OpenConsult Consultation Portal
CiviQ's cloud based public consultation platform, OpenConsult, powers interactive consultations. GIS and comment based responses can be published during consultations, supporting knowledge-sharing in communities, fostering dialogue, saving cost and increasing transparency. OpenConsult supports all types of consultations including planning.
- Consultation management, online representations & surveys
- Accessible, mobile friendly planning & general consultations
- Easily publish representations at any stage of consultation
- Interactive consultation maps, GIS data (Open Layers, ArcGIS)
- API & Open API for consultation data integration and sharing
- Dashboard for granular reporting on representation & consultation content
- Moderation and manual input of submissions workflows
- Stakeholder engagement and collaboration features
- Multi-lingual consultation interface
- Stakeholder messaging service
- Reduce cost & save time in consultation management
- Discover knowledge through sharing & granular consultation data query
- Reach more stakeholders via multi-lingual & mobile accessible consultations
- Enrich your planning consultation with GIS data and ArcGIS integration
- Build a sense of community around your consultation
- Build capacity of stakeholders through GIS & open submission data
- Easily communicate consultation data via graphs & reports
- Enhance compliance with a full record of your consultation data
- Support smart societies by sharing open data via an API
- Bring benefits to your organisation with internal consultations
£3990 per licence per year
- Education pricing available
- Free trial available
+44 33 3303 0914
|Software add-on or extension||No|
|Cloud deployment model||Public cloud|
|Email or online ticketing support||Email or online ticketing|
|Support response times||
We respond to all tickets received within one hour with a guaranteed response period of 24 hours during week days. Our resolution times for issues raised are as follows:
1 Critical 1 hour
2 High 8 hours
3 Medium 24 hours
4 Low 48 hours
During weekends any critical issues would be raised by phone and resolved as soon as possible.
|User can manage status and priority of support tickets||Yes|
|Online ticketing support accessibility||None or don’t know|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
Support is provided via an online helpdesk ticketing system. Customer can open a support ticket by emailing email@example.com.
CiviQ responds to tickets within one hour on average. We guarantee a response within 24 hours.
All help desk requests are initially handled by 1st level support. If more advanced technical assistance is required calls will be escalated to support technicians.
Full telephone service is also provided as an optional extra package for £2,500 p.a. The extra support package also includes prioritization of non-critical tasks.
|Support available to third parties||Yes|
Onboarding and offboarding
CiviQ provides an on-site training workshop as part of all plan subscriptions. In addition, customers benefit access to CiviQ’s online Knowledge Base that include Help documentation, Training videos and a dynamic FAQ.
Full telephone support is provided for the first month of the subscription for the on-boarding and learning process.
|Other documentation formats||Video|
|End-of-contract data extraction||Customers can access all data via the API. Or CiviQ will provide the data as a download in excel, csv or other format requested by the customer.|
At the end of the contract, the user is supported to extract a full output of their data in a structured format. All servers and databases are deleted. The hosting contract is ended. Users are provided with a written record of the end of contract process.
Where data is requested in a specific format, the cost of developing this method to extract the data will be applied to the customer. The cost will be discussed and agreed with the customer. An excel output is provided at no extra cost.
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||The interface of the application is responsive to mobile devices.|
|What users can and can't do using the API||Users can request data on users, agents and representation data with text based GIS co-ordinates via the API. The API is commonly used to update back-end CRM and GIS systems.|
|API documentation formats||Other|
|API sandbox or test environment||No|
|Description of customisation||The application can be white-labelled with a customer's branding and logos. The customer provides CiviQ with Hex colours and graphic assets and the customisation is done as part of the subscription plan.|
|Independence of resources||Each customer portal is provisioned on its own cloud based Virtual private server. There is no competition for server resources with other users. In addition the cloud server can easily be scaled to add additional storage, additional processors and RAM.|
|Service usage metrics||Yes|
|Metrics types||CiviQ provides reports on user activity on the portal using inbuilt reporting features and Google Analytics. Third party software support can be chosen as an option for deeper user engagement metrics, such as user retention and engagement levels.|
|Reporting types||Reports on request|
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||Up to Security Clearance (SC)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||Yes|
|Datacentre security standards||Managed by a third party|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider|
|Protecting data at rest||
|Other data at rest protection approach||
Each deployed server has its own ﬁrewall and applications are behind the same ﬁrewall with very tight controls. We regularly patch the servers that host the application and we minimise the number of services open to the Internet (minimal attack surface).
The core framework has extensive authentication and logging capabilities. Login is protected by SLL.
User registration and login is protected using encrypted HTTPS sessions using SSL. All passwords are also encrypted using SHA512 by default with a salt. The hash is run through PHP's hash function numerous times to increase the computational cost of generating a password's ﬁnal hash.
|Data sanitisation process||Yes|
|Data sanitisation type||Deleted data can’t be directly accessed|
|Equipment disposal approach||A third-party destruction service|
Data importing and exporting
|Data export approach||Users export their data either via the API or by requesting an excel output from CiviQ.|
|Data export formats||
|Other data export formats||API|
|Data import formats||CSV|
|Data protection between buyer and supplier networks||Legacy SSL and TLS (under version 1.2)|
|Data protection within supplier network||Legacy SSL and TLS (under version 1.2)|
Availability and resilience
CiviQ Consultation Portal has a concurrently maintainable site infrastructure with availability of 99.982%.
It offers high availability and effective load balancing that ensures consistent performance, throughput, minimisation of response times and increased reliability through redundancy. The web application uses a variety of platform enhancement to ensure high performance and throughput. These services include: NGINX, Varnish Cache, Memcached, New Relic Web Application Monitoring. A CDN can also be implemented if required.
|Approach to resilience||The portal is continuously patched and upgraded to ensure that it is continuously protected against known vulnerabilities and exploits. The hosting infrastructure is a managed service PaaS, Cloudways. All of CiviQ cloud servers get automated firmware and OS patches.|
|Outage reporting||Email alerts|
Identity and authentication
|User authentication needed||Yes|
|User authentication||Username or password|
|Access restrictions in management interfaces and support channels||Username and password|
|Access restriction testing frequency||At least once a year|
|Management access authentication||Username or password|
Audit information for users
|Access to user activity audit information||Users contact the support team to get audit information|
|How long user audit data is stored for||At least 12 months|
|Access to supplier activity audit information||Users contact the support team to get audit information|
|How long supplier audit data is stored for||At least 12 months|
|How long system logs are stored for||At least 12 months|
Standards and certifications
|ISO/IEC 27001 certification||No|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||Yes|
|Any other security certifications||Cyber Essentials CREST certified|
|Named board-level person responsible for service security||Yes|
|Security governance certified||No|
|Security governance approach||CiviQ has a range of policies and dedicated staff covering security governance. We are currently working towards ISO 27001 accreditation for Information Systems security.|
|Information security policies and processes||CiviQ follow the reporting and documentation structures as recommended within the ISO 27001 specification.|
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||
GIT is used to support version control and development. All updates are tested within development environments before being sent to test servers and then live servers
Regression testing is performed.
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||Security audits including penetration testing carried out annually. OS and technology stack is continually patched. Core framework is continually patched. Dev and ops teams subscribe to all relevant industry security bulletins and alerts.|
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||New Relic Application performance management service. A monitoring Daemon runs on every VPS. This analysis server and application performance, and historical data patterns. This monitoring provides alerts if unusual performance or activity takes place. Data from this service is also used to tune and improve performance of the apps. All Logs are also routinely analysed for unusual activity.|
|Incident management type||Supplier-defined controls|
|Incident management approach||
Users can report incidents via email , telephone or the helpdesk.
CiviQ has numerous techniques for evaluating code changes on the server including unauthorised access and modification of the codebase. These include our version control system and Application performance management systems.
When incidents have closed, a full report will be provided to the customer.
|Approach to secure software development best practice||Conforms to a recognised standard, but self-assessed|
Public sector networks
|Connection to public sector networks||No|
|Price||£3990 per licence per year|
|Discount for educational organisations||Yes|
|Free trial available||Yes|
|Description of free trial||A two week free trial will be provided upon request.|