The Social Value Portal

Public Cloud Social Value Management

A platform for comparing, measuring and managing Social Value commitments and monitoring their delivery through contract management, according to the principles of the Public Services (Social Value) Act 2012.


  • Social value calculation
  • Social value measurement and management
  • Social value corporate reporting
  • Social value project reporting
  • Social value contract management
  • Social value live dashboards


  • Uses consistent, transparent approach to measuring social value
  • Uses social value robustly as part of procurement
  • Monitors the delivery of social value commitments
  • Differentiates between bids by considering their social impact
  • Monetises social value outcomes to compare/report total Social Value Add
  • Aggregates social value across departments/regions showing where impacts accrue
  • Uses dashboards to view progress towards social value targets
  • Illustrates geographical spread of social value with GIS mapping
  • Sets up sub-accounts to reflect your organisation hierarchy


£3000 per unit per year

  • Education pricing available

Service documents


G-Cloud 11

Service ID

5 0 0 9 3 3 1 1 8 5 0 7 7 9 5


The Social Value Portal

Guy Battle


Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints No
System requirements
  • Internet connection
  • Chrome, Firefox, Safari 5 or above, IE 9 or above
  • Please enable javascript, cookies, and TLS 1.2

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Out policy is to respond to queries within one working day. We do not have regular support at weekend.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels We provide a standard level of support to our customers, included as standard in our pricing structure. Each customer account has a dedicated account manager, and may escalate to managers or technical support as necessary.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started We provide onsite training and user documentation.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction Users may download copies of their data in CSV format when a contract ends.
End-of-contract process At the end of a contract, user credentials will be deprovisioned.
User data may be requested at the end of the contract, and will be provided in CSV format if requested.
Any personal data associated with the user account will be deleted after a period of one year.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The mobile and desktop services are the same pages, but shown with a different page layout to account for screen size.
Service interface No
Customisation available Yes
Description of customisation A social value questionnaire must be used to outline the key themes, outcomes and measures that are to be measured as part of a project, and users may customise this to reflect their specific social value policy, or policies that they are responding to.
The theme colour and logo may be modified on pages and reports generated through the service to reflect company branding.
Account hierarchies may be set up and customised to provide an organisational structure to arrange projects, and restrict access to specific users.


Independence of resources Our platform is hosted on a public cloud platform provider (Salesforce) that provides assurances regarding performance degradation and user number limits. The user limits are far and away in excess of what we would expect to provide for.


Service usage metrics Yes
Metrics types Number of Active Users
Number and Status of Live Projects
Reporting types
  • Real-time dashboards
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations EU-US Privacy Shield agreement locations
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency Never
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Users may export their data in Microsoft Excel (html), CSV, or PDF formats, using export functions. They are able to export data at the account level (including sub-accounts), the project level (including all social value records associated with that project), and the social value record level (including all responses associated with that record).
Data export formats
  • CSV
  • Other
Other data export formats
  • Excel (html)
  • PDF
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network Legacy SSL and TLS (under version 1.2)

Availability and resilience

Availability and resilience
Guaranteed availability Neither we nor the platform on which the services are built offer a specific SLA on availability. However the platform on which the services are built has a redundant network and comprehensive data backup and recovery plan, that has provided a >99.9% uptime historically. We (and the platform) commit to use all commercially reasonable efforts to make the online platform available 24 hours a day, 7 days a week, except for: (i) planned downtime (of which we shall give advance notice), and (ii) any unavailability caused by circumstances beyond our reasonable control.
Approach to resilience The datacentres where our data is stored are managed by our cloud hosting provider. According to the provider:
All networking components, network accelerators, load balancers, Web servers and application servers are configured in a
redundant configuration. All Customer Data submitted to the Covered Services is stored on a primary database server with
multiple active clusters for higher availability. All Customer Data submitted to the Covered Services is stored on highly
redundant carrier-class disk storage and multiple data paths to ensure reliability and performance. All Customer Data
submitted to the Covered Services, up to the last committed transaction, is automatically replicated on a near real-time basis
to the secondary site and is backed up on a regular basis and stored on backup media for an additional 90 days in production
environments and 30 days in Sandbox environments after which it is securely overwritten or deleted. Any backups are
verified for integrity and stored in Salesforce data centers.
Outage reporting Service outages will be reported through:
Public website notifications (hosted separately to the service)
Social media alerts
Email alerts

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels Access is restricted in management interfaces and support channels using two factor authentication and strong password policies, and making use of defined users profiles that restrict permissions and access.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information You control when users can access audit information
How long supplier audit data is stored for Between 6 months and 12 months
How long system logs are stored for Between 6 months and 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach Specific members of the organisation are tasked with responsibility for security, one at the board level and one at the operational level. Security is a key element of our ongoing business strategy, which is inherently tied to our IT strategy. Security training is provided to employees with access to the platform regarding. This ensures that there are clear decision making processes in place to maintain security best practice, compliant with the latest legislation.
Information security policies and processes The company has a suite of policies relating to information security:
- Information Security Policy
- Remote Access Policy
- Acceptable Use Policy
The responsibility of the security and integrity of IT systems and data stored thereon lies with our Information Officer. Line managers are required to ensure that all users under their direction must adhere to and comply with information security policies. Training and support is provided to employees to ensure that they understand their requirements.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach The various components of the service are all handled and tracked through the cloud platform that the service has been built on.
Potential changes are proposed to the technical team, which reviews the requirements and assesses the potential impact on the service and security. Major changes require approval from a director. Development and testing of changes occurs in sandbox environment prior to being deployed into the production environment.
Vulnerability management type Supplier-defined controls
Vulnerability management approach The vulnerability management process is driven through the cloud platform provider on which the service is built. This includes security tools to monitor system activity in real time to assess threats and intrusion attempts. Application and database activity is monitored,while event management tools call attention to potential threats. The system is updated periodically with regular security updates, and patches are deployed automatically to our service.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Protective monitoring is provided through the cloud platform provider on which the service is built. This includes security tools to monitor system activity in real time to assess threats and intrusion attempts. Application and database activity is monitored,while event management tools call attention to potential threats. The system is updated periodically with regular security updates, and patches are deployed automatically to our service.
Incident management type Supplier-defined controls
Incident management approach The platform on which the service is built undergoes an independent evaluation in the form of SOC 1 (SSAE 16 / ISAE 3402), SOC
2 and SOC 3 reports.
For incidents specific to our service, users report incidents to our support team through the standard support channels. Incident reports are logged by the support team or account manager, and if necessary feedback is provided internally, or externally through the platform.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No


Price £3000 per unit per year
Discount for educational organisations Yes
Free trial available No

Service documents

Return to top ↑