Invotra

Invotra Enterprise Intranet

Invotra Enterprise intranet powers digital strategies in public sector & NHS organisations. A completely customisable intranet, with instant publishing, enterprise search and collaborative apps. Built-in analytics measure user engagement on the intranet, while global roles ensure security and governance. Invotra Enterprise intranet integrates with over 2,000 applications

Features

• Complete Intranet control through customisation and configurability.
• Drupal-based open source Intranet Content Management System (CMS).
• Real-time Intranet analytics reporting.
• Social Intranet collaboration with commenting, rating and likes.
• Intranet Distributed Publishing, Workflow and Revisions.
• Intranet Integrations with websites, Office 365 and over 2,000 applications.
• Intranet File Management with OneDrive for Business.
• Instant drag and drop editing of Intranet templates.
• Default layouts and widgets for rapid Intranet deploy.
• Extranet portal to improve engagement and sharing with third parties.

Benefits

• Instant publishing to your Intranet.
• Intelligent search, including recent and saved search results.
• Work on the go with fully responsive Intranet mobile app.
• Intranet file library for documents, images, videos and audio.
• Delegate Intranet responsibility through various global and local roles.
• Intranet media capability includes videos, iFrames and Open Graph.
• Easy management and maintenance with CMS and administration.
• Increase productivity and time efficiencies by enabling staff to self-serve.
• Personalise your Intranet with your existing staff directory.
• Actively engage staff, volunteers and stakeholders through your Intranet.

£1.74 a user a month

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@invotra.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

532768146848710

Contact

Paul Zimmerman
+44 (0)20 3789 2900
sales@invotra.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: Any perceived constraints will be reviewed and agreed as part of the mutually agreed Service Design.
• System requirements: Modern Personal Computer

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Invotra's tickets are categorised into different priority levels, from P1 - P4, each with the corresponding response and target resolution time. The times listed below are the average response times: Priority 1 Level - 30 minutes, priority 2 Level - 1 hour, priority 3 Level - 4 hours and priority 4 Level - 5 hours. These response targets are applicable for 07:00 - 19.00h Monday - Friday excluding UK bank holidays.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: At Invotra, service is everything. We take great pride in the ways in which we deliver a superlative service to our customers. See our Invotra Cloud Software Service Definition Document for full details of our support levels offered. Our Service Desk availability hours are 07:00-19:00h Monday - Friday excluding UK bank holidays. P1 incidents can be raised 24/7 365. The SLAs for incidents and support queries are as follows: P1 - 4 hours, P2 - 8 hours, P3 - 24 hours, P4 - 60 hours and support queries - 60 hours. As part of the incident and support query management we will engage various levels of technical (engineer) and non-technical support as required. There are no costs associated with incident and support query management activities.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Invotra's professional consulting arm, Invotra Consulting provides a comprehensive onboarding service from the very beginning, enabling our customers to deliver a great service to their end users.; Invotra Consulting offer onsites training, online training and user documentation. The program has been designed to ensure your internal teams have all the skills, guidance and structure they need, including: User data management and import, stakeholder engagement, minimum Viable Product (MVP) scoping with communications teams, Single Sign-On setup, product training (onsite and online), portal structure and design, setup and implementation of MVP with communications teams, establishing guidance and best practices around portal usage, live service setup (including integration with your IT model), analytics setup, establishing a rollout plan, project launch and support. Once you're ready to launch, we will conduct a detailed handover to Invotra’s Live Service team for them to support you and your users throughout the period of your contract.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Users can extract their data via the APIs at any point in time from the service. If requested, Invotra will provide a zip file of this data at the end of the contract.
• End-of-contract process: If requested, Invotra will provide a zip file of this data at the end of the contract (all reasonable formats will be considered). We also include standing down and secure termination of your Invotra service. Bespoke off-boarding can be requested based on the customers needs. This may include specific data extraction requirements, exit review processes etc.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: There are no differences between mobile and desktop services. All Invotra services and products are fully responsive to support access via multiple devices.
• Service interface: Yes
• Description of service interface: We have a service interface that is available to customers and can be provided if requested.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: Invotra is compliant to WAI ‘AA’ standards for all organisational users who access the system. However, simply saying that we meet the standards is not enough. We go above and beyond being compliant in order to create a positive user experience for 100% of users. ; ; Invotra employees travel the UK to meet with accessible software users, conducting user testing with people of differing types of disabilities and assistive software. The aim of the testing is to identify the different methods in which users would interact with the system and to identify the varying competency with the assistive technology. From this we are able to adapt the user interface to accommodate multiple variations of techniques used depending on the disability and competency with assistive technologies.; ; Invotra understands that a continuous software development life cycle creates an environment where the user interface will change. Therefore user testing is conducted at stages where either there has been major user interface changes or to verify that previous challenges have been remedied.
• API: Yes
• What users can and can't do using the API: With Invotra Cloud Software, customers can use APIs to exchange data relating to people, content, apps, files and taxonomies.; ; For more information visit developer.invotra.com.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Invotra is built to be flexible. ; ; The customer controls everything from their information architecture to their branding, to the configuration of their search, tagging, commenting, and much more. ; ; Invotra also offers in-place editing for managers and publishers, who can design and arrange their content by moving and configuring widgets throughout their sections and content types.; ; Distributed publishing also promotes collaborative publishing with larger teams of authors, editors and publishers. In other words, specialists who have the expertise to produce quality content consistently and quickly.; ; See the Invotra Cloud Software Service Definition for more details.

Scaling

• Independence of resources: The platform is designed and scaled with excess capacity up to 50% above anticipated requirements for all customers. This is monitored and adjusted appropriately.; ; The platform is designed to automatically scale when resources across the stack begin to reach certain thresholds. These thresholds are identified through the monitoring system within the platform. If the monitoring system identifies a metric that exceeds a threshold, new resources are provisioned to accommodate the load. The resource consumption is constantly monitored which prompts for optimisation activities to proactively scale up resources where required.

Analytics

• Service usage metrics: Yes
• Metrics types: Invotra utilises the analytics application Matomo to provide real time service usage metrics. All Invotra customers have a dedicated Matomo instance that they can configure to their specification. Invotra also supports connectors for Google Analytics. Further to this Invotra has native data visualisation for several features of the intranet, extranet and digital workplace to show the data for Blogs, Teams, Groups, Message Wall and Extranet areas. This is powered by Invotra Search.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2012
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Invotra supports APIs as well as in product exporters for data extraction.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • JSON
  • XML
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • JSON
  • XML

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: Other
• Other protection within supplier network: AWS VPC

Availability and resilience

• Guaranteed availability: 99% uptime is guaranteed by Invotra. In the event of a failure to meet the specified service levels, a service credit can be applied for by the customer. The details of the service credits available are in Invotras Terms and Conditions.
• Approach to resilience: Both high and low level designs are published on GOV.invotra, a private portal offered to all of Invotra's UK Government customers.
• Outage reporting: Email alerts are sent to affected customers during any outages recorded.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
• Access restrictions in management interfaces and support channels: All processes and policies are detailed within an internal system which is available for review on request. The system fully supports all policies and processes required for ISO 27001.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: You control when users can access audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Alcumus Isoqar
• ISO/IEC 27001 accreditation date: 26/08/2016
• What the ISO/IEC 27001 doesn’t cover: We do not have any exclusions for our ISO 27001:2013 certification.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Other security certifications: Yes
• Any other security certifications: Cyber Security Essentials

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: We currently hold the ISO/IEC 27001:2013 certification and have no exclusions. All policies and processes are stored within our internal system which can be made available for review upon request. The system fully supports all policies and processes set out by the International Standards organisation and is outlined in the requirements for ISO 27001:2013. To ensure that all staff follow the information security policies and processes, we conduct annual Security Awareness Training, followed up by an Information Security questionnaire. In addition to this, if there are any updates on these policies or processes, it is communicated to all staff via our intranet and a signed list of all policies that have been read are kept on each staff member's HR file.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Invotra’s change process is published on our UK Government customer portal GOV.invotra. Our changes are managed through our change management process. Invotra tracks all system changes including but not limited to: product enhancement releases, service component version upgrades; and security patching, Invotra also has supplementary security incident and business continuity processes in place which are available upon request.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Technical resources are subscribed to security feeds/mailing lists to be notified of security improvements. The security patches are expedited or applied as part of a development cycle depending on severity (assessed according to an internal scoring system). For OS vulnerabilities we defer to the OS vendor's assessment. OS patches are deployed monthly. We also get information about any potential threats from OS vendor, application vendors, package repositories and our internal QA.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: All application requests are monitored using AWS WAF (Web Application Firewall) which applies a set of rules to a HTTP conversation. These rules cover common attacks such as Cross-site Scripting (XSS) and SQL Injection. All processes and policies related to response and timings are detailed within an internal system which is available for review on request. The system fully supports all policies and processes required for ISO 27001.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Incident management processes for customers are published on our UK Government customer portal GOV.invotra. We have predefined processes for reporting, tracking and closing incidents. Customers have access to our dedicated Invotra HelpDesk Portal where they can raise new incidents and review incident statuses both current and historic. Incident reporting is available upon request.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Pricing

• Price: £1.74 a user a month
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Free trials are available upon request, please contact Invotra for information
• Link to free trial: https://invotra.com/talk-to-us/

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@invotra.com. Tell them what format you need. It will help if you say what assistive technology you use.