G-Cloud 11 services are suspended on Digital Marketplace

If you have an ongoing procurement on G-Cloud 11, you must complete it by 18 December 2020. Existing contracts with Rhubarb Business Services Limited are still valid.
Rhubarb Business Services Limited

Email Surveys

Everyone has a voice. Our multi-channel customer and engagement platform helps to engage and connect colleagues, patients, customers, staff and service users. Offering multi-language surveys with enhanced real-time dashboards and sentiment analysis.

Features

  • Real-time results, feedback, insight and sentiment analysis
  • Multi-channel available
  • Real-time red flags for issues
  • Customise dashboards, reports, colours, fonts and more
  • Create surveys in multiple languages - supports all languages
  • Staff engagement with a simple and easy to use UI
  • Service accessible via all modern browsers

Benefits

  • Unlimited and £FOC to send survey invites by email
  • Unlimited responses/completes £FOC
  • Live data for proactive decision making
  • ROI through significant resource savings through automated processes
  • Focused on what's important to you
  • Data stored in UK locations which are ISO 27001 certified
  • All data is encrypted during transit and at rest
  • UK-based support via telephone, email and support ticket portal
  • Quarterly penetration tests carried out
  • Personalisation to support increased participation

Pricing

£8,995 a licence a year

  • Education pricing available
  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at hello@therhubarbcompany.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 11

Service ID

9 5 6 9 9 5 0 0 0 5 7 9 8 8 8

Contact

Rhubarb Business Services Limited Paul Tidey
Telephone: 01795435003
Email: hello@therhubarbcompany.com

Service scope

Software add-on or extension
No
Cloud deployment model
Hybrid cloud
Service constraints
None
System requirements
  • Internet connection through a PC or mobile, tablet device
  • PC, mobile or tablet device running a supported browser

User support

Email or online ticketing support
Email or online ticketing
Support response times
P1 - 1 business hour
P2 - 2 business hours
P3 - 4 business hours
P4 - Next business day
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
Access is available from our website
Web chat accessibility testing
None
Onsite support
Yes, at extra cost
Support levels
Complimentary support is available through chat, email, phone and support portal. For strategic accounts, direct access is provided to account management, product management and customer experience colleagues.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
We provide a) onsite training and user documentation; b) full support during go-live and then ongoing support through our support team.
Service documentation
Yes
Documentation formats
  • PDF
  • Other
Other documentation formats
  • Microsoft Word
  • Microsoft Excel
End-of-contract data extraction
Data extraction will be available a) via API or b) an agreed data template
End-of-contract process
Raw data download is included in the price of the contract; all other services will be chargeable as this will be classed as 'bespoke' requirements

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Users will see a variation in the UI for mobile from that of our desktop design.
Service interface
No
API
Yes
What users can and can't do using the API
The secure Web API is used to send and retrieve data from RHUBAS. Functionality includes a) schedule surveys or post survey data; b) get data/results and analysis and c) listen to customer feedback. Our API is very flexible to achieve customer requirements
API documentation
Yes
API documentation formats
PDF
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
A) Survey workflows; b) reporting/dashboard displays; c) alerts/notifications

Scaling

Independence of resources
Cloud-based resources which are highly scalable, resilient and system usage is regularly monitored and capacity will be increased as required

Analytics

Service usage metrics
Yes
Metrics types
As part of our security standards and practices, RHUBAS has a full audit trail which can be used to provide service usage including a) user activity; b) user login activity; c) system latency and d) data volumes.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
At least every 6 months
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
MI/Reporting functionality is provided in our platform and can be customised for unique requirements
Data export formats
  • CSV
  • Other
Other data export formats
PDF
Data import formats
  • CSV
  • Other
Other data import formats
  • XML
  • Json

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Other
Other protection within supplier network
Private VPN network from local office to cloud provider; access restricted by IP address, username and password

Availability and resilience

Guaranteed availability
Uptime SLA is 99.5%
Failure to meet 99.5% will result in users being offered a service credit.
Approach to resilience
This information is available on request.

Our cloud provider has 8 UK based data centres which are owned and managed by the provider. ISO 9001 & ISO 27001 certified. Each UK data centre is built using industry-leading infrastructure, is N+ in design and is safe, secure and staffed 24 x 7.
Outage reporting
We automatically alert users of our service to any outage by email. Users also have access to our ticketing portal to raise any incidents/service requests

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels
Users are assigned configurable roles and permissions to limit or allow access to functionality within the solution.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
  • ISO 9001:2015 Quality Management - BSI Issued (FS648365)
  • ISO 27001:2013 Information Security Management - Currently working towards certification
  • Cyber Essentials - Currently working towards
  • ISO 27001:2013 - iomart - Cloud hosting services provider
  • Various security accreditations - iomart - Cloud hosting services provider

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
Other
Other security governance standards
Rhubarb Business Services is certified to ISO9001:2015 standards; in the progress of gaining ISO27001 certification for Rhubarb.

Our platform is hosted in data centres which are UK based and certified to ISO9001 and ISO27001
Information security policies and processes
- Unique username and password; with 2-factor authentication
- Password hashing and salt value
- Account expiry and deactivation
- Account lockout
- IP address and users tracking
- SSL secure connection
- Support modern browsers
- Patches/updates are automatically applied to servers
- Limited access to cloud-based servers including lockdown on IP address

Policies, procedures, workflows and work instructions are managed as part of our ISO9001:2015 Quality Management Standards

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
New features, bugs, enhancements and change requests are recorded and tracked in an issue and project tracking software tool. We implement an agile sofware development lifecycle (SDLC) within a scrum environment. We follow industry standards around security and data protection to measure risk and impact; assessing each request on an individual basis for potential security concerns.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
- Servers are automatically updated when a patch is available
- Monthly release cycle
- Emergency releases as required
- Active news feeds and alerts
- Cloud services network monitoring, news feeds and alerts
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
- Full audit logs of system activity including IP address capture
- Logs are analysed at regular individuals and appropriate action taken (if required)
- Respond immediately when incidents are identified
- Monitor server activity on a regular basis
Incident management type
Supplier-defined controls
Incident management approach
Users report incidents via our support portal or support desk and these are logged, prioritised, tracked and actioned as required. RCAs are produced for an outage and any corrective actions are tracked within our ISO 9001:2015 QMS.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Pricing

Price
£8,995 a licence a year
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
Access to a demo area is available for 14 days

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at hello@therhubarbcompany.com. Tell them what format you need. It will help if you say what assistive technology you use.