Artifax Software Limited

Artifax

Join a global community managing commercial and cultural spaces and activities with Artifax. Theatres, concert halls, festivals, museums, galleries, sports facilities, visitor attractions, schools and other venues use Artifax for event planning, room hire, staff and resource scheduling, finances, artistic and production schedules, tour bookings, document storage and online bookings.

Features

  • Central shared calendar, document storage & contact management
  • Intuitive, user-friendly interface
  • Fully user customisable with custom fields & contextual forms
  • Available in multiple languages or create your own
  • Powerful search & reporting capabilities
  • Sophisticated finances for multiple trading entities sharing a database
  • Public API & Microsoft Office integration
  • Optional artistic programming, attendee management, staff scheduling & guest logistics
  • Granular user & group security permissions plus 2 Factor Authentication
  • Flexible concurrent &/or named user licensing model

Benefits

  • Eliminate duplication with a central database
  • Increase efficiency with easy workflows & integrations
  • Speed up the booking process with user-defined templates
  • Gain business intelligence with KPIs & scheduled reports
  • See a holistic view of people & organisations
  • Manage complex deals, commission calculations & performance settlements
  • Build dashboards in Excel with live data
  • Translate any field or application string
  • Maximise revenue with effective room & resource management tools
  • Keep personal data safe & ensure compliance with the GDPR

Pricing

£175 per instance per month

Service documents

Framework

G-Cloud 11

Service ID

6 4 1 9 2 0 5 9 6 2 2 8 1 5 2

Contact

Artifax Software Limited

James Taylor

01372 587587

sales@artifax.net

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
Planned maintenance, during which ArtifaxEvent may be inaccessible, takes place between 06:00 and 08:00 weekly on Fridays.

Planned maintenance, during which ArtifaxAgora may be inaccessible, takes place between 20:00 and 22:00 weekly on Thursdays.
System requirements
  • Screen minimum resolution 1024 x 768
  • Desktop/tablet/mobile browser
  • Microsoft Word/other application capable of opening RTF files for reports
  • PDF reader for reports

User support

Email or online ticketing support
Email or online ticketing
Support response times
During support hours, we usually respond to questions within 5 minutes.

Standard support:
Monday to Friday 09:00 to 17:30, except bank holidays.

Enterprise support:
Monday to Friday 08:00 to 18:00, except bank holidays.

Emergency phone number provided for out of hours support.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
All subscriptions include access to technical and end-user information and support services by phone, email and online, access to our community forums and free ArtifaxAcademy training.

On-site support is available at our standard day rates.

The services of technical account managers and cloud support engineers are available.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
We provide tailored onsite and remote training as well as training at our head office in Epsom. Our dedicated documentation specialist ensures that the system administrator and user guides in our online Help Centre are updated and enhanced regularly. Our library of 'how to' videos is growing and we also offer online ArtifaxAcademy training and webinars, all free of charge.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Organisations can extract their data as ICS, XML, CSV and PDF files, and by using our API or Excel Toolbar.

They can also request a copy of their database.
End-of-contract process
There are no offboarding costs other than a small charge for supplying a copy of the database, if required. All data is deleted 30 days after the end of the contract unless otherwise agreed.

Using the service

Web browser interface
Yes
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
None
Service interface
Yes
Description of service interface
ArtifaxEvent and ArtifaxAgora are accessible via a web browser.
Accessibility standards
None or don’t know
Description of accessibility
We are working towards WCAG 2.0 AA.

Visual: Contrast, legibility and colour awareness are well supported. We are currently addressing potential misalignment on graphical calendar views when zooming or increasing text size.

Auditory: There are no auditory elements in the application.

Cognitive: In addition to the Visual considerations, we are continuously reviewing and improving consistency of controls in the application and simplicity of notifications.

Motor: We are mindful of users who prefer to use the keyboard, and are careful to properly organise and label screen elements.
Accessibility testing
Currently we do not have documented interface testing with users of assistive technology.
API
Yes
What users can and can't do using the API
ArtifaxEvent includes a RESTful API enabling ability to pull/push information to/from the application. Unlimited API keys may be configured from within the application. Although the API covers a wide range of functionality, as yet not all areas of the application can be manipulated through its use. Additional API calls are being introduced with each release.
API documentation
Yes
API documentation formats
  • Open API (also known as Swagger)
  • HTML
  • PDF
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
Rooms, resources, sales process (pipeline) statuses, booking statuses, event statuses, event activities, tasks, reports and templates can all be customised (names, text and background colours etc.). Specialist modules for artistic programming, attendee management, staff scheduling and guest logistics can also be fully customised. Groups can be created for individual and organisation contacts. Unlimited custom fields and ad-hoc/contextual forms can be created. Organisations can tailor an existing application language or create their own from scratch. Customisation can be carried out by end users with the appropriate security permissions (also customisable) and/or the organisation's system administrator.

Scaling

Independence of resources
The ArtifaxCloud architecture has been designed, and is managed, to cater for large numbers of concurrent users - this includes load balanced web servers which can scale horizontally. Ongoing monitoring is used to ensure, as far as possible, that CPU usage across the various servers is maintained below 80%. Automated alarms are used to notify our support team should the CPU on any server remain above 80% for greater than 5 minutes. Any aspects of the application found to cause risk of high CPU usage and/or other performance related issues are passed through to Development Teams as a priority.

Analytics

Service usage metrics
Yes
Metrics types
Uptime, Number of users in the last 10 minutes, Events in the last 10 minutes, Arrangements in the last 10 minutes, Entities in the last 10 minutes, Total Scheduled Reports, Total Arrangements, Total Events, Total Entities, Total Rooms, Most recent Arrangement, Most recent Event, Most recent Entity. Other metrics can be provided.
Reporting types
Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
European Economic Area (EEA)
User control over data storage and processing locations
Yes
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least every 6 months
Penetration testing approach
In-house
Protecting data at rest
Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Users can extract their data as ICS, XML, CSV and PDF files, and by using our API or Excel Toolbar.
Data export formats
  • CSV
  • Other
Other data export formats
  • ICS
  • XML
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
Other
Other protection within supplier network
Access to the ArtifaxCloud infrastructure is restricted by IP range. AWS Security Groups are used throughout the infrastructure to restrict access between servers within the network, and to ensure only required ports and protocols are open.

Availability and resilience

Guaranteed availability
Artifax uses commercially reasonable endeavours to make the Software
available 24 hours a day, seven days a week. Uptime since 2014 exceeds 99.98%. We do not offer service credits.
Approach to resilience
Our data centre is provided by Amazon Web Services (AWS). Further information is available on request.
Outage reporting
Users would be notified of outages via our online Help Centre. If a user has subscribed to the relevant articles, they would also receive an email.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels
Staff access to all systems holding personal data is strictly controlled. Levels of access are set on a ‘minimum access required’ basis and system access requests must be approved by both the staff member’s line manager and custodian for each system. A software asset register is maintained and reviewed on a regular basis by each custodian
Access restriction testing frequency
At least every 6 months
Management access authentication
Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
British Assessment Bureau (UKAS accredited)
ISO/IEC 27001 accreditation date
Initial certification: 19/12/2016 | Latest issue: 17/12/2018
What the ISO/IEC 27001 doesn’t cover
All our G-Cloud 11 services are covered.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
Yes
Who accredited the PCI DSS certification
Self-Assessment Questionnaire (SAQ)
PCI DSS accreditation date
May 2019
What the PCI DSS doesn’t cover
All card data is secured as we only use PayPal Express Checkout. PayPal handles the payment card information on our behalf.
Other security certifications
Yes
Any other security certifications
  • Cyber Essentials
  • ISO 9001:2015 for our Quality Management System

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
Artifax is ISO 27001:2017 accredited and Cyber Essentials certified and has a comprehensive Information Security Management System (ISMS) in place. Our ISMS Policy document provides an overview of the company, the activities it carries out and the quality standards of operation to which it conforms. It also carries information about where procedures information is located and detailed information on documentation requirements for essential procedures. Artifax is a SME, so has a straightforward reporting structure. Artifax's Managing Director is the company's Information Security Manager (ISM), supported by the Senior Management Team (SMT).

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
All changes within the application are tracked through a strict efficient workflow using industry standard issue management software. Issues are prioritised based on various aspects including impact, performance, risk etc. All application changes are reviewed by a secondary developer and checked by QA prior to being included in a release. In the source code repository, separate issue branches are used for every individual issue. All configuration changes within the ArtifaxCloud are tracked, with all calls to the AWS API logged using AWS CloudTrail. Worklogs are maintained for all work carried out during maintenance periods.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Information about potential threats is collated from internal and external sources, as well as by use of industry standard pen testing tools. All identified threats and/or vulnerabilities are assessed for risk and impact, and then categorised by priority. Any required service patches are fast tracked through the development cycle and deployed as soon possible once verified by the QA team.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Key metrics are monitored 24/7/365. These include CPU, RAM, Network Traffic Throughput, Latency and File Space Usage. All application instances are monitored 24/7/365. Real time virus protection is in place. Application access request logs are monitored and analysed. Any incidents are logged and analysed as a priority, with any required action initiated at the earliest opportunity.
Incident management type
Supplier-defined controls
Incident management approach
All occurring incidents within ArtifaxEvent, ArtifaxAgora and ArtifaxCloud are logged and tracked through a strict workflow using industry standard issue management software. Users can report incidents directly to our customer services team. Communication with users regarding incidents is managed through an industry standard help desk system.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Pricing

Price
£175 per instance per month
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
A free trial lasting 30 days is available for ArtifaxAgora (including all modules) only. ArtifaxAgora cannot be used without ArtifaxEvent.
Link to free trial
https://artifaxagora.com/

Service documents

Return to top ↑