Upland Software

Rant & Rave

We are a cloud-based customer engagement solution with a difference. Created with the belief that brands and consumers want the same thing – to deliver and receive great service – companies around the world rely on the solution to proactively communicate with, and capture emotion from, their customers and employees.


  • Real-time feedback capture
  • Multi-channel feedback capture
  • Pro-active / Triggered feedback capture
  • Responsive / always-on feedback capture
  • Intuitive dashboards
  • Industry-leading sentiment engine
  • Business specific taxonomy
  • Pro-active communications module
  • Discover - deep-dive analytics
  • Recover - case management functionality


  • Act in the moment to increase responses and satisfaction
  • Cover all your communications channels to suit the customer
  • Increase response rates and improve understanding of the customers emotion
  • Your customer provides feedback when it is convenient for them
  • Easy to understand both the big picture and the details
  • Understand the key driver behind the scores, the customer's emotion
  • Quicker, more accurate actionable insight to make decisions faster
  • Close the loop at scale to demonstrate you are listening
  • Present key insights to every level in understandable ways
  • To help those without CRMs manage feedback effectively


£16740 per instance per year

Service documents


G-Cloud 11

Service ID

7 0 4 6 3 0 4 4 3 4 7 3 5 9 9


Upland Software

Dominic Aelberry

+44 (0) 800-048-8575


Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to SalesForce CRM
Cloud deployment model Public cloud
Service constraints N/A
System requirements
  • Internet Browser
  • Broadband Internet connectivity
  • PC/laptop/MAC/Tablet with access to the Internet.
  • IP & port whitelisting: http://app.rantandrave.com
  • http://app.rantandrave.co.uk
  • Data exported via CSV, XLS or XLSX formats.
  • IE 9(or above)/Chrome/Firefox/Safari

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Within 1 hour for Priority 1 queries.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support No
Support levels Standard, Gold, and Platinum support.
These are artriculated in the Price List.

The response SLAs are written into the Terms & Conditions. Our SLA for uptime is 99.5% and our response time SLAs are thus:
Level Description Resolution Time
P1 A complete loss or major degradation of one or more of the main elements of the Services and/or Deliverables 4 Hours
P2 A noticeable degradation or issue with any part of the Services and/or Deliverables that has a significant impact on the Client’s ability to conduct its business as usual, 12 Hours
P3 Other loss or issue with any part of the Services and/or Deliverables not defined above No SLA
P4 Request For Information No SLA
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started Upland Software provides complete implementation, training, ongoing support, upgrades, maintenance, and consulting services. There is a range of local and remote post-implementation support and consulting services available to you.

Upland Professional Services will complete the implementation process so the customer is enabled and trained to support future configuration effort themselves. This is configuration of the tool’s inherent functionality through the GUI menus and options – and not customising source code. The initial implementation workshops will focus on the business architecture and analysis that must proceed any ‘configuration clicking’ in the user interface.

Training options

Upland Software offers a comprehensive range of training options tailored to fit each customer's specific needs and for each of our solutions offerings. Choose from instructor-led classes, simulations and train-the-trainer programmes — delivered in-person, remotely, or via computer-based training. Training will take place during the implementation for system admins and then formal sessions will be held for specific roles once the configuration is fully defined. Train the trainer is the preferred approach for end users – this ensures that you the customer is the ultimate owner of your tool.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction Users are always able to extract data at any time. On contract end (or before) Rant & Rave will provide a number of data options but, in summary, this can be done either by manually extracting the data via the dashboard using XLS or by pulling the data via our API. You will be the data controller and thus all the data is yours. Once agreed, all data is destroyed and a Data Destruction certificate is issued.
End-of-contract process As per Terms & Conditions we will delete all the relevant data according to the relevant standards in a timeframe that is mutually agreed. This deletion requires no statement of work is included. Additional work will require a statement of work and relevant scoping. A Data Destruction Certificate will be issued once the process is agreed and completed.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Discover Module and Frontline Engagement is fully mobile responsive.

Dashboards are PC-optimised
Service interface No
What users can and can't do using the API The Rant & Rave platform offers RESTful web interfaces which supports the solicitation of feedback requests and return of data via API. It provides methods for accessing data via XML whcih can be used to import back into our clients' data warehouse.
API documentation Yes
API documentation formats PDF
API sandbox or test environment No
Customisation available Yes
Description of customisation Client can select power users to be trained as administrators. These administrators have access to an administrative panel within Rant & Rave. All administration and configuration is achieved through the same browser interface that is used by end users. All screens, forms, reports, views are configured through the browser interface. No coding knowledge or skill is needed to perform configurations within Rant & Rave.


Independence of resources Rant & Rave is a standard 3-tier application with Web, Application and Database tiers. Each tier can be scaled horizontally and vertically. Customer data is logically segregated; however, we put multiple customers on each of our application and database servers. We are a multi-tenant system to capitalize on the economies of scale for resources and ongoing operational maintenance.

Additionally, Rant & Rave utilizes Amazon Web Services (AWS) for hosting (Infrastructure-as-a-Service) to ensure the high-level application performance needs of our global customer base are fulfilled.


Service usage metrics Yes
Metrics types Analytics are a core component of the Rant & Rave analytics function and contain a robust collection of reports.

Response rates, user logins, message sends are all avaliable via dashboards. Our Service Desk can provide Uptime reports.
Reporting types
  • API access
  • Real-time dashboards
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance None

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Other
Other data at rest protection approach Data at rest encryption.
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Many areas of Rant & Rave that provide summations of data (e.g., Visual Portals, Dashboards, drill-through reports) can be exported in a variety of common formats (e.g., PDF, PowerPoint and Excel, etc.). Rant & Rave has the ability to generate a full data export in any format preferred (e.g. Excel).
Data export formats
  • CSV
  • Other
Other data export formats
  • XLS
  • XLSX
Data import formats
  • CSV
  • Other
Other data import formats
  • JSON
  • XLS

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability Our guaranteed uptime is 99.5%
Approach to resilience Rant & Rave’s services are monitored 24/7/365 using a combination of tools ranging from some home-grown end to end business tests through to standard monitoring using Pingdom, Nagios and Elasticsearch, LogStash and Kibana, with alerts being triggered via email, SMS and Pager Duty. Rant & Rave also has daily system checks done by humans morning and evening to validate all system components. In hours and out of hours incidents are managed by the Production Operations team with named engineers on a rota for system alerts and escalation routes to senior incident managers both in and out hour of hours. Rant & Rave aim to inform customers at all times about service affecting incidents and Rant & Rave has internal incident procedures, SLA targets and RCA
Outage reporting E-mail alerts

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels Rant & Rave will authenticate users via the customers identity provider via OpenID Connect (OIDC).
Access restriction testing frequency At least once a year
Management access authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 DNV GL Business Assurance UK Limited
ISO/IEC 27001 accreditation date 20/09/2018
What the ISO/IEC 27001 doesn’t cover Nothing is not covered.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications
  • Cyber Essentials
  • Privacy Shield

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards Other
Other security governance standards Upland Software’s product lines are accredited or follow best practices as defined by various bodies in relation to their standards and procedures. These include, but are not limited to:
++ SSAE-16 / ISAE 3402
++ SOC 2
++ Privacy Shield
Information security policies and processes Upland’s security framework is based on the ISO 27001 framework. On an annual basis, Upland is SSAE16 SOC1 Type II / ISAE 3402 audited, and as of 2016, SOC 2 audited as well. Upland has a VP of Security and Compliance who has remit and resources to ensure all information security policies are maintained.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach Rant & Rave has a formal change and patch management process for dissemination into production environments. The process involves the development of features/enhancements, unit testing, building and hardening, and then full regression testing in a QA environment prior to production deployment. Controls are in place to ensure that our production environment is only accessible by certain key employees as part of the production roll-out process or for troubleshooting. We schedule change and patch deployments to occur off business hours/days and include checks on build procedures and validations to ensure successful deployments.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach Upland participates in the following security forums and professional associations: SANS, insecure.org, w3.org, cert.org, and securityfocus.com. Additionally, alerts are sent to us from Microsoft and Adobe security departments, and we receive alerts from the 3rd party organization conducting our quarterly vulnerability scans and 24x7 monitoring services.

We receive alerts via Microsoft on software and OS updates/patches. We use Microsoft Server Update Service (WSUS) to deploy and manage security patch updates.
Patches are tested prior to installation. We make every attempt to install critical security patches as soon as possible while ensuring compatibility and testing requirements are met.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Upland’s Security Organization performs monitoring activities in order to continuously assess the quality of internal control over time. These activities are used to initiate corrective action through department meetings, client conference calls, and informal notifications. Management performs monitoring activities on a continuous basis, taking necessary actions as required to correct deviations from company policy and procedures.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Upland Software manages incidents by identifying and responding to them quickly, notifying key support and management personnel in a timely manner, restoring service as soon as possible, determining the cause of the incident, and taking appropriate steps to prevent future incidents. Our incident management process also allows us to quickly notify external organizations that may have been affected by an incident, including customers and partners. We employ internal and external
monitoring systems that periodically verify the state of each Upland cloud-based software product.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No


Price £16740 per instance per year
Discount for educational organisations No
Free trial available No

Service documents

Return to top ↑