CDEC Ltd

Cloud based Digital Signage and Enterprise Visual Communications

Supporting engagement with employees, students, members of the public and the local community, cloud signage and visual communications delivers eye-catching, interactive applications with travel, social, weather, sport and enterprise data to video walls, LCD screens, touchscreens, mobile devices and desktop computers.

Features

  • Modern, extensible content platform
  • Plug-ins to a huge range of data (exchange, SQL, Web-API)
  • Rich social media integration
  • Open-standards API and web driven interface
  • On-Premise solution available for sensitive data
  • Robust access controls and security

Benefits

  • Publish content from anywhere, any device
  • Publish once to signage screens, mobile devices and PCs/Laptops
  • Utilise enterprise data to create a more personal communications experience
  • Create dynamic dashboards and infographics with live data
  • Engage audiences in a much more meaningful and personal way

Pricing

£165 per device per year

  • Education pricing available
  • Free trial available

Service documents

G-Cloud 10

512299406898026

CDEC Ltd

Iffat Chaudhry

01689 885 380

framework@cdec.co.uk

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints A range of signage hardware is supported, however the performance may be limited. We offer a range of compatible hardware to suit any use case and budget.
System requirements
  • Broadband internet connection for signage players
  • Android or iOS mobile devices for the mobile application
  • Administering the tool requires a modern web browser

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Responses to service requests are within 1 business day on weekdays (excluding Public Holidays) between 9am-5pm. Responses to incidents are within 2 hours during these times. Extended hours are available at additional cost
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels We offer Bronze, Silver and Gold support packages. Bronze is provided free of charge and is an email-based support service for incidents and basic service requests. The service hours are 9-5 Mondays to Fridays excluding public holidays. Within that time we will aim to respond to all queries within one business day and within 2 hours for any incidents that affect the service. Our Silver package provides a more advanced Service Desk function with telephone and email support calls defined by formal SLAs. We are also able to provide extended coverage for support, up to 24/7. Under the Silver package we will regularly report on the service and integrate with your organistion's existing support function if required. Gold support provides dedicated resources from our Service desk, field engineering team and proactive management functions to deliver a high level of enterprise support suitable for large universities and corporates. Providing an extended 8-6 Monday to Friday coverage, Gold support includes proactive monitoring, strict SLAs measured in minutes, and a service credit offering as well as dedicated account management from our UK headquartered service delivery team.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started We provide both onsite and remote training (via webex) as part of the initial setup and engagement, in addition to comprehensive documentation. The service is instantiated and managed by the software vendor, with the end user having access to the web interface which includes help guides, quick tips and links to online resources
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction The built-in data warehouse is available through the web interface to copy data, reports and analytics from. At contract end a full copy of the database can be provided at no extra charge containing all configuration, images and data stored by the service.
End-of-contract process The price of the contract includes:
- Subscription to the cloud service
- Maintenance and all upgrades
- Support and service at Bronze, Silver or Gold level

Additional cost items are:
- Signage players, LED displays and screens
- Subscriptions to sports/weather/travel/social plug-ins
- Installation of hardware
- Upgrades to standard service levels (for example any out of hours support)

At the end of the contract period, should the contract not be renewed, the service will be deactivated and players/screens will display a blank image. Mobile applications will no longer receive content, and any data plugins will no longer collect data according to their schedule. Data and the web portal will remain accessible for data to be copied/transferred before being securely deleted.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Service has a responsive design that works well on mobile devices while providing the same information
Accessibility standards WCAG 2.0 A
Accessibility testing Product has been throughly tested by the application developers as WCAG compliant.
API Yes
What users can and can't do using the API The API allows granular programmatic control of individual signage players/displays and also the service as a whole. Using the API, services can stop/start media playback, change layouts, get metadata information from individual players, pass data into and out of the system and send script commands to players (such as shutdown, restart and check-in).
API documentation Yes
API documentation formats
  • HTML
  • PDF
API sandbox or test environment No
Customisation available Yes
Description of customisation The service is extremely extensible and customisation options are almost limitless.

Users with appropriate access rights can modify any content in the CMS, including metadata, layout, schedule, reporting and access permissions.

All customisation is undertaken by appropriately empowered users with the web interface. No plugins, scripting or third party tools are required to administer the tool.

Scaling

Scaling
Independence of resources Each service tenant runs in AWS on separate containers and so is independent from other tenants.

Analytics

Analytics
Service usage metrics Yes
Metrics types Network Information
Number of active instances
Active devices (players and display devices)
Active users
Proof of Play
Bandwidth Throughput
Reporting types
  • Real-time dashboards
  • Reports on request

Resellers

Resellers
Supplier type Reseller providing extra features and support
Organisation whose services are being resold RMG Networks

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Supplier-defined controls
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach The platform allows data export in the form of reports. Users can export data themselves using the web interface.
Data export formats
  • CSV
  • Other
Other data export formats
  • Pdf
  • Html
Data import formats
  • CSV
  • Other
Other data import formats
  • Pdf
  • Html

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability Our service is backed by Amazon AWS which offers 99.9% availability with our platform, measured over the month. There is a service credits scheme where the application is unavailable beyond this time.
Approach to resilience Our Infrastructure diagrams detailing resilience arrangements are available on request.
Outage reporting Outages are reported using our public bulletin board and email alerts to technical contacts.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels Access to management interfaces is restricted in line with our ISO 27001 Access Control Policy, and we use multiple security mechanisms appropriate to the sensitivity of the data and application required such as two-factor authentication, access only via VPN, access only via physical interface and access requiring multiple team members present (with passphrases split up). For support channels, we will verify the identity of a customer using their email address. If the customer cannot access their email account, we will not proceed with a support request.
Access restriction testing frequency At least once a year
Management access authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 British Assessment Bureau
ISO/IEC 27001 accreditation date May 2018
What the ISO/IEC 27001 doesn’t cover Nothing. All the activities of our organisation are in scope of our ISMS
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes As part of our ISO 27001 management systems, we maintain comprehensive system security through access control, systems penetration testing, regular audits and adoption of the latest security standards. We are a small, agile organisation and our reporting structure is at the first point of contact to our Service Delivery Manager who will escalate to the Senior Management Team immediately upon detection of a serious issue. Policies and processes published in our staff handbook and acceptable usage guidance is backed by training and awareness campaigns in the office, as well as regular auditing to detect where processes are not being followed. Access to secure systems, data and resources is controlled centrally and all access attempts are logged.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach Configuration and Change Management are both aligned to our ITILv3 standard operating model. Service components are tracked using our CMDB, based on Microsoft Sharepoint, and regularly audited. The CMDB is referenced by our ITSM tool and knowledgebase, ensuring that assets remain up to date throughout their life. Any changes to service components are assessed at a formal CAB and approved by the Senior Management Team prior to implementation. Our CAB process has a specific focus area on security.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Vulnerability Management is part of our ISO 27001 management system. In addition to regular Pen testing by a CREST approved supplier, we are active members of various online security communities and use the best practice and new alerts to verify the standard of security protecting services we offer. As a small, agile provider we are able to develop patches quickly for our services and deploy rapidly after testing and signoff
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Our protective monitoring approach is part of our ISO 27001 management system. Compromises are identified either through Intrusion Detection Systems in place, systems proactive checking through our monitoring tool, or via our regular audits and ITILv3 Event Management process. If a potential compromise is detected, this is reported to the Service Delivery Manager who can escalate to the senior management team if required. The Service Delivery team will generally respond to security incidents immediately using our incident management process.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Our Incident Management process is aligned to our ITILv3 operating model. As part of this approach we utilise a Problem Management process to create pre-defined responses, workarounds and fixes to issues that commonly occur. Users report incidents via email, phone (for urgent issues) or face to face if they are internal users. All issues are logged in our ITSM tool against an asset or CI through to resolution. For the majority of our customers to whom we provide reporting services, incident reports are formally published in PDF format each month.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £165 per device per year
Discount for educational organisations Yes
Free trial available Yes
Description of free trial Our Free Trial service includes a loan of a standard player and touch display if needed for 30 days, access to a standard tenant and a variety of example content demonstrating the capabilities of the service. We will provide some support and guidance during this trial

Documents

Documents
Pricing document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑