Be the brand experience ltd

Be the brand - CommsBuilder Artwork Templates

CommsBuilder provides editable templates for end users to generate onbrand artwork without briefing agencies. Indesign files are imported to create templates, and rules are set for permitted amends by users to create newsletters, posters and other communications. These can be watermarked, and/or submitted for approval if necessary.


  • Create artwork from online templates
  • Upload or select from pre-approved images
  • Use centrally managed content to ensure compliance
  • Complex and advanced design capability ie dynamic linked fields
  • Easy to create high quality artwork without technical skills
  • Single input fields can populate multiple templates
  • Initial template creation via adobe indesign import
  • Send for approval (or not) via a review workflow
  • Either pdf/ html-5/ ePub /jpeg output formats supported
  • Excel upload of input data to generate multiple outputs


  • Materially reduced design and artworking costs
  • Massive increase in agility and speed
  • Generate controlled, high quality designed outputs
  • Increased consistency of brand and message
  • Immediate and on demand artworking by non-technical resource
  • Watermarking till approval reduces risk of error
  • A single amend can be immediately applied across all templates
  • More value added time for creative resources
  • Increased reuse of existing artwork & content
  • Increased leverage & return from creative investment


£450 per instance per month

Service documents


G-Cloud 11

Service ID

8 2 6 5 7 2 1 4 7 5 9 8 7 8 5


Be the brand experience ltd

Adam Hainsworth

020 7199 0360

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints No constraints.
System requirements
  • Compatible browser
  • Internet connectivity

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Response times 1 hour with resolution times dependent upon severity. UK working days 9-5, ie excluding weekends.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels We have two levels of support. Standard support is unlimited and is included in the monthly ASP fees. You will have 1-2 system guardians which will be the first port of call when your end users have a query. We would liaise with the system guardian for any query they cannot resolve.

We also provide enhanced support where we will take direct queries from a larger group of users. This is an optional service which is often used just after going live but we can extend it where necessary. The cost of this varies but begins at £600 / month + vat.

Each client is provided with an Account Manager throughout deployment and ongoing operations. Upon going live they are transferred to the support desk for day-to-day queries. The Account Manager still remains in contact with quarterly or bi-annual meetings held throughout the year.

Technical resources are available if needed but support generally tends to be configuration based.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started PDF User guides and System Administration guides are provided along with onsite training and online /webinar based training.
Prior to training, a configuration workshop is typically run with superusers / system administrators to capture the initial configuration requirements; this may be onsite or online.
A configuration testing session is then run to provide the deployment team with knowledge to perform some testing prior to launch. The deployment team may then provide other users with training or this can be delivered by Be the brand.
Generally we find that different user groups require different levels of training; a one-page "get started" guide may suffice for low level users while system administrators will require more in depth training.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction A range of reports, which are all downloadable into excel or csv format, provide an extract of some key data. Be the brand experience will provide an extract of the files / assets on the system and additional data in csv format if needed.
End-of-contract process The administrator logins remain active for 2 months following contract end. This provides time for the client to download the required reports/ data and files.
If a bulk download of data or files is requested from be the brand we will change no more than 2 days resource time to provide the extract.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service We have used responsive design to enable the application to be used on a range of devices. It is a bit difficult to use the functionality on phones, due to small screen size, but is very effective on newer tablets. We have focused on optimising the approvals functionality for mobile devices because that is were we see the most demand.
Service interface No
What users can and can't do using the API The first step is to request an API key from bethebrand. This will be used for all your requests.
In addition, the API key you use has a set of permissions in the bethebrand system, which must be tailored by bethebrand to suit your use of the API.
By default, only a subset of the API will be accessible.
The bethebrand API is a REST architecture which sends & receives JSON. Each object in the system will have an endpoint with the standard GET, PUT, POST & DELETE verbs, with some offering additional GET endpoints for operations like filtering or sorting.

The API allows you to do such things as search for Assets, Create Projects, run Reports, as well as query the status of your Workflows throughout the system.
API documentation Yes
API documentation formats
  • HTML
  • PDF
API sandbox or test environment Yes
Customisation available Yes
Description of customisation There is a high level of configuration capability restricted to users with the appropriate permissions. Data forms and data field content/ format can be configured via the administration screens and changes saved in real time. User attributes such as teams and / or profiles can be configured similarly.


Independence of resources Shared resources are not independent - we use capacity planning and load testing to ensure adequate capacity for all users. Scalability is integral to the architecture of the solution - enabling more resources such as CPU, storage or memory to be added quickly with no downtime.


Service usage metrics Yes
Metrics types Concurrent user numbers/ graph
Asset views/ downloads/ distributions
Asset RAG (proximity to expiry)
Asset ownership and lifecycle
Workflow task allocation and status
User asset ownership/ views/ downloads/ distributions
System Availability
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency Less than once a year
Penetration testing approach ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Other
Other data at rest protection approach Logical controls, client data is segmented from other clients. Each client uses separate websites, application, database and file structures. This ensures that data from one client cannot be accessed by another.
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach All reports are available as an excel download from the application. There are 34 standard reports meeting a broad scope of data requirements. Where additional data needs are identified a bespoke report can be written. The cost ranges from £400-£1200 depending on complexity.
Data export formats Other
Other data export formats Excel
Data import formats Other
Other data import formats No upload facility

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability 99.5% SLA covering availability with a service credit equivalent to the proportion of fees incurred during the downtime.
Approach to resilience Resilience is built into the solution in a number of ways. We host the application in multiple data centres. The primary data centre has a multi-host / multi-component configuration ensuring we have multiple layers of resilience built in.
Outage reporting Email alerts to our support team report any outages. A dashboard report of availability provides historical visibility.
Planned outages are communicated to system administrators in advance.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Username or password
  • Other
Other user authentication SAML / ADFS single sign on available.
Access restrictions in management interfaces and support channels The built-in permission flags are used to develop user roles with restricted permissions and access to functionality. These can be amended by appropriately permissioned users. Internally we restrict high level admin permissions to a small group of people.
Access restriction testing frequency At least once a year
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach Security governance is a board level responsibility of the Chief Technology Officer. IT Security Policy and other related policies are in place and checks are carried out via weekly and monthly procedures to ensure compliance. Team briefings are carried out to ensure that IT security is discussed and communicated to all team members.
Information security policies and processes We have our own IT Security policy which is based on ISO27001 but not accredited. It is reviewed by clients regularly. It includes procedures and controls to ensure that the policies are followed.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Changes are tracked using our internal change and issue management system. Each change is tagged with a branch, so that it is clear which branch a change must be carried out in. In our development environment we use a system for build and continuous integration. We also have a source control system in place. Changes are tested on our development environment, before being packaged into a release. Once a release is finalised it is then available to update on our staging and live environments.
Vulnerability management type Supplier-defined controls
Vulnerability management approach We get inputs for patches and threats from multiple sources. Vendors of hardware/software, threat alert services and our hosting partner all supply information. This is reviewed, with any patches managed as a change on our change tracking system, prioritised accordingly.
High Priority patches can be fast-tracked within 24 hours, all other patches will be bundled together and patched at the next available service maintenance window; usually during an upcoming weekend.
Protective monitoring type Undisclosed
Protective monitoring approach We do not currently have an intrusion detection solution in place but following our April 2017 hosting architecture upgrade we have deployed Juniper Firewalls with IDS as an available feature. We plan to investigate utilising this feature during 2017.
Incident management type Supplier-defined controls
Incident management approach Incidents are logged on our internal issue tracking system and managed from there. Incidents that cannot be resolved immediately by the first point of contact will be assigned to the technical team to action.

All incidents will be recorded in terms of symptoms, basic diagnostic data, and information about the issue and services affected. Incidents are reported to the Client Manager or by calling the Be the brand experience and are logged on our tracking system.

If the issue is a High Priority Security Incident, the client is notified by phone and email within 3 hours.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No


Price £450 per instance per month
Discount for educational organisations No
Free trial available Yes
Description of free trial Either:
a) Free Access to our demo application for a period of 2 months for a limited number of users; or,
b) Full or partial configuration of a pilot version for a 2 -3 month period with asset import and training - small fee involved.
Link to free trial Please request - user set up and permissioning required

Service documents

Return to top ↑