Smart Impact Ltd

smartimpact's Membership Management Platform

smartimpact's Membership Management Platform, based on Microsoft Dynamics 365, supports membership, NFP and legal organisations. Our core modules can be implemented independently of each other or connected together and integrated with your other business systems to provide you with a full membership solution.


  • Membership Management
  • Events Management
  • Groups Management
  • Education Management
  • Fundraising Management
  • Portal
  • Entry App
  • Security & Access
  • Card ID


  • Single View of Members
  • Increased Retention and Recruitment
  • Advanced Member Analytics
  • Streamlined Processes
  • Reporting and Dashboards
  • Manage and Control Entry


£6.00 to £71.60 per person per month

  • Education pricing available

Service documents


G-Cloud 11

Service ID

8 0 9 0 2 4 5 2 4 8 7 1 2 3 9


Smart Impact Ltd

Steve Sydee


Service scope

Service scope
Software add-on or extension Yes
What software services is the service an extension to Microsoft Dynamics 365
Cloud deployment model Public cloud
Service constraints Microsoft Dynamics 365 Service Level Agreement:
System requirements Microsoft Dynamics 365 is a web based application

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Service targets are based on the level of issue severity as outlined in our Service Level Agreement (SLA). There is a target that all tickets should have a first response from a member of the support team within 4 working hours of receipt of the Ticket (that doesn’t include the automated responses), and resolution times from 4 hours to 7 business days.

Standard support is provided 9.00am to 5:30pm Monday to Friday, excluding UK Bank Holidays. Support outside of these hours can be arranged upon request.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Support Package Description Annual Cost

Up to 5 days per year. The support days can only be used for support related issues. The support days cannot be carried over to next year.
(£4,500 per year @ £900 per day + £1,000 licence and reporting)

Up to 9 days per year. These days can be used for support as well as for new tasks and functionality as long as the new task does not require more than 1 day. The support days cannot be carried over to next year.
(£7,650 per year @ £850 per day + £1,000 licence and reporting)

Up to 13 days per year. These days can be used for support as well as for new tasks and functionality as long as the new task does not require more than 2 days. Two unused support days can be carried over to next year.
(£10,400 per year @ £800 per day + £1,000 licence and reporting)

Our Support Team consists of experienced and highly trained staff.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Smartimpact delivers systems that are intuitive, easy to use and supported by practical based (onsite and online) training. Documentation also be provided upon request. Furthermore, Microsoft provides a number of online resources to support user adoption and ongoing learning.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
  • Other
Other documentation formats Word
End-of-contract data extraction Users are able to export data at the end of a contract or at any other time (based on individual security settings) from Microsoft Dynamics 365 in CSV or Excel format.
End-of-contract process In the Online Services Terms, Microsoft contractually commits to specific processes when a customer leaves a cloud service or the subscription expires. This includes deleting customer data from systems under our control.

If you terminate a cloud subscription or it expires (except for free trials), Microsoft will store your customer data in a limited-function account for 90 days (the “retention period”) to give you time to extract the data or renew your subscription. During this period, Microsoft provides multiple notices, so you will be amply forewarned of the upcoming deletion of data.
After this 90-day retention period, Microsoft will disable the account and delete the customer data, including any cached or backup copies. For in-scope services, that deletion will occur within 90 days after the end of the retention period. (In-scope services are defined in the Data Processing Terms section of our Online Services Terms.)
When customer data is hosted in the multitenant environments of Microsoft business cloud services, they take careful measures to logically separate customer data. This helps prevent one customer’s data from leaking into that of another customer, which also helps to block any customer from accessing another customer’s deleted data.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Mobile has shorter forms and limited functionality in some areas.
Service interface No
What users can and can't do using the API We will provide a detailed API document, fully covering GET and SET operations specific to the client. Full details will be given for each operation in terms of field, field type, field length and business required. Any changes will be defined, agreed and ratified entirely though the API documentation. Implementation and testing of these changes will be made by smartimpact before User Acceptance Testing (UAT) and deployment to production.
API documentation Yes
API documentation formats Other
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Personal views, dashboard, charts, reports, saved queries
Users will be trained
Different Training is delivered for end users, super users and administrators


Independence of resources Microsoft Dynamics 365 is a cloud based platform hosted by Microsoft. The service operates multiple scale groups in each data centre and automatically provisions new customers into a scale group. The architecture of scale groups is designed to meet the many needs of operating a service at scale, including security, scalability, performance, tenant isolation, serviceability, and monitoring. Each customer has their own individual database, separate from other customers’ databases. Data processing is logically segregated through capabilities specifically developed to help build, manage, and secure multitenant environments.


Service usage metrics Yes
Metrics types The availability of the platform is covered by the Microsoft SLA's and the service reports are available online. In addition, smartimpact provides metrics for it's User & Software Support Service.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Reseller providing extra features and support
Organisation whose services are being resold Microsoft

Staff security

Staff security
Staff security clearance Staff screening not performed
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Users have access to a GUI which enables them to customise views and export them into Excel.
Data export formats
  • CSV
  • Other
Other data export formats XLSX
Data import formats
  • CSV
  • Other
Other data import formats
  • XML
  • XLSX

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Other
Other protection between networks IP whitelisting, Encryption token
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability Dynamics 365 online offers an SLA of 99.9% availability and will provide credits should it not meet this.

Less than 99.9% uptime – Microsoft will issue a 25% service credit.
Less than 99% uptime – Microsoft will issue a 50% service credit.
Less than 95% uptime – Microsoft will issues a 100% service credit.
Approach to resilience Please see following link to the Microsoft Trust Centre:
Outage reporting Microsoft provides a public dashboard, and API and email alerts.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
Other user authentication Modern authentication brings Active Directory Authentication Library (ADAL)-based sign-in to Office client apps across platforms, enabling sign-in features such as Multi-Factor Authentication (MFA), SAML-based third-party identity providers with Office client applications, and smart card and certificate-based authentication.

Cloud identity authentication - Users with cloud identities are authenticated using traditional challenge/response.

Federated identity authentication - Users with federated identities are authenticated using Active Directory Federation Services 2.0 or other Security Token Services.

MFA for the service - users are required to acknowledge a phone call, text, or an app notification on their smartphone after correctly entering their password.
Access restrictions in management interfaces and support channels Dynamics 365 provides a security model that protects data integrity and privacy and supports efficient data access and collaboration, including administrator roles. The goals of the model are as follows:

• Provide users with access only to the appropriate levels of information that is required to do their jobs
• Categorise users by role and restrict access based on those roles
• Support data sharing so that users and teams can be granted access to records that they do not own for a specified collaborative effort
• Prevent user access to records they do not own or share.
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information You control when users can access audit information
How long supplier audit data is stored for Between 6 months and 12 months
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach Security governance is covered by our Data Protection Policy and our Master Services Agreement. The Microsoft Dynamics platform adheres to all global security requirements ( smartimpact is ISO9001 certified and is currently in the process of obtaining ISO27001.
Information security policies and processes - Staff are briefed on our internal policies and processes

- Led by our Data Lead, senior management and system administrators continually assess and implement improvement measures based on current available information

- Our system administrators regularly attend training courses and online webinars

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Smartimpact has developed a robust and flexible implementation methodology. This includes a mature change management process which mitigates against risk and provides an audit trail of amendments to the project’s terms of reference.

If as a result of any change additional work is required, the smartimpact project manager will raise a Change Control Form. This is in effect a mini-specification, which details the requirements of any change together with a total cost for implementation of the change. This is followed by review by the customer and acceptance/rejection as appropriate.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach Microsoft updates are included for individual user licenses. Microsoft deliver two releases per year in April and October - offering new capabilities and functionality. Partners get notified of these updates well ahead in advance and what's included in each release. smartimpact follow Microsoft guidlines strictly when customising the system, which ensures ease of upgrade as the upgrade is usually backward compatiable. Our team will test any update separately before applying it to the client. In addition to the two updates, Microsoft deploy regular performance and reliability improvement (including addressing potential threats) updates throughout the year. For further information:
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Our platform is based upon Microsoft Dynamics 365. Microsoft places great importance and therefore invests significantly in ensuring it's solutions are secure. For further details please see:
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach The following document provides a summary and flow chart outlining Microsoft's Security Incident Management approach: file:///C:/Users/Naresh%20Raj/Downloads/Security%20Incident%20Management%20in%20Microsoft%20Dynamics%20365%20(1).pdf

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks Yes
Connected networks Other
Other public sector networks DfE


Price £6.00 to £71.60 per person per month
Discount for educational organisations Yes
Free trial available No

Service documents

Return to top ↑