Tractivity is a cloud-based, UK stakeholder engagement tool, providing functionality to manage and engage with all stakeholders through one system. Whilst maintaining GDPR compliance, Tractivity facilitates the management of every aspect of your engagement process by securely logging communications with built-in tools such as surveys, newsletters and issue management.
- Record and track all stakeholders and engagements
- Case management, analysis and reporting
- Consultation reporting of qualitative and quantitative data
- Fully customisable and easy to use
- Built-In survey and newsletter tools
- Event management
- Drag and drop custom report facilities
- Full GDPR Compliance
- Save time and money
- View all stakeholder interactions across a project, consultation, organisation
- Effective management of feedback and issues raised
- Publish branded newsletters and event invitations
- Custom build surveys and track all responses
- Real-time reporting
- Dedicated account manager
- UK based software
£10000 to £50000 per licence per year
- Education pricing available
- Free trial available
|Software add-on or extension||No|
|Cloud deployment model||Private cloud|
|Service constraints||Planned maintenance and emergency maintenance windows are defined within the service contract. Application Service Levels are dependent on client contract.|
|Email or online ticketing support||Email or online ticketing|
|Support response times||Out of standard UK business hours support can be provided on request. Standard support is provided during UK business hours of 09:00- 17.30GMT (GMT +1) Monday to Friday (excluding bank holidays).|
|User can manage status and priority of support tickets||No|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||Web chat|
|Web chat support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support accessibility standard||None or don’t know|
|How the web chat support is accessible||Skype for Business opens as a new interface|
|Web chat accessibility testing||Skype for Business accessibility|
|Onsite support||Yes, at extra cost|
Tractivity licensing comes with standard support services that can be accessed via telephone, web or email services between Monday to Friday, during normal UK business hours (09:00- 17.30pm GMT (GMT+1)).
A dedicated account manager will be assigned as part of the on-boarding process and they will maintain regular contact with the client. Monthly online refresher training sessions are also available should these be required.
Further onsite support and training may attract an additional charge.
|Support available to third parties||Yes|
Onboarding and offboarding
|Getting started||Tractivity provides onsite training to all UK based clients as part of the standard on-boarding process. User documentation is provided for all training sessions. Further on-site follow up and online training sessions can be arranged with the client's dedicated account manager.|
|Other documentation formats||
|End-of-contract data extraction||All data can be extracted from Tractivity by using the reporting facilities in a range of formats such as MS Excel, CSV and XML. Tractivity can also securely provide an encrypted SQL Server (.BAK) file when the contract expires as part of the secure data deletion and service shutdown process.|
An encrypted SQL Server (.BAK) file is transferred onto an encrypted storage device and sent to the main contact via recorded Royal Mail or courier delivery as defined within the contract.
Upon written confirmation of receipt and decryption of the data the database and backups are subjected to the secure data destruction procedure. Documentation that all the client data has been securely deleted can be provided upon request.
Bespoke data requests can be facilitated and this service will attract an additional charge which will be agreed beforehand with the dedicated account manager.
Using the service
|Web browser interface||Yes|
|Application to install||Yes|
|Compatible operating systems||Windows|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||Tractivity provides a streamlined and dynamic version for Smart phones and tablets|
|Accessibility standards||WCAG 2.0 A|
|Accessibility testing||No testing done|
|Description of customisation||Most of the settings in the software are customisable - data fields, data options and mandatory data field settings can be all controlled (per project) by nominated Administrator level person(s) only.|
|Independence of resources||We use dedicated virtualised servers configured as a private cloud (all held within the UK facilitated through VMWare and vSphere) that are shared with other Tractivity users only, all traffic is segmented and VLANed through a dedicated 1Tb facilitated through 4 diverse independent BGP TIER 1 data carriers. Disk, memory, cpu, server performance and network traffic is monitored 24/7 through our dedicated monitoring services which feeds into our automated escalation service. Client performance issues are monitored as a more granular service by individual client basis.|
|Service usage metrics||Yes|
|Metrics types||User level service metrics and Project level service metrics|
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||Up to Security Clearance (SC)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||No|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider|
|Protecting data at rest||
|Data sanitisation process||Yes|
|Data sanitisation type||Explicit overwriting of storage before reallocation|
|Equipment disposal approach||Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001|
Data importing and exporting
|Data export approach||Data can be exported using our reporting system. All data can be exported in a range of formats including as MS Excel, Word, CSV, PDF, XML or RTF.|
|Data export formats||
|Other data export formats||
|Data import formats||
|Other data import formats||MS Excel|
|Data protection between buyer and supplier networks||
|Data protection within supplier network||
Availability and resilience
Our datacentre provider guarantee availability:
99.99% at the application level
99.99% at the infrastructure level
If we do not meet the guaranteed levels of availability we negotiate an acceptable outcome in terms of compensation for lost time with individual clients who are directly affected (when required).
|Approach to resilience||
Datacentres are ISO27001 and PCI DSS compliant and provide TIER 4 (N+N) redundancy for power, supporting services and air conditioning.
At the network level active/passive failover of all connectivity networks. through > 4 diverse BGP TIER 1 data carriers.
IDS /IPS services at primary firewall perimeters
At the application:
- daily digital backups of data stored off-site
- regularly integrity tests of backup data conducted as part of backup process
- active monitoring from diverse location with 24/7 response service
- snapshots servers transferred daily to off-site failover
- warm/cold standby servers off site
Email alerts can be made available to clients upon request.
Internal 24/7 monitoring with alerts and escalation procedure delivered by email and SMS to Systems Administrators
Internal outage escalation and reporting procedure
Identity and authentication
|User authentication needed||Yes|
|User authentication||Username or password|
|Access restrictions in management interfaces and support channels||
Management interfaces are restricted by role access. These restrictions are limited to Administrator level users.
Support channels are generally available to all users through our dedicated UK online facilities.
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||Username or password|
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||At least 12 months|
|Access to supplier activity audit information||Users contact the support team to get audit information|
|How long supplier audit data is stored for||User-defined|
|How long system logs are stored for||Between 1 month and 6 months|
Standards and certifications
|ISO/IEC 27001 certification||No|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||Yes|
|Any other security certifications||
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||Other|
|Other security governance standards||Payment Card Industry (PCI DSS) and cyber essentials|
|Information security policies and processes||
We follow the ISO27001 and adhere to PCI DSS recommended standards.
Our Information Security Policy includes awareness, training, monitoring and review. The Information Security Policy document is reviewed annually and disseminated to staff for them to review and confirm annually. Along with supporting documents which include BCP / DR, Data Protection / GDPR, Development Standards, Breach, Secure Data Deletion and Destruction, Firewall and Change Control policies.
All information security policies and process are monitored by our Technical Director and DPO who reports directly to the Board.
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||We adhere to the ISO27001 change management process standards. Services are tracked through software development policy. The company follows formal policies for backup, anti-mailware, physical security, information security, data handling and change process that complies with the PCI DSS recommended standards. Service Impact and Change Notifications is controlled through email alerts to clients and dates altered by negotiation with the dedicated account manager.|
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||
Vulnerability management policy in place.
Operating system patching performed monthly according to the manufacturers recommendations. Emergency patching of critical threats are evaluated by the Technical Director and deployed accordingly, the process is handled through emergency change control procedure.
At least daily threat notifications come from source vendors and recognised security sources which included but is not limited to Microsoft, Sophos, GDS Security, Prism Infosec, Webroot, ICO, PCI DSS council and NCSC.
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||
Regular Windows server and firewall log file review in line with PCI DSS recommendations.
Log file review using heuristic tool.
Perimeter IDS/IPS monitoring.
Identified incidents managed through formal incident response plan according to PCI DSS recommendations.
Priority and resolution speed is dependent upon the incident severity.
|Incident management type||Supplier-defined controls|
|Incident management approach||
A formal documented incident and breach management process is in place and adheres to PCI DSS guidance and recommendations and follows IS027001 standards. It also forms part of the documented Information Security Policy which is reviewed and issued to all staff annually.
Users can report incidents via email, helpdesk ticketing system and telephone (when they will be asked to raise a support ticket for tracking purposes).
Incident reports are made available through Tractivity website and a more detailed incident report can be made available to the client by contacting their dedicated account manager.
|Approach to secure software development best practice||Conforms to a recognised standard, but self-assessed|
Public sector networks
|Connection to public sector networks||No|
|Price||£10000 to £50000 per licence per year|
|Discount for educational organisations||Yes|
|Free trial available||Yes|
|Description of free trial||Access to a full version of the software along with limited support services. Certain features such as emailing and reporting will be restricted.|
|Pricing document||View uploaded document|
|Terms and conditions document||View uploaded document|