smartimpact's Membership Management Platform
smartimpact's Membership Management Platform, based on Microsoft Dynamics 365, supports membership, NFP and legal organisations. Our core modules can be implemented independently of each other or connected together and integrated with your other business systems to provide you with a full membership solution.
- Membership Management
- Events Management
- Groups Management
- Education Management
- Fundraising Management
- Entry App
- Security & Access
- Card ID
- Single View of Members
- Increased Retention and Recruitment
- Advanced Member Analytics
- Streamlined Processes
- Reporting and Dashboards
- Manage and Control Entry
£6.00 to £71.60 per person per month
- Education pricing available
8 0 9 0 2 4 5 2 4 8 7 1 2 3 9
Smart Impact Ltd
|Software add-on or extension||Yes|
|What software services is the service an extension to||Microsoft Dynamics 365|
|Cloud deployment model||Public cloud|
|Service constraints||Microsoft Dynamics 365 Service Level Agreement: https://port.crm.dynamics.com/portal/static/1033/sla.htm|
|System requirements||Microsoft Dynamics 365 is a web based application|
|Email or online ticketing support||Email or online ticketing|
|Support response times||
Service targets are based on the level of issue severity as outlined in our Service Level Agreement (SLA). There is a target that all tickets should have a first response from a member of the support team within 4 working hours of receipt of the Ticket (that doesn’t include the automated responses), and resolution times from 4 hours to 7 business days.
Standard support is provided 9.00am to 5:30pm Monday to Friday, excluding UK Bank Holidays. Support outside of these hours can be arranged upon request.
|User can manage status and priority of support tickets||No|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
Support Package Description Annual Cost
Up to 5 days per year. The support days can only be used for support related issues. The support days cannot be carried over to next year.
(£4,500 per year @ £900 per day + £1,000 licence and reporting)
Up to 9 days per year. These days can be used for support as well as for new tasks and functionality as long as the new task does not require more than 1 day. The support days cannot be carried over to next year.
(£7,650 per year @ £850 per day + £1,000 licence and reporting)
Up to 13 days per year. These days can be used for support as well as for new tasks and functionality as long as the new task does not require more than 2 days. Two unused support days can be carried over to next year.
(£10,400 per year @ £800 per day + £1,000 licence and reporting)
Our Support Team consists of experienced and highly trained staff.
|Support available to third parties||Yes|
Onboarding and offboarding
|Getting started||Smartimpact delivers systems that are intuitive, easy to use and supported by practical based (onsite and online) training. Documentation also be provided upon request. Furthermore, Microsoft provides a number of online resources to support user adoption and ongoing learning.|
|Other documentation formats||Word|
|End-of-contract data extraction||Users are able to export data at the end of a contract or at any other time (based on individual security settings) from Microsoft Dynamics 365 in CSV or Excel format.|
In the Online Services Terms, Microsoft contractually commits to specific processes when a customer leaves a cloud service or the subscription expires. This includes deleting customer data from systems under our control.
If you terminate a cloud subscription or it expires (except for free trials), Microsoft will store your customer data in a limited-function account for 90 days (the “retention period”) to give you time to extract the data or renew your subscription. During this period, Microsoft provides multiple notices, so you will be amply forewarned of the upcoming deletion of data.
After this 90-day retention period, Microsoft will disable the account and delete the customer data, including any cached or backup copies. For in-scope services, that deletion will occur within 90 days after the end of the retention period. (In-scope services are defined in the Data Processing Terms section of our Online Services Terms.)
When customer data is hosted in the multitenant environments of Microsoft business cloud services, they take careful measures to logically separate customer data. This helps prevent one customer’s data from leaking into that of another customer, which also helps to block any customer from accessing another customer’s deleted data.
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||Mobile has shorter forms and limited functionality in some areas.|
|What users can and can't do using the API||We will provide a detailed API document, fully covering GET and SET operations specific to the client. Full details will be given for each operation in terms of field, field type, field length and business required. Any changes will be defined, agreed and ratified entirely though the API documentation. Implementation and testing of these changes will be made by smartimpact before User Acceptance Testing (UAT) and deployment to production.|
|API documentation formats||Other|
|API sandbox or test environment||Yes|
|Description of customisation||
Personal views, dashboard, charts, reports, saved queries
Users will be trained
Different Training is delivered for end users, super users and administrators
|Independence of resources||Microsoft Dynamics 365 is a cloud based platform hosted by Microsoft. The service operates multiple scale groups in each data centre and automatically provisions new customers into a scale group. The architecture of scale groups is designed to meet the many needs of operating a service at scale, including security, scalability, performance, tenant isolation, serviceability, and monitoring. Each customer has their own individual database, separate from other customers’ databases. Data processing is logically segregated through capabilities specifically developed to help build, manage, and secure multitenant environments.|
|Service usage metrics||Yes|
|Metrics types||The availability of the platform is covered by the Microsoft SLA's and the service reports are available online. In addition, smartimpact provides metrics for it's User & Software Support Service.|
|Supplier type||Reseller providing extra features and support|
|Organisation whose services are being resold||Microsoft|
|Staff security clearance||Staff screening not performed|
|Government security clearance||Up to Security Clearance (SC)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||No|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||Another external penetration testing organisation|
|Protecting data at rest||
|Data sanitisation process||Yes|
|Data sanitisation type||Deleted data can’t be directly accessed|
|Equipment disposal approach||Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001|
Data importing and exporting
|Data export approach||Users have access to a GUI which enables them to customise views and export them into Excel.|
|Data export formats||
|Other data export formats||XLSX|
|Data import formats||
|Other data import formats||
|Data protection between buyer and supplier networks||
|Other protection between networks||IP whitelisting, Encryption token|
|Data protection within supplier network||TLS (version 1.2 or above)|
Availability and resilience
Dynamics 365 online offers an SLA of 99.9% availability and will provide credits should it not meet this.
Less than 99.9% uptime – Microsoft will issue a 25% service credit.
Less than 99% uptime – Microsoft will issue a 50% service credit.
Less than 95% uptime – Microsoft will issues a 100% service credit.
|Approach to resilience||Please see following link to the Microsoft Trust Centre: https://www.microsoft.com/en-us/TrustCenter/Security/dynamics365-security|
|Outage reporting||Microsoft provides a public dashboard, and API and email alerts.|
Identity and authentication
|User authentication needed||Yes|
|Other user authentication||
Modern authentication brings Active Directory Authentication Library (ADAL)-based sign-in to Office client apps across platforms, enabling sign-in features such as Multi-Factor Authentication (MFA), SAML-based third-party identity providers with Office client applications, and smart card and certificate-based authentication.
Cloud identity authentication - Users with cloud identities are authenticated using traditional challenge/response.
Federated identity authentication - Users with federated identities are authenticated using Active Directory Federation Services 2.0 or other Security Token Services.
MFA for the service - users are required to acknowledge a phone call, text, or an app notification on their smartphone after correctly entering their password.
|Access restrictions in management interfaces and support channels||
Dynamics 365 provides a security model that protects data integrity and privacy and supports efficient data access and collaboration, including administrator roles. The goals of the model are as follows:
• Provide users with access only to the appropriate levels of information that is required to do their jobs
• Categorise users by role and restrict access based on those roles
• Support data sharing so that users and teams can be granted access to records that they do not own for a specified collaborative effort
• Prevent user access to records they do not own or share.
|Access restriction testing frequency||At least once a year|
|Management access authentication||
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||User-defined|
|Access to supplier activity audit information||You control when users can access audit information|
|How long supplier audit data is stored for||Between 6 months and 12 months|
|How long system logs are stored for||User-defined|
Standards and certifications
|ISO/IEC 27001 certification||No|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||No|
|Named board-level person responsible for service security||Yes|
|Security governance certified||No|
|Security governance approach||Security governance is covered by our Data Protection Policy and our Master Services Agreement. The Microsoft Dynamics platform adheres to all global security requirements (https://www.microsoft.com/en-us/trustcenter/default.aspx). smartimpact is ISO9001 certified and is currently in the process of obtaining ISO27001.|
|Information security policies and processes||
- Staff are briefed on our internal policies and processes
- Led by our Data Lead, senior management and system administrators continually assess and implement improvement measures based on current available information
- Our system administrators regularly attend training courses and online webinars
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||
Smartimpact has developed a robust and flexible implementation methodology. This includes a mature change management process which mitigates against risk and provides an audit trail of amendments to the project’s terms of reference.
If as a result of any change additional work is required, the smartimpact project manager will raise a Change Control Form. This is in effect a mini-specification, which details the requirements of any change together with a total cost for implementation of the change. This is followed by review by the customer and acceptance/rejection as appropriate.
|Vulnerability management type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Vulnerability management approach||Microsoft updates are included for individual user licenses. Microsoft deliver two releases per year in April and October - offering new capabilities and functionality. Partners get notified of these updates well ahead in advance and what's included in each release. smartimpact follow Microsoft guidlines strictly when customising the system, which ensures ease of upgrade as the upgrade is usually backward compatiable. Our team will test any update separately before applying it to the client. In addition to the two updates, Microsoft deploy regular performance and reliability improvement (including addressing potential threats) updates throughout the year. For further information: https://www.microsoft.com/en-gb/security/operations|
|Protective monitoring type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Protective monitoring approach||Our platform is based upon Microsoft Dynamics 365. Microsoft places great importance and therefore invests significantly in ensuring it's solutions are secure. For further details please see: https://www.microsoft.com/en-gb/security/operations.|
|Incident management type||Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402|
|Incident management approach||The following document provides a summary and flow chart outlining Microsoft's Security Incident Management approach: file:///C:/Users/Naresh%20Raj/Downloads/Security%20Incident%20Management%20in%20Microsoft%20Dynamics%20365%20(1).pdf|
|Approach to secure software development best practice||Conforms to a recognised standard, but self-assessed|
Public sector networks
|Connection to public sector networks||Yes|
|Other public sector networks||DfE|
|Price||£6.00 to £71.60 per person per month|
|Discount for educational organisations||Yes|
|Free trial available||No|