Brandworkz Brand Management Software

Brandworkz offers effective online digital asset management (DAM) and brand management including full customised artwork generation. It’s easy to use and provides complete control, brand compliance, content consistency and rapid distribution of your brand assets to approved users for inclusion in channel optimised communications materials.


  • Online access to approved brand resources
  • Centralised repository for all digital assets
  • Workflow for approvals process
  • Image library
  • Web2Print from brand compliant templates
  • Integrations for Microsoft Office, CMS, eCommerce and CRM solutions
  • Defined access based on user permissions
  • Reporting, MI and integration with Analytics packages
  • Enterprise search
  • Secure cloud hosting environment


  • Controls the distribution of your digital and brand assets
  • Ensures brand consistency across multiple channels
  • Improves brand awareness and education
  • Easy to use
  • No need for expensive desktop publishing software
  • Faster and more efficient artwork production
  • Reduces time spent searching for digital assets
  • Reduces design and artwork costs
  • Generates controlled and high-quality design outputs
  • Seamless design for print and digital solutions including Social Media


£15000 per instance per year

  • Education pricing available

Service documents

G-Cloud 10



James Davis

0113 399 4076

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints Any planned maintenance around fixes and upgrades is agreed with the client in advance, and timed to take place during low impact periods (weekends, night time etc.)
System requirements Web access via common major browser

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Brandworkz respond to urgent faults within 4 working hours and initiate remedial work immediately. Target resolution time is within 8 Working Hours. Note that our average time to resolve these faults are approx. 20 minutes.
Response to High Faults within 4 Working Hours and initiate remedial work immediately. Target resolution time will be within 24 Working Hours. Note that our average time to resolve these faults are approx. 40 minutes.
Response to Normal Faults within 8 working hours.
1) If resolution is possible without new code release: 5 working days otherwise 1-3 months.
Response will be affected outside weekday hours.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support No
Support levels Brandworkz provide a consistent level of support for all clients, as dictated by our service level agreement built into all contracts.
All clients have named administrator access to our helpdesk (email or phone). However, the logging of an incident must always be done by a clients 1st line support by sending an email with enough detail for us to replicate the issue. The response time is calculated as starting from the time this email is received.
Response times are included in the previous section. As a result of our support we contractually agree to offer 99.9% guaranteed availability over the course of any 12 month period measured as HTTP response availability of the log-in page of your web application as measured by us. If this is not achieved, we credit the cost of 1 day of SaaS service costs for every 15 minutes for which the site is unavailable, up to an aggregate maximum of two hours unavailability of the site in any one calendar month provided that you report the unavailability and request the credit in writing to us within two Business Days of the downtime occurring.
Support costs are built into the SaaS license.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Brandworkz is an extremely user intuitive system to work within and therefore our experience is that minimal training is required whether it be for administrators or front-end users. Typically, 1-2 days training is need for the former dependent upon the modules employed. Included in this training is a section that covers the front-end user interface, which has allowed our customers then to use administrators as an internal training resource.
However, training and help material is provided to all users via the ‘help’ link in every instance of Brandworkz. This takes the user to a video enabled help site, covering advice on all main tasks.
Further training and help material can be produced and held within the system itself, and can be in the form of documentation, web articles or videos.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction Client admins have full access to all data during the lifecycle of the system and can, at any time, conduct a full export of meta and download of assets.
Furthermore Brandworkz exit management policy includes provision for data extraction as a part of the contract.
End-of-contract process The exit management schedule states: 1 Migration
1.1 Where the Services provided to Customer are dependent on equipment which is not owned by Customer, Supplier will ensure the necessary migration of all Supplier Software, data and other materials from such equipment to similar equipment owned by Customer or a new service provider. Implementation of the change shall be carried out by Supplier in such a way as to cause the minimum possible disruption to the supply of the Services.
1.2 Any costs for professional services to complete such a migration will be quoted for by the supplier and agreed between the customer and the supplier in advance.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The DAM element of Brandworkz is based on a responsive design so that the display will adjust to the screen size of the device being used i.e. on a mobile device the assets will display as a single column and the menu will concertina. Not all modules are yet mobile optimised though; whilst the brand guidelines and workflow modules are accessible via any browser device the features are not all optimised for view and touch screen use.
Accessibility standards WCAG 2.0 A
Accessibility testing Full compliance would be a collaboration between our software and the client configuration and content. Extra costs may result.
Our core front-end features can be compliant. Note that not all sections of the admin/back-end functionality is compliant.
Also note that with regards to choosing an on-brand colour scheme you will be limited as AA or AAA compliance of course necessitates a certain amount of contrast for text. Also, note that there will be factors to consider around this during the project phase as certain functionality may have to be disabled if full compliance is a must.
What users can and can't do using the API Yes: The Brandworkz REST/JSON based, open API is ready to be used on projects where tight integration with third party systems is needed; CMS, Ecommerce, Email marketing etc.
Our open RESTFUL/JSON API system is built as a SOA (Service Oriented Architecture). This means that the functionality of the system is broken out into separate services, for example, a service that deals with assets, another for albums, another for categories, etc.
Each service then is a standalone entity that communicates using the same architecture.
The benefits of this approach for developers and clients are:
- Speed
- Scalability
- Stability
- Monitoring
​- Development Time
API documentation Yes
API documentation formats
  • Open API (also known as Swagger)
  • HTML
  • ODF
  • PDF
  • Other
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Brandworkz is a fully functional Brand Management portal. Customisation can fall into two categories:
1. Standard configuration inc. site skin, choice of page templates, content architecture, meta-schema, logo finder structure, showcase structure, user groups, permissions, reports, workflow stages. All of these elements can be configured by system admins at Brandworkz or on the client team following appropriate training, using the admin interface provided as standard.
2. Bespoke customisation: Clients are able, with our help, to customise elements such as:- page templates, integrations, SSO (Single Sign On), new features (either bespoke or directed development approach), mobile apps. Depending on the nature of the customisation the work would need to be carried out by the Brandworkz product team based on agreed specification s with the client.


Independence of resources All server types are in auto-scaling clusters, which means that if the number of simultaneous users increases, we will automatically launch more servers to deal with the increased demand.
Auto-scaling is included for the following server types:
• Web-servers:
• Image transcoding servers:
• Video transcoding servers:
• Zip servers:


Service usage metrics Yes
Metrics types The Brandworkz reporting module enables reporting on asset usage, including detailed reports on downloads and uploads. Configurable reports included in the system are:
Individual logins
Individual groups
Individual assets
Top 100 viewed assets
Top 100 viewed folders
Top 100 downloaded assets
Top 100 search terms
Top 100 users (based on number of logins)
Top 100 users (based on no. of downloads)
Top 100 download wizards
Top 100 IP addresses
Uploads for a time period
Downloads for a time period
Logins for a time period
Asset Views for a time period
Folder Views for a time period
Disk space usage
Reporting types
  • API access
  • Real-time dashboards
  • Reports on request


Supplier type Reseller providing extra features and support
Organisation whose services are being resold Brandworkz

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations European Economic Area (EEA)
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least every 6 months
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Typically;
• All assets exported to a folder hierarchy matching the one set up in the web-UI,
• Associated spreadsheets/CSV files for each section with all metadata present for each asset.
This provides the most flexible and standard ability to import the assets and the associated metadata into another system.
If required we can explore using sidecar files for associated metadata, though this adds time.
Timescale and effort will vary based on the amount of assets but all assets would be exported within 2 to 5 days of effort. We would typically do this within 30 days.
Data export formats
  • CSV
  • ODF
  • Other
Other data export formats
  • Virtually any digital file type can be stored and managed.
  • All major Image types
  • All major document formats
  • All major video types
  • All major audio file types
Data import formats
  • CSV
  • ODF
  • Other
Other data import formats
  • Virtually any digital file type can be stored and managed.
  • All major Image types
  • All major document formats
  • All major video types
  • All major audio file types

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability We guarantee 99.9% availability over the course of any 12 month period measured as HTTP response availability of the log-in page of your web application as measured by us.
1: Guaranteed Availability excludes scheduled downtime including:
- required restarts after installation of critical software updates or software installations which will so far as possible be performed outside Business Hours and
- scheduled hardware/software updates to the network (which is usually performed between 1 and 5 am in the morning UK time).
2: Guaranteed availability excludes unavailability occurring due to technical faults arising on networks outside the control of our hosting provider.
If Guaranteed Availability is not achieved, we will credit you the cost of 1 day of your SaaS service costs for every 15 minutes for which the site is unavailable below the level of Guaranteed Availability up to an aggregate maximum of two hours unavailability of the site in any one calendar month provided that you report the unavailability and request the credit in writing to us within two Business Days of the downtime occurring. In the event that you are entitled to multiple credits arising from the same event, such credits shall not be cumulative.
Approach to resilience Our hosting partner is Amazon Web Services who operate some of the most secure, state-of-the-art facilities in the world:
- UK and other clients are hosted in Amazon Ireland (across multiple data centers) Backup and Disaster Recovery is at Amazon Frankfurt, Germany
- 24 hour video recording/surveillance.
- Bio-metric entry.
- Dry-pipe fire suppression.
- 20 mins battery power for entire building in case of power brownouts
- Diesel generators for power in case of power blackouts
Hosting Security Overview:
- All client data encrypted at rest (AES-128)
- Encryption of data in transit (HTTPS/TLS – 2048bit)
- Firewalls (incl. NAT)
- Network monitoring and intrusion prevention (DDOS, MITM, IP spoofing, Port Scanning, Packet Sniffing)
- Minimal attack-surface
- Hosting provider has following accreditations: ISO 27001, PCI DDS Level 1, SOC 1/SSAE 16/ISAE 3402 (SAS70), SOC 2, SOC3 FISMA, DIACAP, FedRAMP, DOD CSM levels 1-5, ITAR, FIPS 140-2, MTCS Level 3, HIPAA, CSA, MPAA
- Dev, QA and Production environments completely segregated
- Only necessary ports open
- Trend Micro anti-malware installed
- Hardened OS
Outage reporting Our internal monitoring includes tools such as:
Uptime Robot, AOI Science and AWS Alerting. These provide us emails and sms alerts as to outage or performance issues, along with our own dashboard monitoring.
Outages are communicated to clients via email with full details as to cause and resolution activity.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels Granular user permissions are easily created and managed in Brandworkz by your administrators; setting up appropriate groups, with associated permissions, that multiple users can be added to. The actual configuration of permissions is done through simple clicks against folders that you want to allow or restrict access to.
Your administrators, by virtue of their user profile in the system, will have access to a specific management interface where they alone will be be able to manage elements including:
-Site Skin (Branding)
-Page Templates
-Download wizards
-Hot folders
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 Ernst & Young
ISO/IEC 27001 accreditation date 11/12/2013
What the ISO/IEC 27001 doesn’t cover Certificate covers our cloud-hosting service.
Internal/office IT processes not covered.
ISO 28000:2007 certification No
CSA STAR certification Yes
CSA STAR accreditation date 11/12/2013
CSA STAR certification level Level 3: CSA STAR Certification
What the CSA STAR doesn’t cover Certificate covers our cloud-hosting service.
Internal/office IT processes not covered.
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes The hosting provider is accredited to PCI DDS Level 1, SOC 1/SSAE 16/ISAE 3402 (SAS70), SOC 2, SOC3 FISMA, DIACAP, FedRAMP, DOD CSM levels 1-5, ITAR, FIPS 140-2, MTCS Level 3, HIPAA, CSA, MPAA

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Internal change processes to general software:
• Write business case,
• Approve business case
• Write technical spec and if relevant design wireframes and visuals
• Optionally invite interested clients to review if major change/improvement
• Approve spec
• Enter change as ticket(s) in Jira – including assign to upcoming release
• Code the changes incl. peer review
• Commit code changes to GIT
• Submit Jira tickets to testing and QA
• Functional, integration and scalability testing
• Change will become part of general release and outlined in release notes
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach * Regular scheduled scans with Qualysguard Vulnerability Management (DAST/WAS and VM)
* Prioritisation as per Qualysguard severity ranking
* Critical are scheduled for implementation/hotfix immediately
* Hotfix regression tested, deployed and a rescan done to confirm fix
* The timescale for implementing severities less than critical are evaluated on a case-by-case basis and are typically released as part of our software release schedule
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach * QualysGuard penetration and DAST testing.
* Pro-active monitoring of entire environment via AWS Inspector (pro-active monitoring of services/processes, abnormal activity on servers, etc. Scheduled security assessments running automatically, with pro-active alerting).
* Log shipping to protected log store for log files (AWS CloudTrail + shipping of own log files to offsite ElasticSearch index)
Incident management type Supplier-defined controls
Incident management approach Yes Brandworkz have a well defined and documented approach to cover system and security incidents. Relevant staff are trained in these processes and they are detailed, reviewed and made available to staff in these specific policies:
1.Security Breach procedure
2. Business Continuity Policy
3. Information Security Policy
Our security breach procedure in particular includes steps for identifying, resolving and reporting on incidents.
We are happy to supply the full documentation on request.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No


Price £15000 per instance per year
Discount for educational organisations Yes
Free trial available No


Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑