Artifax Software Limited


Join a global community managing commercial and cultural spaces and activities with Artifax. Theatres, concert halls, festivals, museums, galleries, sports facilities, visitor attractions, schools and other venues use Artifax for event planning, room hire, staff and resource scheduling, finances, artistic and production schedules, tour bookings, document storage and online bookings.


  • Central shared calendar, document storage & contact management
  • Intuitive, user-friendly interface
  • Fully user customisable with custom fields & contextual forms
  • Available in multiple languages or create your own
  • Powerful search & reporting capabilities
  • Sophisticated finances for multiple trading entities sharing a database
  • Public API & Microsoft Office integration
  • Optional artistic programming, attendee management, staff scheduling & guest logistics
  • Granular user & group security permissions plus 2 Factor Authentication
  • Flexible concurrent &/or named user licensing model


  • Eliminate duplication with a central database
  • Increase efficiency with easy workflows & integrations
  • Speed up the booking process with user-defined templates
  • Gain business intelligence with KPIs & scheduled reports
  • See a holistic view of people & organisations
  • Manage complex deals, commission calculations & performance settlements
  • Build dashboards in Excel with live data
  • Translate any field or application string
  • Maximise revenue with effective room & resource management tools
  • Keep personal data safe & ensure compliance with the GDPR


£175 per instance per month

Service documents

G-Cloud 11


Artifax Software Limited

James Taylor

01372 587587

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints Planned maintenance, during which ArtifaxEvent may be inaccessible, takes place between 06:00 and 08:00 weekly on Fridays.

Planned maintenance, during which ArtifaxAgora may be inaccessible, takes place between 20:00 and 22:00 weekly on Thursdays.
System requirements
  • Screen minimum resolution 1024 x 768
  • Desktop/tablet/mobile browser
  • Microsoft Word/other application capable of opening RTF files for reports
  • PDF reader for reports

User support

User support
Email or online ticketing support Email or online ticketing
Support response times During support hours, we usually respond to questions within 5 minutes.

Standard support:
Monday to Friday 09:00 to 17:30, except bank holidays.

Enterprise support:
Monday to Friday 08:00 to 18:00, except bank holidays.

Emergency phone number provided for out of hours support.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels All subscriptions include access to technical and end-user information and support services by phone, email and online, access to our community forums and free ArtifaxAcademy training.

On-site support is available at our standard day rates.

The services of technical account managers and cloud support engineers are available.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started We provide tailored onsite and remote training as well as training at our head office in Epsom. Our dedicated documentation specialist ensures that the system administrator and user guides in our online Help Centre are updated and enhanced regularly. Our library of 'how to' videos is growing and we also offer online ArtifaxAcademy training and webinars, all free of charge.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction Organisations can extract their data as ICS, XML, CSV and PDF files, and by using our API or Excel Toolbar.

They can also request a copy of their database.
End-of-contract process There are no offboarding costs other than a small charge for supplying a copy of the database, if required. All data is deleted 30 days after the end of the contract unless otherwise agreed.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service None
Service interface Yes
Description of service interface ArtifaxEvent and ArtifaxAgora are accessible via a web browser.
Accessibility standards None or don’t know
Description of accessibility We are working towards WCAG 2.0 AA.

Visual: Contrast, legibility and colour awareness are well supported. We are currently addressing potential misalignment on graphical calendar views when zooming or increasing text size.

Auditory: There are no auditory elements in the application.

Cognitive: In addition to the Visual considerations, we are continuously reviewing and improving consistency of controls in the application and simplicity of notifications.

Motor: We are mindful of users who prefer to use the keyboard, and are careful to properly organise and label screen elements.
Accessibility testing Currently we do not have documented interface testing with users of assistive technology.
What users can and can't do using the API ArtifaxEvent includes a RESTful API enabling ability to pull/push information to/from the application. Unlimited API keys may be configured from within the application. Although the API covers a wide range of functionality, as yet not all areas of the application can be manipulated through its use. Additional API calls are being introduced with each release.
API documentation Yes
API documentation formats
  • Open API (also known as Swagger)
  • HTML
  • PDF
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Rooms, resources, sales process (pipeline) statuses, booking statuses, event statuses, event activities, tasks, reports and templates can all be customised (names, text and background colours etc.). Specialist modules for artistic programming, attendee management, staff scheduling and guest logistics can also be fully customised. Groups can be created for individual and organisation contacts. Unlimited custom fields and ad-hoc/contextual forms can be created. Organisations can tailor an existing application language or create their own from scratch. Customisation can be carried out by end users with the appropriate security permissions (also customisable) and/or the organisation's system administrator.


Independence of resources The ArtifaxCloud architecture has been designed, and is managed, to cater for large numbers of concurrent users - this includes load balanced web servers which can scale horizontally. Ongoing monitoring is used to ensure, as far as possible, that CPU usage across the various servers is maintained below 80%. Automated alarms are used to notify our support team should the CPU on any server remain above 80% for greater than 5 minutes. Any aspects of the application found to cause risk of high CPU usage and/or other performance related issues are passed through to Development Teams as a priority.


Service usage metrics Yes
Metrics types Uptime, Number of users in the last 10 minutes, Events in the last 10 minutes, Arrangements in the last 10 minutes, Entities in the last 10 minutes, Total Scheduled Reports, Total Arrangements, Total Events, Total Entities, Total Rooms, Most recent Arrangement, Most recent Event, Most recent Entity. Other metrics can be provided.
Reporting types Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations European Economic Area (EEA)
User control over data storage and processing locations Yes
Datacentre security standards Managed by a third party
Penetration testing frequency At least every 6 months
Penetration testing approach In-house
Protecting data at rest Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach Users can extract their data as ICS, XML, CSV and PDF files, and by using our API or Excel Toolbar.
Data export formats
  • CSV
  • Other
Other data export formats
  • ICS
  • XML
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network Other
Other protection within supplier network Access to the ArtifaxCloud infrastructure is restricted by IP range. AWS Security Groups are used throughout the infrastructure to restrict access between servers within the network, and to ensure only required ports and protocols are open.

Availability and resilience

Availability and resilience
Guaranteed availability Artifax uses commercially reasonable endeavours to make the Software
available 24 hours a day, seven days a week. Uptime since 2014 exceeds 99.98%. We do not offer service credits.
Approach to resilience Our data centre is provided by Amazon Web Services (AWS). Further information is available on request.
Outage reporting Users would be notified of outages via our online Help Centre. If a user has subscribed to the relevant articles, they would also receive an email.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels Staff access to all systems holding personal data is strictly controlled. Levels of access are set on a ‘minimum access required’ basis and system access requests must be approved by both the staff member’s line manager and custodian for each system. A software asset register is maintained and reviewed on a regular basis by each custodian
Access restriction testing frequency At least every 6 months
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 British Assessment Bureau (UKAS accredited)
ISO/IEC 27001 accreditation date Initial certification: 19/12/2016 | Latest issue: 17/12/2018
What the ISO/IEC 27001 doesn’t cover All our G-Cloud 11 services are covered.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification Yes
Who accredited the PCI DSS certification Self-Assessment Questionnaire (SAQ)
PCI DSS accreditation date May 2019
What the PCI DSS doesn’t cover All card data is secured as we only use PayPal Express Checkout. PayPal handles the payment card information on our behalf.
Other security certifications Yes
Any other security certifications
  • Cyber Essentials
  • ISO 9001:2015 for our Quality Management System

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes Artifax is ISO 27001:2017 accredited and Cyber Essentials certified and has a comprehensive Information Security Management System (ISMS) in place. Our ISMS Policy document provides an overview of the company, the activities it carries out and the quality standards of operation to which it conforms. It also carries information about where procedures information is located and detailed information on documentation requirements for essential procedures. Artifax is a SME, so has a straightforward reporting structure. Artifax's Managing Director is the company's Information Security Manager (ISM), supported by the Senior Management Team (SMT).

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach All changes within the application are tracked through a strict efficient workflow using industry standard issue management software. Issues are prioritised based on various aspects including impact, performance, risk etc. All application changes are reviewed by a secondary developer and checked by QA prior to being included in a release. In the source code repository, separate issue branches are used for every individual issue. All configuration changes within the ArtifaxCloud are tracked, with all calls to the AWS API logged using AWS CloudTrail. Worklogs are maintained for all work carried out during maintenance periods.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Information about potential threats is collated from internal and external sources, as well as by use of industry standard pen testing tools. All identified threats and/or vulnerabilities are assessed for risk and impact, and then categorised by priority. Any required service patches are fast tracked through the development cycle and deployed as soon possible once verified by the QA team.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Key metrics are monitored 24/7/365. These include CPU, RAM, Network Traffic Throughput, Latency and File Space Usage. All application instances are monitored 24/7/365. Real time virus protection is in place. Application access request logs are monitored and analysed. Any incidents are logged and analysed as a priority, with any required action initiated at the earliest opportunity.
Incident management type Supplier-defined controls
Incident management approach All occurring incidents within ArtifaxEvent, ArtifaxAgora and ArtifaxCloud are logged and tracked through a strict workflow using industry standard issue management software. Users can report incidents directly to our customer services team. Communication with users regarding incidents is managed through an industry standard help desk system.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No


Price £175 per instance per month
Discount for educational organisations Yes
Free trial available Yes
Description of free trial A free trial lasting 30 days is available for ArtifaxAgora (including all modules) only. ArtifaxAgora cannot be used without ArtifaxEvent.
Link to free trial

Service documents

pdf document: Pricing document pdf document: Skills Framework for the Information Age rate card pdf document: Service definition document pdf document: Terms and conditions pdf document: Modern Slavery statement
Service documents
Return to top ↑