SPROUT SOCIAL UK LTD

Sprout Social

Sprout Social is a social media management and optimization platform for brands and agencies of all sizes. Our platform gives you a single hub for social media publishing, analytics and engagement across all of your social profiles.

Features

  • Social media publishing
  • Social media reporting
  • Community management
  • Customer care
  • Reputation management
  • Social media monitoring
  • Social media listening
  • Employee advocacy
  • Competitive benchmarking

Benefits

  • Publish content across multiple social channels
  • Easily submit content for approval
  • Tag content to measure campaigns across channels
  • Quickly respond to messages
  • Report on success of social media efforts

Pricing

£99 to £249 a user

  • Education pricing available
  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at emea-enterprise@sproutsocial.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

9 0 4 6 4 6 9 1 0 6 5 5 0 7 2

Contact

SPROUT SOCIAL UK LTD Cillian O'Grady
Telephone: +353 76 6805949
Email: emea-enterprise@sproutsocial.com

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
Sprout Social is hosted in AWS US regions.
System requirements
SaaS Based Web App

User support

Email or online ticketing support
Email or online ticketing
Support response times
Sprout provides 24/7 email support and 24/5 chat and phone support from 6:30pm CT Sunday - 6:30pm CT Friday weekly, excluding Sprout holidays. First half of 2020, our median first response time for email is 3.8 hours and our median wait time for chat is 1.3 minutes. Optionally customers can purchase upgraded service level agreement,includes a 2-hour email response time from our team

2019:
Median resolution time: 101.6 hours
Median first reply time: 6.7 hours
Median chat wait time: 1.9 minutes
2020
Median resolution time: 61.9 hours
Median first reply time: 3.8 hours
Median chat wait time: 1.3 minutes
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
WCAG 2.1 AA or EN 301 549
Web chat accessibility testing
The web chat controls' name, role, state, and value are exposed to assistive technology.
Onsite support
No
Support levels
Access to customer support is included with your license to Sprout Social. Customers also are provided a customer success manager to help them with ongoing day to day support.

Should technical issues arise we will escalate those to our support team and we will evaluate the need to prioritize those tickets based on our incident severity guidelines. As indicated above on average only 4% of total tickets are escalated to Engineering with 96% of total volume being resolved by our Level 1 and Level 2 Support Teams.
Support available to third parties
No

Onboarding and offboarding

Getting started
Sprout offers a comprehensive service model to meet the needs of our enterprise clients. This includes, but is not limited to, an assigned implementation team, a dedicated relationship manager for training and on-going support, and priority access to our customer support team.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Sprout Social offers our customers the ability to extract their data via self-service. Our customers have the ability to export reports, messages in the Inbox, and listening queries at any time within the platform.
End-of-contract process
NEED GERARD/CILLIAN

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Sprout's mobile applications on iOS and Android allow users to access publishing, engagement, and reporting tools on-the-go.
Service interface
No
API
Yes
What users can and can't do using the API
The API will initially focus on profile and post data for profiles authenticated in Sprout (i.e. “owned” performance). The API will be customer-scoped and focused on the most granular data available. We expect the API consumers to manage user-level data access and data aggregation.

To utilize the API, Customers will need what’s known as an access token.

Included API data:
Sprout Customer Metadata
Owned Profiles Data
Published Posts for Owned Profiles
Sprout Post Metadata: Tags and Author

Not included in the API:
BI Connectors
Additional Capabilities - sorting, aggregating, and advanced filtering (beyond profile and date filters)

Additional Owned Data
Owned Paid / Ad Account Data
Owned Profiles Demographics Data
Owned Profiles Message Volume Data - other message metrics (received, comments sent, DM/PMs sent)
API documentation
Yes
API documentation formats
  • HTML
  • PDF
API sandbox or test environment
No
Customisation available
No

Scaling

Independence of resources
Sprout Social uses AWS services to automatically scale capacity upon demand.

Analytics

Service usage metrics
No

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
None

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
EU-US Privacy Shield agreement locations
User control over data storage and processing locations
No
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least every 6 months
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
  • Other
Other data at rest protection approach
All customer data-at-rest is encrypted with AES-256. All employee laptops are encrypted using OS-standard full disk encryption technologies.
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Sprout Social does not support the full export of data (i.e. flat pull) stored within the Sprout Social application. The customer does, however, have the ability to export reports, messages in the Inbox, and listening queries (going back 90 days) on a self-service basis within the application.
Data export formats
  • CSV
  • Other
Other data export formats
PDF
Data import formats
Other
Other data import formats
Sprout does not support inbound data uploads

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
If you request an SLA, we may guarantee up to 99.5% uptime.
Approach to resilience
Systems are designed for resiliency, durability, and availability within AWS. Sprout Social takes daily backups of data stores across multiple locations. Server and infrastructure configuration is stored in version control, as is our software code. In the event of a disaster, systems will be restored from these sources.
Outage reporting
Sprout Social maintains a status page at https://status.sproutsocial.com and outages or service degradations, including third party problems, are noted on that page. Users can also sign up on that page to be alerted via SMS or email of new issues that have been posted.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels
Sprout Social provides configurable levels of administrative access based on in-app permissions that can be set up by the account owner. These varying levels of access control what users see and have access to.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
Yes
CSA STAR accreditation date
30/12/2019
CSA STAR certification level
Level 1: CSA STAR Self-Assessment
What the CSA STAR doesn’t cover
N/A
PCI certification
Yes
Who accredited the PCI DSS certification
Trustwave
PCI DSS accreditation date
08/22/2019
What the PCI DSS doesn’t cover
N/A
Other security certifications
Yes
Any other security certifications
SOC 2 Type 2

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
No
Security governance approach
Sprout Social’s security governance is closely aligned to NIST. Sprout Social maintains a SOC 2 Type 2 certification which audits our information security policies and processes against industry-leading standards.
Information security policies and processes
Sprout Social has a formal information security program in place with defined policies and processes. As a requirement for maintaining our SOC 2 compliance, our reporting structure includes semi-annual information security training for all employees and formal acknowledgement of applicable policies.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Sprout Social has a formal change management policy for code deployment. This policy outlines our software development lifecycle (SDLC) as Sprout Social follows AGILE development methodologies. Teams must use industry-recognized SDLC best practices and our policy includes the following 6 phases:
- Planning
- Development
- Code Reviews
- Testing
-Deployment
- Monitoring
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Sprout has a formal Vulnerability Management Program in place that includes input from several tools and platforms. Internally, Sprout utilizes a range of vulnerability scanning tools including Rapid7, OpenVAS, Nikto, and SSL Labs. Scanning runs against systems that are exposed to the Internet. All identified vulnerabilities are verified by our internal security team, added to the appropriate workstreams, tracked against our internal SLAs (are defined by the potential impact or criticality of the underlying asset) These vulnerabilities are resolved by our development or infrastructure teams, they are re-verified by Sprouts internal security team to verify the issue has been resolved.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
System and service health is monitored by Nagios with checks written for all major parts of the systems and application. External availability monitoring is provided by Pingdom. System and application monitoring data (errors) are also reported remotely to New Relic with alerting enabled for abnormal conditions, including underflow of data.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Incident response is carried out primarily by the security team with input from other stakeholders as appropriate for the scenario. The additional stakeholders may include senior management, internal communications, legal, client relationship management staff, and technical staff as needed. Incidents are tracked through JIRA tickets and classified per Sprout Social's Incident Response Policy based on the impact to the business. Incidents are closed when the security team has determined that all incident activity has ceased, a final report has been published to senior management, and all incident artifacts are properly archived.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Pricing

Price
£99 to £249 a user
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
We provide a 30 day free full use trail of our platform

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at emea-enterprise@sproutsocial.com. Tell them what format you need. It will help if you say what assistive technology you use.