Helm Tickets

Helm Tickets - Online Ticketing, Memberships and Asset Management Software

This cloud-based software allows you to create, manage, and promote events, event tickets, memberships and assets.


  • Event page creation
  • Full website integration
  • Complete promotion toolkit
  • Advanced/on-demand revenue payouts
  • Integrations with marketing and CRM services
  • Advanced reporting
  • Manage memberships
  • Staffing, printing and equipment hire available
  • iOS and Android ticket scanning app
  • Manage asset bookings (such as meeting rooms and spaces)


  • 24hour response time UK support
  • 99.999% site uptime for maximum reliability
  • Fully GDPR compliant
  • PCI DSS Level 1 and PSD2 compliant
  • Simple & fast setup of events
  • Track ticket sales, revenue and other key stats
  • Style your website integration to fit your branding
  • Competitive pricing
  • Easily share to social media for easier promotion
  • Gather event related information from your attendees


£0.50 per unit

  • Free trial available

Service documents


G-Cloud 11

Service ID

9 4 6 3 0 0 6 0 3 0 0 9 6 7 4


Helm Tickets


01752 981146


Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints No
System requirements
  • A current version of Chrome, Firefox, Safari or IE browser
  • A version of Windows, Mac OS or Linux OS

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Within 24 hours, however, most are answered within 3 hours.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels As standard, all organisers get 24 hour response time email support and phone support. Our support team and create and setup events when needed and can also provide helpful advice for running your event.

For an extra cost, we can provide on-site support. This is including, but not limited to:
- On-site staffing
- On-site printing equipment
- On-site equipment hire

The cost of these services is entirely dependant on the size of the event.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started We provide online training for multiple users, user documentation in the form of help articles, webinars to help walkthrough users and video tutorials. Our support team can also set up events for users.
Service documentation Yes
Documentation formats HTML
End-of-contract data extraction By request to our support team, all data will be extracted and/or deleted from the database. This is made clear on the software and in the user documentation.
End-of-contract process All features advertised by Helm Tickets are included in the price. Only onsite support (staffing, printing etc) commands an extra cost which will be pre-agreed.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service All functionality is the same.
Service interface Yes
Description of service interface The interface is very simple and intuitive, having recently been designed from the ground up to easily allow organisers to find features and setup events smoothly. The interface is navigated by a central navigation bar which is presented on each page.
Accessibility standards None or don’t know
Description of accessibility The success criterion for WCAG 2.0 we meet:
- Info and relationships
- Meaningful sequence
- Sensory characteristics
- Use of colour
- Audio control
- Timing Adjustable
- Three Flashes or Below Threshold
- Page Titled
- Focus Order
- Link Purpose
- Multiple Ways
- Focus Visible
- Language of Parts
- Consistent Navigation
- Consistent Identification
- Error Identification
- Labels or Instructions
- Error Suggestion
- Error prevention (Legal, Financial, Data)
- Parsing
- Name, Role, Value
Accessibility testing Testing for our interface was conducted with several tools including Google Development Tools and Browserstack to help assist users of assistive technology.
Customisation available No


Independence of resources Our hosting provider has data centres around the world and can provide us with immediate access to global server instances with no interference. Because of this our infrastructure allows us to easily launch server instances, in more than one country if we wish, when user demand is present in order to ensure a high level of service.


Service usage metrics Yes
Metrics types - Total ticket sales
- Gross ticket revenue
- Net ticket revenue
- Tickets sold
- Tickets remaining by ticket type
- Tickets refunded
- Payment amount due
- Booking fees paid
- Tickets sold by ticket type
- Ticket refunds by ticket type
- Amount of VAT on booking fees
- The payment date of the payment specified
- Discount codes used on tickets
Reporting types
  • Real-time dashboards
  • Regular reports


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Staff screening not performed
Government security clearance None

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Supplier-defined controls
Penetration testing frequency At least every 6 months
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach In-house destruction process

Data importing and exporting

Data importing and exporting
Data export approach Users can export all event related data collected by Helm Tickets by clicking the "Export all event data" button in the dashboard. This will export a .CSV document containing all data.
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Other
Other protection within supplier network Our internal office network resides behind a Cisco Meraki MX64 firewall, which prevents unauthorised external access. All company computers are fully encrypted and password protected.

Availability and resilience

Availability and resilience
Guaranteed availability We have a 99.999% SLA for service availability and if the SLA is breached our users will be contacted and refunded appropriately.
Approach to resilience This is available on request.
Outage reporting We provide a report via email to those who are opted in to receive critical notifications.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
Access restrictions in management interfaces and support channels Only users that require access to management interfaces and support channels are given access via a setup username and password for the user or an access role being assign to an existing user. If an un-authorised user tries to access management interfaces then they will be denied access.
Access restriction testing frequency At least once a year
Management access authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification Yes
Who accredited the PCI DSS certification Stripe
PCI DSS accreditation date 21/05/19
What the PCI DSS doesn’t cover Mail order/telephone order and card-present (face-to-face) card payments but we do not use these payment channels.
Other security certifications Yes
Any other security certifications Cyber Essentials

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach We have processes in place to ensure that unacceptable impacts and risks to the business are communicated to employees and appropriate policies are already in place for employees to follow. The overall responsibility and accountability for decisions regarding service security is held by the CTO. However, decisions on security risk can be delegated to employees if they have the correct security, technical and business knowledge. We have identified what data needs to be protected, the risks involved, the policies that need to be created and who is responsible for carrying out the policies.
Information security policies and processes We have our own in internal acceptable use policy, access control and change management policy that we follow.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Our configuration management processes include the use of version control systems to maintain full version history and accountability, documented change implementation and testing procedures, project stage audits and a release procedure.

Our change management processes include identification of the change with stake holders, privacy and security impact assessment, documentation of what a change will include, approval of a change at management level, communication of the decision to stakeholders, implementation of the change and thorough code review and testing, including security testing, before a change is released. Penetration testing is also performed using a third party tool.
Vulnerability management type Undisclosed
Vulnerability management approach Potential threats to our service are tested weekly using a third party penetration testing service and any threat is highlighted to us immediately. Threats are categorised by the third party using a risk level scoring system and any high risk threats are investigated and patched within 48 hours of being reported to us. We also monitor relevant third party software providers websites on a weekly basis, for any security updates that have been released to patch any vulnerabilities in their software. Software updates are patched within 72 hours after we're made aware of the update.
Protective monitoring type Undisclosed
Protective monitoring approach We use Amazon GuardDuty to continuously monitor our AWS environment to identify unexpected and potentially unauthorised and malicious activity. Any findings are investigated within 24 hours of becoming aware of the report and our first response is to stop and remove the source of the compromise. We then look to identify what data, if any, was compromised and take appropriate action to inform our service users of any data breach and any action that is required, along with informing the ICO, if necessary. A full report on the investigation is compiled and the source of the compromise is patched.
Incident management type Undisclosed
Incident management approach We have a pre-defined process for common events, from minor, such as site bugs, to major, such as service failure. All follow these common steps: identification, logging and categorisation (bug, service failure, issue), prioritisation (very high, high, medium, low), investigation and diagnosis, escalation, resolution and recovery and incident closure. Users can report incidents to us via our online help desk and a report is provided back to the user on incident closure. For incidents that affect all users, we provide a report via email to those who are opted in to receive critical notifications.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No


Price £0.50 per unit
Discount for educational organisations No
Free trial available Yes
Description of free trial We provide an introductory amount of booking fee credit to cover the cost of any paid tickets processed when using Helm Tickets until the credit has run out.

Service documents

Return to top ↑