Granicus LLC

GovDelivery Communications Cloud

GovDelivery Communications Cloud provides digital notifications newsletters and proactive alerts to a network of over 12m UK citizens using digital channels including, email, SMS, RSS and Social Media. Offering proactive public communications allows clients to quickly, efficiently and effectively reach a very large and highly engaged, responsive audience whenever necessary.

Features

  • Increase reach and build audience
  • Proactive User Email alerts and Updates; Newsletters, SMS, Social Media.
  • Unlimited Usage
  • Access to the GovDelivery Network with over 12m UK subscribers
  • Subscriber and Audience insight
  • Real-time Reporting and Message Metrics
  • Geo-Smart location based sign-up
  • Message/Marketing automation
  • Audience segmentation and message targeting
  • ISO 27001 certified company

Benefits

  • Reach and Engage with more citizens
  • Access to the GovDelivery Network with over 12m UK subscribers
  • Saves on printing and publishing costs
  • Supports digital by default
  • Supports and drives savings via channel shift
  • Revenue generation
  • Create one message automatically delivered across multiple channels
  • Analytical reports help to fine tune effective communications
  • Automated audience segmentation for specific campaigns
  • Increase customer/citizen satisfaction

Pricing

£339.00 to £68248.00 per licence per month

Service documents

G-Cloud 10

578476719567711

Granicus LLC

Dave Worsell

0207 993 5595

dave.worsell@granicus.com

Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to Targeted Messaging Service; Interactive Text; PEAK Agenda Management.
Cloud deployment model Public cloud
Service constraints Scheduled maintenance typically occurs every 30 days with average downtime required being less than 30 minutes Planned or routine maintenance is limited to 2 hours per week. Total scheduled downtime for the year will not typically exceed 20 hours.
System requirements
  • Connection to the Internet
  • Web browser access

User support

User support
Email or online ticketing support Email or online ticketing
Support response times All questions (Tickets) are logged with our support desk software. The individual response time will vary depending on the complexity. However, we aim to respond to all support requests within four hours.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support Web chat
Web chat support availability 24 hours, 7 days a week
Web chat support accessibility standard WCAG 2.0 AA or EN 301 549 9: Web
Web chat accessibility testing The service user interfaces are full accessible and support WCAG AA and US 508 compliance. The service has been used by the RNIB who provided feedback and guidance on accessibility in both the user and administrator interfaces
Onsite support No
Support levels Full access to our online support desk which ca be accessed via email; phone; live chat, available 24 x 7 x 365.

Our service includes access to an Account Manager, who's role is to help customers to get the best use of our service offering ideas and sharing best practice and the experience of the user community.

We offer regular free webinars for customer to help brush up their skills and review the potential use of additional services.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started We offer an implementation manager who will coordinate all the Granicus aspects of the online training and account set up. They will build out the account working directly with the customer's team to ensure that online training sessions are set up at convenient times. All sessions are exclusive to the customer can be recorded for future reference. Online documentation is available as are webinars both live and recorded.
When the account is live Account Manager is appointed to help support the customer with ideas and explain new developments and share best practice.
Service documentation Yes
Documentation formats HTML
End-of-contract data extraction Should a customer decide to cancel their agreement. The customer's data will be returned securly via a CSV file.
Customers can download their data at anytime via the portal.
End-of-contract process Decommissioning is included in the rental price. Granicus will confirm the date on which customer access to the portal will be terminated.
Granicus will then decommission the service inline with its security and decommissioning policies. Applicable data will be returned securly via a CSV file

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The user interface has been designed/optimized for mobile devices. The administrator interface, while not designed or tested specifically for mobile devices, does allow full access to features.
Accessibility standards WCAG 2.0 AA or EN 301 549
Accessibility testing The service user interfaces are full accessible and support WCAG AA and US 508 compliance. The service has been used by the RNIB who provided feedback and guidance on accessibility in both the user and administrator interfaces.
API Yes
What users can and can't do using the API The service has a comprehensive open API that permits extensive use of the service from sending messages to adding and managing subscribers. Full information on the API can be found at http://developer.govdelivery.com/
API documentation Yes
API documentation formats HTML
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Users have full control over the personalisation of the service including branding, look and feel, subscription topics, message templates, interfaces and transnational messages. For example, the entire user interface has be translated into multiple languages using the customisation features.

Scaling

Scaling
Independence of resources Our Communication Cloud product is a SaaS application and is based on a multi-tenant type of architecture. Each account is securely separated from each other and all the resources are managed as a large pool. This architecture scales horizontality based on overall workload.

Analytics

Analytics
Service usage metrics Yes
Metrics types GovDelivery Communication Cloud reports provides real time management data specific to the activity completed in your account. The reporting capability is shown below with additional details provided in the Service Definition.

Account Reports
• Account Performance Report
• Network Report

Bulletin Reports
• Wireless Subscriber Report
• Bulletin Links Report
• Auto Response Report
• Bulletin Analytics Report
• Bulletin Detail Report

Subscriber Reports
• Subscriber Activity Report
• Wireless Message Report

Topic Reports
• Questions Report
• Topic/Category Report
Reporting types
  • API access
  • Real-time dashboards
  • Reports on request

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance None

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations EU-US Privacy Shield agreement locations
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach Customer with appropriate administration permissions (set by the customer) can export their data at anytime via the GovDelivery Communications Cloud portal.
Information can be transferred via the APIs if previously integrated
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • IPsec or TLS VPN gateway
  • Other
Other protection within supplier network To get into the infrastructure requires authentication through an IPsec VPN gateway that includes two-factor authentication (username/password and a USB fob). To connect to individual hosts within the infrastructure requires OpenSSH access for encryption.

Availability and resilience

Availability and resilience
Guaranteed availability GovDelivery Communications Cloud strives for a service availability of 99.99%.
This is achieved by the mirroring between two Data Centers 1,000 miles apart in order to mitigate potential loss of service due to natural disaster.
We do not offer refunds if we do not meet this aspirational level of availability.
Approach to resilience GovDelivery Communication Coud has redundancy built into each of its Tier 3 two data centers. Redundant switches, load balancers, and firewalls allow maintenance on an individual network device with no customer impact.

The server infrastructure is completely virtual and the build process has been automated so that extra capacity can be added in minutes when needed.

In the case of a complete datacentre failure, processing would failover to the secondary datacentre that is 1,000 miles away. Data is replicated in near-real time between the two centres to ensure a short Recovery Point Objective (RPO).
Outage reporting GovDelivery Communications Cloud service disruptions are communicated publicly here -- http://status.govdelivery.com/, individual client notifications are ticket-by-ticket and are based on severity level (Full policy document available upon request) and by subscribing to notifications from the status page.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Username or password
  • Other
Other user authentication Authentication is required for clients. However members of the public/citizens can review public information without having to authenticate, assuming the agency publishes public information.
Access restrictions in management interfaces and support channels All interface access is done through a web browser via an encrypted channel. Authentication to the system is done through a username/password combination and (optional) two factor authentication delivered via an SMS message or a voice call.
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 BSI
ISO/IEC 27001 accreditation date 31/01/2013 (initially)
What the ISO/IEC 27001 doesn’t cover N/A
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications FedRAMP

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards FedRAMP (which is based on NIST 800-53r4)
Information security policies and processes Granicus has many security policies and processes that support both ISO 27001:2013 and FedRAMP (based on NIST 800-53r4), covering everything from physical security to system communications to vendor security. Processes are created for each NIST 800-53 control family and are documented on an internal wiki site.

All employees are required to sign an Acceptable Use Policy that spells out the requirements. Failure to follow the security policies/processes can result in disciplinary action from Human Resources, up to and including termination.

Security reports through the Vice President of Operations who reports to the Chief Product Officer who is a member of the board and responsible for security.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach Tickets are created for all changes. These tickets include information on potential customer impact, QA steps, and a backout process. The changes are all reviewed at a daily change management meeting and must be approved before being implemented. The ISSO is a member of the change board so that changes are reviewed for potential security impact.

Individual physical components are tracked through a combination of an asset inventory and through the ticketing system that identifies the components that are changing.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach The entire infrastructure (application, database, servers/devices) is scanned on a monthly basis. A ticket is created for each identified vulnerability for tracking throughout the lifecycle, and an internal remediation timeline is set depending on the severity (high=30, moderate=90, low=180). Teams meet weekly to review the vulnerabilities and identify timelines and ensure that issues aren't missed.

In addition to scanning, Granicus subscribes to the US-CERT and individual vendor security mailing lists so we are notified when important vulnerabilities are identified. Tickets are created for each of these as well and follow the same process as scans.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Granicus utilizes both network and host-based intrusion detection systems that send logs to a centralised location for proper correlation.

If a compromise is suspected, the incident response team is mobilised to investigate and confirm/deny the actual breach. If a breach is confirmed, the customer support team reaches out to all impacted customers immediately and provides updates every 20 minutes until the issue is contained (the same process is used for any incident). A root cause analysis (RCA) is then provided after the remediation, generally within 48 hours.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Granicus has a formal Incident Response Plan in place that identifies the flow from incident detection to remediation, including many high level processes.

Customers can report incidents by sending an email to help@granicus.com. This kicks off the process, which includes automatically generating a ticket and beginning the triage process.

Internally, a detected incident is reported to customer support so that the team can communicate to any impacted customers. Updates are sent every 20 minutes for severity 1 issues.

For impactful incidents, after it is remediated, a root cause analysis (RCA) is provided to impacted customers, generally within 48 hours.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £339.00 to £68248.00 per licence per month
Discount for educational organisations No
Free trial available No

Documents

Documents
Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑