Tractivity Stakeholder Management & Consultation Software (CRM/SRMS)
Tractivity is a cloud-based, UK stakeholder engagement tool, providing functionality to manage and engage with all stakeholders through a single system. Whilst maintaining GDPR compliance, Tractivity facilitates the management of every aspect of your engagement process by securely logging communications with built-in tools such as surveys, newsletters and issue management.
Features
- Record and track all stakeholders and engagements
- Case management, analysis and reporting
- Consultation reporting of qualitative and quantitative data
- Fully customisable and easy to use
- Built-In survey and newsletter tools
- Event management
- Drag and drop custom report facilities
- Full GDPR Compliance
Benefits
- Save time and money
- View all stakeholder interactions across a project, consultation, organisation
- Effective management of feedback and issues raised
- Publish branded newsletters and event invitations
- Custom build surveys and track all responses
- Real-time reporting
- Dedicated account manager
- UK based software
Pricing
£10,000 to £50,000 a licence a year
- Education pricing available
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 12
Service ID
9 3 2 7 7 6 2 5 6 7 3 0 5 1 7
Contact
Tractivity Ltd
Mark Rutter
Telephone: 01629815916
Email: mark.rutter@tractivity.co.uk
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Private cloud
- Service constraints
- Planned maintenance and emergency maintenance windows are defined within the service contract. Application Service Levels are dependent on client contract.
- System requirements
-
- Browsers: Chrome, IE10+, Firefox, Edge, Safari
- Windows 7+
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- Support offered during normal business hours, the support ticketing system is available online 24/7/365
- User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- WCAG 2.1 AAA
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- Web chat
- Web chat support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support accessibility standard
- WCAG 2.1 AAA
- Web chat accessibility testing
- None
- Onsite support
- Yes, at extra cost
- Support levels
-
Tractivity licensing comes with standard support services that can be accessed via telephone, web or email services between Monday to Friday, during normal UK business hours (09:00- 17.30pm GMT (GMT+1)).
A dedicated account manager will be assigned as part of the on-boarding process and they will maintain regular contact with the client. Monthly online refresher training sessions are also available should these be required.
Further onsite support and training may attract an additional charge. - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- Tractivity provides onsite training to all UK based clients as part of the standard on-boarding process. User documentation is provided for all training sessions. Further on-site follow up and online training sessions can be arranged with the client's dedicated account manager.
- Service documentation
- Yes
- Documentation formats
-
- HTML
- Other
- Other documentation formats
-
- Powerpoint
- Word
- End-of-contract data extraction
- All data can be extracted from Tractivity by using the reporting facilities in a range of formats such as MS Excel, CSV and XML. Tractivity can also securely provide an encrypted SQL Server (.BAK) file when the contract expires as part of the secure data deletion and service shutdown process.
- End-of-contract process
-
An encrypted SQL Server (.BAK) file is transferred onto an encrypted storage device and sent to the main contact via recorded Royal Mail or courier delivery as defined within the contract.
Upon written confirmation of receipt and decryption of the data the database and backups are subjected to the secure data destruction procedure. Documentation that all the client data has been securely deleted can be provided upon request.
Bespoke data requests can be facilitated and this service will attract an additional charge which will be agreed beforehand with the dedicated account manager.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 10
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari 9+
- Opera
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- Tractivity provides a streamlined and dynamic version for Smart phones and tablets
- Service interface
- Yes
- Description of service interface
-
The API gives clients the ability to add Buildings, Organisations, Contacts, Enquiries and Activities into Tractivity, including the ability to run duplication checks on all record types. Providing complete flexibility, clients can input data into all of the available data fields within Tractivity. Common uses for the API include – Enquiry Forms, Newsletter Sign Up Forms or Registration of Interest Forms.
The API uses industry standard security settings to ensure that all transmitted data is done securely and that all connections are legitimate. - Accessibility standards
- WCAG 2.1 A
- Accessibility testing
- None
- API
- Yes
- What users can and can't do using the API
-
The API gives clients the ability to add Buildings, Organisations, Contacts, Enquiries and Activities into Tractivity, including the ability to run duplication checks on all record types. Providing complete flexibility, clients can input data into all of the available data fields within Tractivity. Common uses for the API include – Enquiry Forms, Newsletter Sign Up Forms or Registration of Interest Forms.
There is full online documentation about how to implement the API. Contact the Tractivity support desk for further information or customisation.
The API uses industry standard security settings to ensure that all transmitted data is done securely and that all connections are legitimate. - API documentation
- Yes
- API documentation formats
- HTML
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
- Most of the settings in the software are customisable - data fields, data options and mandatory data field settings can be all controlled (per project) by nominated Administrator level person(s) only.
Scaling
- Independence of resources
- We use dedicated virtualised servers configured as a private cloud (all held within the UK facilitated through VMWare and vSphere TIER 4 data centre) that are shared with other Tractivity users only, all traffic is segmented and VLANed through a dedicated 1Tb facilitated through 4 diverse independent BGP TIER 1 data carriers. Disk, memory, cpu, server performance and network traffic is monitored 24/7 through our dedicated monitoring services which feeds into our automated escalation service. Client performance issues are monitored as a more granular service by individual client basis.
Analytics
- Service usage metrics
- Yes
- Metrics types
- User level service metrics and Project level service metrics
- Reporting types
-
- Regular reports
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Security Clearance (SC)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- No
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
- Protecting data at rest
-
- Physical access control, complying with CSA CCM v3.0
- Physical access control, complying with another standard
- Encryption of all physical media
- Data sanitisation process
- Yes
- Data sanitisation type
- Explicit overwriting of storage before reallocation
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
- Data can be exported using our reporting system. All data can be exported in a range of formats including as MS Excel, Word, CSV, PDF, XML or RTF.
- Data export formats
-
- CSV
- Other
- Other data export formats
-
- XML
- MS Excel
- MS Word
- Data import formats
-
- CSV
- Other
- Other data import formats
- MS Excel
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- Private network or public sector network
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Legacy SSL and TLS (under version 1.2)
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Legacy SSL and TLS (under version 1.2)
Availability and resilience
- Guaranteed availability
-
Our datacentre provider guarantee availability:
99.99% at the application level
99.99% at the infrastructure level
If we do not meet the guaranteed levels of availability we negotiate an acceptable outcome in terms of compensation for lost time with individual clients who are directly affected (when required). - Approach to resilience
-
Datacentres are ISO27001 and PCI DSS compliant and provide TIER 4 (N+N) redundancy for power, supporting services and air conditioning.
At the network level active/passive failover of all connectivity networks. through > 4 diverse BGP TIER 1 data carriers.
IDS /IPS services at primary firewall perimeters
At the application:
- daily digital backups of data stored off-site
- regularly integrity tests of backup data conducted as part of backup process
- active monitoring from diverse location with 24/7 response service
- 24/7 monitoring by security team
- snapshots servers transferred daily to off-site failover
- warm/cold standby servers off site - Outage reporting
-
Email alerts can be made available to clients upon request.
Internal 24/7 monitoring with alerts and escalation procedure delivered by email and SMS to Systems Administrators
Internal outage escalation and reporting procedure
Identity and authentication
- User authentication needed
- Yes
- User authentication
- Username or password
- Access restrictions in management interfaces and support channels
-
Management interfaces are restricted by role access. These restrictions are limited to Administrator level users.
Support channels are generally available to all users through our dedicated UK online facilities. - Access restriction testing frequency
- At least every 6 months
- Management access authentication
- Username or password
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- At least 12 months
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- User-defined
- How long system logs are stored for
- Between 1 month and 6 months
Standards and certifications
- ISO/IEC 27001 certification
- No
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Other security certifications
- Yes
- Any other security certifications
-
- The datacentre has ISO27001, ISO28000 and PCI DSS certification
- Cyber Essentials
- ISO27001 & ISO28000 (October 2020)
- Cyber Essentials Plus (July 2020)
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
-
- ISO/IEC 27001
- Other
- Other security governance standards
- Payment Card Industry (PCI DSS) and cyber essentials
- Information security policies and processes
-
We follow the ISO27001 and adhere to PCI DSS recommended standards.
Our Information Security Policy includes awareness, training, monitoring and review. The Information Security Policy document is reviewed annually and disseminated to staff for them to review and confirm annually. Along with supporting documents which include BCP / DR, Data Protection / GDPR, Development Standards, Breach, Secure Data Deletion and Destruction, Firewall and Change Control policies.
All information security policies and process are monitored by our Technical Director and DPO who reports directly to the Board.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
- We adhere to the ISO27001 change management process standards. Services are tracked through software development policy. The company follows formal policies for backup, anti-mailware, physical security, information security, data handling and change process that complies with the PCI DSS recommended standards. Service Impact and Change Notifications is controlled through email alerts to clients and dates altered by negotiation with the dedicated account manager.
- Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
-
Vulnerability management policy in place.
Operating system patching performed monthly according to the manufacturers recommendations. Emergency patching of critical threats are evaluated by the Technical Director and deployed accordingly, the process is handled through emergency change control procedure.
At least daily threat notifications come from source vendors and recognised security sources which included but is not limited to Microsoft, Sophos, GDS Security, Prism Infosec, Webroot, ICO, PCI DSS council and NCSC. - Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
-
Regular Windows server and firewall log file review in line with PCI DSS recommendations.
Log file review using heuristic tool.
Perimeter IDS/IPS monitoring.
Identified incidents managed through formal incident response plan according to PCI DSS recommendations.
Priority and resolution speed is dependent upon the incident severity. - Incident management type
- Supplier-defined controls
- Incident management approach
-
A formal documented incident and breach management process is in place and adheres to PCI DSS guidance and recommendations and follows IS027001 standards. It also forms part of the documented Information Security Policy which is reviewed and issued to all staff annually.
Users can report incidents via email, helpdesk ticketing system and telephone (when they will be asked to raise a support ticket for tracking purposes).
Incident reports are made available through Tractivity website and a more detailed incident report can be made available to the client by contacting their dedicated account manager.
Secure development
- Approach to secure software development best practice
- Conforms to a recognised standard, but self-assessed
Public sector networks
- Connection to public sector networks
- No
Pricing
- Price
- £10,000 to £50,000 a licence a year
- Discount for educational organisations
- Yes
- Free trial available
- Yes
- Description of free trial
- Access to a full version of the software along with limited support services. Certain features such as emailing and reporting will be restricted.