Bang the Table UK

EngagementHQ: Online Consultation and Engagement Software

Community Engagement and Consultation.

EngagementHQ offers a spectrum of engagement tools from open tools such as discussion forums, ideas, Q&A, storytelling, guestbooks and interactive mapping to traditional tools such as surveys, petitions and quick polls. EngagementHQ consultations are supported by information resources, integrated communications, participant database, advanced analytics and reporting.


  • Eight Community Engagement and Consultation Tools
  • Project Information Resources (FAQs, timeline, library, image and video galleries)
  • Integrated email and e-newsletter
  • Integrated Participant Database and Participant Relationship Management System
  • Integrated Reporting and Analysis
  • 24/7 Moderation of all publicly accessible feedback
  • 24/5 Support Desk Access via integrated chat function and email
  • Access to Best Practice Advice
  • Free access to new functionality and software updates
  • API Connectivity


  • Deploy engagement tools to suit consultation stages or consultation types
  • Engage hard to reach communities
  • Engage in open community or protected consultations such as panels
  • Provide a safe moderated space for community dialogue and engagement
  • Provide access to key consultation documents and information
  • Provide access via IOS and Android mobile phones and tablets
  • Determine, capture and manage participant demographic data and participant records
  • Segment, tag and analyse and communicate with your participant database
  • Analyse and tag qualitative and quantitative data
  • Streamline organisation consultation and engagement presentation and reporting


£1750 to £25000 per licence per year

Service documents


G-Cloud 11

Service ID

5 2 1 7 5 0 7 6 6 0 3 1 3 3 9


Bang the Table UK

Ray Scanlan

07535 085366

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints We provide access to a total of administrators with capacity to purchase additional administrators. Administrator types include:
o 2-4 Site Administrators providing access to the content management system, reporting and analysis capabilities across the entire site
o 10-15 Hub Administrators providing access to the content management system, reporting and analysis capabilities for allocated projects within their managed Hub
o Unlimited Project Administrators providing access to the content management system, reporting and analysis capabilities for their allocated project/s.
System requirements None

User support

User support
Email or online ticketing support Email or online ticketing
Support response times We provide 24/5 support within a two hour response.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.1 A
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support Web chat
Web chat support availability 24 hours, 7 days a week
Web chat support accessibility standard WCAG 2.1 A
Web chat accessibility testing Testing has not been undertaken with assistive technology users
Onsite support Yes, at extra cost
Support levels We provide within our licence:
o Face to face training comprising one six hour one day course for up to 10 people covering best practice principles, project planning, engagement methodology and the EngagementHQ content management system.
o Two on demand, one and half hour online coaching training workshops for new or existing staff.
o 24/5 chat support and email support from our Client Experience Team. This includes a two hour first response time for email queries and guaranteed 10 minute commitment for first response via the EngagementHQ chat function
o Access to product resources via the content management system, including product training resources, videos and webinars.
o Invitations to regular ‘client meetups’ and Bang the Table events and masterclasses.
o Two project planning sessions to help plan and develop key engagement projects.
o Quarterly online review meetings
o Annual review and benchmarking meeting to evaluate methodology, practice, usage outcomes and set goals for the year ahead.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started O Two x 1.5 hour preliminary online training sessions covering the engagementHQ Content Management System

o One x face to face training session comprising a six hour one day course for up to 10 people covering best practice principles, project planning, engagement methodology and the EngagementHQ content management system.

o Access to help desk resources from the EngagementHQ Content Management System including training and product manual, and product training videos.
Service documentation Yes
Documentation formats HTML
End-of-contract data extraction All data is downloadable by users in real time in PDF, Excel and raw data formats.

Data is extracted via the Dashboard through the EngagementHQ reporting function and can be configured to incorporate date ranges to download:

o Site-wide Activity .

o Individual Project Activity

o Individual Engagement Tool Activity

o Participant Demographics
End-of-contract process All data is retained for for a maximum of 90 days from the completion of the contract period. During this time users are able to extract and download all data. At the end of the 90 period, all data is erased and the EngagementHQ site decommissioned and removed for the web.

Bang the Table provide support and assistance within the contract price.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service EngagementHQ is fully optimised for IOS and Android platforms and provides an accessible interface for the community from mobile phones, tablets and desktop devices incorporating full site functionality.
Service interface No
What users can and can't do using the API EngagementHQ is a highly flexible platform with an advanced API for integrating with a range of third party services. This allows seamless integration with existing systems.

The EngagementHQ API is REST based and uses user JSON for serialisation and Basic Authentication over SSL for authentication and encrypted communication.

The full list of our available API's are documented in simple English and available on request from our support team.
API documentation Yes
API documentation formats Open API (also known as Swagger)
API sandbox or test environment Yes
Customisation available No


Independence of resources Our servers are hosted on the AWS cloud and can be scaled to handle any load. The capacity is determined by the number of concurrent requests at any given time into EngagementHQ. We perform periodic load and performance testing to check for scalability in the order of 5 times the regular production load.


Service usage metrics Yes
Metrics types EngagementHQ incorporates a key matrix of Aware-Informed-Engaged (AIE) visitor and reporting typology providing detail of site or project visitation and how informed and engaged a community is with the site and individual engagement projects.

The matrix includes all feedback and detailed date stamped results for all EngagementHQ feedback tools and can be further interrogated and analysed via analysis functions and tagging.
Reporting types Real-time dashboards


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least every 6 months
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Encryption of all physical media
  • Other
Other data at rest protection approach We host using Amazon Web Services (AWS) with data stored within a mySQL database on AWS RDS. Data is encrypted and stored using 256-bit AES encryption, also known as AES-256.
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach All data can be exported in real time via detailed or summary reports via the EngagementHQ dashboard Analysis and Reporting function.
Data export formats
  • CSV
  • Other
Other data export formats
  • Excel
  • PDF
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Other
Other protection between networks Data is also protected by applying an SSL certificate. SSL Certificates are provided as part of our EngagementHQ Licence.
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability We guarantee 99.6% availability and our up-times have historically remained above 99.9%.

When faults are notified the following minimum service standards are in place:

• For issues critical to the core functions of the site (i.e. website is unavailable), a response will be immediate and a fix will be implemented within four hours.

• For minor critical issues to the core functions of the site (i.e. part of the website is unavailable or not operating efficiently for more than four hours), a response will be within two hours and a fix will be implemented within one business day.

• For non-critical issues to the core functions of the site (i.e. part of the website is unavailable or not operating efficiently with only a material impact on the promotion of your engagement projects), a response time is not mandated but a fix will be implemented within two business days.

• For minor non-critical issues to the core functions of the site (i.e. a problem which has little or no impact to the efficiency of users), a response time is not mandated but a fix will be implemented as soon as practical but no later than 10 business days.
Approach to resilience Data
We have strict data access rules in place with detailed logging to prevent theft and misuse. Access is limited to key personnel involved in maintaining our services and support. Interaction with client data is only at the request of the client.

EngagementHQ provides role-based access controls with unique usernames and one-way password encryption to help clients manage their own logins. SSL certificates are applied and Single Sign On integration are available for further protection.

Data in stored within a mySQL database on AWS RDS with attachments stored within AWS S3. Amazon RDS has multiple features that enhance reliability for critical production databases, including automated backups, DB snapshots, automatic host replacement, and Multi-AZ deployments.

The AWS networks is multi-homed across a number of providers to achieve Internet access diversity.

The AWS network uses proprietary mitigation techniques providing significant protection against traditional security issues such as Distributed Denial of Service (DDoS) Attacks, Man in the Middle (MITM) Attacks, IP Spoofing, Port Scanning.

Our inbound firewalls are configured to permit only the absolute minimum connectivity required to provide the service to our clients.
Outage reporting Outage reporting is via email with access to a full report upon request.

We provide a minimum two weeks of notice in respect of planned outages.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels EngagementHQ provides role based administration of sites, hubs and projects.

• Site Administrators: have whole site access to the CMS, reporting and analysis capabilities including capacity to create Hub and Project Administrators, create and assign Hubs, create and assign projects, review/publish projects.

• Hub Administrators: have access to the CMS, reporting and analysis capabilities for projects within their Hub including capacity to create Project Administrators, create and assign projects, review/publish projects within their allocated Hub/s.

• Project Administrators have access to the CMS, reporting and analysis capabilities for their allocated project/s. No capacity to create or publish projects
Access restriction testing frequency At least every 6 months
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 BSI Group
ISO/IEC 27001 accreditation date 19/01/2018
What the ISO/IEC 27001 doesn’t cover Fully Covered
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes All staff are provided with our security policy and required to undertake training to understand company security measures and requirements including ISO 27001. All staff are required to sign a company security agreement.

Security is managed by our Chief Information Officer (CIO). The CIO is a member of the Bang the Table Board. The Head of Business and Engagement UK liaises directly with the CIO and with the Board via the Global Senior Management Team on all issue relating to security, security policy and its implementation.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach EngagementHQ is a web-based software platform provided by Bang the Table as a software subscription service. The platform receives regular and continuous updates using our SaaS DLC which features zero-downtime and agile deployment processes. We have robust automated testing, build process, and application monitoring in place to ensure high-quality, secure and successful deployments of regular feature/functionality. Change management processes are facilitated by using feature toggles to control significant feature releases to coincide with appropriate communication and training.
Vulnerability management type Supplier-defined controls
Vulnerability management approach The operating systems and databases running our servers are continually monitored and patched with the latest security fixes. The web framework is continually monitored and patched by our internal development teams. An independent third party carries out comprehensive Vulnerability Assessment and Penetration Testing (VAPT) quarterly.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Our applications are continually monitored and tested for security weaknesses by our Engineering team. We perform regular and ongoing internal application security assessments to discover and mitigate potential weaknesses based on OWASP rating and methodology. We use automated tools as well as manual testing processes to ensure we are as secure as possible at all times.
Incident management type Supplier-defined controls
Incident management approach We have a published procedure for handling security incidents that outlines when notification is required and an incident response plan.

An Incident Response Team (IRT) is established and managed by the Chief Information Officer (CIO) to provide a quick, effective and orderly response to incidents.

The Chief Information Officer coordinates incident responses and associated investigations, assisted by the Engineering Lead and the Core
Engineering Support Team.

The IRT is authorised to take appropriate steps to contain, mitigate or resolve a data security incident.

Our Support Desk is the central point of contact for reporting security incidents or intrusions.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No


Price £1750 to £25000 per licence per year
Discount for educational organisations Yes
Free trial available Yes
Description of free trial Bang the Table provide a sand pit site with full functionality for testing and precluding publishing of any aspect. Access to manuals and support is included. A sandpit site is available for three months, subject to site administrators accessing the site at least once every 30 days.
Link to free trial We create and deliver sandpits on request.

Service documents

Return to top ↑