G-Cloud 11 services are suspended on Digital Marketplace

If you have an ongoing procurement on G-Cloud 11, you must complete it by 18 December 2020. Existing contracts with Townbase are still valid.
Townbase

Eventz.today EventGuide

Eventz.today Smart & Connected City Portals allows councils, government, cities, and boroughs to build digital websites and city portals for citizens, businesses and visitors in one business day and operate them as SaaS. With Eventz.today you can create, publish and share content like articles, places, events and build engaged communities

Features

  • Web publishing
  • Map & geo-based discovery
  • Community engagement
  • API to access layers
  • CMS
  • User registration and user access rights management
  • Form management and workflow management
  • Multimedia publishing

Benefits

  • Manage digital presence
  • Create content based on pre-defined or tailored forms
  • Engage people & businesses
  • Open data framework to content (Eventz OpenGov)
  • Digital content distribution (Eventz OpenData API)
  • Cost reduction in IT development, operations, training and support
  • Manage apps, websites and mobile presence with one console

Pricing

£50 a licence a month

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at contactus@townbase.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 11

Service ID

6 1 7 5 7 1 4 7 3 7 5 6 9 9 9

Contact

Townbase M. J. Lintunen
Telephone: +447551737073
Email: contactus@townbase.com

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
We deploy our services on AWS
System requirements
N/A

User support

Email or online ticketing support
Email or online ticketing
Support response times
9/5 or 24/7 options available
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Our 9/5 admin support is available for Tier2 and Tier3 admin users
Support available to third parties
Yes

Onboarding and offboarding

Getting started
We provide online and on-site trainings, online FAQ's and support videos and User Guides
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
Via our dedicated API's or csv or excel imports
End-of-contract process
We offer our API's in the end of the contract for 2 months free of charge after which we support customers on our standard hour rates,

Using the service

Web browser interface
Yes
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Yes
Compatible operating systems
  • Android
  • IOS
  • Windows
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Features and functionality are the same, but mobile views are optimised for smaller screens and touch.
Service interface
No
API
Yes
What users can and can't do using the API
Our REST API allows 3rd party access via assigned tokens. Generally API is for 3rd parties and customers do not need API access
API documentation
Yes
API documentation formats
PDF
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
Customization can be done on:
- Branding
- Colors
- Font
- Content types
- Content dimensions
- Forms and form attributes
- Skinning
- additional features specified and agreed with customers

Scaling

Independence of resources
Our platform is created to scale on Amazon Web Services cloud platform

Analytics

Service usage metrics
Yes
Metrics types
We provide real-time out-of-the-box analytics dashboard and reporting tools

For example:
1. Active users & usage
2. Navigation flows
3. Geographical use
4. Demographics data
5. Page level metrics
Reporting types
Real-time dashboards

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
European Economic Area (EEA)
User control over data storage and processing locations
Yes
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least every 6 months
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Yes
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
JSON API
RSS feed
CSV file
xml file
HTML file
PDF file
Data export formats
CSV
Data import formats
  • CSV
  • Other
Other data import formats
  • API
  • JSON
  • RSS
  • Excel
  • XML

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
The environment is monitored 24/7. The environment is supported 8/5 24/7 as agreed with customers.
Availability, response and resolution times are followed and managed and the incident are classified to four categories (critical, high, medium and low). For Critical and High level incidents the problem and root cause analysis are carried out.
At this point the SLAs are not sanctioned nor rewarded, but that can be discussed and agreed if required by a customer.
Approach to resilience
The environment is automatically replicated in multiple availability zones that are redundant. All the virtual machines and data bases are at least duplicated to allow system to continue running with any instance going down. All the data is automatically backed up and restoring is tested on regular basis.
More information available on request.
Outage reporting
Internally we have automatic notifications and dashboards to inform on any deviations from normal operations. These notifications are investigated and analysed to solve the incident promptly, but also to identify potential imporovements.
Our customers are alerted with email and in case of severe problems also over the phone.

Identity and authentication

User authentication needed
No
Access restrictions in management interfaces and support channels
- all management interfaces are access controlled with strong password. Whenevenr new permission is used, the solutions owners and administrators are informed that can approve or deny the permission
- support channels and instructions can be used without logging in and only email address is required to send the resolution.
- access to support tools and reports requires logging and approval
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
No
Security governance approach
We follow ISO/IEC 27001 standards and guidelines, but have not certified it by an authoirity.
Information security policies and processes
Our security policies and processes are based on the following principles
- Security accountability: accountability with everyone in organization
- Security training
- Incident handling and response: procedures in the event of a security breach or incident including reporting, fixing and key roles and people
- Acceptable use policies: expected behavior arounf BYO devices and document management
- System policies: security configuration for all operating systems and servers including account management, password management, anti-virus, etc policies.
- Network service policies: policies for secure remote access, public cloud security policies and practices, IP address management and configuration, router security procedures, etc
- Physical security and access control

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
The infrastructure hardware is managed by our supplier including operating systems and middleware upgrades and batching.

Our software configuration management consists of revision control to determine what was changed and who changed it, but allow tracking and fall back options. Certain changes also require an internal peer review and approval.

Change process
- request is created using appropriate channels.
- ticket is opened and directed to the appropriate team.
- team investigates, requests further info and creates the plan with potential impact
- Plan is executed and set to 'testing'
- After testing / approval it is set to 'Closed'
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
- we do internal threat assesments on a regular basis and also utilise external consultants and tools to identify potential threats
- OS and middleware layers are provided to us by our services providers and we allow and request them to provide the barches as quickly as possible
- our own SW is patching is done based on priority and critical, high and medium levels are carried out immediately
- we get the information from 3rd party consultants, industry forums and various other sources such as webinars
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
- for protective monitoring service we count on tools and services provided to us by our service providers Microsoft as part of the Office 365 and AWS for public cloud
- once a potential compromise is identified, we follow our security management process to classify, mitigate, solve and learn
- depends on severity. For the critical ones the actions are started immediately
Incident management type
Supplier-defined controls
Incident management approach
Our incident managemnt process is based on the following steps
- documenting incident details either based on user call, email or web-form and follow up discussions
- Matching incidents against known problems
- Prioritizing based on impact
- Resolving incidents based priority
- Reporting the progressa and status changes and also the incident summary after closing
- Escalating as needed internally and with customer

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Pricing

Price
£50 a licence a month
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at contactus@townbase.com. Tell them what format you need. It will help if you say what assistive technology you use.