We pay for additional security software (Cloudflare) to monitor and prevent external attacks including DDOS. We also use AWS and their various security tools.
Protective monitoring type Supplier-defined controls
Protective monitoring approach We have a spambot on our service which can deduct user sign ups from overseas and automatically ban foreign countries. We are instantly alerted to any system errors or security issues via text message and have the ability to respond instantly in the event of any such instances.
Incident management type Undisclosed
Incident management approach Users report instances via email or telephone and our system automatically notifies us of any unusual activity via text message and email

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No


Price £49 per licence per month
Discount for educational organisations Yes
Free trial available Yes
Description of free trial Usually one month's free trial including everything


Pricing document View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑