AdviseInc Ltd

CultureBlox

CultureBlox is a platform for defining, measuring and monitoring your organisation's perfect culture.

Features

  • Remote Access
  • Accessible via any device
  • Real time reporting
  • Management Dashboard and KPI's

Benefits

  • Define and manage your perfect culture
  • Measure culture adoption by Organisation, Division, Department and individual
  • Employees update content and demonstrate how culture is being embraced
  • Heat maps and KPI's on adoption of behaviours

Pricing

£0.42 to £9.10 a user a month

Service documents

Framework

G-Cloud 12

Service ID

3 4 2 4 8 7 7 3 4 8 1 6 0 2 8

Contact

AdviseInc Ltd

Mathew Oram

0207 112 9222

info@adviseinc.co.uk

Service scope

Software add-on or extension
No
Cloud deployment model
Private cloud
Service constraints
There are no specific constraints other than an internet connection with browser is required. Internet Explorer 8 and above. All other main browsers are supported.
System requirements
  • Internet Connection
  • Browser (IE8+ and other modern browsers)

User support

Email or online ticketing support
Email or online ticketing
Support response times
24/7 we have an alert system in place which lets us know if there is a urgent issue with one of our sites e.g. there is an unscheduled outage. We respond to every non-urgent ticket within 24 hours Monday to Friday. Most of tickets are resolved within a 24 hour period too. Where a ticket requires further investigation/development the customer is kept informed and regularly updated.The initial response to a customer support requests will be within the hour. Support is offered Monday to Friday 9am - 5pm (excluding UK Bank Holidays).
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
We can provide the services of an onsite consultant to resolve issues and also help with the implementation or ongoing maintenance of the platform, This support will be charged out on a time and materials basis and rates will depend on the complexity and seniority of resource that is required to attend.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
CultureBlox is a very straight forward application to use for the end user. We however do provide comprehensive documentation, plus access to online or onsite training should the customer request this. In order to get started on the platform we require a simple data template to be completed, we then use this to configure the platform. Users can either self register (triggered by our notification) or can be loaded on mass with requests then issued to the user to login and change their password.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
The customer can extract data from the platform (administrator only) at any time as this access is provided. The customer will need to extract this data before the contract termination date, as access will be removed at this stage.
End-of-contract process
At the end of the contract access to the CultureBlox platform is removed. The administrator for the customer can extract data from the platform. The only additional costs that are charged at the end of a contract are in relation to a) continuing to supply the site on a Read only basis for an agreed period and b) exporting the data across to the new system if this is a requirement.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
We have taken a "mobile first" approach to developing our product.The sites are built mobile first and therefore they automatically resize to the device from which they have been accessed. The user receives all the functionality whether they are on a mobile or desktop. Many users though use their desktops when they are creating reports of a large number of users because of the amount of data that has to be displayed.
Service interface
No
API
Yes
What users can and can't do using the API
There are many APIs in place across our site. They are used for a variety of purposes, authenticating users through from another site; passing data between sites to provide a user with comprehensive information about them and linking to other sites e.g. providing access to other resources. We have experience of using REST and SOAP APIs and we have our own API. Our users can set up services using one of these methods. To date we have always be able to set up an API.
API documentation
Yes
API documentation formats
PDF
API sandbox or test environment
No
Customisation available
Yes
Description of customisation
The product can be customised in terms of look and feel, custom content and workflows can also be added very quickly to the product. The customisations can take place via our development team, local customisations can also be implemented by a local trained administrator.

Scaling

Independence of resources
The platform is fully scalable. Our technology partners support organisations with millions of users utilising products built on the same technology stack. Our partners test scalability and simulate peak demand on a regular basis to ensure users are not impacted. High demand from our users will not have any impact on our user experience.

Analytics

Service usage metrics
Yes
Metrics types
The system provides a dashboard for administrators and management that shows the usage of the platform. The data can also be exported by an administrator.
Reporting types
  • Real-time dashboards
  • Reports on request

Resellers

Supplier type
Reseller providing extra support
Organisation whose services are being resold
CultureBlox

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Yes
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
In-house
Protecting data at rest
Physical access control, complying with CSA CCM v3.0
Data sanitisation process
No
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
An administrator has access to export their data in real time in CSV.
Data export formats
  • CSV
  • Other
Other data export formats
ZIP
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
At CultureBlox we achieve a KPI of 99.9% uptime on all our sites. On the rare occasions a problem occurs we provide our customers with a contractual statement in terms of our support; · Critical; application is unavailable Response in an hour with hourly updates. · High Priority; a critical major function is unavailable Response in an hour and a fix time asap · Normal Priority; a major function is unavailable Response in 1 working day and agreed plan for fix. · Low Priority; users has questions about site
Approach to resilience
We utilise a third party, all information is available on request.
Outage reporting
Any outages are notified via e-mail to all users.

Identity and authentication

User authentication needed
Yes
User authentication
Username or password
Access restrictions in management interfaces and support channels
The core platform has groups roles and permissions, we have a granular way or granting access to differing levels of management interface. we can grant access to reporting, user management and content authoring depending on the client requirements.
Access restriction testing frequency
Less than once a year
Management access authentication
Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
QMS International
ISO/IEC 27001 accreditation date
27/11/2019
What the ISO/IEC 27001 doesn’t cover
All parts of our service are covered.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
The security of our customers data is of upmost importance. We have a Data Protection Officer at board level, our technology partners are all IS0 27001 certified and we are GDPR compliant. Our team regularly discuss data security with our partners as part of our ongoing relationship.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
At CultureBlox we have change management professionals within our organisation. We have a clearly defined configuration process that we complete with our customers, through this process we discuss all aspects of configuration, their impact on process and end users and agree an implementation plan that incorporates all best practice for change management (stakeholder mapping, communication plans etc.). The security impact is discussed and assessed as part of our implementation process with the customer.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
The vulnerability of our platform is under constant review. All our sites are accessed via a web application firewall as our initial defence. Data submitted is checked for SQL injection. User data which is not output disabled is sanitised as the page is generated. Our security manager is active in local and national security groups to enable them to keep up to date with new threats. Severity of threat defines the speed of deployment, critical treats will be deployed as soon as a fix has been developed and tested normally within 24 hours.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
We identify potential treats from testing and analysis of log files. All suspicious activity detected by our WAF is passed to our SEIM along with all server logs. A potential compromise is classed as a critical event, and is immediately escalated to our security manager and senior developers for assessment of possible impact. If the impact is deemed critical then it will be treated as a priority one development task and resources immediately assigned with a fix deployed as soon as it is tested.
Incident management type
Supplier-defined controls
Incident management approach
Our security and quality processes drive our incident management. Our Security incident reporting policy defines the process to follow and how to escalate reported incidents. Written incident reports are provided electronically to any client affected by an incident and have board level oversight of the report and remedial requirements from any incident.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
Yes
Connected networks
NHS Network (N3)

Pricing

Price
£0.42 to £9.10 a user a month
Discount for educational organisations
No
Free trial available
No

Service documents

Return to top ↑