Forfront Limited

e-shot™ marketing automation

e-shot™ is the marketing automation platform that successful marketers use to deliver highly-effective campaigns. e-shot™ can help you to modernise your digital marketing and to embrace more targeted communication. From lead nurturing to remarketing, from newsletters to autoresponders, e-shot™ provides a simple solution to a sophisticated area of modern marketing.

Features

  • Automated email and SMS campaigns
  • Six email editors including dynamic content tools
  • Contacts management including segmentation tools
  • Preference centre and double opt-in forms
  • Multi-variant (split) testing
  • Deliverability tools and testing functions
  • Versatile REST API
  • Integration to CRM, CMS and social tools
  • Website tracking and lead scoring
  • Detailed campaign reporting and analytics

Benefits

  • Deliver contact centric-communications automatically
  • Track and report on digital interactions
  • Easily design and edit high impact communications
  • Tailor messages based on data-driven variables
  • Ensure compliant contact data processing
  • Manage multiple brands or departments through one interface
  • Integrate with other key business systems
  • Remarket to contacts based on website behaviour
  • Deploy sophisticated lead nurture campaigns

Pricing

£330 per licence per month

Service documents

G-Cloud 11

228007475708341

Forfront Limited

Ron Kellermann

020 3320 8777

ron.kellermann@forfront.com

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints We always proactively inform our customers of any scheduled maintenance or if there is an issue affecting the services both by e-mail and on the e-shot™ dashboard. In the case of peak time traffic overload, we apply contingency in the form of intelligent delivery procedures in order to protect the reputation of our customers’ domains and IPs.
System requirements Requires internet access

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Our Customer Success team will usually respond within an hour during standard support hours. Monday - Friday, 8am - 6pm.

Out of office hours support is also available for critical issues.

Our team also proactively monitor our systems 24/7.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.1 AA or EN 301 549
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support Web chat
Web chat support availability 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard WCAG 2.1 AA or EN 301 549
Web chat accessibility testing We have not systematically undertaken testing of this nature.
Onsite support Yes, at extra cost
Support levels All of our customers have access to remote support through our Customer Success team who deal with a full range of issues including technical support, training, advice, account management and administration.

Support is provided on the same basis to all customers and priority is given to issues that prevent a client from using the software to complete a time sensitive task.

Remote support is inclusive in all of our software subscriptions and we also provide proactive support to ensure customers can derive maximum benefit from using our solutions. Should a support requirement be deemed as consultancy, then additional charges may apply.

Our Customer Success team is backed up by our technical teams including Infrastructure, Deliverability and Development. Technical Account Management is provided by the Customer Success team and Cloud Support is provided by our Infrastructure team who continually monitor our solutions and solve issues proactively.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Personal training via screen share and telephone. Additional online resources available with training videos and documentation. Ongoing support from Customer Success team available to provide the personal touch, all included.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction Platform caters for all data export via user interface. You can export all contact data via csv files or use the API to export all data.
End-of-contract process All data, reports and templates are available for extraction up until the date of the end of contract without charge. Once a contract has expired, the account is closed and archived. After this period the account will be deleted from the system and only an archived back up copy will be kept for the period required by data protection guidelines.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Email and campaign authoring only available on desktop service. Mobile service is restricted to reporting and analytics.
Service interface No
API Yes
What users can and can't do using the API E-shot™ has a REST API that is accessible over HTTPS.

API access is granted by a API key that can be restricted to specific sub-accounts where necessary. API key requests must be submitted by an authorised administrator via our support system. The appropriate login credentials are then supplied to the client who will use these credentials in all API requests made to e-shot™. Further documentation detailing the functionality available for the APIs can be found at:

https://help.e-shot.net/assets/Downloads/REST_API_Guide.pdf

The REST API has full read and write capabilities over the main entities including contacts, campaigns, sources, groups and website activity.
API documentation Yes
API documentation formats PDF
API sandbox or test environment Yes
Customisation available Yes
Description of customisation E-shot™ can be customised extensively to accommodate different needs with control over user management, branding, templates and sending identities.

e-shot™ can also be set up into sub-accounts so that different organisational units can have their own customisations.

Each e-shot™ sub-account can be white-labeled by a customer to have their own logo that appears on the UI and reports sent by the system.

Individual users can customise reporting and analytics and certain elements of the UI.

From a API perspective, customisation is extremely versatile with e-shot™ functions built into third party systems on a bespoke basis where needed.

Scaling

Scaling
Independence of resources The e-shot™ system is load balanced across multiple machines. The following aspects of the system are load balanced: The main website, the interactions website, campaign sends and databases (each customer has their own database). These enable us to scale horizontally should we need to.

We monitor load regularly and if required can install another server and introduce it into the system via our Octopus deployment delivery system using Infrastructure as Code (IaC).

Analytics

Analytics
Service usage metrics Yes
Metrics types Zabbix monitoring is in place to check the health of the hosted environment. Any serious application level issues encountered by the system are monitored in part by Zabbix, as well as by implemented application logging. Serious issues encountered within code or by Zabbix results in a text message to the Operations team for triaging.

Any issues that affect the stability of the platform will be displayed on the e-shot™ user's dashboard.

All API calls made by the system are monitored.
All campaign sends and send interactions are recorded and available as real-time statistics to the e-shot™ user.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance None

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency Never
Protecting data at rest Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach In-house destruction process

Data importing and exporting

Data importing and exporting
Data export approach Via user interface
Data export formats CSV
Data import formats
  • CSV
  • Other
Other data import formats Excel

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Availability and resilience
Guaranteed availability Forfront will immediately inform customers if there is an issue affecting the services or products via e-mail and on the e-shot™ dashboard. If it is a high or crisis priority issue, the customers will be periodically updated with the status. All the time frames above are based on the working hours schedule 09:00 – 18:00 Monday to Friday excluding Public Holidays. Please refer to Forfront Service Level Agreement.pdf for full details
Approach to resilience Available on request
Outage reporting Outages detected by our monitoring systems result in text messages that are sent to the Operations Team. They would triage and if necessary escalate these issues.

We have a public dashboard that e-shot™ staff can apply a message to. This is used to inform users of routine maintenance patch or feature deployments.

Any serious unexpected or long outages result in an email to the administrators of the e-shot™ customers that are to be affected. The Customer Success team would also inform the customers by phone.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
Access restrictions in management interfaces and support channels Username and password
Access restriction testing frequency At least every 6 months
Management access authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
Description of management access authentication E-shot™ platform in Datacentre is accessed via dedicated/permanent Site to Site VPN only from office. This Site to Site VPN is protected by 3DES & AES128 encryption and 3DES & SHA1 authentication with pre-shared key. Access via this Site to Site VPN is further restricted at user level to only authorised personnel by 3rd party software with encrypted username password.

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications Cyber Essentials

Security governance

Security governance
Named board-level person responsible for service security No
Security governance certified Yes
Security governance standards Other
Other security governance standards Cyber Essentials
Information security policies and processes We are Cyber Essentials Compliant.
We have implemented DevOps processes and practices.
The website adheres to the OWASP standards for web security.

Only tested code is promoted from Development to UAT to Production via use of Octopus Deploy. It is not possible for code to be promoted to Production without first going to the Development and UAT environments.

We have an SLA in place with a defined escalation process: http://www.forfront.com/ClientSupport/pdf/forfrontSLA.pdf

We review our implemented policies annually.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Ges requested to a system are written up into a UAC driven change request specification document, with supplied estimates for delivery. This takes into consideration standards agreed with the client; e.g. OWASP.

The deliverable components of a specification are created as tasks in our issue tracking system and assigned to a SPRINT delivery. Code changes are checked-in against a task to provide an audit that will be reviewed and tested.

Only the release management team can promote software to public facing environments. This is carried out using an automated delivery platform.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Issues encountered by users of the system go to first line support who will triage the issue. Issues encountered by the application or monitoring facilities are triaged by the Operations Team. These issues can be received by: Text, Phone, Web Chat or Email.

Triaging takes into consideration the impact of an issue according to our definitions associated with Critical, High, Medium and Low priority issues.
E.g. Critical issues are where the system is unusable or cannot be used to carry out critical business functions and no work around exists.

The following is a link to our SLA:
http://www.forfront.com/ClientSupport/pdf/forfrontSLA.pdf
Protective monitoring type Supplier-defined controls
Protective monitoring approach Firewall logs and application notifications are monitored and Forfront can respond quickly to any incidents.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach To report an issue, a new case has to be created using the Forfront Support System. We can also be contacted
on our Live Support System, Support Line (020 3320 8750) or by e-mail to support@forfront.com.
For out-of-hours and public holidays’ support we monitor our Support System and our emergency email at
support24@forfront.com. To ensure the quickest response time please provide us with your account reference
number and a clear description of the issue including the feature affected and if possible the steps we can take
to recreate the issue.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £330 per licence per month
Discount for educational organisations No
Free trial available No

Service documents

pdf document: Pricing document pdf document: Service definition document pdf document: Terms and conditions
Service documents
Return to top ↑