G-Cloud 11 services are suspended on Digital Marketplace

If you have an ongoing procurement on G-Cloud 11, you must complete it by 18 December 2020. Existing contracts with MRI Software Limited are still valid.
MRI Software Limited

Commercial Portal

Our online portal is an interface between a landlord and their customers such as retail unit tenants or market stall licensees. Our portals drive community engagement, offer self-service and deliver personalised content. You can share information and guides; offer forums; present statements and agreements; offer online payments and much more.

Features

  • Online customer portal reflecting your brand
  • Software as a Service but with your choice of URL
  • Designed for mobile, tablet and desktops
  • Integrates via API with back office systems
  • Online maintenance call logging with optional back office system integration
  • Online customer forums with moderation options
  • Integrates and links to payment gateways and Allpay
  • Deliver offers and services online to customers
  • Umbraco CMS templates and groups for easy content management
  • Access to documents, such as agreements, online for your customers

Benefits

  • Enables customers to self-serve delivering efficiency
  • Gives greater transparency to customers
  • Supports customer service by reducing demands on contact centre
  • Enables staff to quickly update content to quickly reach customers
  • Provides a single online location for customer interaction for convenience
  • Encourages and promotes customer engagement
  • Easy to manage and update content
  • Personalised content for specific user groups for clarity and control
  • Provide access to information and services on demand for customers
  • Enables staff to deliver services quickly and more efficiently

Pricing

£0.02 to £0.15 a unit a month

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@mrisoftware.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 11

Service ID

4 8 5 4 1 8 1 0 1 0 4 0 9 1 5

Contact

MRI Software Limited Steven Fox
Telephone: 020 3861 7171
Email: tenders@mrisoftware.com

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
We test and develop for current and recent versions of modern browsers but the portal may not work correctly on older browsers, for example Internet Explorer 8. These older browsers will typically be out of support from their vendors anyway and a free upgrade is usually available. We integrate with housing and other line of business systems via API and this may limit the integration that we can offer for your specific systems and configuration.
System requirements
A recent, supported web browser

User support

Email or online ticketing support
Yes, at extra cost
Support response times
Tickets are responded to within 24 hours (weekdays only, excluding Bank Holidays). Provision for email or online support responses for weekends and Bank Holidays may be quoted and will depend on requirements such as required speed of response etc. Our systems are monitored and managed 24x7x365.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
As a software as a service product, we manage and support the software and platform itself 24x7x365 to ensure that the software is available. As such, the support that users require is usually of a more general user support level and it is unusual for any customer to require support more than once or twice a month. Our default support level recognises this and is offered on a Monday to Friday, 9.00am - 5:00pm basis. Should a customer require further extended support, this can be delivered and this is scoped and priced based on their specific requirements.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
As an end user online portal, the site is very intuitive and designed to follow web site conventions so end user training is not usually required other than providing general 'getting started' information via email, newsletters or at resident or tenant forums. Engage will provide guidance on the content of these as part of your onboarding. We can deliver training if required and this can be scoped and quoted to meet your requirements. We will provide up to four content management training sessions which are typically delivered online as they do not take long as the system is not complex to use. On site training can also be offered at a standard daily rate for the trainer plus expenses. We provide a user guide in a PDF format to those who undertake the content management training. This guide also covers some administration tasks.
Service documentation
Yes
Documentation formats
  • ODF
  • PDF
  • Other
Other documentation formats
Microsoft Word
End-of-contract data extraction
At the end of the service, we can extract any data required and issue it to the client using an agreed secure method.
End-of-contract process
At the end of the contract, the service is ceased and, if requested, customer data is returned. The portal is then decommissioned.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
We design our portals as 'mobile first' so the services offered are the same on mobile or desktop. Our portals are tested on mobiles so that visually and functionally the portals are attractive and easy to use on both smaller mobile screens and larger monitors.
Service interface
No
API
Yes
What users can and can't do using the API
Our API is designed to enable our portals to interface with your back office systems such as your housing management system. This enables specific data and documents, such as contracts and statements, to be securely shared with your customers. The API is also used for tasks such as progressing applicants through the application process in your back office system or for logging and sharing status updates for maintenance requests. It is also used to enable charges to be presented for online payments and related receipting. Our implementation includes a scoping phase where we scope the API requirements and will work with your IT and application teams to review these and manage and deliver any agreed changes.
API documentation
No
API sandbox or test environment
No
Customisation available
Yes
Description of customisation
Our portals are customisable to meet our customers requirements. The customisation options that we offer include: - Engage incorporating logos and brand imagery at setup - we incorporate brand colour schemes and fonts - sections may be activated or deactivated across the whole site or for specific groups through the CMS by client admins or us at any time - content is customisable and may include content such as images, formatted text, links and videos through the CMS by client admins or usat any time - End users can add an image to their profile

Scaling

Independence of resources
Our portals are designed to minimise the load on the system for any process or interaction and incorporate load balancing to evenly distribute traffic. We host on an easily scalable Microsoft Azure platform which is monitored 24x7x365 enabling us to manage capacity seamlessly in the background and our proactive monitoring ensures that we can respond to peaks in demand.

Analytics

Service usage metrics
Yes
Metrics types
We set up a Google Analytics code on the site and can provide basic usage statistics such as new enrolments. Further service metrics may be scoped and provided on request at additional cost.
Reporting types
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Yes
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Minimal end user data is stored in the system and all may be removed using copy and paste from their user device from within the portal with minimal effort.
Data export formats
Other
Other data export formats
  • TXT
  • JPEG;PNG;BMP
Data import formats
Other
Other data import formats
  • TXT
  • JPEG;PNG;BMP

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
Our basic guaranteed availability is 99.95% and our refund is 10% of the monthly fee.
Approach to resilience
We utilise Microsoft Azure enabling us to provide regional resilience between their European datacentres. Further details are available on request.
Outage reporting
Service outages are reported via email. We notify you when your service is affected and then continue to update by email until the issue is resolved. For high impact outages, these emails may be supplemented with telephone calls.

Identity and authentication

User authentication needed
Yes
User authentication
Username or password
Access restrictions in management interfaces and support channels
Access to our systems and data is controlled through a formal process beginning with a formal notification from management. Each user is provided with a unique user ID for systems so that users can be linked to and made responsible for their actions. Access to is given through the provision of a unique account and complex password. The job function of the user decides the level of access the employee has to data. Vendor default accounts and passwords for our the systems are changed at the time of provisioning and unnecessary services and user/system accounts are disabled.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
Between 6 months and 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
Between 6 months and 12 months
How long system logs are stored for
Between 6 months and 12 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
No
Security governance approach
Whilst our security governance is not certified to a standard, it is closely aligned to the ISO27001 and PCI standards.
Information security policies and processes
All staff are issued with our security policy when they join and confirm that they understand and will adhere to this. Our security policy is supported by processes and procedures such as our data breach reporting, new starters and leavers procedures. Our software development process incorporate privacy by design with security at the heart of everything that we do. All staff are trained on our security processes when they join and have regular refresher training. Our policies and processes are regularly reviewed by our operations managers and the outputs of these reviews are, in turn, reviewed with senior management. The focus of these reviews are the performance and ongoing applicability of our security quality management system.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Our planning processes ensure that all configuration changes are properly scoped and planned before implementation. Our design and development processes incorporate Privacy by Design and all changes are reviewed and approved prior to implementation. Our implementations are tracked and managed through our core line of business systems, including development tickets, code changes and deployments enabling us to control and manage work day to day and to support root cause analysis should issues arise.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Our systems are monitored and managed 24x7x365 enabling us to quickly respond to threats. Part of this management includes a review of potential threats, as advised by trusted security partners and resources. The built in patch management function of our monitoring platform deploys patches and updates in a controlled manner than standard tools such as Windows Update or WSUS. Typically, we review and release all critical and security updates on a monthly basis as they are released but in some instances release an update or patch outside of this cycle if there is a need to mitigate an immediate risk.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Potential compromises are identified through the monitoring of alerts automatically triggered with our NOC via systems monitoring tools or from tickets raised by individuals. All such threats are handled as potentially high impact so receive a prompt response. Our first response is to contain the threat, followed by more detailed root cause analyse and implementation of a permanent fix.
Incident management type
Supplier-defined controls
Incident management approach
Our incident management processes are designed to align with ITIL recommended best practices. Due to the design of our product, no particular events are common but we do have pre-defined processes for incidents such as a site outage or compatibility issues with specific browsers. Users may report incidents via email, telephone or an online form may be delivered, if requested, within the portal. Incident reports are available on request for any incident and are provided by email.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Pricing

Price
£0.02 to £0.15 a unit a month
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@mrisoftware.com. Tell them what format you need. It will help if you say what assistive technology you use.