Simply Do Ideas

Simply Do

The public sector is facing increasing budget pressures and rising demand for services. The need for new solutions to these challenges is becoming well-recognised by public sector leaders.

Simply Do is an end-to-end digital platform enabling organisations to capture, develop and deliver improvement ideas from employees, suppliers and citizens.

Features

  • Health boards, blue-light services, education, local and national government expertise
  • Enterprise product used successfully in complex public sector environments
  • GDPR-compliant, UK-hosted data (AWS), Cyber Essentials Plus certified
  • Available 24/7 across web and iOS & Android apps
  • Integrations to work seamlessly with other enterprise software (e.g. Office)
  • Fully customisable templates and workflows for challenge-based innovation
  • In-product communications suite with announcements, direct messages and @mentions
  • Product support through live chat, email, telephone and help articles
  • Use of advanced technologies to filter, sort and sift ideas
  • Real-time data and impact reporting through administration dashboard

Benefits

  • Secure data sovereignty with data held in AWS UK
  • Simple product implementation with onsite and offsite onboarding support
  • Easily create challenges using the resources and challenge wizard
  • Identify target audiences from your employees through to global suppliers
  • Quickly capture solutions to challenges including awarding prizes or funding
  • Support users through a range of in-product communication and resources
  • Assign delivery of ideas and manage through to measuring impact
  • Analyse challenge and idea data using our cutting-edge AI-powered tools
  • Gain access to network of other public sector improvement professionals
  • Full support from qualified in-house team of innovation specialists

Pricing

£21,650 a licence a year

  • Education pricing available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at lee@simplydo.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

7 9 0 3 2 0 9 0 9 7 3 1 8 1 1

Contact

Simply Do Ideas Lee Sharma
Telephone: 02920 490800
Email: lee@simplydo.co.uk

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
Simply Do requires no additional software to be installed on the system, since it can be accessed directly using a web-browser. The user's device will need a working Internet connection to access the service.
System requirements
  • The user must have a working Internet connection
  • Web-browser and/or iOS/Android mobile device

User support

Email or online ticketing support
Email or online ticketing
Support response times
Email Support: 8:30 A.M. to 5:30 P.M. Monday to Friday excluding public holidays. Also, a Service-Level Agreement (SLA) is agreed prior to any contract.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
WCAG 2.1 AA or EN 301 549
Web chat accessibility testing
The web chat is provided by Intercom. Please find some of the features that make the web chat accessible:
1. Screen reader support: the web chat is accessible via screen readers
2. Keyboard navigation: Every component of the web chat can be accessed using a keyboard without requiring a mouse or trackpad.
3. Colour contrast: all text in the web chat is clearly visible when using colours with enough contrast.
Onsite support
Onsite support
Support levels
Simply Do Ideas provides access to two senior members of staff (at director level) for every public sector enterprise contract. These work together to oversee full account management and product support from start to finish. This provides a consistent point of contact throughout the length of the contract. Any support provided is at no additional cost ensuring there are no hidden costs.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
To help users get started, we offer a mixture of:
- Onsite training (where available)
- Online training over a number of sessions to cover the innovation journey
- Online help documentation
- Online live-chat support.

A dedicated senior-level account manager will be available and a direct point of contact throughout the onboarding process, as well as on an ongoing basis.

The account managers are experienced in the innovation journey, and are will-equipped to help get your first set of innovation challenges off the ground. We'll make sure you are provisioned with all the tools and processes needed to manage your ideas and data as they arrive, and to build comprehensive engagement campaigns to help drive user adoption and interest across your organisation.
Service documentation
Yes
Documentation formats
HTML
End-of-contract data extraction
Administrators have several means of extracting their data. Automated tools allow for export of data in CSV format. In many cases we recommend reaching out to us so that we can ensure the data can be provided in a suitable and useful format.

In addition, we offer integrations with services, such as Power BI and Office 365, which allow for direct exports of your organisational data.
End-of-contract process
At the end-of-contract, there is an option to export all user data in an appropriate format. Otherwise, data will be deleted in line with required timeframe under the General Data Protection Regulation 2016/679.

There are no additional costs for end-of-contract operational or technical support.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Simply Do offers its same web service responsively over desktop and mobile devices.

In addition, our native mobile app for iOS and Android can be used to carry out many of the tasks available through the web app; such as to create and submit ideas to challenges, interact with other users (e.g. commenting, voting, and reacting to content), and to discover new content.

The mobile app does not feature administration tools that are available through the web app.
Service interface
No
API
Yes
What users can and can't do using the API
The Simply Do API can optionally be used to embed Simply Do functionality in existing systems, or to extend or integrate Simply Do into other services.

All Simply Do functions are available through our API. To use the API, a user can: 1.Generate an API key from their account settings and 2.Make requests to our RESTful API endpoint over HTTPS.
API documentation
No
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
Simply Do offers a flexible customisation tool, allowing administrators to:
- Set a logo for all users, which is displayed in the navbar
- Set a primary colour for all primary actions (e.g. buttons and links)
- Set a secondary colour for all secondary actions (e.g. secondary buttons and backgrounds)
- Add custom links to be shown to all users in the navbar
- Add welcome text to the welcome pages, and announcements on the homepage
- Choose the default language for new users
- Set-up customised and automated announcements to be sent to users as they interact with the service
- Customise login and registration flows.

Furthermore, all challenges and groups can be customised using banner images, and our rich-text inputs allow for building highly-tailored environments for users.

Scaling

Independence of resources
Simply Do is based on modern technology that enables us to confidently guarantee up-time and availability of our service.

For most of our services we make use of account-based request throttling where necessary, and the architecture is designed to be hugely elastic in being able to service many concurrent users and also to cope with large and unexpected traffic spikes.

For auxiliary services, we ensure they are load balanced according to industry standards and that our clusters are able to automatically scale up and down as required in order to meet demand.

Analytics

Service usage metrics
Yes
Metrics types
Simply Do provides a number of metrics to help users understand engagement and their data. For example:
- User growth
- Ideas created over time (and segmented)
- Challenge and idea views
- Sentiment analyses
- Topic-modelling analyses

Such data can be scoped at the organisational level, as well as on a per-challenge basis.

Furthermore, Simply Do's dashboards feature enable users to create custom dashboards formed from editable segments. Custom PDF reports can be generated and downloaded on-demand.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
None

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations
No
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Other
Other data at rest protection approach
In addition to the security and encryption features of our cloud provider, Simply Do ensures that all drives and storage media used to house data use encrypted volumes. Furthermore, all backups are also encrypted to industry standards.
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
Depending on the type of data required this can be accomplished through;
- Controls within the platform to download user lists as CSV or JSON
- Connecting the platform to an external service (such as Power BI or Excel or OneDrive) in order to synchronise data
- Exporting ideas as PDFs
- Exporting idea, challenge, and poll reports as CSV or PDF
- For custom requirements, we recommend reaching out to us so we can ensure data can be formatted in an appropriate fashion.
Data export formats
  • CSV
  • Other
Other data export formats
  • JSON
  • PDF
  • Excel
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
A Service-Level Agreement (SLA) target of 99.5% of Resource Availability is guaranteed across any contract period.

If this is not achieved, a refund is offered at contract-end / renewal based on the period of unavailability.

The full details of the SLA are included in the G-Cloud Call-Off Contract (e.g. service management responses based on severity level).
Approach to resilience
Simply Do makes use of modern, highly-scalable, and higly-available serverless technology to ensure backend-service resilience. Our front-end clients are formed from separately-served static assets - access to which does not interfere with our backend-service resilience. As such we are able to provide service to a large number of concurrent users and are resilient to large traffic spikes.

Access to services is protected using industry-grade authentication and authorisation mechanisms, and users can provide user-based access privilege following their own security requirements.

Our own staff are provisioned access through a principle of least privilege, enabling them to conduct their work but without the ability to carry out sensitive or destructive action.
Outage reporting
Any outages are reported directly to our contacts within the organisation via email.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
Simply Do offers a powerful and flexible permission management model, allowing administrators to assign access to users such that they can perform the duties required, but not access data or functions outside of their area of concern.

We have guidance available that recommends such administrators adopt the principle of least privilege when assigning permissions, and that there is a minimum number of administrator users in place.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
  • Cyber Essentials
  • Cyber Essentials + (Pending)
  • Datacentre provider security to ISO/IEC 27001:2013, 27017:2015, and 27018:2014

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
Other
Other security governance standards
- Cyber Essentials
- Cyber Essentials + (pending)
Information security policies and processes
Simply Do maintains a Data Protection and Privacy Policy Pack, which outlines a number of policies that govern security and data processes. Whilst these policies are for internal use, such policies can also be made available upon request, if necessary.

Example policies in our DPPPP:
- Information Security Policy
- Data Handling Policy
- Confidential Waste Policy
- Individuals' Rights Policy
- Remote Work Policy
- Systems Policy

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
At Simply Do we have strong processes in place to ensure the integrity of software as it is developed, tested, quality-assured, reviewed, and finally released. Access controls allow only those staff that require access to particular codebases and systems are able to write or approve changes to them - allowing us to ensure the security of our systems as changes are introduced.

We make use of staging environments to provide access to the wider team internally for further QA and review before rolling-out updates for live users.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
At Simply Do we put a lot of resource and expertise into ensuring our systems are safe and secure. As part of this process we continually evaluate (and have automated monitoring in place) for our software and dependencies, and our cloud provider, and also continuously monitor the software community for discussion around threats that may be relevant.

We work on the principle of continuous delivery, and often make several updates per day to our systems. As such, patches are deployed very quickly where necessary.

We ensure that all critical system packages and software are updated within two weeks of release.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
We make use of a number of automated tools, centralised logging services, and business processes to identify potential compromises, and have policies in place dedicated to such eventualities.

Depending on the nature of the potential compromise, we determine a need to contact any relevant, affected people, which will be done within one day. Such a communication will include details and an action plan and any remedial action taken so far.

In any case, the incident is logged and actioned internally. If urgent software updates are required then these are aimed to be patched within 1-2 hours, where necessary.
Incident management type
Supplier-defined controls
Incident management approach
Simply Do maintains a number of processes for managing our approach to incidents, which include automatic responses for common events that might occur, as well as a documented approach for handling less common or unknown incidents.

Where necessary, incident reports are prepared and sent to relevant affected parties in accordance with data protection regulations.

Users can report incidents via email or using our live-chat feature.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Pricing

Price
£21,650 a licence a year
Discount for educational organisations
Yes
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at lee@simplydo.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.