EngagementHQ: Online Consultation and Engagement Software
Community Engagement and Consultation.
EngagementHQ offers a spectrum of engagement tools from open tools such as discussion forums, ideas, Q&A, storytelling, guestbooks and interactive mapping to traditional tools such as surveys, petitions and quick polls. EngagementHQ consultations are supported by information resources, integrated communications, participant database, advanced analytics and reporting.
- Eight Community Engagement and Consultation Tools
- Project Information Resources (FAQs, timeline, library, image and video galleries)
- Integrated email and e-newsletter
- Integrated Participant Database and Participant Relationship Management System
- Integrated Reporting and Analysis
- 24/7 Moderation of all publicly accessible feedback
- 24/5 Support Desk Access via integrated chat function and email
- Access to Best Practice Advice
- Free access to new functionality and software updates
- API Connectivity
- Deploy engagement tools to suit consultation stages or consultation types
- Engage hard to reach communities
- Engage in open community or protected consultations such as panels
- Provide a safe moderated space for community dialogue and engagement
- Provide access to key consultation documents and information
- Provide access via IOS and Android mobile phones and tablets
- Determine, capture and manage participant demographic data and participant records
- Segment, tag and analyse and communicate with your participant database
- Analyse and tag qualitative and quantitative data
- Streamline organisation consultation and engagement presentation and reporting
|Software add-on or extension||No|
|Cloud deployment model||Public cloud|
We provide access to a total of administrators with capacity to purchase additional administrators. Administrator types include:
o 2-4 Site Administrators providing access to the content management system, reporting and analysis capabilities across the entire site
o 10-15 Hub Administrators providing access to the content management system, reporting and analysis capabilities for allocated projects within their managed Hub
o Unlimited Project Administrators providing access to the content management system, reporting and analysis capabilities for their allocated project/s.
|Email or online ticketing support||Email or online ticketing|
|Support response times||We provide 24/5 support within a two hour response.|
|User can manage status and priority of support tickets||Yes|
|Online ticketing support accessibility||WCAG 2.1 A|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||Web chat|
|Web chat support availability||24 hours, 7 days a week|
|Web chat support accessibility standard||WCAG 2.1 A|
|Web chat accessibility testing||Testing has not been undertaken with assistive technology users|
|Onsite support||Yes, at extra cost|
We provide within our licence:
o Face to face training comprising one six hour one day course for up to 10 people covering best practice principles, project planning, engagement methodology and the EngagementHQ content management system.
o Two on demand, one and half hour online coaching training workshops for new or existing staff.
o 24/5 chat support and email support from our Client Experience Team. This includes a two hour first response time for email queries and guaranteed 10 minute commitment for first response via the EngagementHQ chat function
o Access to product resources via the content management system, including product training resources, videos and webinars.
o Invitations to regular ‘client meetups’ and Bang the Table events and masterclasses.
o Two project planning sessions to help plan and develop key engagement projects.
o Quarterly online review meetings
o Annual review and benchmarking meeting to evaluate methodology, practice, usage outcomes and set goals for the year ahead.
|Support available to third parties||No|
Onboarding and offboarding
O Two x 1.5 hour preliminary online training sessions covering the engagementHQ Content Management System
o One x face to face training session comprising a six hour one day course for up to 10 people covering best practice principles, project planning, engagement methodology and the EngagementHQ content management system.
o Access to help desk resources from the EngagementHQ Content Management System including training and product manual, and product training videos.
|End-of-contract data extraction||
All data is downloadable by users in real time in PDF, Excel and raw data formats.
Data is extracted via the Dashboard through the EngagementHQ reporting function and can be configured to incorporate date ranges to download:
o Site-wide Activity .
o Individual Project Activity
o Individual Engagement Tool Activity
o Participant Demographics
All data is retained for for a maximum of 90 days from the completion of the contract period. During this time users are able to extract and download all data. At the end of the 90 period, all data is erased and the EngagementHQ site decommissioned and removed for the web.
Bang the Table provide support and assistance within the contract price.
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||EngagementHQ is fully optimised for IOS and Android platforms and provides an accessible interface for the community from mobile phones, tablets and desktop devices incorporating full site functionality.|
|What users can and can't do using the API||
EngagementHQ is a highly flexible platform with an advanced API for integrating with a range of third party services. This allows seamless integration with existing systems.
The EngagementHQ API is REST based and uses user JSON for serialisation and Basic Authentication over SSL for authentication and encrypted communication.
The full list of our available API's are documented in simple English and available on request from our support team.
|API documentation formats||Open API (also known as Swagger)|
|API sandbox or test environment||Yes|
|Independence of resources||Our servers are hosted on the AWS cloud and can be scaled to handle any load. The capacity is determined by the number of concurrent requests at any given time into EngagementHQ. We perform periodic load and performance testing to check for scalability in the order of 5 times the regular production load.|
|Service usage metrics||Yes|
EngagementHQ incorporates a key matrix of Aware-Informed-Engaged (AIE) visitor and reporting typology providing detail of site or project visitation and how informed and engaged a community is with the site and individual engagement projects.
The matrix includes all feedback and detailed date stamped results for all EngagementHQ feedback tools and can be further interrogated and analysed via analysis functions and tagging.
|Reporting types||Real-time dashboards|
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||Up to Security Clearance (SC)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||No|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least every 6 months|
|Penetration testing approach||Another external penetration testing organisation|
|Protecting data at rest||
|Other data at rest protection approach||We host using Amazon Web Services (AWS) with data stored within a mySQL database on AWS RDS. Data is encrypted and stored using 256-bit AES encryption, also known as AES-256.|
|Data sanitisation process||Yes|
|Data sanitisation type||Deleted data can’t be directly accessed|
|Equipment disposal approach||Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001|
Data importing and exporting
|Data export approach||All data can be exported in real time via detailed or summary reports via the EngagementHQ dashboard Analysis and Reporting function.|
|Data export formats||
|Other data export formats||
|Data import formats||CSV|
|Data protection between buyer and supplier networks||
|Other protection between networks||Data is also protected by applying an SSL certificate. SSL Certificates are provided as part of our EngagementHQ Licence.|
|Data protection within supplier network||TLS (version 1.2 or above)|
Availability and resilience
We guarantee 99.6% availability and our up-times have historically remained above 99.9%.
When faults are notified the following minimum service standards are in place:
• For issues critical to the core functions of the site (i.e. website is unavailable), a response will be immediate and a fix will be implemented within four hours.
• For minor critical issues to the core functions of the site (i.e. part of the website is unavailable or not operating efficiently for more than four hours), a response will be within two hours and a fix will be implemented within one business day.
• For non-critical issues to the core functions of the site (i.e. part of the website is unavailable or not operating efficiently with only a material impact on the promotion of your engagement projects), a response time is not mandated but a fix will be implemented within two business days.
• For minor non-critical issues to the core functions of the site (i.e. a problem which has little or no impact to the efficiency of users), a response time is not mandated but a fix will be implemented as soon as practical but no later than 10 business days.
|Approach to resilience||
We have strict data access rules in place with detailed logging to prevent theft and misuse. Access is limited to key personnel involved in maintaining our services and support. Interaction with client data is only at the request of the client.
EngagementHQ provides role-based access controls with unique usernames and one-way password encryption to help clients manage their own logins. SSL certificates are applied and Single Sign On integration are available for further protection.
Data in stored within a mySQL database on AWS RDS with attachments stored within AWS S3. Amazon RDS has multiple features that enhance reliability for critical production databases, including automated backups, DB snapshots, automatic host replacement, and Multi-AZ deployments.
The AWS networks is multi-homed across a number of providers to achieve Internet access diversity.
The AWS network uses proprietary mitigation techniques providing significant protection against traditional security issues such as Distributed Denial of Service (DDoS) Attacks, Man in the Middle (MITM) Attacks, IP Spoofing, Port Scanning.
Our inbound firewalls are configured to permit only the absolute minimum connectivity required to provide the service to our clients.
Outage reporting is via email with access to a full report upon request.
We provide a minimum two weeks of notice in respect of planned outages.
Identity and authentication
|User authentication needed||Yes|
|User authentication||Username or password|
|Access restrictions in management interfaces and support channels||
EngagementHQ provides role based administration of sites, hubs and projects.
• Site Administrators: have whole site access to the CMS, reporting and analysis capabilities including capacity to create Hub and Project Administrators, create and assign Hubs, create and assign projects, review/publish projects.
• Hub Administrators: have access to the CMS, reporting and analysis capabilities for projects within their Hub including capacity to create Project Administrators, create and assign projects, review/publish projects within their allocated Hub/s.
• Project Administrators have access to the CMS, reporting and analysis capabilities for their allocated project/s. No capacity to create or publish projects
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||Username or password|
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||At least 12 months|
|Access to supplier activity audit information||Users have access to real-time audit information|
|How long supplier audit data is stored for||At least 12 months|
|How long system logs are stored for||At least 12 months|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||BSI Group|
|ISO/IEC 27001 accreditation date||19/01/2018|
|What the ISO/IEC 27001 doesn’t cover||Fully Covered|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||No|
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||ISO/IEC 27001|
|Information security policies and processes||
All staff are provided with our security policy and required to undertake training to understand company security measures and requirements including ISO 27001. All staff are required to sign a company security agreement.
Security is managed by our Chief Information Officer (CIO). The CIO is a member of the Bang the Table Board. The Head of Business and Engagement UK liaises directly with the CIO and with the Board via the Global Senior Management Team on all issue relating to security, security policy and its implementation.
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||EngagementHQ is a web-based software platform provided by Bang the Table as a software subscription service. The platform receives regular and continuous updates using our SaaS DLC which features zero-downtime and agile deployment processes. We have robust automated testing, build process, and application monitoring in place to ensure high-quality, secure and successful deployments of regular feature/functionality. Change management processes are facilitated by using feature toggles to control significant feature releases to coincide with appropriate communication and training.|
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||The operating systems and databases running our servers are continually monitored and patched with the latest security fixes. The web framework is continually monitored and patched by our internal development teams. An independent third party carries out comprehensive Vulnerability Assessment and Penetration Testing (VAPT) quarterly.|
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||Our applications are continually monitored and tested for security weaknesses by our Engineering team. We perform regular and ongoing internal application security assessments to discover and mitigate potential weaknesses based on OWASP rating and methodology. We use automated tools as well as manual testing processes to ensure we are as secure as possible at all times.|
|Incident management type||Supplier-defined controls|
|Incident management approach||
We have a published procedure for handling security incidents that outlines when notification is required and an incident response plan.
An Incident Response Team (IRT) is established and managed by the Chief Information Officer (CIO) to provide a quick, effective and orderly response to incidents.
The Chief Information Officer coordinates incident responses and associated investigations, assisted by the Engineering Lead and the Core
Engineering Support Team.
The IRT is authorised to take appropriate steps to contain, mitigate or resolve a data security incident.
Our Support Desk is the central point of contact for reporting security incidents or intrusions.
|Approach to secure software development best practice||Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)|
Public sector networks
|Connection to public sector networks||No|
|Price||£1750 to £25000 per licence per year|
|Discount for educational organisations||Yes|
|Free trial available||Yes|
|Description of free trial||Bang the Table provide a sand pit site with full functionality for testing and precluding publishing of any aspect. Access to manuals and support is included. A sandpit site is available for three months, subject to site administrators accessing the site at least once every 30 days.|
|Link to free trial||We create and deliver sandpits on request.|