Crowdicity is a market leading innovation and idea management platform.
Using Crowdicity will help you discover and action the best ideas and insights from anyone whose experience can help your organisation do things better.
Set challenges, capture ideas, collaborate, vote, review, and select the most valuable outputs.
- Customisable innovation or idea management workflows
- Idea scoring and moderation
- User and crowd segmentation or grouping
- Multiple Ideation workflow types including ‘Open’, ‘funnelled’, ‘milestone’ and ‘incubator’
- Email management
- Real time reporting and analytics
- Simple setup and integration (SaaS)
- Compatible with Single Sign On (SSO) and Active Directory
- Effectively capture and manage ideas
- Create a culture of innovation
- Refine and iterate ideas
- Manage multiple crowds from one platform
- Engage employees across locations and functions
- Encourage and reward feedback and participation
- Run hackathons and innovation workshops
- Identify efficiencies and cost savings
- Capture ideas from within and outside of your organisation
- Launch innovation challenges without IT support
£2500 per licence per quarter
- Free trial available
+44 203 8808383
|Software add-on or extension||No|
|Cloud deployment model||Public cloud|
|Service constraints||Crowdicity requires browser access|
|Email or online ticketing support||Email or online ticketing|
|Support response times||
Crowdicity Support is available 9am-5.30pm Monday-Friday.
Critical issues will be responded to within 3 hours
|User can manage status and priority of support tickets||No|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
|Onsite support||Onsite support|
All Crowdicity licenses come with training for platform administrators and moderators, technical platform setup and on-going account management included within the license price.
On-site support and custom development services are available on request.
|Support available to third parties||Yes|
Onboarding and offboarding
Crowdicity is designed to be used ‘out of the box’. All licenses include full admin training a 24/7 helpdesk and ongoing technical support.
Should you require it, Crowdicity may also offer a dedicated account manager to help develop a project and launch plan, ensuring a successful start to your open innovation program.
As a cloud service (SaaS) a Crowdicity platform may be up and running within 24 hours of contract signature.
On-site training available
|End-of-contract data extraction||Crowdicity Platform administrators may export community data at any point during a license term via XLS, CSV or Crowdicity's API|
|End-of-contract process||Crowdicity Platform administrators may export community data at any point during a license term via XLS, CSV or Crowdicity's API|
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||All user features are available on both desktop and mobile devices. Platform administrators will require a desktop device to make changes to their community|
|What users can and can't do using the API||
The Crowdicity API allows data on the community to be edited and retrieved.
The Crowdicity API is able to:
-Retrieve information about challenges
-Fetch lists of ideas from challenges
-Get detailed voting and comment information for individual ideas
-Retrieve visible user profile information
-Create posts, comments and votes on behalf of the account through which the API is accessing the community
|API documentation formats|
|API sandbox or test environment||No|
|Description of customisation||
A Crowdicity innovation community is fully customisable. Users may:
- Add custom branding, content and imagery
- Upload video and rich content
- Create bespoke idea workflows
- Customise email notifications
- Design custom pages and site navigation
- Use custom URLs
- Segment a userbase
- Define user roles and access
|Independence of resources||Crowdicity is a scalable solution allowing us to increase the amount of available resources as demand increases. As a result, sufficient capacity remains available for all users.|
|Service usage metrics||Yes|
Crowdicity’s statistics suite allows administrators to see
the following statistics within the platform or as exportable Excel files:
• Total number of visits/new visits/returning visits
• Idea progress / stage
• Location of visitors
• Number of ideas
• Ideas by theme
• Ideas by status label
• Number of votes
• Number of comments
• Trending tags
• User Gender
• User Age
• Custom fields (e.g. department)
• New user registration
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||None|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||No|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider|
|Protecting data at rest||Physical access control, complying with SSAE-16 / ISAE 3402|
|Data sanitisation process||Yes|
|Data sanitisation type||Deleted data can’t be directly accessed|
|Equipment disposal approach||Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001|
Data importing and exporting
|Data export approach||Crowdicity Platform administrators may export community data at any point during a license term via XLS, CSV or Crowdicity's API|
|Data export formats||CSV|
|Data import formats||CSV|
|Data protection between buyer and supplier networks||TLS (version 1.2 or above)|
|Data protection within supplier network||TLS (version 1.2 or above)|
Availability and resilience
Uptime will be 99.9% (measured and calculated on an annualised basis).
Scheduled maintenance carried out during Normal Business Hours; provided that Crowdicity has used reasonable endeavors to give the customer one week’s notice. However, Crowdicity always aims to perform scheduled maintenance on Saturday mid-morning (GMT) to minimise disruption.
Unscheduled maintenance carried out during Normal Business Hours; provided that Crowdicity has used reasonable endeavors (where at all possible) to give the Customer at least 4 hours notice.
|Approach to resilience||Available on request|
|Outage reporting||Notifications are given through the presentation of a banner that is prominently displayed in the Crowd Management admin area of the system and where applicable, email alerts.|
Identity and authentication
|User authentication needed||Yes|
|Other user authentication||Crowdicity supports SAML-based single sign-on, allowing clients to run their own authentication methods if required.|
|Access restrictions in management interfaces and support channels||Clients can set access permissions for individual users in their communities. Users without admin permissions are prevented from accessing any management functions. Clients can add or remove admins at their discretion using the management interface.|
|Access restriction testing frequency||At least once a year|
|Management access authentication||Username or password|
Audit information for users
|Access to user activity audit information||Users contact the support team to get audit information|
|How long user audit data is stored for||At least 12 months|
|Access to supplier activity audit information||Users contact the support team to get audit information|
|How long supplier audit data is stored for||At least 12 months|
|How long system logs are stored for||Between 6 months and 12 months|
Standards and certifications
|ISO/IEC 27001 certification||No|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||No|
|Named board-level person responsible for service security||Yes|
|Security governance certified||No|
|Security governance approach||
Crowdicity use SSL encryption to secure every user's login details. SSL protects the transmission of your data while it travels over the internet, ensuring that it cannot be intercepted and examined en route.
Encryption level goes as high as 256bit (depending on browser), exceeding the 128bit level required in most online bank transactions. This ensures that your login details are well protected on the journey to our servers.
|Information security policies and processes||
Crowdicity employs a variety of measures to ensure that your data is kept secure.
-All servers run daily antivirus sweeps
- Intrusion detection systems check for any unexpected and unauthorised file changes.
-Each server runs a firewall which allows traffic only through required ports.
- Our database has a strict firewall, which prevents direct access from the internet. Only specified servers are allowed to access it.
- All web requests to Crowdicity are protected via SSL - nothing is sent in the clear. This ensures that data cannot be intercepted
Every piece of community-specific data stored in Crowdicity is tagged with the ID of the community it belongs to.
-logged-in user account’s permissions are checked against the community’s access settings. These checks prevent users from seeing data they are not authorised to see.
-User accounts are protected from dictionary-style attacks - several incorrect attempts will lock out an account for 15 minutes.
-Our servers are securely stored at Rackspace’s data centre in London. Rackspace employ the following measures:
Keycard protocols, biometric scanning protocols, and around-the-clock interior and exterior surveillance
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||
All updates, fixes and changes to Crowdicity pass through a multi-step process which includes a detailed specification, risk assessment, QA, code review, security test and internal sign-off.
Each change is considered for the impact it has on existing users and features by examining how it connects to existing systems, what new endpoints are created and what outputs those endpoints produce.
All outputs are thoroughly tested and checked to ensure that they can only expose information they are designed for, and that the information is presented only at appropriate permission levels.
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||
Threats are assessed via a detailed examination of existing and new features and the data outputs they produce. During development, OWASP guidelines for secure application builds are adhered to. Crowdicity is also subjected to a thorough annual penetration test to ensure it does not have any serious vulnerabilities.
Patches are deployed with 24 hours of a vulnerability being discovered.
Threat information is sourced from relevant vulnerability threat news sources and references to the CVE website.
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||
Potential compromises are identified through a mix of code review, internal vulnerability testing, external penetration testing, log review and intrusion detection systems.
When a potential compromise is found, affected systems are reviewed for the source of the compromise. Remedial action is taken, and the scale of the compromise is assessed.
We aim to respond to incidents within 24 hours of discovery.
|Incident management type||Supplier-defined controls|
|Incident management approach||
For likely events, we have processes in place that cover investigation, shutdown of affected systems if necessary, and the creation and testing of remedial actions.
Incidents are reported via the Crowdicity main contact address (firstname.lastname@example.org) and can also be passed to us via individual community admins and their account managers.
Incident reports are provided to affected clients via email, and include details of the extent of the incident, and if any action should be taken by the client to secure their data.
|Approach to secure software development best practice||Supplier-defined process|
Public sector networks
|Connection to public sector networks||No|
|Price||£2500 per licence per quarter|
|Discount for educational organisations||No|
|Free trial available||Yes|
|Description of free trial||Crowdicity can provide platform demonstrations in person or via teleconference. 30 free day trial periods are available on request.|