CultureBlox
CultureBlox is a platform for defining, measuring and monitoring your organisation's perfect culture.
Features
- Remote Access
- Accessible via any device
- Real time reporting
- Management Dashboard and KPI's
Benefits
- Define and manage your perfect culture
- Measure culture adoption by Organisation, Division, Department and individual
- Employees update content and demonstrate how culture is being embraced
- Heat maps and KPI's on adoption of behaviours
Pricing
£0.42 to £9.10 a user a month
Service documents
Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format,
email the supplier at info@adviseinc.co.uk.
Tell them what format you need. It will help if you say what assistive technology you use.
Framework
G-Cloud 12
Service ID
3 4 2 4 8 7 7 3 4 8 1 6 0 2 8
Contact
AdviseInc Ltd
Mathew Oram
Telephone: 0207 112 9222
Email: info@adviseinc.co.uk
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Private cloud
- Service constraints
- There are no specific constraints other than an internet connection with browser is required. Internet Explorer 8 and above. All other main browsers are supported.
- System requirements
-
- Internet Connection
- Browser (IE8+ and other modern browsers)
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- 24/7 we have an alert system in place which lets us know if there is a urgent issue with one of our sites e.g. there is an unscheduled outage. We respond to every non-urgent ticket within 24 hours Monday to Friday. Most of tickets are resolved within a 24 hour period too. Where a ticket requires further investigation/development the customer is kept informed and regularly updated.The initial response to a customer support requests will be within the hour. Support is offered Monday to Friday 9am - 5pm (excluding UK Bank Holidays).
- User can manage status and priority of support tickets
- No
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
- We can provide the services of an onsite consultant to resolve issues and also help with the implementation or ongoing maintenance of the platform, This support will be charged out on a time and materials basis and rates will depend on the complexity and seniority of resource that is required to attend.
- Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- CultureBlox is a very straight forward application to use for the end user. We however do provide comprehensive documentation, plus access to online or onsite training should the customer request this. In order to get started on the platform we require a simple data template to be completed, we then use this to configure the platform. Users can either self register (triggered by our notification) or can be loaded on mass with requests then issued to the user to login and change their password.
- Service documentation
- Yes
- Documentation formats
-
- HTML
- End-of-contract data extraction
- The customer can extract data from the platform (administrator only) at any time as this access is provided. The customer will need to extract this data before the contract termination date, as access will be removed at this stage.
- End-of-contract process
- At the end of the contract access to the CultureBlox platform is removed. The administrator for the customer can extract data from the platform. The only additional costs that are charged at the end of a contract are in relation to a) continuing to supply the site on a Read only basis for an agreed period and b) exporting the data across to the new system if this is a requirement.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 8
- Internet Explorer 9
- Internet Explorer 10
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari 9+
- Opera
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- We have taken a "mobile first" approach to developing our product.The sites are built mobile first and therefore they automatically resize to the device from which they have been accessed. The user receives all the functionality whether they are on a mobile or desktop. Many users though use their desktops when they are creating reports of a large number of users because of the amount of data that has to be displayed.
- Service interface
- No
- API
- Yes
- What users can and can't do using the API
- There are many APIs in place across our site. They are used for a variety of purposes, authenticating users through from another site; passing data between sites to provide a user with comprehensive information about them and linking to other sites e.g. providing access to other resources. We have experience of using REST and SOAP APIs and we have our own API. Our users can set up services using one of these methods. To date we have always be able to set up an API.
- API documentation
- Yes
- API documentation formats
- API sandbox or test environment
- No
- Customisation available
- Yes
- Description of customisation
- The product can be customised in terms of look and feel, custom content and workflows can also be added very quickly to the product. The customisations can take place via our development team, local customisations can also be implemented by a local trained administrator.
Scaling
- Independence of resources
- The platform is fully scalable. Our technology partners support organisations with millions of users utilising products built on the same technology stack. Our partners test scalability and simulate peak demand on a regular basis to ensure users are not impacted. High demand from our users will not have any impact on our user experience.
Analytics
- Service usage metrics
- Yes
- Metrics types
- The system provides a dashboard for administrators and management that shows the usage of the platform. The data can also be exported by an administrator.
- Reporting types
-
- Real-time dashboards
- Reports on request
Resellers
- Supplier type
- Reseller providing extra support
- Organisation whose services are being resold
- CultureBlox
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Security Clearance (SC)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Managed by a third party
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- In-house
- Protecting data at rest
- Physical access control, complying with CSA CCM v3.0
- Data sanitisation process
- No
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
- An administrator has access to export their data in real time in CSV.
- Data export formats
-
- CSV
- Other
- Other data export formats
- ZIP
- Data import formats
- CSV
Data-in-transit protection
- Data protection between buyer and supplier networks
- TLS (version 1.2 or above)
- Data protection within supplier network
- TLS (version 1.2 or above)
Availability and resilience
- Guaranteed availability
- At CultureBlox we achieve a KPI of 99.9% uptime on all our sites. On the rare occasions a problem occurs we provide our customers with a contractual statement in terms of our support; · Critical; application is unavailable Response in an hour with hourly updates. · High Priority; a critical major function is unavailable Response in an hour and a fix time asap · Normal Priority; a major function is unavailable Response in 1 working day and agreed plan for fix. · Low Priority; users has questions about site
- Approach to resilience
- We utilise a third party, all information is available on request.
- Outage reporting
- Any outages are notified via e-mail to all users.
Identity and authentication
- User authentication needed
- Yes
- User authentication
- Username or password
- Access restrictions in management interfaces and support channels
- The core platform has groups roles and permissions, we have a granular way or granting access to differing levels of management interface. we can grant access to reporting, user management and content authoring depending on the client requirements.
- Access restriction testing frequency
- Less than once a year
- Management access authentication
- Username or password
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- Users have access to real-time audit information
- How long supplier audit data is stored for
- User-defined
- How long system logs are stored for
- User-defined
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- QMS International
- ISO/IEC 27001 accreditation date
- 27/11/2019
- What the ISO/IEC 27001 doesn’t cover
- All parts of our service are covered.
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
- The security of our customers data is of upmost importance. We have a Data Protection Officer at board level, our technology partners are all IS0 27001 certified and we are GDPR compliant. Our team regularly discuss data security with our partners as part of our ongoing relationship.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
- At CultureBlox we have change management professionals within our organisation. We have a clearly defined configuration process that we complete with our customers, through this process we discuss all aspects of configuration, their impact on process and end users and agree an implementation plan that incorporates all best practice for change management (stakeholder mapping, communication plans etc.). The security impact is discussed and assessed as part of our implementation process with the customer.
- Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
- The vulnerability of our platform is under constant review. All our sites are accessed via a web application firewall as our initial defence. Data submitted is checked for SQL injection. User data which is not output disabled is sanitised as the page is generated. Our security manager is active in local and national security groups to enable them to keep up to date with new threats. Severity of threat defines the speed of deployment, critical treats will be deployed as soon as a fix has been developed and tested normally within 24 hours.
- Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
- We identify potential treats from testing and analysis of log files. All suspicious activity detected by our WAF is passed to our SEIM along with all server logs. A potential compromise is classed as a critical event, and is immediately escalated to our security manager and senior developers for assessment of possible impact. If the impact is deemed critical then it will be treated as a priority one development task and resources immediately assigned with a fix deployed as soon as it is tested.
- Incident management type
- Supplier-defined controls
- Incident management approach
- Our security and quality processes drive our incident management. Our Security incident reporting policy defines the process to follow and how to escalate reported incidents. Written incident reports are provided electronically to any client affected by an incident and have board level oversight of the report and remedial requirements from any incident.
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Public sector networks
- Connection to public sector networks
- Yes
- Connected networks
- NHS Network (N3)
Pricing
- Price
- £0.42 to £9.10 a user a month
- Discount for educational organisations
- No
- Free trial available
- No
Service documents
Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format,
email the supplier at info@adviseinc.co.uk.
Tell them what format you need. It will help if you say what assistive technology you use.