Heed is messaging automation software that provides the ability to build effective messaging solutions outside of email and chat.
Heed integrates with enterprise systems to provide more effective communication through intelligent, automated and stateful communications.
Heed can be leveraged to increase efficiency, reduce cost and improve KPIs around any process.
- Stateful & Actionable Communications
- Workflow Builder
- Process Visualisation and Automated Communications
- Bespoke Message Behaviour Definition
- Real-time View of Active Communications through Buckets
- Intelligent Waterfall Communication Flow
- Automated Workflow Intelligence
- Intrusive Desktop Notifications
- Action Centre - Centralised Location for Actions (i.e. Approvals)
- Real-time Analytics & Reporting
- Take Action on the Move
- Take Action (i.e. Approvals) in one system rather than multiple.
- Increase Process Efficiency
- Provide More Effective Communication to your Workforce
- Automate Communications from your Enterprise Systems
- Reduce Cost & Waste within any Business Process
- Measure Productivity
- Engage the Workforce
- Integrate with your Enterprise Systems
- Automate your Business Processes & the Communication Throughout
£2 per unit per month
- Education pricing available
Heed Software Ltd
|Software add-on or extension||Yes, but can also be used as a standalone service|
|What software services is the service an extension to||Heed has integration capabilities with a huge number of enterprise systems, including but not limited to: ServiceNow, BMC, Github, HPE Service Manager, IBM Cognos, IBM Notes, IBM Workspace, JIRA, Microsoft Dynamics, Oracle, Oracle Cloud, Oracle JD Edwards, Oracle PeopleSoft, Salesforce, SAP, Slack, Workday, Trello, Tibco, Twilio, Expensify, CircleCI, Citrix, AWS.|
|Cloud deployment model||Hybrid cloud|
|Service constraints||No it does not.|
|Email or online ticketing support||Email or online ticketing|
|Support response times||Standard & Premium Support carry different response times and differing Support Hours. There is also an online portal for documentation and self-service support.|
|User can manage status and priority of support tickets||No|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
- Heed provides both Standard and Premium Support, with Premium Support providing improved SLAs, faster response and higher availability.
- Standard Support comes as part of the basic package, however, Premium Support carries an additional % cost.
- Heed offers various Support Teams globally.
|Support available to third parties||Yes|
Onboarding and offboarding
- Online Support and Documentation is available as part of the On-boarding process.
- Training can also be provided as part of the onboarding process.
|End-of-contract data extraction||All data can be exported in a secure database format at the point of contract expiry, as part of the decommissioning process.|
|End-of-contract process||Clients are decommissioned at the end of the contract and are left with a default window of time to migrate any wanted data or information.|
Using the service
|Web browser interface||Yes|
|Application to install||Yes|
|Compatible operating systems||
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||
The Mobile Application provides the same functionality as the Desktop Application for the most part from an End User perspective.
Some advanced settings, administrative settings and workflow configurations are limited to the Desktop/ Browser rather than the Mobile Application.
|Accessibility standards||WCAG 2.0 A|
|Accessibility testing||No official testing has been done with users of assistive technology, however, standards have been met in accordance to the WCAG 2.0 A guidelines.|
|What users can and can't do using the API||Users can carry out the majority of the functions of the application utilising the REST API, however, authentication is required when making requests to the API.|
|API documentation formats||HTML|
|API sandbox or test environment||Yes|
|Description of customisation||
The Workflow Builder within Heed allows for the user to build bespoke and customised workflows around their business processes. Corporate Branding can also be applied to the Application itself, as well as the Desktop Notifications and other communications.
The customisation is mostly handled by System Administrators.
|Independence of resources||Heed leverages scalable cloud infrastructure through AWS and Azure technologies to ensure that users aren't affected by external demand.|
|Service usage metrics||Yes|
- Users online status
- Last time user was online.
- Metrics around communications distributed and actions taken within them.
- Metrics around which devices users have viewed communications on.
- Metrics around process efficiency and communications.
|Supplier type||Not a reseller|
|Staff security clearance||Conforms to BS7858:2012|
|Government security clearance||Up to Developed Vetting (DV)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||Yes|
|Datacentre security standards||Managed by a third party|
|Penetration testing frequency||At least every 6 months|
|Penetration testing approach||‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider|
|Protecting data at rest||
|Data sanitisation process||Yes|
|Data sanitisation type||
|Equipment disposal approach||Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001|
Data importing and exporting
|Data export approach||There is no requirement for users to export their data. Role-based administration can be used to permit users to export data in either CSV or database format.|
|Data export formats||
|Other data export formats||Database Format|
|Data import formats||
|Other data import formats||Active Directory|
|Data protection between buyer and supplier networks||
|Data protection within supplier network||TLS (version 1.2 or above)|
Availability and resilience
Premium: Monthly up-time percentage of at least 99.95%
Standard: Monthly up-time percentage of at least 99.90%
Customer eligible to receive Service Credit in the event that Heed does not meet these commitments.
|Approach to resilience||Available on Request.|
- Email Alerts
- Public Service Status
- Other outbound communications.
Identity and authentication
|User authentication needed||Yes|
|Access restrictions in management interfaces and support channels||Access Management and Access Control to restrict access to management interfaces and support channels are controlled in accordance to IOS27001:2017, including role-based permissions to ensure access, is limited where necessary.|
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||At least 12 months|
|Access to supplier activity audit information||Users have access to real-time audit information|
|How long supplier audit data is stored for||At least 12 months|
|How long system logs are stored for||At least 12 months|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||The British Assessment Bureau - UKAS accredited certification body|
|ISO/IEC 27001 accreditation date||07/12/2017|
|What the ISO/IEC 27001 doesn’t cover||Nothing, we received a perfect score.|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||Yes|
|Any other security certifications||CREST Approved Certification|
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||ISO/IEC 27001|
|Information security policies and processes||
Heed follows the principles and controls outlined by ISO27001:2017, as well as the new GDPR.
The following policies are in place Acceptable Use Policy, Access Control Policy, Asset Management Policy, Clean Desk Policy, Data Breach Response Policy, Disaster Recovery Plan, Heed Software Business Management System,Operations and Communications Security, Password Policy, Physical and Environmental Security Policy, Statement of Applicability, Systems Acquisition, Development and Maintenance.
All are subject to review on an annual and bi-annual basis. Training for employees is conducted during the new hire process or when a change has been made to the current policies. Logs and reports are kept for reporting purposes including Internal Audit Report, Customer Complaints Form and Risk assessment Log (including all other logs). Any highlighted reports are discussed during the weekly management meeting.
|Configuration and change management standard||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Configuration and change management approach||
The following list should be ensured when changes are implemented:
* Effectiveness of the change will be tested
* Compatibility within the existing systems
* Documentation updated
* Assessment of its impact against other applications, databases, operating systems, and processes.
* Formally approved during management meetings prior to implementation
* Audits will be logged
* Timeline of the implementation to set expectations with the team and parties affected.
The changes will be documented and logged for reference. The Technical Director, and Information Security Manager will work with those directly involved and affected to ensure completion without jeopardising Heed’s information security.
|Vulnerability management type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Vulnerability management approach||
Management of technical vulnerabilities will be covered in the risk assessments. Review and monitoring of technical vulnerability will be a recurring process. Included in the vulnerability management process:
Processes clearly defined for monitoring risk assessments, patching, asset tracking and coordination.
Information Security Manager and the Technical Director must collaborate to create correct documentation for future reference.
Risk assessments of any relevant changes, updates, or patches should be carried out to compare the system with and without the changes.
Any change or update should be undergo testing before implementation.
Any high risk or particularly sensitive systems should be prioritised.
|Protective monitoring type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Protective monitoring approach||
Risks are identified together with a rating as to the importance of the risk. Each group of assets (including people, technology, and environment) will be analyzed by identifying related threats, controls in place, vulnerability, consequences, and likelihood. The Information Security Risk Assessment document is reviewed frequently by the Information Security Manager.
Evaluations are drawn for each threat as to what the most appropriate action is together with the estimated cost of implementing action to address the identified issue. Key evaluation criteria used will be Accept Risk, Apply Controls, Avoid Risk and Transfer Risk.
|Incident management type||Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402|
|Incident management approach||
Heed has predefined processes for common events, whether they be a data breach, Information Security related or disasters. External users are able to report incidents through various different methods, both email, phone lines, incident support portal etc. There are also predefined processes internally for the reporting of Incidents, management of Incidents and resolving/ reporting of Incidents also.
All Incidents are reported with a predefined set of requirements and the relevant parties will be informed as aptly as possible. This is all conformant with certification ISO27001:2017
|Approach to secure software development best practice||Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)|
Public sector networks
|Connection to public sector networks||No|
|Price||£2 per unit per month|
|Discount for educational organisations||Yes|
|Free trial available||No|