Spektrix is powerful and innovative cloud-based box office, marketing and fundraising software for arts organisations. We provide a sophisticated range of tools for ticketing, customer relationship management, reporting, analysis, customer segmentation and giving management. It's backed up by a brilliant team who provide strategic and consultative support, advise and projects.
- Intuitive, user friendly interface, drag & drop control
- Ticketing: print@home, seat selection, integrated card payments, address lookup
- Reporting: easy to use financial, marketing and insights reporting suite
- Marketing: CRM, integrated email, triggered email campaigns, ROI reporting
- Fundraising: opportunity & pipeline management, relationship mapping, wealth screening
- E-Commerce: customisable web tools, highly secure, user friendly
- Fully inclusive support: unlimited training, consultancy, day to day assistance
- Frequent upgrades and IT system maintenance included
- Remote access from any web enabled device
- Unlimited users
- Easily manage complex ticketing operations through all sales channels
- Create targeted automated email campaigns and measure their success
- Save time by automating regular tasks and simplifying event setup
- Increase online sales by providing an easy, secure purchase path
- Raise money with our donations, gift aid and fundraising tools
- Benefit from expert support and consultancy when you need help
- Frequent updates and new features bring you useful tools
- Understand and grow your audience with powerful customer segmentation features
- Use our standard reports or request custom reports anytime
- Benefit from 99.99% average uptime, high security and resilience
£12000 to £250000 per unit per year
020 7785 6967
|Software add-on or extension||No|
|Cloud deployment model||Hybrid cloud|
|Service constraints||Spektrix boasts 99.98% up time. Our system is monitored 24 hours a day to ensure maximum system availability, and our support team are on hand from 9am to 9pm, 7 days a week. Occasionally it will be necessary to restrict access to the system for planned maintenance. This will generally be limited to the early hours of the morning to minimise any disruption|
|Email or online ticketing support||Email or online ticketing|
|Support response times||For Business as Usual support we aim to provide a first response within 8 business hours. We aim to resolve most support queries within 3 working days, although the majority are resolved sooner, if not immediately. During Critical support we resolve any issues that affect our clients’ core business, such as selling a ticket. We respond within 30 mins and always attempt to resolve as soon as possible. Any emergency issues will receive a response within 30 minutes and we provide frequent updates on our status page, status.spektrix.com.|
|User can manage status and priority of support tickets||No|
|Phone support availability||9 to 5 (UK time), 7 days a week|
|Web chat support||No|
|Onsite support||Onsite support|
Support is included in the service charge and unlimited.
There are three support categories; Business as Usual, Critical and Emergency. Support is available by phone and email from 10am - 6pm Mon - Fri for all enquiries, 9am - 9pm seven days a week for critical issues, and 24 hours a day, 365 days a year for Emergency support.
For Business as Usual support we aim to provide a first response within 8 business hours. We aim to resolve most support queries within 3 working days, although the majority are resolved sooner, if not immediately.
During Critical support we resolve any issues that affect our clients’ core business, such as selling a ticket. We always attempt to resolve critical support issues as soon as possible.
Any emergency issues will receive a response within 30 minutes. Spektrix is always monitoring the system. Our own processes will often alert us to critical problems before our customers are aware, at which point we inform customers via our status page (status.spektrix.com).
We also offer an online Support Centre where users can find a series of articles, videos and forums designed to help them troubleshoot and get the most from Spektrix.
|Support available to third parties||Yes|
Onboarding and offboarding
All implementations of Spektrix are carried out by our experienced team of project managers, who deliver the project as a balanced approach to system implementation and business process review. We’ve completed successful migrations from many different box office systems and ensure the whole process as simple and as smooth as possible.
The actual timeline will depend on the complexity of the client's operation and project managers work with clients to confirm each milestone at an initial project meeting.
We normally carry out the setup of payment facilities, data migration, website integration and training at the same time and a typical project takes a total of 10-12 weeks from an order being received to being live with Spektrix.
We use an online tool called Basecamp to manage all of our implementation projects. This allows all parties to collaborate dynamically and update the project schedule and tasks as necessary.
We include a comprehensive package of on site training ahead of the go live, then come back to deliver more training and kick off consultative projects after clients have been live for a few weeks. This is included in the service charge. Clients can request training online or on site at any time.
|End-of-contract data extraction||
When the contract ends, if clients want to extract their data they should send a written request for the delivery to them of the most recent back-up of their data. Spektrix shall use reasonable commercial endeavours to deliver the back-up to the Client in an interchange format and within 30 days of its receipt of such a written request, provided that the Client has, at that time, paid all fees and charges outstanding at and resulting from termination (whether or not due at the date of termination).
We may charge clients in some circumstances for data extraction if requests include formatting or preparing data in a way beyond what we usually include in our interchange format.
Details of how this process works are also contained in our standard Terms and Conditions.
We'll either transfer data to your new supplier on your behalf, or give it to you directly. We'll provide a reasonable number of data extracts within the scope of the normal price and contract.
We might charge for requests which we deem to be excessive.
Details can also be found in our standard Terms & Conditions.
Using the service
|Web browser interface||Yes|
|Application to install||Yes|
|Compatible operating systems||
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||
The system is accessed through a web browser for both client facing and customer facing interfaces. The customer interface functions work on both mobile and desktop devices.
The client facing interface can be accessed on a mobile device, but some drag and drop functions are not available.
|Accessibility standards||None or don’t know|
|Description of accessibility||
The client interfaces, that is all the interfaces that the buyer will use in the back end of the product, do not currently meet specific accessibility standards.
We are in the process of developing our API and Web Components, and are completing an audit on the accessibility of the Spektrix platform.
We haven't completed any formal testing with users of assistive technology.
We are in the process of completing a full audit on the accessibility of the Spektrix platform.
|What users can and can't do using the API||
Spektrix provides several APIs that provide the following functionality:
-Integration of data feeds from Spektrix into a customer-facing website. Typically this data is used to power event lists information, availability and to communicate information such as whether or not a performance is BSL interpreted, for example.
-In addition, this API supports viewing data relating to items on sale (events, merchandise, memberships etc.), viewing and editing customer records and making purchases.
-We provide an 'agency API' that allows ticket agents to sell tickets directly from your Spektrix system in real time by connecting with their own systems.
There is also an API to allow access to customer purchase history for data analysis.
The API does not allow the editing of other data (e.g. event setup).
There is not a specific sandbox or test environment for the API, but clients can get a sandbox system.
|API documentation formats||
|API sandbox or test environment||No|
|Independence of resources||
As a true multi-tenant cloud-based application, clients of Spektrix share a single application layer, however behind this, each Spektrix client has their own database instance within our infrastructure and which is unconnected to any other client database.
We monitor the system regularly and have a series of processes and technical solutions in place to ensure demand from individual users does not degrade overall performance. Our processes alert us to critical problems so that we can address them as quickly as possible.
|Service usage metrics||Yes|
|Metrics types||Metrics for System and Payments uptime are available publicly on https://status.spektrix.com/|
|Reporting types||Real-time dashboards|
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||None|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||
|User control over data storage and processing locations||No|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider|
|Protecting data at rest||
|Other data at rest protection approach||
Data centre meets ISO 27001. Secure rack & physical access control.
Data in the data centre is secured through physical means – a combination of 24/7 manned security, CCTV monitoring, photo id validation, key fob entry, perimeter fencing, and anti-tailgating. Our server cluster is scanned weekly for potential vulnerabilities, and our infrastructure team quickly address any issues that this scan alerts them to. We engage a qualified third party to perform annual external and internal penetration testing.
|Data sanitisation process||Yes|
|Data sanitisation type||Deleted data can’t be directly accessed|
|Equipment disposal approach||A third-party destruction service|
Data importing and exporting
|Data export approach||
There are tools within the Spektrix system interface which allow users to extract customer and sales data in multiple, human readable formats. These include CSV and PDF.
At the end of a contract we would provide a full export of their system in an interchange format if users want to migrate to an alternative system.
|Data export formats||CSV|
|Data import formats||CSV|
|Data protection between buyer and supplier networks||
|Other protection between networks||
The Spektrix web applications enforce encrypted communication using HTTPS for our clients, their customers booking online and any external systems that use our API.
Our client’s customers come into contact with Spektrix when they’re booking tickets online. Whenever these customers are passing information between their device and our systems about themselves in order to make a booking, that happens securely over HTTPS. Spektrix uses a 2048 bits key for encryption and supports only the most secure encryption protocols (TLS v1.0 and above). SSL protocols are not supported and the Spektrix applications will refuse connections using those protocols.
|Data protection within supplier network||Other|
|Other protection within supplier network||Our load balancers decrypt all external traffic. Data is not encrypted within our network (by design).|
Availability and resilience
Our standard Terms & Conditions include the following terms for availability:
Spektrix will aim to maintain service availability 100% of the time except for when:
- Planned maintenance needs to be performed in which case Spektrix will endeavour to give 48 hours’ notice of such maintenance and carry it out between midnight and 8 am.UK time; and
- Unscheduled maintenance needs to be performed in which case Spektrix will, to the extent possible, endeavour to give the Client at least 6 hours’ notice in advance.
|Approach to resilience||The system is located in a highly redundant tier 4 data centre (with at least N+N redundancy at all points). Spektrix data is backed up offsite every 15 minutes (encrypted log shipping to Microsoft Azure). We hold daily backups for the last month, and monthly backups for a year. In the event of a catastrophic incident in the data centre, we would be able to start up a Spektrix system on Microsoft Azure and continue our service from there. This is our ‘worst-case’ scenario, as it would involve loss of up to 15 minutes of data, and the recovery time may be up to 4 hours. The likelihood of a catastrophic incident in the data centre that would prompt a move to Microsoft Azure is very low. There is no single point of failure within the Spektrix network (including RAID 10 storage, suitable for ‘hot swap out’ if necessary), and the data centre itself is protected by fire suppression systems, dual internet connections with automatic failover and dual power supplies, each with its own back-up generator.|
Spektrix has a public dashboard at https://status.spektrix.com/
This outlines the status of: Spektrix System, Payment Processing, Dotdigital, Support Services and APIs.
Clients can also subscribe to emails alerting them of any system issues as well as following the Spektrix Twitter feed.
The system also contains an information panel which is updated live for users to be notified within the system of any issues and when they are resolved.
Identity and authentication
|User authentication needed||Yes|
|Other user authentication||
Each person who requires access to the Spektrix system is required to have a unique username and password. Passwords must be a minimum of 8 characters in length and contain a combination of alphanumeric and non alphanumeric characters. Repeated failed attempts to enter passwords will lock user accounts.
It is the policy of Spektrix support not to unlock users in this scenario, referring them to an administrator user within the client’s organisation to restore access, mitigating the risk of Spektrix support being asked to provide access to an unauthorised person.
|Access restrictions in management interfaces and support channels||
Users are granted access to specific 'modules' of the systems as required, including Sales, Insights & Mailings, Admin, Opportunities, Settings and Website Configuration.
Users can be given operator or administrator rights to control what functions they can carry out. Following the initial configuration of the system during implementation, the client will need to assign user(s) with sufficient permissions to manager user accounts. The Spektrix team will not create new accounts or reset passwords for individual users.
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||Username or password|
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||At least 12 months|
|Access to supplier activity audit information||No audit information available|
|How long system logs are stored for||At least 12 months|
Standards and certifications
|ISO/IEC 27001 certification||No|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Who accredited the PCI DSS certification||FortConsult A/S|
|PCI DSS accreditation date||19/06/2018|
|What the PCI DSS doesn’t cover||We are covered by PCI DSS for payment processing. The other parts of our application are not in scope for PCI.|
|Other security certifications||No|
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||Other|
|Other security governance standards||PCI DSS|
|Information security policies and processes||All changes that are made to live systems are reviewed and approved by the relevant people and a comprehensive history of all changes is kept. At both the individual and system application levels, the minimum number of permissions is assigned to allow an individual accessing the system, or an application running on it to do their job.|
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||All changes to the live environment are tracked via the Spektrix change control process that is implemented in JIRA (a software development tool used for Agile processes). A change must be authorised by the relevant people before implementation.|
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||
Daily - Logs are scanned daily by the SureCloud appliance (a cloud-based provider of GRC Applications and Cybersecurity Services) and then reviewed for any threats or vulnerabilities.
Quarterly - Both internal and external vulnerability scans are run from SureCloud.
Annually - An external PCI assessment and penetration test.
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||Real time monitoring comes from the managed iSensor IPS Service. 24/7 notifications and immediate response taken to mitigate any potential breach. Logs are also analysed by SureCloud and reviewed daily.|
|Incident management type||Supplier-defined controls|
|Incident management approach||
All incidents are logged in Jira, given a priority based on their impact and and worked on according to this. These are reviewed weekly. For more serious issues there is a crisis management procedure followed with various roles assigned to staff members to help manage it. Following this there is a full root cause analysis.
Spektrix is always monitoring the system. Our own processes will often alert us to critical problems before our customers are aware, at which point we inform customers via our Twitter feed (twitter.com/spektrixops) and status page (status.spektrix.com).
|Approach to secure software development best practice||Supplier-defined process|
Public sector networks
|Connection to public sector networks||No|
|Price||£12000 to £250000 per unit per year|
|Discount for educational organisations||No|
|Free trial available||No|