CrowdControlHQ Social Media Management

A scalable social media management software designed for public sector teams that is backed up by outstanding UK-based service and support. CrowdControlHQ helps you to deliver exceptional social customer service and community engagement from both desktop and mobile.


  • Publish content across multiple social networks
  • Individual user logins and full audit trails for activity
  • Automated team forwarding and structured workflows
  • Social media listening
  • Social media crisis communication tools
  • Automated social media policy enforcement
  • Configurable email alerts and notifications
  • Tiered user access to permissions and social media accounts
  • Access securely on both desktop and mobile devices
  • Comprehensive social media reporting and analytics


  • Create efficiencies by posting across multiple accounts simultaneously
  • Easily coordinate activity using intuitive social media planning tools
  • Monitor all customer enquiries in a single social media stream
  • Collaborate on customer care by seeing a complete user history
  • Work smarter by using automated alerts and intelligent workflows
  • Access a complete view of your content publishing calendar
  • Listen to social conversations for brand, service or specific keywords
  • User access is secure via both desktop and mobile devices
  • On-going account management to ensure project success
  • On-site training and e-learning for swift user onboarding


£10 to £50 per user per month

  • Free trial available

Service documents


G-Cloud 11

Service ID

1 8 9 8 7 8 2 4 8 2 8 8 9 5 1



James Leavesley

0845 686 5044

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints Requires an internet connection and can be used with the following browsers Internet Explorer 11, Microsoft Edge, Firefox, Chrome, Safari, Opera
System requirements
  • Active internet connection
  • Internet Explorer 11, Microsoft Edge, Firefox, Chrome, Safari, Opera

User support

User support
Email or online ticketing support Email or online ticketing
Support response times The Helpdesk operates 9-6 Monday to Friday with out of hours support available.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support Web chat
Web chat support availability 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard None or don’t know
How the web chat support is accessible The Webchat service is available is through our software and also available on our public facing website.
Web chat accessibility testing None
Onsite support Yes, at extra cost
Support levels CrowdControlHQ Users and Administrators receive the highest-levels technical support. All issues are submitted through our online ticketing system. Administrators will have access to a dedicated Account Manager should they require phone support, which is included in the set up and on-going licence fees.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started We take the set up and on-boarding of clients extremely seriously. Working with the project owners we ensure that the CrowdControlHQ software will work to support the organisation's current processes. The project owners receive personal online training in a train the trainer format. All users can access the e-learning materials as well as the user documentation at any stage.
Service documentation Yes
Documentation formats
  • PDF
  • Other
Other documentation formats
  • Freshdesk Help Service
  • PDF Guides
  • Video tutorials
  • E-learning suite
End-of-contract data extraction Data specific to the organisation can, on request, be extracted to DVD as unencrypted CSV plain text
End-of-contract process On request at the termination of a contract we will remove all direct messages, non public data and contact details within a twenty eight day period. If no request is made then this data may be retained for up to two years in case of recommencement of the service. After the two year period data that is specific to the organisation and not in the public domain will be permanently deleted.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The core engagement and social media publishing features are deployed to mobile devices.
Service interface No
What users can and can't do using the API Get in touch to discuss specific tailored requirements
API documentation No
API sandbox or test environment No
Customisation available Yes
Description of customisation Easy to configure team settings and user permissions that can align exactly with your organisational structure. This will be done at the start of the project with your Client Success Manager and can be amended at any time by your organisation's administrators with help and support from our Client Success Team.


Independence of resources The CrowdControlHQ Social Media Management Platform is hosted by Rackspace in the UK. Rackspace is known as one of the premier hosting providers in the world. Rackspace is used because it can not only provide security controls but enable rapid horizontal scaling to ensure the service levels are met and the user experience is seamless.


Service usage metrics Yes
Metrics types Login, authentication, signups and logouts
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest Physical access control, complying with another standard
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach CSV and PDF on demand
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability We guarantee 99% availability excluding planned downtime.
Approach to resilience CrowdControlHQ working with its hosting providers has processes in place to provide for backup, offsite storage, restoration, and disaster recovery to ensure system availability and underpinned by our security policies.
Outage reporting Reported through Email alerts and in software messages.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels CrowdControlHQ maintain dedicated devices within a segregated network for service management. Remote access to these devices requires two factor authentication and can only be achieved by a restricted list of users from a specific IP address range. Local hosts used to connect also have up to date virus guard software installed to prevent sessions being hijacked and are behind both a corporate and local firewall.
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 Approachable Certification
ISO/IEC 27001 accreditation date 08/10/2019
What the ISO/IEC 27001 doesn’t cover N/A
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach CrowdControlHQ is currently undergoing ISO 27001 certification.
Information security policies and processes The suite of Information Security Policies (including The Access Control Policy, Information Governance Policy, etc.) are introduced during employee induction. Actions in line with these policies must be signed off by line managers and are overseen by a Board level representative. Employees receive relevant training and are assessed annually.

CrowdControlHQ is currently undergoing ISO27001 certification.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Changes are reviewed in a non-production environment by static analysis of code changes, automated functional, non-functional and manual exploratory testing. Changes are then deployed to a secure staging area.
Vulnerability scans undertaken and if necessary remedial action taken.
When all criteria have been met the documented changes are reviewed and signed off. The changes being made, results of testing, the roll-back plan, who carried out the testing and who managed the go-live are all recorded.
The changes are deployed to live and a final round of manual and automated tests are carried out and vulnerability scans are performed.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Vulnerability scans are undertaken using Qualys SSLLabs whenever a software update is released (on average every eight days).
High impact vulnerabilities are assessed and addressed as soon as practically possible, and always within five days.
Vulnerabilities which are discovered that have been rated as of medium criticality are addressed as part of the ongoing security maintenance of the system, this can take up to 14 days. Unmitigated vulnerabilities are recorded and tracked and if not addressed within the timeframe they are reviewed and reprioritised. Low impact vulnerabilities are assessed and addressed as part of ongoing maintenance, typically within 90 days.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Access logs and audit data are retained and examined regularly and actions taken based on findings as appropriate.
Brute Force attacks are mitigated in a number of ways, both within the software and through other systems and frameworks, including fail2ban and by blacklisting malicious IPs.
Live system monitoring is employed which alerts assigned team members to problems 24 hours a day, 365 days a year based on a rota through push notifications and email.
Our hosting provider monitor and mitigate DDoS attacks.
Incident management type Supplier-defined controls
Incident management approach Upon discovery of any potential compromises of environment or data CrowdControlHQ follow a defined Security Incident Management process which covers the responsibilities of the Incident Management Team, the identification of an Incident, the assessment and classification of an incident, responses, closure and review.
Users can report incidents through the support channels and incident reports are provided through email and telephone updates.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No


Price £10 to £50 per user per month
Discount for educational organisations No
Free trial available Yes
Description of free trial Full access to the software for a single user for a 2 week period

Service documents

Return to top ↑