N2 Visual Communications Ltd

Brand iQ Brand Management Software

A brand and asset management platform that provides a centralised solution to help organisations control, implement and manage their brand. We also provide an end-to-end service including consultancy, design, migration, implementation and support. Our clients include Samaritans, NCS, The Scouts, Crisis, DofE, THT, Bowel Cancer UK and NCT.


  • Secure tiered access to digital and print assets
  • Searchable, categorised and tagged catalogue of assets
  • Ordering process for print on demand, stock materials and merchandise
  • Web based web-2-publish engine for print and digital outputs
  • Stock management and inventory control
  • Automated approval workflows
  • Payment mechanics including credit card, purchase order and budgets
  • Document sharing
  • Administration dashboard
  • Powerful reporting and insights dashboard


  • Provide flexibility locally whilst retaining control centrally
  • Secure brand asset storage and distribution
  • Centralised print and merchandise procurement via a global print network
  • Reduction in localised artwork costs by using pre-agreed templates
  • Eliminate costly manual workflows by using automated approvals
  • Granular access control for your entire organisation
  • Control budgets, spend and gain complete financial visibility
  • Reduction in time searching for, sharing and re-using assets
  • Complete control via a web based adminstration dashboard
  • Refine your brand using live reporting and business intelligence tools


£5 to £50 per user per month

  • Education pricing available

Service documents

G-Cloud 11


N2 Visual Communications Ltd

Marcel van den Boogaard



Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints Major updates are generally once a quarter and will influence both the visual and functionality aspects of Brand iQ. The customer will always be notified at least 1 week in advance and if there is likely to be significant disruption/downtime to the platform any users will also be notified by email. There is also the option of adding information e.g. a homepage banner to the portal to alert users of upcoming downtime. These updates are usually carried out of hours to minimise disruption to the user base, however that cannot always be guaranteed.
System requirements
  • All common web browsers
  • Internet access

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Reported issues or queries to receive acknowledgement
within 1 hour of receipt, within working hours. 90% of Critical issues to be resolved within one working day,Major issues within two working days and Minor issues within 4 working days with 100% of all issues/queries to be resolved within 7 working days. Resolution of query could take longer than the target number of days dependent on the nature of the issue
or query. Where resolution is not possible within 5 working days, Brand iQ will work in partnership with the client to agree a timescale for resolution.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels As part of your Brand iQ Portal licensing agreement, support is provided to your super users and head office team. End users support is additional and charged based on number of users that require support. Support requests can be submitted via email or telephone. All support requests are automatically entered directly into our tracking system as soon as they are
submitted. This creates a support ticket with a unique number.Next the request is reviewed and the severity is determined and added to the support ticket, this determines the service level target for resolving the issue. Our initial responders then review the details supplied and if possible will reply with a resolution, where this is not possible they will acknowledge receipt of the support request and allocate the ticket to a engineer to start the investigation.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Once the platform is completed and ready for launch, the onboarding process can begin. This workstream incorporates:

Admin / Reports training
Usually conducted as a face-to-face intensive course. Designed to teach someone how to manage and maintain the platform.

Platform familiarisation
Webinar/remote based training sessions. Designed to introduce the platform and teach users how to operate the front-end and provides an excellent forum to deal with FAQs and feedback ahead of launch

Training documentation
Creation of a training manual and training videos to be hosted on the platform for users to refresh their training at any time. Other dedicated training resources can be created as part of the project specification if required.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction Clients have full access to all of their data via the admin and reporting dashboards. This data can be extracted during the contract at any time by the administrators. As part of our contractual agreements, we provide data extraction services at the end of the contract period if required.
End-of-contract process Migration of all relevant client data is provided as part of the agreed contract. If any additional support is required to migrate this content to another service it will be charged additionally.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The platform itself has been built responsively to work on mobile devices. Users will engage with a similar yet slightly different experience via the mobile e.g. asset category views will condense into one column and all navigation will be accessible via hamburger style menus. All functionality will be available and work as expected. The template creator is accessible from any device, but has not been specifically developed for touch screen devices, so user experience may vary.
Service interface No
What users can and can't do using the API We have an API that allows integration with 3rd party solutions for functionality such as single sign-on (SSO), order management, catalogue updates etc. The API is broken out into separate services and endpoints enabling different integration possibilities with the Brand iQ platform.
API documentation Yes
API documentation formats
  • HTML
  • PDF
API sandbox or test environment Yes
Customisation available Yes
Description of customisation The platform is fully customisable by the client including basic template theme, content management, such as banners, architecture including categories, tags and filters. User and organisation groups, item permissions, digital assets, workflows, reports. These elements can all be updated by the administration dashboard following training provided by the Brand iQ team.

We also support bespoke customisation of the platform: bespoke theming, integrations like single sign-on (SSO), bespoke modules and functionality and template building. These projects are undertaken following a full scoping and specification agreement.


Independence of resources All aspects of our server infrastructure are setup to auto-scale as the demand for the platform increases. The platform itself is split into a series of applications all connected by an internal API. This gives us the flexibility to scale each element accordingly. Our rendering engines for creating variable output documents are clustered and load balanced to allow for scalability.


Service usage metrics Yes
Metrics types The reporting dashboard provides real-time reporting of all content and user interactions. All reports can be filtered by date range and and narrowed down to organisation and individual user level.

- No. of users
- No. of organisations
- No of orders
- Value of sales
- Top items viewed
- Top items downloaded
- Top items ordered
- Top user logins
- Complete order visibility
- Delivery visibility
- Stock management reporting (live stock data, valuations and movements)
- Category views
- Asset views
- Asset downloads
- Items ordered
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Users can extract their data as CSV/excel files providing line by line detail of all item data and associated META data. Assets can be extracted into hierarchal folders matching the platform architecture (This would need to be carried out by Brand iQ)
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability DISASTER RECOVERY
In the event of a complete server failure, a new virtualised environment can be deployed within 3 hours and the environment can be completely re-configured within 3 hours. The server will then be restored from the full weekly snapsnot backup. The timescale for this will depend upon the size of the backup. A server containing 20GB of data would take 2 hours to
restore (within business hours 9-5.30)

The actual network connectivity in the data centers on both the Digital Ocean and Amazon S3 provision carry a 99.99% uptime guarantee (excluding scheduled maintenance and security updates).

We guarantee a 99.75% uptime on our applications (excluding scheduled
maintenance and security updates).
The application downtime under the SLA is 22 hours.

In the event of any downtime outside this SLA we will reimburse 1 days licensing fee for every additional hour.
Approach to resilience The platform is hosted on high availability UK based servers contained within state of the art data centres that support high levels of security and performance. The data centres we use all conform to the highest security levels and are SOC 1 Type II, ISO 27001, and PCI-DSS certified. Our servers are regular checked for our Cyber Essentials certification and we operate strict firewall policies for added security. Databases storing user and transactional information cannot be accessed remotely and we use top tier backup routines to ensure security and efficiency. All data for each deployment is backed up daily to a secondary host to ensure that we have a
comprehensive disaster recovery plan in place in case of complete server and data centre failure. We undergo yearly disaster recovery plan testing to ensure we optimise and improve the process. All our solutions are monitored at application and server level to ensure performance remains
optimal and the notifications are in place to proactive manage the resources. Our primary environment provider is Digital Ocean and our backup provider is the Amazon S3 provision.

Further data centre and disaster recovery information is available on request.
Outage reporting We currently use Uptime Robot, DO monitoring tools, AWS alerting, Rollbar and Blackfire. All of these platforms provide us email and SMS alerts of any server or code issues. We promptly communicate any outages to our clients via email or telephone including full details of the issues, expected outage time and any resolution plans.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Username or password
  • Other
Other user authentication Single Sign-On (SSO)
Access restrictions in management interfaces and support channels Users can only access the platform with an agreed account provisioned either by SSO or standard registration. These registrations can require an approval process before gaining access. All access to the platform is controlled by a complex set of hierarchies agreed within the initial scoping and created during the deployment process. We use a series of roles within the platform to allow users access to certain apps such as administration or reports. All aspects of the platform access can be controlled by white listing IP addresses to ensure no users outside a specific range or network can access.
Access restriction testing frequency At least once a year
Management access authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
Description of management access authentication IP restrictions

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 QMS
ISO/IEC 27001 accreditation date 04/02/2016
What the ISO/IEC 27001 doesn’t cover The certification covers our Brand iQ platform and internal office infrastructure.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications Cyber Essentials

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes Our security policies and documented as part of our Information Security Management System (ISMS) - These policies are compliant with BS ISO/IEC 27001 : 2013. and are reviewed and certified annually. They include:
- Access control
- Anti-piracy
- Backup
- Clear desk
- Cryptographic controls
- Data protection
- Hiring
- Information exchange
- Information sensitivity
- Laptop
- Leaving
- Money laundering
- Network systems monitoring
- Password
- Remote access and mobile computing
- Security incident
- Social networking
- Virus protection

We also have in place policies for disaster recovery, incident reporting and business continuity. These are available on request.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Internal development updates to the platform:
- Define business case
- Sign-off business case
- Scope and document specification
- Wireframe / prototype user journeys
- Approve spec and user journeys
- Define project team
- Create project and assign tasks (Trello)
- Implement changes
- Deploy to sandbox GIT
- Push to sandbox Brand iQ environment
- Thorough testing and QA conducted
- Review functionality and client service delivery impact
- Agree rollout schedule based on next release and current roadmap
- Notify customers of release changes
- Deploy to live GIT
- Push to production Brand iQ environment
Vulnerability management type Supplier-defined controls
Vulnerability management approach We work with a 3rd party security consultant to perform penetration and security testing. We also closely monitor:

• Open Web Application Security Project (OWASP), top 10 threats
• The Web Application Security Consortium, top threats
• The Open Source Security Testing Methodology Manual, top threats
• SANS Common Weakness Enumeration, top 25 threats

In addition to the controls that we have implemented, we schedule regular ongoing penetration tests and security reviews of both our IT Infrastructure and our information processing facilities. Where vulnerabilities are found we implement fixes immediately and controls to further reduce the associated risks.
Protective monitoring type Supplier-defined controls
Protective monitoring approach The platform is proactively monitored by a number of different tools including Rollbar and Blackfire. Both these platforms alert us of potential vulnerabilities to our code. We undertake regular penetration testing to expose any further issues. Each issue is reviewed carefully and a risk assessment is carried out. If it is deemed to be high risk then we will schedule to patch this immediately as an ad-hoc fix. Lower risk threats are rolled out as part of the next release.
Incident management type Supplier-defined controls
Incident management approach We have well documented policies to deal with any incident management. Our staff our trained in these as part of their induction and regular updates are provided if policies change. These policies include:

- Business continuity policy
- Disaster recovery policy
- Information security policy
- Incident management policy

Users can report incidents via our ticket system, email or by phone. These are logged and then managed through our internal systems. All clients are updated with incident information both in terms of updates and resolutions.

These policies are available on request.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No


Price £5 to £50 per user per month
Discount for educational organisations Yes
Free trial available No

Service documents

pdf document: Pricing document pdf document: Terms and conditions
Service documents
Return to top ↑