Carve Consulting

Social Media Strategy & Delivery

Detailed analytics on effectiveness & efficacy of cloud & web-based marketing, advertising, promotion, networking & branding, Numerous metrics to ensure a ROI when messaging all, or segmented audiences, enabling hyper-targeting to address under-represented populations.


  • Social Media Strategy design for B2B/B2C, Talent & Employee Engagement
  • Research & Insights to better understand customers/potential hires/communities
  • Digital Transformation: Strategies, activation, insights
  • Content & Community
  • Design/Build Apps, AI Bots, films, AR/VR & digital experiences
  • Advisory support for in-house digital and leadership teams
  • Real-time reporting on effectiveness of every social channel
  • 11 years' of Social Media experience
  • 10 million Social Media Communities under management
  • "Connected Leaders" programme to enhance Board Level profile & engagement


  • Helping organisations understand how Social Media impacts all service areas
  • Advising what works, what doesn’t and what’s next in social
  • Translating emerging technologies into business value.
  • Implementing digital transformation programmes, driving engagement & change.
  • Unlocking 'Power of Purpose' through social stories & content marketing
  • Social media strategies focus on what matters: REPUTATION/RELATIONSHIPS/RESULTS
  • Huge financial savings utilising digital channels over traditional print media
  • Clients in highly regulated sectors


£1400 per transaction

  • Education pricing available

Service documents


G-Cloud 11

Service ID

9 3 4 4 3 4 2 1 6 3 3 1 9 5 9


Carve Consulting

Paul Harrison


Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints No
System requirements Certain social channels require additional subscriptions to unlock advanced features

User support

User support
Email or online ticketing support Yes, at extra cost
Support response times Typically support needs of our clients are zero or rare, but we are able to respond within 4 hours for all email or verbal support requirements during normal working hours. Out of hours email support may take longer and may be chargeable, according to pre-agreed support classifications.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), 7 days a week
Web chat support Yes, at an extra cost
Web chat support availability 24 hours, 7 days a week
Web chat support accessibility standard None or don’t know
How the web chat support is accessible In the unlikely event web chat would be appropriate for our provision, details will vary according to the service level requirements of each customer.
Web chat accessibility testing Web chat has yet to be requested, so no testing required as yet.
Onsite support Yes, at extra cost
Support levels Carve clients enjoy the benefits of an individual Account Director, Account Management and access to our support team. This support and management can be delivered via regular or ad hoc onsite meetings, Skype/Hangout, email, mobile phone, Whatsapp or preferred communication channel. Where reputation management is required, telephone support can be extended to 24/7/365
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Our service provision is always tailored to fit knowledge, competency and time constraints of our clients, through face to face meetings, workshops, work in progress calls, and a dedicated client management approach that puts aligning KPIs at the forefront of our work. After on-boarding clients we ensure regular reporting with agreed metrics is in place, allowing us to optimise outcomes.
Some clients require face to face time and onsite account management for us to create ideas, content and post. Others may be confident users of Social Media channels and tools and just require advice on short, medium and/or long term strategy with agreed & timely remote account management, or metrics reporting. We are committed to building internal knowledge & competence to reduce costs and reliance on external suppliers, including Carve.
Service documentation No
End-of-contract data extraction Data is shared in realtime or at agreed intervals throughout the contract or project lifetime. Any relevant data requested at the end of the contract or project will be provided in a mutually agreed format.
End-of-contract process Provision of any historical data or previously requested/provided reports is included in the price of the contract.

Using the service

Using the service
Web browser interface No
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service All of Carve's various services can be procured through mobile & web communication or verbal/face to face.
Service interface No
Customisation available Yes
Description of customisation All of our clients can customise exactly what fits their financial budget, time and resource constraints and any PR or branding limitations and guidelines.


Independence of resources Carve is a boutique consultancy with an enviable client portfolio of household names (EY, Vodafone, Reckitt Benckiser, BAE Systems for example), as well as key Central Government Departments and Local Authorities. Our reputation is everything and so we only accept new clients or briefs if both parties can invest sufficient time and resource to maximise the chances of successful outcomes. This in turn will ensure a positive testimonial, that will help to generate the next referred contract or assignment, which is our primary business generation route.


Service usage metrics Yes
Metrics types Carve tracks, measures and records each element of our Social Media consultancy and chosen channels or tools, to ensure VFM and the ability to make informed choices on effective and cost-efficient communications in real time.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations Yes
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Other
Other data at rest protection approach We hold certification under ISO27001:2013. We have a full Information Security Management System in place which ensures we implement the relevant controls within Table A of the International standard. Within this, there are policies and procedures in place to deal with physical access control, data protection (under GDPR and other laws/regulations) and encryption. Additionally, we are certified against Cyber Essentials.
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach N/a
Data export formats
  • CSV
  • ODF
Data import formats
  • CSV
  • ODF

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks Other
Other protection between networks
Additionally, we ISO27001:2013 principles for data protection in transit and at rest.
Data protection within supplier network Other
Other protection within supplier network 2-step verification
Policies and procedures in line with ISO27001:2013 certification.
Remote monitoring of network (IT consultancy)
Full Training & Awareness for data access control.

Availability and resilience

Availability and resilience
Guaranteed availability Our SLAs are bespoke to the project's requirements. In general terms we will offer business day access, with special arrangements for availability outside of these times. Carve prides itself on its agile approach, and will seek to provide whatever is best for the smooth running of the project.
Approach to resilience This information is available on request.
Outage reporting Our particular service is consultancy-based: offering strategies, activations and insights to help our clients connect in new and powerful ways with the people they rely on for success - employees, customers, shareholders and influencers. Certain projects will require use of technology (e.g. parallax websites, AI, AR), and each SLA or SOW will contain the methodology for reporting outages (such as a microsite that is hosted by us). Such methods will be bespoke to the project in question, with the process agreed in advance.

Identity and authentication

Identity and authentication
User authentication needed No
Access restrictions in management interfaces and support channels Our ISMS provides for segregation of networks, secure development environment and storage as an integral part of information systems across the entire lifecycle for systems within the scope of our ISMS.
The business operates under a 'principle of least privileged'.
Access restriction testing frequency At least every 6 months
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information You control when users can access audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 British Assessment Bureau
ISO/IEC 27001 accreditation date 06/11/2015
What the ISO/IEC 27001 doesn’t cover We have addressed, and been audited against, all sections of the ISO27001:2013 international standard.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes We have a dedicated ISMS team, led by our board-level Head of Talent & Operations. Regular Management Team meetings are held to address and improve the ISMS. The ISMS is audited annually by the certification body; that process being to audit our full range of ISO27001 policies and procedures, and validate findings of regular internal audits that are scheduled. We have full team training in place and are supported by ISO consultants who provide further guidance and opportunities to improve. The ISMS governance is a significant part of the Head of Talent & Operations' overall remit. We have an incident reporting policy, log and rectification commitment, which, again, is regularly audited and communicated upon to the board. Information security (including regulatory and legal requirements) is included by design within change management, new projects and as a whole within the business.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Our ISMS provides for full contract management and adherence to our SLAs/SOWs/Master Agreements. Policies in place include:
DOC A2 - Risk Management
DOC A12 - Operations Security governs change management, alongside supporting documentation REC 12.3 Change Request Form.
Scheduled reviews and audits are in place.
Staff receive full information security training.
Vulnerability management type Supplier-defined controls
Vulnerability management approach We are fully supported by an IT consultancy who provide regular patching, remote monitoring and wiping, and information to us in the case of alerts that need to be known about or actioned.
Protective monitoring type Supplier-defined controls
Protective monitoring approach We have policies in place regarding asset protection (which, of course, includes software). There is a fully tested business continuity plan in place, and policies defining the response to particular incidents, defining the calling tree in terms of needing to provide a response to clients or suppliers.
We have a full risk assessment policy and documentation in place, which is governed by ISO27001:2013 principles.
Incident management type Supplier-defined controls
Incident management approach Risk assessment, audit, proactivity and education about Information Security is fully evident within the business. We have a defined approach and dedicated email address to which incidents are reported. Incidents are reported, escalated, actioned, followed up and closed off in line with policy.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No


Price £1400 per transaction
Discount for educational organisations Yes
Free trial available No

Service documents

Return to top ↑