N2 Visual Communications Ltd

Brand iQ Brand Management Software

A brand and asset management platform that provides a centralised solution to help organisations control, implement and manage their brand. We also provide an end-to-end service including consultancy, design, migration, implementation and support. Our clients include Samaritans, NCS, The Scouts, Crisis, DofE, THT, Bowel Cancer UK and NCT.


  • Secure tiered access to digital and print assets
  • Searchable, categorised and tagged catalogue of assets
  • Ordering process for print on demand, stock materials and merchandise
  • Web based web-2-publish engine for print and digital outputs
  • Stock management and inventory control
  • Automated approval workflows
  • Payment mechanics including credit card, purchase order and budgets
  • Document sharing
  • Administration dashboard
  • Powerful reporting and insights dashboard


  • Provide flexibility locally whilst retaining control centrally
  • Secure brand asset storage and distribution
  • Centralised print and merchandise procurement via a global print network
  • Reduction in localised artwork costs by using pre-agreed templates
  • Eliminate costly manual workflows by using automated approvals
  • Granular access control for your entire organisation
  • Control budgets, spend and gain complete financial visibility
  • Reduction in time searching for, sharing and re-using assets
  • Complete control via a web based adminstration dashboard
  • Refine your brand using live reporting and business intelligence tools


£5 to £50 per user per month

  • Education pricing available

Service documents


G-Cloud 11

Service ID

7 3 8 8 8 6 3 1 1 2 1 5 9 0 8


N2 Visual Communications Ltd

Marcel van den Boogaard



Service scope

Software add-on or extension
Cloud deployment model
Private cloud
Service constraints
Major updates are generally once a quarter and will influence both the visual and functionality aspects of Brand iQ. The customer will always be notified at least 1 week in advance and if there is likely to be significant disruption/downtime to the platform any users will also be notified by email. There is also the option of adding information e.g. a homepage banner to the portal to alert users of upcoming downtime. These updates are usually carried out of hours to minimise disruption to the user base, however that cannot always be guaranteed.
System requirements
  • All common web browsers
  • Internet access

User support

Email or online ticketing support
Email or online ticketing
Support response times
Reported issues or queries to receive acknowledgement
within 1 hour of receipt, within working hours. 90% of Critical issues to be resolved within one working day,Major issues within two working days and Minor issues within 4 working days with 100% of all issues/queries to be resolved within 7 working days. Resolution of query could take longer than the target number of days dependent on the nature of the issue
or query. Where resolution is not possible within 5 working days, Brand iQ will work in partnership with the client to agree a timescale for resolution.
User can manage status and priority of support tickets
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Yes, at extra cost
Support levels
As part of your Brand iQ Portal licensing agreement, support is provided to your super users and head office team. End users support is additional and charged based on number of users that require support. Support requests can be submitted via email or telephone. All support requests are automatically entered directly into our tracking system as soon as they are
submitted. This creates a support ticket with a unique number.Next the request is reviewed and the severity is determined and added to the support ticket, this determines the service level target for resolving the issue. Our initial responders then review the details supplied and if possible will reply with a resolution, where this is not possible they will acknowledge receipt of the support request and allocate the ticket to a engineer to start the investigation.
Support available to third parties

Onboarding and offboarding

Getting started
Once the platform is completed and ready for launch, the onboarding process can begin. This workstream incorporates:

Admin / Reports training
Usually conducted as a face-to-face intensive course. Designed to teach someone how to manage and maintain the platform.

Platform familiarisation
Webinar/remote based training sessions. Designed to introduce the platform and teach users how to operate the front-end and provides an excellent forum to deal with FAQs and feedback ahead of launch

Training documentation
Creation of a training manual and training videos to be hosted on the platform for users to refresh their training at any time. Other dedicated training resources can be created as part of the project specification if required.
Service documentation
Documentation formats
End-of-contract data extraction
Clients have full access to all of their data via the admin and reporting dashboards. This data can be extracted during the contract at any time by the administrators. As part of our contractual agreements, we provide data extraction services at the end of the contract period if required.
End-of-contract process
Migration of all relevant client data is provided as part of the agreed contract. If any additional support is required to migrate this content to another service it will be charged additionally.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
The platform itself has been built responsively to work on mobile devices. Users will engage with a similar yet slightly different experience via the mobile e.g. asset category views will condense into one column and all navigation will be accessible via hamburger style menus. All functionality will be available and work as expected. The template creator is accessible from any device, but has not been specifically developed for touch screen devices, so user experience may vary.
Service interface
What users can and can't do using the API
We have an API that allows integration with 3rd party solutions for functionality such as single sign-on (SSO), order management, catalogue updates etc. The API is broken out into separate services and endpoints enabling different integration possibilities with the Brand iQ platform.
API documentation
API documentation formats
  • HTML
  • PDF
API sandbox or test environment
Customisation available
Description of customisation
The platform is fully customisable by the client including basic template theme, content management, such as banners, architecture including categories, tags and filters. User and organisation groups, item permissions, digital assets, workflows, reports. These elements can all be updated by the administration dashboard following training provided by the Brand iQ team.

We also support bespoke customisation of the platform: bespoke theming, integrations like single sign-on (SSO), bespoke modules and functionality and template building. These projects are undertaken following a full scoping and specification agreement.


Independence of resources
All aspects of our server infrastructure are setup to auto-scale as the demand for the platform increases. The platform itself is split into a series of applications all connected by an internal API. This gives us the flexibility to scale each element accordingly. Our rendering engines for creating variable output documents are clustered and load balanced to allow for scalability.


Service usage metrics
Metrics types
The reporting dashboard provides real-time reporting of all content and user interactions. All reports can be filtered by date range and and narrowed down to organisation and individual user level.

- No. of users
- No. of organisations
- No of orders
- Value of sales
- Top items viewed
- Top items downloaded
- Top items ordered
- Top user logins
- Complete order visibility
- Delivery visibility
- Stock management reporting (live stock data, valuations and movements)
- Category views
- Asset views
- Asset downloads
- Items ordered
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Users can extract their data as CSV/excel files providing line by line detail of all item data and associated META data. Assets can be extracted into hierarchal folders matching the platform architecture (This would need to be carried out by Brand iQ)
Data export formats
Data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
In the event of a complete server failure, a new virtualised environment can be deployed within 3 hours and the environment can be completely re-configured within 3 hours. The server will then be restored from the full weekly snapsnot backup. The timescale for this will depend upon the size of the backup. A server containing 20GB of data would take 2 hours to
restore (within business hours 9-5.30)

The actual network connectivity in the data centers on both the Digital Ocean and Amazon S3 provision carry a 99.99% uptime guarantee (excluding scheduled maintenance and security updates).

We guarantee a 99.75% uptime on our applications (excluding scheduled
maintenance and security updates).
The application downtime under the SLA is 22 hours.

In the event of any downtime outside this SLA we will reimburse 1 days licensing fee for every additional hour.
Approach to resilience
The platform is hosted on high availability UK based servers contained within state of the art data centres that support high levels of security and performance. The data centres we use all conform to the highest security levels and are SOC 1 Type II, ISO 27001, and PCI-DSS certified. Our servers are regular checked for our Cyber Essentials certification and we operate strict firewall policies for added security. Databases storing user and transactional information cannot be accessed remotely and we use top tier backup routines to ensure security and efficiency. All data for each deployment is backed up daily to a secondary host to ensure that we have a
comprehensive disaster recovery plan in place in case of complete server and data centre failure. We undergo yearly disaster recovery plan testing to ensure we optimise and improve the process. All our solutions are monitored at application and server level to ensure performance remains
optimal and the notifications are in place to proactive manage the resources. Our primary environment provider is Digital Ocean and our backup provider is the Amazon S3 provision.

Further data centre and disaster recovery information is available on request.
Outage reporting
We currently use Uptime Robot, DO monitoring tools, AWS alerting, Rollbar and Blackfire. All of these platforms provide us email and SMS alerts of any server or code issues. We promptly communicate any outages to our clients via email or telephone including full details of the issues, expected outage time and any resolution plans.

Identity and authentication

User authentication needed
User authentication
  • Username or password
  • Other
Other user authentication
Single Sign-On (SSO)
Access restrictions in management interfaces and support channels
Users can only access the platform with an agreed account provisioned either by SSO or standard registration. These registrations can require an approval process before gaining access. All access to the platform is controlled by a complex set of hierarchies agreed within the initial scoping and created during the deployment process. We use a series of roles within the platform to allow users access to certain apps such as administration or reports. All aspects of the platform access can be controlled by white listing IP addresses to ensure no users outside a specific range or network can access.
Access restriction testing frequency
At least once a year
Management access authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
Description of management access authentication
IP restrictions

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
How long system logs are stored for

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
The certification covers our Brand iQ platform and internal office infrastructure.
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications
Any other security certifications
Cyber Essentials

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes
Our security policies and documented as part of our Information Security Management System (ISMS) - These policies are compliant with BS ISO/IEC 27001 : 2013. and are reviewed and certified annually. They include:
- Access control
- Anti-piracy
- Backup
- Clear desk
- Cryptographic controls
- Data protection
- Hiring
- Information exchange
- Information sensitivity
- Laptop
- Leaving
- Money laundering
- Network systems monitoring
- Password
- Remote access and mobile computing
- Security incident
- Social networking
- Virus protection

We also have in place policies for disaster recovery, incident reporting and business continuity. These are available on request.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Internal development updates to the platform:
- Define business case
- Sign-off business case
- Scope and document specification
- Wireframe / prototype user journeys
- Approve spec and user journeys
- Define project team
- Create project and assign tasks (Trello)
- Implement changes
- Deploy to sandbox GIT
- Push to sandbox Brand iQ environment
- Thorough testing and QA conducted
- Review functionality and client service delivery impact
- Agree rollout schedule based on next release and current roadmap
- Notify customers of release changes
- Deploy to live GIT
- Push to production Brand iQ environment
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
We work with a 3rd party security consultant to perform penetration and security testing. We also closely monitor:

• Open Web Application Security Project (OWASP), top 10 threats
• The Web Application Security Consortium, top threats
• The Open Source Security Testing Methodology Manual, top threats
• SANS Common Weakness Enumeration, top 25 threats

In addition to the controls that we have implemented, we schedule regular ongoing penetration tests and security reviews of both our IT Infrastructure and our information processing facilities. Where vulnerabilities are found we implement fixes immediately and controls to further reduce the associated risks.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
The platform is proactively monitored by a number of different tools including Rollbar and Blackfire. Both these platforms alert us of potential vulnerabilities to our code. We undertake regular penetration testing to expose any further issues. Each issue is reviewed carefully and a risk assessment is carried out. If it is deemed to be high risk then we will schedule to patch this immediately as an ad-hoc fix. Lower risk threats are rolled out as part of the next release.
Incident management type
Supplier-defined controls
Incident management approach
We have well documented policies to deal with any incident management. Our staff our trained in these as part of their induction and regular updates are provided if policies change. These policies include:

- Business continuity policy
- Disaster recovery policy
- Information security policy
- Incident management policy

Users can report incidents via our ticket system, email or by phone. These are logged and then managed through our internal systems. All clients are updated with incident information both in terms of updates and resolutions.

These policies are available on request.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks


£5 to £50 per user per month
Discount for educational organisations
Free trial available

Service documents

Return to top ↑