OpenConsult Consultation Portal

CiviQ's cloud based public consultation platform, OpenConsult, powers interactive consultations. GIS and comment based responses can be published during consultations, supporting knowledge-sharing in communities, fostering dialogue, saving cost and increasing transparency. OpenConsult supports all types of consultations including planning.


  • Consultation management, online representations & surveys
  • Accessible, mobile friendly planning & general consultations
  • Easily publish representations at any stage of consultation
  • Interactive consultation maps, GIS data (Open Layers, ArcGIS)
  • API & Open API for consultation data integration and sharing
  • Dashboard for granular reporting on representation & consultation content
  • Moderation and manual input of submissions workflows
  • Stakeholder engagement and collaboration features
  • Multi-lingual consultation interface
  • Stakeholder messaging service


  • Reduce cost & save time in consultation management
  • Discover knowledge through sharing & granular consultation data query
  • Reach more stakeholders via multi-lingual & mobile accessible consultations
  • Enrich your planning consultation with GIS data and ArcGIS integration
  • Build a sense of community around your consultation
  • Build capacity of stakeholders through GIS & open submission data
  • Easily communicate consultation data via graphs & reports
  • Enhance compliance with a full record of your consultation data
  • Support smart societies by sharing open data via an API
  • Bring benefits to your organisation with internal consultations


£3990 per licence per year

  • Education pricing available
  • Free trial available

Service documents

G-Cloud 11



Vanessa Liston

+44 33 3303 0914

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints None
System requirements
  • NA
  • NA

User support

User support
Email or online ticketing support Email or online ticketing
Support response times We respond to all tickets received within one hour with a guaranteed response period of 24 hours during week days. Our resolution times for issues raised are as follows:

1 Critical 1 hour
2 High 8 hours
3 Medium 24 hours
4 Low 48 hours

During weekends any critical issues would be raised by phone and resolved as soon as possible.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Support is provided via an online helpdesk ticketing system. Customer can open a support ticket by emailing

CiviQ responds to tickets within one hour on average. We guarantee a response within 24 hours.

All help desk requests are initially handled by 1st level support. If more advanced technical assistance is required calls will be escalated to support technicians.

Full telephone service is also provided as an optional extra package for £2,500 p.a. The extra support package also includes prioritization of non-critical tasks.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started CiviQ provides an on-site training workshop as part of all plan subscriptions. In addition, customers benefit access to CiviQ’s online Knowledge Base that include Help documentation, Training videos and a dynamic FAQ.

Full telephone support is provided for the first month of the subscription for the on-boarding and learning process.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
  • Other
Other documentation formats Video
End-of-contract data extraction Customers can access all data via the API. Or CiviQ will provide the data as a download in excel, csv or other format requested by the customer.
End-of-contract process At the end of the contract, the user is supported to extract a full output of their data in a structured format. All servers and databases are deleted. The hosting contract is ended. Users are provided with a written record of the end of contract process.

Where data is requested in a specific format, the cost of developing this method to extract the data will be applied to the customer. The cost will be discussed and agreed with the customer. An excel output is provided at no extra cost.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The interface of the application is responsive to mobile devices.
Service interface No
What users can and can't do using the API Users can request data on users, agents and representation data with text based GIS co-ordinates via the API. The API is commonly used to update back-end CRM and GIS systems.
API documentation Yes
API documentation formats Other
API sandbox or test environment No
Customisation available Yes
Description of customisation The application can be white-labelled with a customer's branding and logos. The customer provides CiviQ with Hex colours and graphic assets and the customisation is done as part of the subscription plan.


Independence of resources Each customer portal is provisioned on its own cloud based Virtual private server. There is no competition for server resources with other users. In addition the cloud server can easily be scaled to add additional storage, additional processors and RAM.


Service usage metrics Yes
Metrics types CiviQ provides reports on user activity on the portal using inbuilt reporting features and Google Analytics. Third party software support can be chosen as an option for deeper user engagement metrics, such as user retention and engagement levels.
Reporting types Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with another standard
  • Other
Other data at rest protection approach Each deployed server has its own firewall and applications are behind the same firewall with very tight controls. We regularly patch the servers that host the application and we minimise the number of services open to the Internet (minimal attack surface).
The core framework has extensive authentication and logging capabilities. Login is protected by SLL.
User registration and login is protected using encrypted HTTPS sessions using SSL. All passwords are also encrypted using SHA512 by default with a salt. The hash is run through PHP's hash function numerous times to increase the computational cost of generating a password's final hash.
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach Users export their data either via the API or by requesting an excel output from CiviQ.
Data export formats
  • CSV
  • Other
Other data export formats API
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks Legacy SSL and TLS (under version 1.2)
Data protection within supplier network Legacy SSL and TLS (under version 1.2)

Availability and resilience

Availability and resilience
Guaranteed availability CiviQ Consultation Portal has a concurrently maintainable site infrastructure with availability of 99.982%.

It offers high availability and effective load balancing that ensures consistent performance, throughput, minimisation of response times and increased reliability through redundancy. The web application uses a variety of platform enhancement to ensure high performance and throughput. These services include: NGINX, Varnish Cache, Memcached, New Relic Web Application Monitoring. A CDN can also be implemented if required.
Approach to resilience The portal is continuously patched and upgraded to ensure that it is continuously protected against known vulnerabilities and exploits. The hosting infrastructure is a managed service PaaS, Cloudways. All of CiviQ cloud servers get automated firmware and OS patches.
Outage reporting Email alerts

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels Username and password
Access restriction testing frequency At least once a year
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications Cyber Essentials CREST certified

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach CiviQ has a range of policies and dedicated staff covering security governance. We are currently working towards ISO 27001 accreditation for Information Systems security.
Information security policies and processes CiviQ follow the reporting and documentation structures as recommended within the ISO 27001 specification.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach GIT is used to support version control and development. All updates are tested within development environments before being sent to test servers and then live servers
Regression testing is performed.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Security audits including penetration testing carried out annually. OS and technology stack is continually patched. Core framework is continually patched. Dev and ops teams subscribe to all relevant industry security bulletins and alerts.
Protective monitoring type Supplier-defined controls
Protective monitoring approach New Relic Application performance management service. A monitoring Daemon runs on every VPS. This analysis server and application performance, and historical data patterns. This monitoring provides alerts if unusual performance or activity takes place. Data from this service is also used to tune and improve performance of the apps. All Logs are also routinely analysed for unusual activity.
Incident management type Supplier-defined controls
Incident management approach Users can report incidents via email , telephone or the helpdesk.
CiviQ has numerous techniques for evaluating code changes on the server including unauthorised access and modification of the codebase. These include our version control system and Application performance management systems.
When incidents have closed, a full report will be provided to the customer.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No


Price £3990 per licence per year
Discount for educational organisations Yes
Free trial available Yes
Description of free trial A two week free trial will be provided upon request.

Service documents

pdf document: Pricing document pdf document: Service definition document pdf document: Terms and conditions
Service documents
Return to top ↑