Be the brand - Digital Asset Management
Digital Asset Management provides a library for all communications and brand assets to help users find and reuse content. Video, images, logos, pdfs, office files, presentations + can be stored, filtered and searched for. Once located, assets can be downloaded or distributed. Asset lifecycle management includes auto-archiving and on-demand repurposing.
- Digital Asset Management for asset lifecycle management
- Asset search via filters, data search, content text search
- Automated asset expiry, alerts and archiving
- Clear, intuitive design to help people locate assets
- On-demand image repurposing to minimise versioning risk
- Sophisticated user permissions to manage who can do what
- Dynamic, configurable data structure to minimise data entry
- Asset upload, submit for approval and bulk import capability
- API for data and files to facilitate open integration
- Real time reporting with excel/csv download and report scheduler
- Reduced design costs as artwork reused
- Less time spent looking for digital assets
- Improved brand consistency and messaging
- Reduced risk of using withdrawn imagery and assets
- Increased leverage & return from creative investment
- Focus on value added creative work
- Greater visibility of asset utilisation via reporting
- Clear asset ownership and responsibility for maintenance
- Cost of ownership reduced due to configurability of data
- Wide range of file formats supported
|Software add-on or extension||No|
|Cloud deployment model||Private cloud|
|Service constraints||No constraints.|
|Email or online ticketing support||Email or online ticketing|
|Support response times||1 Hour response time, with resolution times dependent upon severity, available 9-5 UK working days (ie excludes weekends and bank holidays).|
|User can manage status and priority of support tickets||No|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
We have two levels of support. Standard support is unlimited and is included in the monthly ASP fees. You will have 1-2 system guardians which will be the first port of call when your end users have a query. We would liaise with the system guardian for any query they cannot resolve.
We also provide enhanced support where we will take direct queries from a larger group of users. This is an optional service which is often used just after going live but we can extend it where necessary. The cost of this varies but begins at £600 / month + vat.
Each client is provided with an Account Manager throughout deployment and ongoing operations. Upon going live they are transferred to the support desk for day-to-day queries. The Account Manager still remains in contact with quarterly or bi-annual meetings held throughout the year.
Technical resources are available if needed but support generally tends to be configuration based.
|Support available to third parties||Yes|
Onboarding and offboarding
PDF User guides and System Administration guides are provided along with onsite training and online /webinar based training.
Prior to training, a configuration workshop is typically run with superusers / system administrators to capture the initial configuration requirements; this may be onsite or online.
A configuration testing session is then run to provide the deployment team with knowledge to perform some testing prior to launch. The deployment team may then provide other users with training or this can be delivered by Be the brand.
Generally we find that different user groups require different levels of training; a one-page "get started" guide may suffice for low level users while system administrators will require more in depth training.
|End-of-contract data extraction||A range of reports, which are all downloadable into excel or csv format, provide an extract of some key data. Be the brand experience will provide an extract of the files / assets on the system and additional data in csv format if needed.|
The administrator logins remain active for 2 months following contract end. This provides time for the client to download the required reports/ data and files.
If a bulk download of data or files is requested from be the brand we will change no more than 2 days resource time to provide the extract.
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||We have used responsive design to enable the application to be used on a range of devices. It is a bit difficult to use the functionality on phones, due to small screen size, but is very effective on newer tablets. We have focused on optimising the approvals functionality for mobile devices because that is were we see the most demand.|
|What users can and can't do using the API||
The first step is to request an API key from bethebrand. This will be used for all your requests.
In addition, the API key you use has a set of permissions in the bethebrand system, which must be tailored by bethebrand to suit your use of the API.
By default, only a subset of the API will be accessible.
The bethebrand API is a REST architecture which sends & receives JSON. Each object in the system will have an endpoint with the standard GET, PUT, POST & DELETE verbs, with some offering additional GET endpoints for operations like filtering or sorting.
The API allows you to do such things as search for Assets, Create Projects, run Reports, as well as query the status of your Workflows throughout the system.
|API documentation formats||
|API sandbox or test environment||Yes|
|Description of customisation||There is a high level of configuration capability restricted to users with the appropriate permissions. Data forms and data field content/ format can be configured via the administration screens and changes saved in real time. User attributes such as teams and / or profiles can be configured similarly.|
|Independence of resources||Shared resources are not independent - we use capacity planning and load testing to ensure adequate capacity for all users. Scalability is integral to the architecture of the solution - enabling more resources such as CPU, storage or memory to be added quickly with no downtime.|
|Service usage metrics||Yes|
Concurrent user numbers/ graph
Asset views/ downloads/ distributions
Asset RAG (proximity to expiry)
Asset ownership and lifecycle
Workflow task allocation and status
User asset ownership/ views/ downloads/ distributions
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||Up to Developed Vetting (DV)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||No|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||Less than once a year|
|Penetration testing approach||‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider|
|Protecting data at rest||
|Other data at rest protection approach||Logical controls, client data is segmented from other clients. Each client uses separate websites, application, database and file structures. This ensures that data from one client cannot be accessed by another.|
|Data sanitisation process||Yes|
|Data sanitisation type||
|Equipment disposal approach||Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001|
Data importing and exporting
|Data export approach||All reports are available as an excel download from the application. There are 34 standard reports meeting a broad scope of data requirements. Where additional data needs are identified a bespoke report can be written. The cost ranges from £400-£1200 depending on complexity.|
|Data export formats||Other|
|Other data export formats||Excel|
|Data import formats||Other|
|Other data import formats||No upload facility|
|Data protection between buyer and supplier networks||TLS (version 1.2 or above)|
|Data protection within supplier network||IPsec or TLS VPN gateway|
Availability and resilience
|Guaranteed availability||99.5% SLA covering availability with a service credit equivalent to the proportion of fees incurred during the downtime.|
|Approach to resilience||Resilience is built into the solution in a number of ways. We host the application in multiple data centres. The primary data centre has a multi-host / multi-component configuration ensuring we have multiple layers of resilience built in.|
Email alerts to our support team report any outages. A dashboard report of availability provides historical visibility.
Planned outages are communicated to system administrators in advance.
Identity and authentication
|User authentication needed||Yes|
|Other user authentication||SAML / ADFS single sign on available.|
|Access restrictions in management interfaces and support channels||The built-in permission flags are used to develop user roles with restricted permissions and access to functionality. These can be amended by appropriately permissioned users. Internally we restrict high level admin permissions to a small group of people.|
|Access restriction testing frequency||At least once a year|
|Management access authentication||Username or password|
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||At least 12 months|
|Access to supplier activity audit information||Users have access to real-time audit information|
|How long supplier audit data is stored for||At least 12 months|
|How long system logs are stored for||At least 12 months|
Standards and certifications
|ISO/IEC 27001 certification||No|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||No|
|Named board-level person responsible for service security||Yes|
|Security governance certified||No|
|Security governance approach||Security governance is a board level responsibility of the Chief Technology Officer. IT Security Policy and other related policies are in place and checks are carried out via weekly and monthly procedures to ensure compliance. Team briefings are carried out to ensure that IT security is discussed and communicated to all team members.|
|Information security policies and processes||We have our own IT Security policy which is based on ISO27001 but not accredited. It is reviewed by clients regularly. It includes procedures and controls to ensure that the policies are followed.|
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||Changes are tracked using our internal change and issue management system. Each change is tagged with a branch, so that it is clear which branch a change must be carried out in. In our development environment we use a system for build and continuous integration. We also have a source control system in place. Changes are tested on our development environment, before being packaged into a release. Once a release is finalised it is then available to update on our staging and live environments.|
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||
We get inputs for patches and threats from multiple sources. Vendors of hardware/software, threat alert services and our hosting partner all supply information. This is reviewed, with any patches managed as a change on our change tracking system, prioritised accordingly.
High Priority patches can be fast-tracked within 24 hours, all other patches will be bundled together and patched at the next available service maintenance window; usually during an upcoming weekend.
|Protective monitoring type||Undisclosed|
|Protective monitoring approach||We do not currently have an intrusion detection solution in place but following our April 2017 hosting architecture upgrade we have deployed Juniper Firewalls with IDS as an available feature. We plan to investigate utilising this feature during 2017.|
|Incident management type||Supplier-defined controls|
|Incident management approach||
Incidents are logged on our internal issue tracking system and managed from there. Incidents that cannot be resolved immediately by the first point of contact will be assigned to the technical team to action.
All incidents will be recorded in terms of symptoms, basic diagnostic data, and information about the issue and services affected. Incidents are reported to the Client Manager or by calling the Be the brand experience and are logged on our tracking system.
If the issue is a High Priority Security Incident, the client is notified by phone and email within 3 hours.
|Approach to secure software development best practice||Conforms to a recognised standard, but self-assessed|
Public sector networks
|Connection to public sector networks||No|
|Price||£425 per instance per month|
|Discount for educational organisations||No|
|Free trial available||Yes|
|Description of free trial||
a) Free Access to our demo application for a period of 2 months for a limited number of users; or,
b) Full or partial configuration of a pilot version for a 2 -3 month period with asset import and training - small fee involved.
|Link to free trial||Please request - user set up and permissioning required|