Merkle

AWS CRM SAAS

A SAAS product offers our clients a pre-configured AWS cloud hosted CRM platform that can be used to integrate their customer data and associated transactional history for marketing use.

Features

  • System Integration
  • Process Automation
  • Decisioning
  • Cloud Based
  • Customer Data Management
  • Campaign Management
  • Applications Management

Benefits

  • Fast Start
  • Cloud Based
  • Scalable
  • Standardised Configuration
  • Performance

Pricing

£175,000 a unit

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at dspencer@merkleinc.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

1 9 4 6 8 6 3 9 1 3 3 1 6 9 7

Contact

Merkle David Spencer
Telephone: +44 (0) 7929 650815
Email: dspencer@merkleinc.com

Service scope

Software add-on or extension
Yes
What software services is the service an extension to
CRM Applications, Reporting software and Source Data Systems/Interfaces as required.
Cloud deployment model
Private cloud
Service constraints
Patching and upgrade maintenance windows are required at agreed points in the service
System requirements
  • Browser
  • VPN

User support

Email or online ticketing support
Yes, at extra cost
Support response times
We categorise tickets as P1, 2, 3 or 4 which impact response times from 1 hour to 1 day.

Response times are different at weekends.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
We provide email based support 9 to 5 (UK time) Monday to Friday via a helpdesk team.

The cost of support is based on the level of support required, estimated number of tickets and underpinned by a set of SLAs.
Support available to third parties
No

Onboarding and offboarding

Getting started
We provide flexible training based on customer need and location.

This could be onsite or remote and documentation is provided as appropriate as part of delivered training.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
The secure transfer method would be outlined within the call-off contract as appropriate to our end client needs as part of a documented exit strategy, then deleted by Merkle once transfer is confirmed as complete.
End-of-contract process
Merkle would switch off service and ensure deletion of any PII previously held within the service unless otherwise directed through the client call-off contract terms and exist plan

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
Application to install
No
Designed for use on mobile devices
No
Service interface
No
API
Yes
What users can and can't do using the API
Users can connect to inbuilt APIs to access CRM system capabilities installed on the platform such as Loyalty platform points management, customer preference updates and marketing and service communication triggers.

These APIs will be configured and tailored based on the installed applications and interfaces needing to connect the provided services too.
API documentation
Yes
API documentation formats
Open API (also known as Swagger)
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
Our services can be customised in terms of CRM software installs that can be facilitated and in terms of interfaces our service can connect too.

These customisations would need to be performed by Merkle as the services provider and quoted on request.

Scaling

Independence of resources
Merkle put scalability measures in place as part of platform sizing and deployment. We also typically put in place a queue system to manage workload and data distribution.

Analytics

Service usage metrics
Yes
Metrics types
KPIs as outlined within call off contract as required and in line with any SLAs therein to demonstrate service usage and performance.
Reporting types
  • Regular reports
  • Reports on request

Resellers

Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
Amazon Web Services (AWS)

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
None

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
No
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
At least once a year
Penetration testing approach
In-house
Protecting data at rest
Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
They can not directly for security purposes as often contains PII information. We would manage secure transfer on request to client authorised users.
Data export formats
CSV
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
Other
Other protection between networks
Private Network
VPC Peering
Data protection within supplier network
IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
Agreed with buyer depending on need and terms included within call-off contract SLAs, with any financial penalties or liabilities to be agreed in advance as part of contracting.
Approach to resilience
As a reseller resilience is largely managed through being a Cloud based service procured through Amazon Web Services, so following their associated processes for ensuring resilience which is industry standard.
Outage reporting
Email Alerts

Identity and authentication

User authentication needed
Yes
User authentication
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
To access to our services they have to VPC connect to our system. Once connected, they have to use user credentials to access to the different parts of the solution.
Access restriction testing frequency
Less than once a year
Management access authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
You control when users can access audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
You control when users can access audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
BM Trada
ISO/IEC 27001 accreditation date
31st January 2020
What the ISO/IEC 27001 doesn’t cover
Merkle company entities operating outside of UK and Spain (which is covered by different accreditations and certifications available to evidence on request where relevant)
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
As part of Merkle's ISO 27002 accreditation, these standards are embedded and assessed periodically by an independent body as part of maintaining our accreditation. We have specific roles within our organisation whose responsibility it is to maintain and embed these standard via training and regular internal reporting/spot checks.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Our service platforms fall under a standard set of IT protocols we operate under inclusive of a formal, documented change management process to assess any system level changes for both security and performance impacts.
Vulnerability management type
Undisclosed
Vulnerability management approach
Our service platforms fall under a standard set of IT protocols we operate under to periodically assess potential threats, order/review by severity and then take appropriate remedial actions depending on level of risk/
Protective monitoring type
Undisclosed
Protective monitoring approach
Our service platforms fall under a standard set of IT protocols we operate under to periodically assess potential threats, order/review by severity and then take appropriate remedial actions depending on level of risk, including reporting to the end client as appropriate.
Incident management type
Undisclosed
Incident management approach
Our service platforms fall under a standard set of IT protocols we operate under whereby there is a standard procedure our employees will follow in the event of an incident or breach. We will then take appropriate remedial actions depending on level of risk, including reporting to the end client as appropriate.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Pricing

Price
£175,000 a unit
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at dspencer@merkleinc.com. Tell them what format you need. It will help if you say what assistive technology you use.