Congruis Limited

Total Digital Engagement

Total Digital Engagement solutions serve the trusted interaction needs of employees, customers and partners - with data and processes, with conversations and directories - in business and voluntary communities - massive, medium and small; closely or loosely knit; local, regional, national or global.


  • Total Digital Engagement with Data, Knowledge, Conversations and Directories
  • Data from most business processes: customer, operations, resources, change
  • Data of any form: structured, unstructured, files, multi-media
  • Conversations over any channel: messaging, forum, chat, video conference
  • Directories of all participants: people, groups, organisations
  • Multi-layer privacy and security
  • Intuitive Responsive User Experience
  • Comprehensive integrations including SAML, messaging, HTML , APIs
  • Experienced business consultants and analysts align technology to business needs
  • Discplined agile approach


  • New levels of business engagement with employees, customers and partners
  • New levels of effectiveness and efficiency
  • Collaborative consultation enables top-to-toe involvement
  • Open Source based with related cost savings
  • Proven experienced business, design and development practitioners
  • Accelerated delivery of MVP - typically 8 weeks


£4.00 per user per month

Service documents

G-Cloud 10


Congruis Limited

Alan Whitfield

020 7788 7489

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints None
System requirements Linux Servers

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Within 1 hour
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support Web chat
Web chat support availability 9 to 5 (UK time), 7 days a week
Web chat support accessibility standard WCAG 2.0 A
Web chat accessibility testing HTML5 accessibility with all major browsers : Firefox, Chrome, IE, Edge, Safari

JAWS and NVDA under test
Onsite support Yes, at extra cost
Support levels First line support is available 24x7 via email, bug report and, optionally, video conference. All requests for fix and for change are recorded and progressed through our own Ticket system. Users are kept up to date with ticket progression and resolution.

Video conferencing is an optional service - its cots is related to the overall solution being delivered

A technical account manager is always assigned.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Wididi software is designed for ease of use and zero training. Deeper functionality - specifically that for administrators - has online familiarization and online training. Onsite training is optional.
Service documentation Yes
Documentation formats HTML
End-of-contract data extraction Data can be extracted in any required format: SQL tables; XML; CSV
End-of-contract process First level support for end-of-contract decoupling is included. the cost of additional consultation and development activity is not included.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Layout, navigation and file store/photography are optimized for mobile devices.

A desktop version can be used on either mobile or desktops devices by user selection.
Accessibility standards WCAG 2.0 A
Accessibility testing JAWS and NVDA are supported across all fucntionality
What users can and can't do using the API Users can exchange data through the API but cannot set up the service.
API documentation Yes
API documentation formats PDF
API sandbox or test environment No
Customisation available Yes
Description of customisation Every page can be administered by an appointed set of user. They can contribute and control headers, static articles, dynamic articles, polls, questionnaires, users etc.


Independence of resources At an IAAS level, the architecture is based on the use of virtual machines and scales linearly within design parameters. Usage profiles are continuously monitored and new VM's and hardware are added as demand dictates.


Service usage metrics Yes
Metrics types All page actions, including files downloaded, can be tracked, with time resolution down to the second, and monitored by object and by person.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Reseller providing extra features and support
Organisation whose services are being resold Wididi

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations European Economic Area (EEA)
User control over data storage and processing locations Yes
Datacentre security standards Managed by a third party
Penetration testing frequency At least every 6 months
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach As appropriate users can export through SQL database exports, XML, CSV files
Data export formats
  • CSV
  • Other
Other data export formats
  • XML
  • JSON
  • .xls
  • .doc
Data import formats
  • CSV
  • ODF
  • Other
Other data import formats
  • XML
  • SQL Schema
  • JSON

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
  • Other
Other protection within supplier network Database encryption

Availability and resilience

Availability and resilience
Guaranteed availability SLA's are agreed with each client, as are all commercial arrangements
Approach to resilience Resilience is built into the Total Digital Engagement from its inception. The design of core infrastructure facilities is built on various N+1 component arrays (power supply; routers; firewalls etc.) and failover capabilities (including virtual machines).

In addition, constant monitoring of resilience allow us to take proactive measures to improve it without the risk of failure. We use internal and external dashboards, with carefully selected and maintained alarms and alerts, to proactively prevent failures and plan effectively as systems evolve.

At suitable planned outages we run undertake various failure simulations to ensure that designs and configurations continue to achieve their original objectives and levels of service.
Outage reporting Planned outages are discussed and agreed with each client.
Should they occur, unplanned outages are reported by email to each client.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels Access to all service interfaces (for consumers and providers) is constrained to authenticated and authorised individuals, who in the case of management interfaces and support channels have been carefully vetted.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications
  • Cyber Essentials
  • ISO27001 accreditation is in process

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach We are currently in the process of ISO27001 accreditation - based on existing well documented security policies and practices.
Information security policies and processes We have extensive security policies and processes based on many years of delivery in HMG in the UK and various agencies in Europe.

Heads of Consulting, Development and Operations report on security issues and progress to the CISO, who in turn reports to the CEO.

Security exceptions and incidents have their own RAG status with Red items being flagged immediately to the CISO and the CEO - the CISO taking immediate charge of all related management and resolutions actions.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach A unique version is given to, and maintained for, each configurable item e.g. document control number, software version, machine model number etc. Information about the status of each configurable items is recorded, maintained, and reported and may include physical location of configurable item, current status of proposed and approved changes, and who all have access to the item. Configurable items are stored and protected from unauthorized access and unapproved changes and are subject to regular audit. All changes are subject to a total impact analysis, including security, via a Change Request submitted, and potentially approved, by a Change Request Board.
Vulnerability management type Undisclosed
Vulnerability management approach All assets are clearly identified, categorized, recorded and assigned an owner. Potential threats are identified through a number of service suppliers and a UK WARP. Highest priority patches can be deployed as soon as the CRB grants permission.
Protective monitoring type Undisclosed
Protective monitoring approach We run a comprehensive set of monitoring and logging mechanisms as well as user reporting facilities

Should we become aware of an incident, either external or internal, the system owner works with the system administrator responsible for the comprised system/component in order to determine the extent of the breach, if any, as well as agree a plan to mitigate the damage and resolve the compromise. An emergency CRB can give permission for an immediate response if the priority of the compromise warrants this action.
Incident management type Undisclosed
Incident management approach Incident management processes exist for recurring incidents including software bug reports, new security threats and security compromises. Users can report incidents through service desk email, video conference and administrators can register an incident via an online facility.

Incident reports are provided to clients via email.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No


Price £4.00 per user per month
Discount for educational organisations No
Free trial available No


Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Terms and conditions document View uploaded document
Return to top ↑