Crowdicity Ltd


Crowdicity is a market leading innovation and idea management platform.

Using Crowdicity will help you discover and action the best ideas and insights from anyone whose experience can help your organisation do things better.

Set challenges, capture ideas, collaborate, vote, review, and select the most valuable outputs.


  • Customisable innovation or idea management workflows
  • Idea scoring and moderation
  • User and crowd segmentation or grouping
  • Multiple Ideation workflow types including ‘Open’, ‘funnelled’, ‘milestone’ and ‘incubator’
  • Email management
  • Real time reporting and analytics
  • Simple setup and integration (SaaS)
  • Gamification
  • Compatible with Single Sign On (SSO) and Active Directory
  • API


  • Effectively capture and manage ideas
  • Create a culture of innovation
  • Refine and iterate ideas
  • Manage multiple crowds from one platform
  • Engage employees across locations and functions
  • Encourage and reward feedback and participation
  • Run hackathons and innovation workshops
  • Identify efficiencies and cost savings
  • Capture ideas from within and outside of your organisation
  • Launch innovation challenges without IT support


£2500 per licence per quarter

  • Free trial available

Service documents


G-Cloud 11

Service ID

4 2 0 0 9 3 7 9 7 9 4 7 5 6 7


Crowdicity Ltd

Rob King

+44 203 8808383

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints Crowdicity requires browser access
System requirements
  • Desktop Browser
  • Mobile Browser

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Crowdicity Support is available 9am-5.30pm Monday-Friday.

Critical issues will be responded to within 3 hours
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Onsite support
Support levels All Crowdicity licenses come with training for platform administrators and moderators, technical platform setup and on-going account management included within the license price.

On-site support and custom development services are available on request.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Crowdicity is designed to be used ‘out of the box’. All licenses include full admin training a 24/7 helpdesk and ongoing technical support.

Should you require it, Crowdicity may also offer a dedicated account manager to help develop a project and launch plan, ensuring a successful start to your open innovation program.

As a cloud service (SaaS) a Crowdicity platform may be up and running within 24 hours of contract signature.

On-site training available
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction Crowdicity Platform administrators may export community data at any point during a license term via XLS, CSV or Crowdicity's API
End-of-contract process Crowdicity Platform administrators may export community data at any point during a license term via XLS, CSV or Crowdicity's API

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service All user features are available on both desktop and mobile devices. Platform administrators will require a desktop device to make changes to their community
Service interface No
What users can and can't do using the API The Crowdicity API allows data on the community to be edited and retrieved.

The Crowdicity API is able to:

-Retrieve information about challenges
-Fetch lists of ideas from challenges
-Get detailed voting and comment information for individual ideas
-Retrieve visible user profile information
-Create posts, comments and votes on behalf of the account through which the API is accessing the community
API documentation Yes
API documentation formats PDF
API sandbox or test environment No
Customisation available Yes
Description of customisation A Crowdicity innovation community is fully customisable. Users may:
- Add custom branding, content and imagery
- Upload video and rich content
- Create bespoke idea workflows
- Customise email notifications
- Design custom pages and site navigation
- Use custom URLs
- Segment a userbase
- Define user roles and access


Independence of resources Crowdicity is a scalable solution allowing us to increase the amount of available resources as demand increases. As a result, sufficient capacity remains available for all users.


Service usage metrics Yes
Metrics types Crowdicity’s statistics suite allows administrators to see
the following statistics within the platform or as exportable Excel files:
• Total number of visits/new visits/returning visits
• Idea progress / stage
• Location of visitors
• Number of ideas
• Ideas by theme
• Ideas by status label
• Number of votes
• Number of comments
• Trending tags
• User Gender
• User Age
• Custom fields (e.g. department)
• New user registration
Reporting types
  • API access
  • Real-time dashboards
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance None

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Crowdicity Platform administrators may export community data at any point during a license term via XLS, CSV or Crowdicity's API
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability Platform Availability
Uptime will be 99.9% (measured and calculated on an annualised basis).

Except for:
Scheduled maintenance carried out during Normal Business Hours; provided that Crowdicity has used reasonable endeavors to give the customer one week’s notice. However, Crowdicity always aims to perform scheduled maintenance on Saturday mid-morning (GMT) to minimise disruption.

Unscheduled maintenance carried out during Normal Business Hours; provided that Crowdicity has used reasonable endeavors (where at all possible) to give the Customer at least 4 hours notice.
Approach to resilience Available on request
Outage reporting Notifications are given through the presentation of a banner that is prominently displayed in the Crowd Management admin area of the system and where applicable, email alerts.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Username or password
  • Other
Other user authentication Crowdicity supports SAML-based single sign-on, allowing clients to run their own authentication methods if required.
Access restrictions in management interfaces and support channels Clients can set access permissions for individual users in their communities. Users without admin permissions are prevented from accessing any management functions. Clients can add or remove admins at their discretion using the management interface.
Access restriction testing frequency At least once a year
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for Between 6 months and 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach Crowdicity use SSL encryption to secure every user's login details. SSL protects the transmission of your data while it travels over the internet, ensuring that it cannot be intercepted and examined en route.
Encryption level goes as high as 256bit (depending on browser), exceeding the 128bit level required in most online bank transactions. This ensures that your login details are well protected on the journey to our servers.
Information security policies and processes Crowdicity employs a variety of measures to ensure that your data is kept secure.

-All servers run daily antivirus sweeps
- Intrusion detection systems check for any unexpected and unauthorised file changes.
-Each server runs a firewall which allows traffic only through required ports.
- Our database has a strict firewall, which prevents direct access from the internet. Only specified servers are allowed to access it.
- All web requests to Crowdicity are protected via SSL - nothing is sent in the clear. This ensures that data cannot be intercepted
Every piece of community-specific data stored in Crowdicity is tagged with the ID of the community it belongs to.
-logged-in user account’s permissions are checked against the community’s access settings. These checks prevent users from seeing data they are not authorised to see.
-User accounts are protected from dictionary-style attacks - several incorrect attempts will lock out an account for 15 minutes.
-Our servers are securely stored at Rackspace’s data centre in London. Rackspace employ the following measures:
Keycard protocols, biometric scanning protocols, and around-the-clock interior and exterior surveillance

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach All updates, fixes and changes to Crowdicity pass through a multi-step process which includes a detailed specification, risk assessment, QA, code review, security test and internal sign-off.

Each change is considered for the impact it has on existing users and features by examining how it connects to existing systems, what new endpoints are created and what outputs those endpoints produce.

All outputs are thoroughly tested and checked to ensure that they can only expose information they are designed for, and that the information is presented only at appropriate permission levels.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Threats are assessed via a detailed examination of existing and new features and the data outputs they produce. During development, OWASP guidelines for secure application builds are adhered to. Crowdicity is also subjected to a thorough annual penetration test to ensure it does not have any serious vulnerabilities.

Patches are deployed with 24 hours of a vulnerability being discovered.

Threat information is sourced from relevant vulnerability threat news sources and references to the CVE website.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Potential compromises are identified through a mix of code review, internal vulnerability testing, external penetration testing, log review and intrusion detection systems.

When a potential compromise is found, affected systems are reviewed for the source of the compromise. Remedial action is taken, and the scale of the compromise is assessed.

We aim to respond to incidents within 24 hours of discovery.
Incident management type Supplier-defined controls
Incident management approach For likely events, we have processes in place that cover investigation, shutdown of affected systems if necessary, and the creation and testing of remedial actions.

Incidents are reported via the Crowdicity main contact address ( and can also be passed to us via individual community admins and their account managers.

Incident reports are provided to affected clients via email, and include details of the extent of the incident, and if any action should be taken by the client to secure their data.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No


Price £2500 per licence per quarter
Discount for educational organisations No
Free trial available Yes
Description of free trial Crowdicity can provide platform demonstrations in person or via teleconference. 30 free day trial periods are available on request.

Service documents

Return to top ↑