Acquia Inc

Acquia Lift

Acquia Lift lets customers track their customers' behavior throughout their buying journey for anonymous visitors and repeat visitors and customers. Acquia Lift unifies customer content and profile data from to deliver in-context, personalized experiences across customer sites and user channels.


  • Data collection
  • Merging of anonymous and known user data
  • Multi-dimensional, adaptive, real-time segmentation and segment insights
  • Content distribution
  • Real-time, adaptive user targeting
  • Real-time reporting
  • Automated content updates
  • Omni-Channel Content Delivery
  • Single customer view across digital touchpoints
  • A/B Testing


  • Gain insight into users' habits and preferences
  • Measure the performance of marketing assets and content
  • Higher engagement and conversion rates
  • Automated delivery of relevant, personal content to users
  • Overcome existing data silos and create important personalized experiences.
  • Reduction in marketing spend and launch cycle time
  • Ability to target users across all channels
  • IT resource and cost savings
  • More complete audience profiles by aggregating data from multiple sources


£14700 per licence per year

Service documents


G-Cloud 11

Service ID

5 0 4 7 0 9 4 9 2 4 2 7 6 1 0


Acquia Inc

Jasmijn Cordewener

+44 (0) 755 444 7169

Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to - Drupal
- Acquia Journey
- Acquia DAM
Cloud deployment model Public cloud
Service constraints Can standalone, but Drupal is required for full Lift functionality.
System requirements
  • Drupal to leverage all Lift functionality
  • Modern browser
  • Modern operating system

User support

User support
Email or online ticketing support Email or online ticketing
Support response times 24x7 response. Not different on weekends.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Yes, at extra cost
Support levels Acquia provides standard technical support, advisory hours, technical account managers and enablement services.

Support Levels: Starter, Basic, Business, Premium, Elite

See details at:

Customer may contact Acquia Support Services by submitting tickets or by phone. Response times to tickets are based on the level of urgency. 

"Critical" issues where the customer's production system is inoperative, production operations are several impacted, or involving a critical security issue have a 1 hour, 24x7 initial response time. 

"High" urgency issues (Customer’s production system is operating but the issue is disrupting Customer’s business operations; a workaround is not suitable for sustained operations) have a 2 hour maximum initial response time during business hours. 

"Medium" urgency issues (Customer’s system is operating and the issue’s impact on Customer’s business operations is moderate to low; a workaround or alternative is available) have a maximum 4 hour initial response time during business hours. 

"Low" urgency issues, which do not impact business operations in any significant way and have little or no time sensitivity, have a maximum initial response time of one business day.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started The Acquia Lift for Personalization - Premium - Enablement Service is an onboarding package designed for customers who are focused on omni-channel personalization. It is comprised of remotely delivered onboarding services provided by functional and technical experts from the Customer Success team. This package performs the technical installation of the product, trains the Customer on the fundamentals of Lift, establishes an initial set of personalization use cases, and helps the customer configure an initial set of campaigns and measure their performance. The package also provides consultation on using the Lift APIs and pre-built integrations to integrate Lift with other systems, and using the data warehouse. Regular check-ins after the initial set of campaigns are established are designed to help the customer implement additional personalization use cases and evolve and adapt their strategy.

The Acquia Lift for Content Syndication - Standard - Enablement Service is an onboarding package designed for customers whose primary focus is content syndication. It is comprised of remotely delivered enablement provided by technical experts from Acquia Customer Success. This package performs the installation, trains the customer on the fundamentals of Lift, establishes an initial content syndication use cases, and helps the customer configure the content discovery interface.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction Data can be mass exported from Redshift to S3, or an API can be used to selectively export data.
End-of-contract process No additional cost at end of contract.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices No
Service interface Yes
Description of service interface Lift has a series of APIs that make it extensible.
Accessibility standards None or don’t know
Description of accessibility There is accessibility testing and guidelines we follow, including WCAG, as we design and develop, but we can’t formally say that these have been tested against WCAG compliance guidelines, at this point.
Accessibility testing There is accessibility testing and guidelines we follow, including WCAG, as we design and develop, but we can’t formally say that these have been tested against WCAG compliance guidelines, at this point.
What users can and can't do using the API Lift includes decision APIs for creating rules and retrieving decisions in support of testing and targeting on non-web channels. Lift includes APIs that can be used to connect to external systems to keep customer profile information updated.

Drupal, the CMS used with Lift, fully supports the creation and use of APIs to access content. In addition to regular output modes, Drupal content can be output in any number of other formats, including as a feed or a web service. Drupal Services  allows for easy seamless integration with any RESTful or traditional SOAP web service, which includes accessing content and CRUD functionality. These APIs can be customized to expose only desired or allowed content, to require authorization for content access, and allow for omni-channel consumption of content. Drupal can also utilize web services to access external content and integrate it such that it lives on a separate database but appears to be native content to the end user.
API documentation Yes
API documentation formats
  • Open API (also known as Swagger)
  • PDF
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Users control access permissions, in other words, who can customize the service. Custom integrations, content types, and workflows are some of the customizable features.


Independence of resources Performance scales with spikes in traffic, and protects the eCommerce system from internet traffic for increased system performance.


Service usage metrics No


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
  • Other locations
User control over data storage and processing locations Yes
Datacentre security standards Managed by a third party
Penetration testing frequency At least every 6 months
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach This is done through templates and/or APIs.
Data export formats
  • CSV
  • Other
Other data export formats
  • JSON
  • CSV
  • XML
  • Serialized PHP array
Data import formats
  • CSV
  • Other

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks Other
Other protection between networks AWS, our hosting provider, is responsible for encrypting VM images during transport.
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability Availability SLAs are for Acquia Cloud, which is a requirement to operate Acquia Lift. Lift doesn't come with a guaranteed availability SLA.
Approach to resilience For Acquia's cloud platform that supports this service: At the Internet-facing tier, a software-based load balancer is deployed with a hot standby in a different availability zone in the same region. The load balancer distributes load across multiple web servers, which are also distributed across multiple availability zones. Acquia's expert operations team adds additional web servers to the resource pool as needed. The load balancer continuously monitors the web servers, and if a server becomes unavailable, it removes it from the pool of hosts serving the site. Web servers use a shared network file system (GlusterFS) so that all files are kept in sync and redundant to each other At the database layer, a scalable database cluster serves the site with active and passive database servers in multiple availability zones. The active master database server continuously updates the passive master database using MySQL replication. In the event of a failure of the master database, the passive database becomes primary through a DNS-based failover.
Outage reporting For outages, customers can subscribe to the Acquia Status page by email, SMS messaging, or RSS/Atom feeds. You can subscribe to individual components, individual incidents, or all notifications. This enables you to get only the updates that you feel should be appropriate for your site.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels Acquia has baseline access security requirements. Access controls can be configured by customers for increased security.
Access restriction testing frequency Never
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information No audit information available
How long system logs are stored for Between 1 month and 6 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security No
Security governance certified Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards - SOC 1
- SOC 2
Information security policies and processes Acquia follows its Information Security Policy and Procedures.The information security policy is required to be reviewed on an annual basis and approved by either the CISO or the Senior Director of Information Security

All Acquia employees, interns, contractors, and third party contractors are required to complete a security awareness training course upon hire and annually thereafter, that educates workers about Acquia's security policies. In addition, they are required to sign off on the Acquia acceptable use policy that includes acknowledging the receipt and review of the information security policy.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach Acquia utilizes an agile change management process. System changes are managed by the Acquia engineering team who use a single server in each environment which is configured as the configuration management server. Changes are grouped into sprints. System changes are tracked in a change management ticketing system and required to be tested and approved prior to being implemented into the production environment. Version control software is in place to help ensure that code changes are tracked and can be rolled back as needed. Changes are assessed for potential security impact.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach At the Operating System and LAMP stack layers, Acquia employs a third-party vulnerability assessment platform, Rapid7, to perform authenticated host-based vulnerability scans against a representative sample of Acquia server types. The vulnerability scans are run weekly and reported to Acquia's security and operations teams. Vulnerabilities are reviewed, identified, and categorised by the Acquia security team, which assigns and prioritises reported vulnerabilities and documents mitigation steps to be implemented by the Acquia operations team.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Acquia uses OSSEC, an open-source, host-based Intrusion Detection System (IDS), which performs log analysis, integrity checking, and time-based alerting. Action is taken immediately if a compromise is identified. All affected or potentially affected customers are notified immediately of the incident.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Acquia has a formally documented Incident Response Plan that describes discovery, investigation, escalation, containment, notification, and documentation processes of security incidents. Upon initial notification that a Security Incident that has occurred, or is in progress, and is customer impacting it is the responsibility of Support team to notify the customers who are likely to be affected by the incident. Regular updates will be sent depending on the nature of the incident and as determined during the incident declaration stage.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No


Price £14700 per licence per year
Discount for educational organisations No
Free trial available No

Service documents

Return to top ↑