G-Cloud 11 services are suspended on Digital Marketplace

If you have an ongoing procurement on G-Cloud 11, you must complete it by 18 December 2020. Existing contracts with Cyber Media Solutions Ltd. are still valid.
Cyber Media Solutions Ltd.

Tenant Engagement Platform

The Tenant Engagement Platform (‘TEP’) empowers local authorities and housing associations to effectively engage with their tenants and residents in a secure online environment. It supports the role of Resident Engagement Officers and Tenant Resident Associations (TRAs) and has engaging presentation inspired by popular social media platforms.

Features

  • Collaborative spaces for neighbourhood areas, topics and communities
  • Personalised home feed for tenants based on their interests
  • Intuitive editor for sharing content, images and documents with tenants
  • Threaded commenting for organic discussion and engagement
  • Integrated notification management enables tenants to set their preferences
  • Approval process for residents to create/join Tenant Resident Associations
  • Polls creation and deployment to all tenants or targeted groups
  • Create public and/or registered tenant surveys (e.g. a STAR survey)
  • Integrated map features enables tenants to pinpoint hotspot areas
  • Engagement dashboard for analysis of popular topics with CSV export

Benefits

  • A new digital channel for resident involvement and participation
  • Increase the sense of approachability for your housing association
  • Easily publish and share help and support resources with tenants
  • Capture feedback and address tenant concerns before they escalate
  • Increase resident satisfaction, trust and sense of empowerment
  • Reassure residents and tenants their voice and opinions are valued
  • Support community self-management and work of Tenant Resident Associations (TRAs)
  • Easily demonstrate ‘you said’ and ‘we did’ to residents
  • Readily assess tenant engagement by demographic, community and locality
  • Look and feel can be customised to your organisation’s brand

Pricing

£4,950 a licence a year

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at enquiries@cyber-media.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 11

Service ID

2 0 0 1 8 3 9 1 0 5 3 3 1 6 1

Contact

Cyber Media Solutions Ltd. Tony Bonser
Telephone: 01785 222350
Email: enquiries@cyber-media.co.uk

Service scope

Software add-on or extension
No
Cloud deployment model
Private cloud
Service constraints
No.
System requirements
  • Web browser
  • Internet / data connection

User support

Email or online ticketing support
Email or online ticketing
Support response times
Target response times are summarised as follows. Critical Priority Level: 2 hours, High Priority Level: 4 hours, Medium Priority Level: 1 day, Low Priority Level: 2 days. Support is available Monday - Friday, 9am - 5pm (excluding Bank Holidays).
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
We operate a universal support offer for all clients identified in our SLA:
Critical priority issue (system unavailable): 2 hours
High priority issue (partially unusable, significantly affecting operation): 4 hours
Medium priority issue (aspect causing difficulty): 1 day
Low priority issue (a general question): 2 days

Support is provided at a standard cost as identified in our rates card.

We have a dedicated product support team that provide professional account management and support to clients.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
We provide high quality onsite and online training, accompanied with documentation.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
Our product features powerful reporting functionality for data extracts. We will also support the user with data migration and extraction at contract end.
End-of-contract process
We will provide a complete CSV extract of service data and arrange for secure transfer to the user via an agreed secure method.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
The platform is fully responsive and has been designed using 'Mobile-First' methodology to ensure all key functions are available to users of smaller devices.
Service interface
No
API
No
Customisation available
Yes
Description of customisation
The platform is tailorable to individual service need in terms of features and user account permissions. The platform can also be 'skinned' with a bespoke design tailored to your organisation's individual brand and presentation requirements.

Scaling

Independence of resources
We own and operate our infrastructure in an industry leading UK datacentre. Our infrastructure features robust hardware redundancy provision and an appropriate level of server hardware is provided that exceeds demand requirements and with built in contingency. Compute resources are actively monitored, allocated and controlled to ensure service is maintained.

Analytics

Service usage metrics
Yes
Metrics types
A comprehensive range of service usage metrics can be provided by the Audience Engagement Platform (AEP). For example, number of interactions, survey responses and metrics on active engagement processes.
Reporting types
  • Real-time dashboards
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
At least once a year
Penetration testing approach
In-house
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Data may be extracted from the platform in CSV format.
Data export formats
CSV
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
The in service availability of our hosting has been, and is planned to be, better than 99.95%

We operate a transparent SLA. In all cases the times indicated are targets and we will make best endeavours to meet or exceed these targets.
Approach to resilience
We own and operate our own product infrastructure in an industry leading datacentre with ISO 27001 accreditation. The datacentre is located in a former Bank of England bullion vault in central Manchester with highly resilient architecture to provide exceptional reliability and system uptime.

Cyber Media uses highly resilient Dell hardware for all physical servers connected using Cisco architecture with multiple redundant connections connected to the backbone network. The network is also multi-homed, has no single point of failure and utilises multiple 10Gbps DWDM MPLS ring networks which enter the facility diversely and separately, connecting to two separate POPs in London and Southampton to maximise performance.
Outage reporting
System maintenance and upgrades are performed outside of business hours. Customers are informed of any planned service outage in advance via email. In the event of unplanned outage, customers will receive a report on the cause of the outage and its remediation.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Other
Other user authentication
IP restricted and time-sensitive access is also offered to all our clients.
Access restrictions in management interfaces and support channels
The product features secure account management features that enables configuration of user permissions throughout the system to restrict access to management interfaces (and data) by role.

In line with our Information Security Management System, all support channel users must be pre-registered by authorised contacts in order to raise support tickets.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
Department of Health and Social Care IGSoC supplier reference 8HP72

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
No
Security governance approach
We have a comprehensive approach to security governance which we manage through an Information Security Management System developed in line with ISO 27001 and Government Cyber Essentials best practice.

Our Information Security Management System is annually assessed via the Department of Health and Social Care's Information Governance Toolkit (Supplier reference 8HP72). Our overall score was 95% for 2017-18.

We are actively working towards Government Cyber Essentials Plus and formal ISO 27001 accreditation.
Information security policies and processes
We operate an Information Security Management System developed in line with ISO 27001 best practice.

Our Information Security Policy (CM 0003 - Information Security Policy) is supplemented with detailed security policies and procedures that all staff receive training on, including:

• 0004 - Policy on Transfer and Receipt of Personal or Sensitive Information
• 0019 - Policy on Visitors to Cyber Media
• 0030 - Policy on the Use and Disclosure of Personal and Sensitive Information
• 0035 - Change Management and Control Policy
• 0038 - Internal ISMS Audit Policy
• 0041 - Access Control Policy
• 0043 - Network Access Policy
• 0044 - Password Policy
• 0045 - Acceptable Use Policy
• 0051 - Network Security Policy
• 0052 - Remote Access Policy
• 0053 - Mobile Computing Security Policy
• 0054 - Remote Working Policy
• 0057 - Policy on Written Contracts and Information Governance Responsibilities
• 0065 - Information Security Incident Management Policy

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
We maintain detailed change logs for all our components and services.

Significant change must be assessed through compilation of a testing plan with clear acceptance criteria and security impact assessment via a Change Request Form.

The individual responsible for testing must be identified and briefed regarding the testing they will need to undertake.

The asset owner obtains approval for the change, taking into account any technical considerations, the costs of the exercise, the potential benefits and security impact.

Once the change request is approved by the Team Manager, approval is recorded and logged (RECF0101).
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Our infrastructure is scanned once per month using Nessus. All new software is risk assessed in line with our software management policy. Security patches are applied within 14 days of the update being made available by a vendor. To identify potential threats the NVD and CVE databases are regularly reviewed. Public facing applications are subject to third party pen tests. Our Cisco firewalls employ next generation firewall services to mitigate against vulnerabilities.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
We have a multilayer approach. At the network edge the firewall contains Cisco Next Generation Firewall services (IDS/IPS). This will alert to potential indicators of compromise. We also deploy system end point protection from Symantec offering a second layer of IDS/IPS.
Incident management type
Supplier-defined controls
Incident management approach
We have an information security incident management policy (0065) that defines our response.
All staff will be made aware through their contract of employment, training and by their team manager of what is considered to be an incident.
Information Security weaknesses, events and incidents will be reported immediately by staff to the ISM as soon they are seen or experienced.
The ISM will also be responsible for closing out the incident. This includes reports to external authorities.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Pricing

Price
£4,950 a licence a year
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at enquiries@cyber-media.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.