Spektrix Limited

Spektrix

Spektrix is powerful and innovative cloud-based box office, marketing and fundraising software for arts organisations.It provides a comprehensive range of tools for ticketing, customer relationship management, reporting, analysis, customer segmentation and giving management. It is backed up by a brilliant support team who have strong crossover arts and technical expertise.

Features

  • Intuitive, user friendly interface, drag & drop control
  • Ticketing: print@home, seat selection, integrated card payments, address lookup
  • Reporting: easy to use financial & marketing reporting suite
  • Marketing: CRM, integrated email, return on investment reporting
  • Fundraising: opportunity & pipeline management, relationship mapping, wealth screening
  • E-Commerce: customisable web tools, highly secure, user friendly
  • Fully inclusive support: unlimited training, consultancy, day to day assistance
  • Frequent upgrades and IT system maintenance included
  • Remote access from any web enabled device
  • Unlimited users

Benefits

  • Easily manage complex ticketing operations through all sales channels
  • Create targeted email campaigns and measure their success
  • Save time by automating regular tasks and simplifying event setup
  • Increase online sales by providing an easy, secure purchase path
  • Raise money with our donations, gift aid and fundraising tools
  • Benefit from expert support and consultancy when you need help
  • Frequent updates and new features bring you useful tools
  • Understand and grow your audience with our customer segmentation features
  • Use our standard reports or request custom reports anytime
  • Benefit from 99.99% average uptime, high security and resilience

Pricing

£10000 to £250000 per unit per year

Service documents

G-Cloud 9

312271909472520

Spektrix Limited

Sales Department

020 7785 6967

sales@spektrix.com

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints Spektrix boasts 99.98% uptime. Our system is monitored 24 hours a day to ensure maximum system availablility, and our support team are on hand from 9am to 9pm, 7 days a week. Occassionally it will be necessary to restrict access to the system for planned maintenance. This will generally be limited to the early hours of the morning to minimise any disruption
System requirements
  • Browser: Recommended = Mozilla Firefox / Google Chrome latest versions
  • Browser: Supported = Internet Explorer 9+, Safari - latest version
  • Computer Specification: Recommended = No computers older than 3 years
  • Operating System: Windows 7 or later for full system use
  • Operating System: Macs are supported for back office processes

User support

User support
Email or online ticketing support Email or online ticketing
Support response times For Business as Usual support we aim to provide a first response within 8 business hours. We aim to resolve queries within 3 working days, although the majority are resolved sooner, if not immediately. During Critical support we resolve any issues that affect our clients’ core business, such as selling a ticket. We respond within 30 mins and always attempt to resolve as soon as possible. Any emergency issues will receive a response within 30 minutes.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), 7 days a week
Web chat support No
Onsite support Onsite support
Support levels Support is included in the service charge and unlimited.
There are three support categories; Business as Usual, Critical and Emergency. Support is available by phone and email from 10am - 6pm Monday to Friday for all enquiries, 9am - 9pm seven days a week for critical issues, and 24 hours a day, 365 days a year for Emergency support.

For Business as Usual support we aim to provide a first response within 8 business hours. We aim to resolve queries within 3 working days, although the majority are resolved sooner, if not immediately.

During Critical support we resolve any issues that affect our clients’ core business, such as selling a ticket. We respond within 30 mins and always attempt to resolve as soon as possible.

Any emergency issues will receive a response within 30 minutes. Spektrix is always monitoring the system. Our own processes will often alert us to critical problems before our customers are aware, at which point we inform customers via our Twitter feed (twitter.com/spektrixops) and status page (status.spektrix.com).
We also offer an online Support Centre available where users can find a series of articles and forums designed to help them troubleshoot and get the most from Spektrix.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started All implementations of Spektrix are carried out by our experienced team of project managers, all of whom have worked as box office managers. We’ve completed successful migrations from many different box office systems and our project plan is designed to make the whole process as simple and as smooth as possible.

The actual timeline will depend on the complexity of the client's operation and project managers work with clients to confirm each milestone at an initial project meeting.

We normally carry out the setup of payment facilities, data migration, website integration and training at the same time and a typical project takes a total of 6-8 weeks from an order being received to being live, up and running with Spektrix.

We use an online tool called BaseCamp to manage all of our implementation projects. This allows all parties to collaborate dynamically and update the project schedule and tasks as necessary.

We include a comprehensive package of on site training ahead of the go live, then come back to deliver more after clients have been live for a few weeks. This is included in the service charge. Clients can request additional training online or on site at any time.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction When the contract ends, if clients want to extract their data they should send a written request for the delivery to them of the most recent back-up of their data. Spektrix shall use reasonable commercial endeavours to deliver the back-up to the Client in an interchange format and within 30 days of its receipt of such a written request, provided that the Client has, at that time, paid all fees and charges outstanding at and resulting from termination (whether or not due at the date of termination).

We may charge clients in some circumstances for data extraction if requests include formatting or preparing data in a way beyond what we usually include in our interchange format.

Details of how this process works are also contained in our standard Terms and Conditions.
End-of-contract process We'll either transfer data to your new supplier on your behalf, or give it to you directly. We'll provide a reasonable number of data extracts within the scope of the normal price and contract.

We might charge for requests which we deem to be excessive.

Details can also be found in our standard Terms & Conditions.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10+
  • Firefox
  • Chrome
  • Safari 9+
Application to install Yes
Compatible operating systems Other
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The system is accessed through a web browser for both client facing and customer facing interfaces. The customer interface functions work on both mobile and desktop devices.

The client facing interface can be accessed on a mobile device, but some drag and drop functions are not available.
Accessibility standards None or don’t know
Description of accessibility All customer facing interfaces, that is all the elements of Spektrix that customers or the general public will interact with on buyers’ public-facing websites, meet WC3 accessibility standards. Outside of the Spektrix iframes, ensuring the accessibility standards of your website will fall to your web developer.
The client interfaces, that is all the interfaces that the buyer will use in the back end of the product, do not meet specific accessibility standards.
Accessibility testing We've carried out validation of the iframes within the customer facing interfaces using our Sale Site system, which is a Spektrix system that exists in our live environment and is the same version of the system used by our clients.

You'll find the results of those here:

http://validator.w3.org/check?uri=https%3A%2F%2Fsystem.spektrix.com%2Fsalessite1%2Fwebsite%2Feventlist.aspx

and also here:

http://jigsaw.w3.org/css-validator/validator?uri=https%3A%2F%2Fsystem.spektrix.com%2Fsalessite1%2Fwebsite%2Feventlist.aspx&profile=css3&usermedium=all&warning=1&vextwarning=
API Yes
What users can and can't do using the API Our API allows viewing data relating to items on sale (events, merchandise, memberships etc.), viewing and editing customer and making purchases via the API.

There are different access levels, so it is possible to set up an API user to be able to view data relating to items on sale without giving them access to customer data.

There is also an API to allow access to customer purchase history for data analysis.

The API does not allow the editing of other data (e.g. event setup).

There is not a specific sandbox or test environment for the API, but clients can get a sandbox system.
API documentation Yes
API documentation formats
  • HTML
  • PDF
API sandbox or test environment No
Customisation available No

Scaling

Scaling
Independence of resources As a true multi-tenant cloud-based application, clients of Spektrix share a single application layer, however behind this, each Spektrix client has their own database instance within our infrastructure and which is unconnected to any other client database.

We monitor the system regularly and have a series of processes and technical solutions in place to ensure demand from individual users does not degrade overall performance. Our processes alert us to critical problems so that we can address them as quickly as possible.

Analytics

Analytics
Service usage metrics Yes
Metrics types Metrics for System and Payments uptime are available publicly on https://status.spektrix.com/
Reporting types Real-time dashboards

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance None

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Other
Other data at rest protection approach Data centre meets ISO 27001. Secure rack & physical access control.

Data in the data centre is secured through physical means – a combination of 24/7 manned security, CCTV monitoring, photo id validation, key fob entry, perimeter fencing, and anti-tailgating. Our server cluster is scanned weekly for potential vulnerabilities, and our infrastructure team quickly address any issues that this scan alerts them to. We engage a qualified third party to perform annual external and internal penetration testing.
Data sanitisation process No
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach There are tools within the Spektrix system interface which allow users to extract customer and sales data in multiple, human readable formats. These include CSV and PDF.

At the end of a contract we would provide a full export of their system in an interchange format if users want to migrate to an alternative system.
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
  • Other
Other protection between networks The Spektrix web applications enforce encrypted communication using
HTTPS for our clients, their customers booking online and any external
systems that use our API.

Our client’s customers come into contact with Spektrix when they’re
booking tickets online. Whenever these customers are passing information between their device and our systems about themselves in order to make a booking, that happens securely over HTTPS.
Spektrix uses a 2048 bits key for encryption and supports only the most secure encryption protocols (TLS v1.0 and above). SSL protocols are not supported and the Spektrix applications will refuse connections using those protocols.
Data protection within supplier network Other
Other protection within supplier network Our load balancers decrypt all external traffic. Data is not encrypted within our network (by design).

Availability and resilience

Availability and resilience
Guaranteed availability Our standard Terms & Conditions include the following terms for availability:

Spektrix will aim to maintain service availability 100% of the time except for when:
- Planned maintenance needs to be performed in which case Spektrix will endeavour to give 48 hours’ notice of such maintenance and carry it out between midnight and 8 am.UK time; and
- Unscheduled maintenance needs to be performed in which case Spektrix will, to the extent possible, endeavour to give the Client at least 6 hours’ notice in advance.
Approach to resilience The system is located in a highly redundant tier 4 data centre (with at least N+N redundancy at all points).

Spektrix data is backed up offsite every 15 minutes (encrypted log shipping to the Amazon Cloud). We hold daily backups for the last month, and monthly backups for a year. In the event of a catastrophic incident in the data centre, we would be able to start up a Spektrix system on Amazon and continue our service from there. This is our ‘worst-case’ scenario, as it would involve loss of up to 15 minutes of data, and the recovery time may be up to 4 hours.

The likelihood of a catastrophic incident in the data centre that would prompt a move to Amazon is very low. There is no single point of failure within the Spektrix network (including RAID 10 storage, suitable for ‘hot swap out’ if necessary), and the data centre itself is protected by fire suppression systems, dual internet connections with automatic failover and dual power supplies, each with its own back-up generator.
Outage reporting Spektrix has a public dashboard at https://status.spektrix.com/
This outlines the status of: Spektrix System, Payment Processing, Dotmailer, Support Services and APIs.

Clients can also subscribe to emails alerting them of any system issues as well as following the Spektrix Twitter feed.

The system also contains an information panel which is updated live for users to be notified within the system of any issues and when they are resolved.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Dedicated link (for example VPN)
  • Username or password
  • Other
Other user authentication Each person who requires access to the Spektrix system is required to have a unique username and password. Passwords must be a minimum of 8 characters in length and contain a combination of alphanumeric and non alphanumeric characters. Repeated failed attempts to enter passwords will lock user accounts.

It is the policy of Spektrix support not to unlock users in this
scenario, referring them to an administrator user within our client’s
organisation to restore access, mitigating the risk of Spektrix support being asked to provide access to an unauthorised person.
Access restrictions in management interfaces and support channels Users are granted access to specific 'modules' of the systems as required, including Sales, Marketing, Admin, Fundraising, Settings and Website Configuration.

Users can be given operator or administrator rights to control what functions they can carry out. Following the initial configuration of the system during implementation, the client will need to assign user(s) with sufficient permissions to manager user accounts. The Spektrix team will not create new accounts or reset passwords for individual users.
Access restriction testing frequency At least every 6 months
Management access authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information No audit information available
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification Yes
Who accredited the PCI DSS certification FortConsult A/S
PCI DSS accreditation date 21/06/2016
What the PCI DSS doesn’t cover We are covered by PCI DSS for payment processing. The other parts of our application are not in scope for PCI.
Other security accreditations No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation Yes
Security governance standards Other
Other security governance standards PCI DSS
Information security policies and processes All changes that are made to live systems are reviewed and approved by the relevant people and a comprehensive history of all changes is kept. At both the individual and system application levels, the minimum number of permissions is assigned to allow an individual accessing the system, or an application running on it to do their job.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach All changes to the live environment are tracked via the Spektrix change control process that is implemented in JIRA (a software development tool used for Agile processes). A change must be authorised by the relevant people before implementation.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Daily - Logs are scanned daily by the SureCloud appliance (a cloud-based provider of GRC Applications and Cybersecurity Services) and then reviewed for any threats or vulnerabilities.
Quarterly - Both internal and external vulnberability scans are run from SureCloud.
Annually - An external PCI assessment and penetration test.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Real time monitoring comes from the managed iSensor IPS Service. 24/7 notifications and immediate response taken to mitigate any potential breach. Logs are also analysed by SureCloud and reviewed daily.
Incident management type Supplier-defined controls
Incident management approach All incidents are logged in Jira, given a priority based on their impact and and worked on according to this. These are reviewed weekly. For more serious issues there is a crisis management procedure followed with various roles assigned to staff members to help manage it. Following this there is a full root cause analysis.

Spektrix is always monitoring the system. Our own processes will often alert us to critical problems before our customers are aware, at which point we inform customers via our Twitter feed (twitter.com/spektrixops) and status page (status.spektrix.com).

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £10000 to £250000 per unit per year
Discount for educational organisations No
Free trial available No

Documents

Documents
Pricing document View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑