Resource Booker empowers users to make and manage their own room and resource bookings. Rooms and resources are valuable assets and managing them effectively, with full booking rules and approval processes, across multiple sites is one of the biggest challenges faced by educational institutions and organisations today.
- Remote access from any device
- Permissions managed in Resource Booker or linked to Active Directory
- Comperehensive adminsitrator controls - determine who can book what, when
- Configurable approval process with customer defined booking rules / quotas
- Book room and multiple resources in a single booking request
- Responsive design ensures Resource Booker looks great on any device
- Configurable request, acceptance, rejection, cancellation email notifications
- Fast to deploy, scalable for insitutions of any size
- Includes API broker to provide room information to third parties
- Integration with the Scientia timetabling application - Syllabus Plus
- Enables stakeholders to quickly make bookings anytime, anywhere
- Encourages the best possible utilisation of costly rooms and resources
- Ensures a fair and equitable booking system for all
- Improves student and staff satisfcation
- Improves the overall student experience
- Email notifications keep users constantly informed on booking status
- Intuitive user interface is designed to enable use without training
- Empowers users to manage own bookings, reducing administrative burden
- Save time by intregrating with existing timetable data
- Ensure room data is transparent across the system landscape
£7700 to £15595 per instance per year
- Education pricing available
- Free trial available
|Software add-on or extension||Yes, but can also be used as a standalone service|
|What software services is the service an extension to||Scientia Syllabus Plus scheduling application|
|Cloud deployment model||Public cloud|
|Service constraints||The product can be used as a standalone booking tool by any institution but for those using Scientia's Syllabus Plus scheduling application, full integration is provided.|
|System requirements||Internet connection|
|Email or online ticketing support||Email or online ticketing|
|Support response times||Scientia has a detailed Service Level Agreement (SLA) with customers and provides 24 hour support from Monday to Friday. Our response times are less than 2 hours for Priority One issues and less than 6 / 8 hours for Priority 2 / 3 issues as defined in our SLA. Support at weekends is by arrangement with individual customers and costed depending on the requirement.|
|User can manage status and priority of support tickets||Yes|
|Online ticketing support accessibility||WCAG 2.0 A|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||Web chat|
|Web chat support availability||24 hours, 7 days a week|
|Web chat support accessibility standard||None or don’t know|
|How the web chat support is accessible||Web chat is accessible 24 hours a day 5 days a week, Monday to Friday, from the Scientia customer support portal.|
|Web chat accessibility testing||Scientia has as yet carried out no chat testing with assistive technology users - we use world leading Zendesk tool for providing customer service online and this is WCAG 2.0 compliant.|
|Onsite support||Yes, at extra cost|
Scientia has a support helpdesk service that provides first, second and third line customer support. We provide customers with a standard Service Level Agreement (SLA) with published response and resolution targets. Annual subscription pricing for software licensing includes full product and technical support as well as all software upgrades.
Where our standard SLA does not meet the requirements of any given customer, we can provide at additional cost a 'Premium Service' and this can include faster resolution times, dedicated support engineer etc. The Premium Service can be tailored to the customer's needs and therefore pricing is dependent on the specific requirement.
Our support team is located in Cambridge UK but thanks to our global locations in Asia and Australia, we are able to provide a 24 hour support service 5 days a week, which is available to all customers.
Scientia provides customers with a 'DevOps' team that includes technical engineers and support specialists but in general a customer will not be dedicated a specific team member. Rather, our customers have a dedicated Implementation Consultant and a Account Manager who will ensure all customer issues with regard to product, support, commercials etc. are dealt with and resolved satisfactorily.
|Support available to third parties||Yes|
Onboarding and offboarding
Scientia offers full configuration and set-up consultancy to ensure the solution meets the specific booking requirements of the customer.
Focused administrator training is provided during the implementation however we also offer half day sessions either remotely or online for additional staff training. As the product is so intuitive, institutions will normally save money by using their administrator to cascade training internally to other users.
Full user documentation is also provided.
|End-of-contract data extraction||On contract expiry, Scientia will ensure all customer data held in the application is returned in an agreed standard format but typically we also retain this data in a limited-function Microsoft Azure account for a 90 day retention period before permanent deletion of the data. This 90 day 'cooling off' period gives the customer the opportunity to review the decision to terminate or extend the contract however following the 90 days, the Azure account will be fully disabled including any backup copies.|
Three months before contract expiry, customers will be contacted to either renew the service or end the contract. In the event the contract is renewed, Scientia will agree a new contract offering that will include all Resource Booker software subscription licensing, telephone and web support services, all software upgrades and dedicated account management. Prices may only increase if for example the student population of the customer has risen significantly since the original contract.
If the contract is ended, Scientia will ensure all data is returned in the customer in an agreed format and we would request an exit meeting to understand any reasons for the decision. The customer will then be free to transition to an alternative service provider.
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||The Resource Booker cloud service is supported on both small screen (e.g. smartphone) and large screen (e.g. tablet and PC) devices. Scientia is committed to responsive web design as a core part of our development function, ensuring the best possible usability of our web technologies regardless of the device on which they are accessed. Our web delivered solutions contain web pages that detect the user's operating platform, screen size and orientation and change the layout accordingly for the device. Ultimately no functionality is lost between mobile and desktop.|
|Accessibility standards||WCAG 2.0 A|
|Accessibility testing||None to date.|
|What users can and can't do using the API||For interoperability with other applications across the University application eco-system, we support industry standards such as RESTful APIs, Web Services, JSON and XML among others. Our Resource Booker cloud application contains a fully documented API providing REST endpoints that can be used to read and/or create various data records e.g. to provide room availability data to external systems.|
|API documentation formats||Open API (also known as Swagger)|
|API sandbox or test environment||Yes|
|Description of customisation||
Resource Booker is a fully configurable solution and typically system configurations are applied by the Implementation Consultancy team during the initial roll out of the service following consultation with the customer.
This includes the use of a user-friendly URL and changing the content of welcome screens. Within the application, the customer can specify time and day ranges when bookings are acceptable (for example, 08:00 to 20:00, Monday to Friday).
Booking forms for particular rooms / resources can also be customised, so that relevant data can be captured for each particular type of booking.
Logos, fonts and colour schemes are also customisable, as well as the format and make-up of booking reference numbers within the system.
|Independence of resources||The Microsoft Azure platform on which we have chosen to deploy our Resource Booker service allows the application to benefit from the scalability of the critical resources and services it uses. Azure is designed to be scalable during periods of peak usage to ensure continued high performance. This gives us the ability to rapidly scale our applications in the cloud in response to changes in user demand. This means there is an automatic increase in processing power during instances when user traffic is exceptionally high ensuring that no end-users are inconvenienced despite the peak in demand for the service.|
|Service usage metrics||Yes|
|Metrics types||Scientia make available to customers monthly and annual service availability statistics.|
|Reporting types||Reports on request|
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||Up to Security Clearance (SC)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||European Economic Area (EEA)|
|User control over data storage and processing locations||No|
|Datacentre security standards||Managed by a third party|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider|
|Protecting data at rest||Encryption of all physical media|
|Data sanitisation process||Yes|
|Data sanitisation type||Deleted data can’t be directly accessed|
|Equipment disposal approach||Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001|
Data importing and exporting
|Data export approach||Data can be exported by users via CSV / Excel|
|Data export formats||CSV|
|Data import formats||Other|
|Other data import formats||Plug-in available to upload from Scientia's Syllabus Plus timetabling application|
|Data protection between buyer and supplier networks||Legacy SSL and TLS (under version 1.2)|
|Data protection within supplier network||Legacy SSL and TLS (under version 1.2)|
Availability and resilience
|Guaranteed availability||Our standard SLA offers a 99.9% target for service availability. At this time, our SLA does not include a service credit regime but that is currently under review. Should a customer wish to include a service credit regime in their SLA to compensate for missed service levels this can offered via a bespoke Premium Service offering.|
|Approach to resilience||We work with Microsoft to ensure resiliency and high availability strategies are in place to manage any temporary failure conditions. Our disaster recovery plans are focused on recovering from a catastrophic loss of application functionality for any particular reason. For example, if the primary Azure hosting centre becomes unavailable, a plan is triggered to run the Scientia application suite with full access to customer data in another EU hosting region. This infrastructure supports several disaster recovery scenarios, such as system-provided geo-replication of the cloud service to secondary regions.|
|Outage reporting||We will inform customers of outages via email alerts that can be automated from our support web service.|
Identity and authentication
|User authentication needed||Yes|
|Other user authentication||The application supports Authentication as a Service Enabler covering Active Directory and SAML 2.0, which is supported by both ADFS 2.0 and ADFS 3.0.|
|Access restrictions in management interfaces and support channels||
Resource Booker supports role-based authorisation, based on claims provided by the customer's identity provider. Specified users can be granted administrator rights otherwise users are granted rights to view information only and cannot amend or delete core room and resource information.
For booking purposes, administrators can create User Groups and add individuals to these groups or map to existing Active Directory groups. Bookings of rooms and resources can be restricted to specific user groups, with a library rules available to give finer control.
Only a strictly limited number of Scientia employees have responsible for ongoing application support within the Azure infrastructure.
|Access restriction testing frequency||At least once a year|
|Management access authentication||
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||At least 12 months|
|Access to supplier activity audit information||No audit information available|
|How long system logs are stored for||Between 1 month and 6 months|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||NQA|
|ISO/IEC 27001 accreditation date||3/5/2018|
|What the ISO/IEC 27001 doesn’t cover||We have full ISO 27001 certification covering the Information Security Management System of the Scientia business and is applicable to the design and supply of our software applications with associated consultancy and training.|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||No|
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||ISO/IEC 27001|
|Information security policies and processes||
Scientia has an Information Security policy that is made available to all staff and is covered with all new employees during induction. Our policy covers physical access to premises and equipment, access to IT networks, password policies, secure checking of new employees.
Our policy commits to protecting data from loss, destruction, falsification, unauthorised access and unauthorised release, in accordance with legislatory, regulatory, contractual and business requirements.
Scientia has a full set of procedures in place to detect, report and investigate on any personal data breach. Where any breach might result in a risk to the rights of any individual(s), Scientia will notify the customer with details of the data that has been compromised, how the breach occurred and how such a security failure is being addressed both from a technical and procedural aspect. The process will be manageed by our dedicated Data Protection Officer, who will perform a full analysis of the facts and assess the situation to determine the nature and scope of the incident. Where the breach requires further action, this will be escalated to Board level.
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||
Scientia follows ITIL guidance for change management and we apply our process to software upgrades throughout the product life-cycle, typically adhering to the following procedure:
- Request for change is submitted - impact, risks (operational and security) and benefits of change considered by Product Management.
- If accepted, formal planning for the change introduction takes place.
- An internal change owner or sponsor is appointed, working with stakeholders to ensure full scope of change is delivered.
- The change goes through comprehensive testing programme.
- The change is delivered into preview environments before deployment in Live. Release notes are updated.
|Vulnerability management type||Undisclosed|
|Vulnerability management approach||
Scientia's DevOps team, working closely with our hosting partners Microsoft and independent CREST approved penetration testing companies ensure that Scientia has a vulnerability management process to help quickly detect and remediate vulnerabilities.
Whereas Microsoft performs vulnerability scans on the application and databases in the Azure environment, Scientia is responsible for all scanning, penetration testing and intrusion detection for our Cloud service applications.
DevOps teams analyse identified vulnerabilities, determine associated risks and prioritise remediation plans including patching where appropriate. Patches are deployed in line with SLAs depending on the urgency of the threat and can be same-day for critical level incidents.
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||
Scientia's hosting partners Microsoft provide the Azure Cloud infrastructure that is resilient to attack, safeguards user access and keeps data stored in our applications secure through encrypted communications, threat management and mitigation practices.
Unauthorised traffic to Microsoft datacentres is blocked using various of technologies. Azure offers Microsoft Anti-malware, intrusion detection, denial-of-service (DDoS) attack prevention, and regular penetration testing to mitigate threats to the Scientia Cloud platform.
We deploy tools enabling analysis of system availability, performance, failures, and usage to make informed security considerations throughout the development cycle. Compromises are flagged instantly and measures designed and implemented to neutralise identified threats.
|Incident management type||Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402|
|Incident management approach||
Scientia is ISO:27001 compliant - our approach to incident management is in line with this standard.
Incidents are reported via telephone or email to our helpdesk. These are investigated by technical engineers with our data protection officer who perform a preliminary analysis of the incident and extent of the potential breach.
Compromised data is identified and individuals affected informed. The source of compromise is investigated and measures taken to control the incident, preventing further unauthorized access to or use of personal information.
Scientia provide the customer with a summary report of findings and steps taken to mitigate the situation recurring.
|Approach to secure software development best practice||Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)|
Public sector networks
|Connection to public sector networks||No|
|Price||£7700 to £15595 per instance per year|
|Discount for educational organisations||Yes|
|Free trial available||Yes|
|Description of free trial||
Scientia can provide trial options for our Cloud service application that will include the full suite of functionality, using test anonymised data.
This is usually provided cost-free and time limited on a customer by customer basis.
|Pricing document||View uploaded document|
|Service definition document||View uploaded document|
|Terms and conditions document||View uploaded document|