Outfit.io

Brand Management Software

Outfit is an enterprise brand management platform, empowering organisations globally to self-create content on-brand, at scale and at unprecedented speed. Outfit delivers; increased speed-to-market & personalisation, reduced marketing production costs, guaranteed brand and compliance adherence, visibility and proactive insight into your whole organisation's outward intention.

Features

  • Content creation at scale across any channel (digital & print)
  • Content Kits to guide your teams the content they need
  • Approval workflows govern the correct sign-offs before going to market
  • Setup pre-approved content for quick and easy use
  • Integrations with leading sales and marketing technology
  • Clear audit trails highlighting every change made to a design
  • Activity stream creating visibility over the business in real-time
  • Brand, legal and compliance controls to mitigate go-to-market risk
  • Reports delivering visibility and insights over your organisation
  • Single Sign On enabling teams to access Outfit seamlessly

Benefits

  • Enable teams to self create content and execute at speed
  • Reduce design requests and focus on more strategic initiatives
  • Ensuring the use of your latest content and marketing assets
  • Guarantee brand compliance, with access to clear audit trails
  • With time saved, focus more on message effectiveness

Pricing

£23,600 a transaction

  • Education pricing available
  • Free trial available

Service documents

Framework

G-Cloud 12

Service ID

9 1 5 2 0 3 5 5 4 3 9 6 2 9 6

Contact

Outfit.io Alexandra Dutton
Telephone: 07495767222
Email: alex.dutton@outfit.io

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
Customer Relationship Management
Marketing Automation Software
Digital Asset Management
Adobe Suite
Cloud deployment model
Public cloud
Service constraints
Customer access to Outfit’s SaaS services is through the Internet, and only after the authorised end user is properly authenticated. TLS encryption technology is required for all Outfit access. TLS connections are negotiated for at least 256-bit encryption when using both our browser application, as well as programmatic integrations via API. In addition, it is recommended that the latest available browser be used when accessing the application over the web. Outfit seeks to notify users in advance of any planned maintenance, with any system upgrades that may impact Outfit SaaS users, timed for low usage periods to minimise end-user inconvenience.
System requirements
Web-browser access

User support

Email or online ticketing support
Email or online ticketing
Support response times
We endeavour (but do not guarantee) to keep our Hosted Services online 24 hours, 7 days a week, 365 days a year with an Uptime Percentage of 99.95% (Service Level Objective or SLO).

Outfit maintains a Support Desk 24 hours a day to provide technical assistance to Customers. The Support Desk is staffed between 9am-5pm GMT Monday to Friday (excluding public holidays) and consists of a support telephone number and email support.

A self-service help page in the Software contains troubleshooting topics, a general user guide as well as specific recorded training tutorials.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
Outfit leverages Zendesk for its web chat capability. Please refer to the Zendesk Accessibility guidelines, which can be found here - https://www.zendesk.com/company/policies-procedures/accessibility/
Web chat accessibility testing
Outfit leverages Zendesk for its web chat capability. Please refer to the Zendesk Accessibility guidelines, which can be found here - https://www.zendesk.com/company/policies-procedures/accessibility/
Onsite support
Onsite support
Support levels
Outfit's Customer Success and Support Teams are the primary contact points for customers. Each customer is allocated a dedicated Customer Success Manager for the duration of relationship. This support function is provided as part of the service and includes everything from general tech support to individual user assistance.

Outfit's Customer Success Team become an extension of your own team and work with you through:

- Regularly scheduled operational reviews to optimise, support and recommend enhancements to your team's usage and brand performance & designs.
- Regular strategic reviews to set clear objectives, metrics and managed activities.
- Regular reporting on usage, support, product releases, user communications and success activity.
- Account planning sessions to identify training and user communication opportunities to encourage the right operational and process behaviours and results.

Additional professional services hours are purchasable at £90/hr.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Outfit has large enterprise implementation experience. Our approach focuses on delivering quick wins initially, followed by further efficiency gains and team adoption in later phases.

There are a number of stages involved in the initial on-boarding process which are as follows:
- Scoping session
- Account Setup
- Template Library
- Integrations
- Admin Training
- Wider Rollout

Typical time frames for an implementation range from 6-12 weeks. The number of templates required for Go-Live is the primary driver behind the implementation duration (ie. 30 templates vs 200 templates).

Training can be provided through a blended approach according to the customers preferences. This can include onsite sessions, online training and video tutorials. All users are also provided with a live chat function within Outfit, help documentation and internal training resources.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Outfit strives to facilitate a smooth transition-out plan that aligns both customer and supplier requirements. This is delivered through a set of steps which are delivered in a clear and timely manner:

1. The customer provides written notification of intent to disengage with Outfit at contract end or a separately agreed upon date, in accordance with the applicable Master Services Agreement or equivalent contractual documentation.
2. Outfit and the customer engage to assess data transfer and transition-out requirements. This involves confirming the type of data required (e.g. user activity audit logs, templates, assets), the format (PDF, CSV, HTML) and the consideration of any other information captured within Outfit and deemed relevant to the customer.
3. After these requirements are established and accepted by both parties, Outfit will provide the customer with a quote for any services required to deliver this service.
4. Upon acceptance of the quote and project timeline from the customer, Outfit begins packaging requested data in a secure location and transfers this to the customer through an agreed upon method.
5. Upon the agreed milestone, all data is erased from the customer’s platform in accordance with Outfit’s most recent Data Destruction Standard.
End-of-contract process
Recognising that there are circumstances where customers will disengage with services, Outfit strives to facilitate a smooth transition-out plan that aligns both customer and supplier requirements. This is delivered through clear communication and the below procedure:

- The customer provides written notification of intent to disengage with Outfit at contract end or a separately agreed upon date, in accordance with the applicable Master Services Agreement or equivalent contractual documentation.

- Outfit and the customer engage to assess data transfer and transition-out requirements. This involves confirming the type of data required (e.g. user activity audit logs, templates, assets), the format (PDF, CSV, HTML) and the consideration of any other information captured within Outfit and deemed relevant to the customer.

- After these requirements are established and accepted by both parties, Outfit will provide the customer with a quote for any services required to deliver this service.

- Upon acceptance of the quote and project timeline from the customer, Outfit begins packaging requested data in a secure location and transfers this to the customer through an agreed upon method.

- Upon the agreed milestone, all data is erased from the customer’s platform in accordance with Outfit’s most recent Data Destruction Standard.

Using the service

Web browser interface
Yes
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Outfit is accessible via mobile devices through our responsive web interface. Not all features and capability are served to the mobile experience as these user actions are primarily designed for desktop engagement. Outfit continue to further our mobile interface as we develop and introduce new features and capability.
Service interface
Yes
Description of service interface
Outfit is a web-based SaaS platform.
Accessibility standards
None or don’t know
Description of accessibility
Outfit is not currently WCAG 2.1 compliant, however we are taking the measures to ensure we are on the right path to accessibility.

Outfit is committed to ensuring digital accessibility for people with disabilities. We are continually improving the user experience for everyone, and applying the relevant accessibility standards where crucial.

We are committed to lowering the barriers to the accessibility of our platform and also supporting your organisation in upholding your own accessibility standards and goals.
Accessibility testing
The following is an overview of the initiatives in place at Outfit to ensure that accessibility remains top of mind throughout the organisation:

- Include accessibility throughout our internal policies.
- Accessibility is a design principle.
- Ensure accessibility is part of the quality assurance process when developing software.
- Provide continual accessibility training for our staff.
- Research and Development into areas that do not yet have a full solution for accessibility.
- Assign clear accessibility targets and responsibilities.
- Continual prioritisation of our accessibility roadmap items.
API
Yes
What users can and can't do using the API
For more information on Outfit's API, please click here - https://outfit.io/developers
API documentation
Yes
API documentation formats
Open API (also known as Swagger)
API sandbox or test environment
No
Customisation available
Yes
Description of customisation
The following areas of the Outfit platform can be customised:
- User interface branding
- Team and user structure and permissions
- Template designs and capability

Scaling

Independence of resources
Outfit leverages AWS’s high availability capabilities by balancing the architecture components of our application between multiple Data Centres (known as Availability Zones) help to keep our platform online, even if one whole Data Centre goes offline.

Outfit services are designed to leverage the benefits of “cloud native architecture” which includes the capability to scale compute, memory and network resources to meet the demands of our customers. Outfit uses AWS
services to maintain application availability and scale our capacity up or down according to demand.

Analytics

Service usage metrics
Yes
Metrics types
Outfit provides reports on the activity being performed within the platform. Reports include but are not limited to:

-Top performing Imperial users creating content
-Top performing Imperial teams creating content
-Number of New Projects, New Documents, Edits and Exports
-Most edited templates
-Most exported templates
-Most edited documents
-Most exported documents
-Most exported formats
-Most cloned projects
-New variations created
-Workflow (approvals) metrics

In addition to the Reports area, Outfit's Activity Stream Panel and Project Activity Dashboard also provides an overview of activity being performed within the platform - eg. who exported what design and when.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
Other locations
User control over data storage and processing locations
No
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Exporting a project to a compressed format (such as Tar or Zip) outside of the Outfit platform can be setup upon request from the customer and delivered during the implementation phase. This capability is not currently available from the self-service UI. This process would require a discovery and planning workshop with the relevant team members to assess integration points, file formats and the process in-which data is exported from the system and ingested by the customers systems. (i.e. export of data and upload via FTPS, Secure API, Delivery of files to Customers IaaS platform such as AWS S3 Bucket, etc).
Data export formats
Other
Other data export formats
  • PDF
  • JPEG
  • PNG
  • GIF
  • HTML
Data import formats
  • CSV
  • Other
Other data import formats
  • SVG
  • JPEG
  • INDD
  • PNG
  • PDF
  • HTML
  • CSS

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Outfit is committed to providing a highly available and secure network to support its customers. The Service Level Policy (SLP) describes the service availability commitment for Outfit Hosted Services provided where agreed under a Master Services Agreement with a customer. Unless otherwise provided, capitalised terms take their meaning from the MSA in place with each customer.

The parties may agree additional service levels and service credits on a case by case basis for specific templating services or instances. Any such additional service levels will be quoted by Outfit once it understands the Customer requirements, and if agreed, recorded in writing. They will be effective in accordance with their terms.

Service Credits are calculated as a percentage of the License Fee for affected Hosted Service(s) during the Subscription Period where the Hosted Service Uptime Percentage falls below a certain threshold.

To be entitled to any Service Credits, the Customer must request such Service Credit in writing from Outfit within 30 days of the end of the relevant month. Outfit will confirm the information provided in the Claim Notice within five business days of receipt of the Claim Notice and apply any relevant Service Credits to its next invoice to the customer.
Approach to resilience
Available on request.
Outage reporting
Outfit provides all customers with a public dashboard.

Identity and authentication

User authentication needed
Yes
User authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
Access restrictions in management interfaces and support channels
Access to information within Outfit is based on a ‘business need to know’ related to a specific job function or role within the company. This is based on the ‘least privileges’ principle necessary for an individual to perform their job responsibilities. Access to management interfaces and support channels requires formal approval and regular access audits are carried out to remove inactive accounts and/or excessive priveleges.
Access restriction testing frequency
At least once a year
Management access authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

Access to user activity audit information
Users receive audit information on a regular basis
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users receive audit information on a regular basis
How long supplier audit data is stored for
User-defined
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
Other
Other security governance standards
Outfit is actively working towards ISO 27001:2013 compliance and has engaged a certified ISO 27001 auditor to assist with certification preparation. Policy and procedure documentation has been developed and approved. Applicable controls have been implemented and the Outfit ISMS is being established to commence the certification process in early 2021.
Information security policies and processes
The Outfit information security framework includes the following policies and procedures:

Information Security Policy
Disaster Recovery Plan
Acceptable Use Policy
Data Classification and Retention Policy
Firewall and Network Security Policy
Access Control Policy
Change Control Policy
Business Continuity Plan
Service Provider Management
Risk Management Policy
Incident Response Plan

These are reviewed and tested annually to ensure compliance.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
All change requests require approval prior to implementation. An assessment of the risk of each change is carried out during the approval process. A penetration test must be conducted if a significant change is carried out that has the potential to materially impact the security of the Outfit platform. All service components are hosted in AWS and tracked throughout their lifetime using tag-based metadata.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Outfit conducts regular vulnerability scanning and uses the following sources to monitor vulnerabilities which may impact the security of the SaaS platform :

• Vendor websites.
• Mailing lists.
• RSS feeds.

If a new vulnerability is identified which may impact Outfit services, a risk assessment is carried out to determine the treatment approach. Where security patches have been identified to mitigate a critical risk resulting from the risk management process they are required to be installed within one week of release.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Outfit uses a Security Information and Event Management (SIEM) system to identify potential compromises affecting the SaaS platform. An Incident Response Plan (IRP) is in place and is invoked in the event of a validated security threat. The severity of the threat determines the speed of response as documented in the IRP.
Incident management type
Supplier-defined controls
Incident management approach
Any person or team that is aware of an information security incident must immediately contact a member of the Incident Response Team (IRT).
Process:
- The IRT member who is notified informs all IRT members about the incident and creates a report
- The IRT meets and determines a strategy
- An incident ticket is created using Jira and categorised into 3 priority levels, investigated, and solved
- The IRT recommends any changes necessary to prevent reoccurrence of the incident. The emergency change process will be
invoked if urgent.
- Complete incident reports incl. damage assessment will be provided

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Pricing

Price
£23,600 a transaction
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
Proof of concept available on request. Trial user licenses are available on request.

Service documents