Hugr: Accessibility auditing software
Hugr provides further assistance to clients who need ongoing support and dynamic delivery of audit-testing procedures.
This can be used by your team or with our testers to follow a guided testing methodology for WCAG 2.1 accessibility audits, support consultancy and solutions.
Features
- Everything you need to perform an accessibility test
- Support available from accessibility experts when needed
- Cloud based for easy collaboration
- Team or Enterprise license available
- Use Hugr framework or build your own
- Easy team management for multiple teams
- Test against accessibility guidelines including WCAG 2.1 and Section 508
- Library of code solutions
- Real time reporting of issues
- Ability to allocate tasks
Benefits
- 20 years accessibility knowledge built in
- Access to our comprehensive knowledge base
- Access for multiple teams and sites
- Ability to manage team and access rights
- Raise tickets for consultancy support
- Solutions linked to issues for ease of use
- Guided testing methodology
Pricing
£0 a licence a month
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 13
Service ID
1 0 8 0 7 3 0 0 3 4 0 5 1 1 2
Contact
Dig Inclusion Ltd
Sarah Ronald
Telephone: 07903688521
Email: sarah@diginclusion.com
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Hybrid cloud
- Service constraints
-
Accessibility support helpdesk limited to Monday - Friday 8am - 5pm
Currently this works on desktop and not responsive, although this feature is planned for the first quarter of 2021. - System requirements
- None: Software as a service
User support
- Email or online ticketing support
- Yes, at extra cost
- Support response times
-
Monday - Friday between 7am - 3pm - Within 3 hours
Weekends and all other times would be next working day - User can manage status and priority of support tickets
- No
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
-
Teams and Enterprise solution available with support, with onsite and remote support at additional cost.
Remote support from £90 per hour plus VAT
Onsite prices start at £750 per day plus VAT and expenses
Both Account Manager and a Cloud support engineer provided to support - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
-
Both remote and onsite training can be provided, although support is not anticipated for team licenses onboarding and guidance documentation is built in.
Onboarding sessions can be organised.
Community forum provides additional support for users. - Service documentation
- Yes
- Documentation formats
- HTML
- End-of-contract data extraction
- All reports can be exported in multiple formats .Docx .pdf and .HTML
- End-of-contract process
-
Rolling monthly subscription options available, no end of subscription costs.
You have the option to pause your subscription, and keep your reports stored subject to GDPR data retention policies or you can delete your account and all associated reports are deleted.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Opera
- Application to install
- No
- Designed for use on mobile devices
- No
- Service interface
- No
- User support accessibility
- WCAG 2.1 AA or EN 301 549
- API
- No
- Customisation available
- Yes
- Description of customisation
-
Users can create their own test methodology and create bespoke solutions.
White label service is coming expected 4th quarter of 2020.
Scaling
- Independence of resources
- Hybrid cloud infrastructure allows for automatic scaling.
Analytics
- Service usage metrics
- No
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Developed Vetting (DV)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- No
- Datacentre security standards
- Managed by a third party
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- Another external penetration testing organisation
- Protecting data at rest
-
- Physical access control, complying with CSA CCM v3.0
- Physical access control, complying with SSAE-16 / ISAE 3402
- Physical access control, complying with another standard
- Encryption of all physical media
- Scale, obfuscating techniques, or data storage sharding
- Data sanitisation process
- Yes
- Data sanitisation type
-
- Explicit overwriting of storage before reallocation
- Deleted data can’t be directly accessed
- Equipment disposal approach
- A third-party destruction service
Data importing and exporting
- Data export approach
- Reports can be down loaded as .docx .pdf and .HTML
- Data export formats
- Other
- Other data export formats
-
- .docx
- .HTML
- Data import formats
- Other
- Other data import formats
- Not in scope of the product
Data-in-transit protection
- Data protection between buyer and supplier networks
- TLS (version 1.2 or above)
- Data protection within supplier network
- TLS (version 1.2 or above)
Availability and resilience
- Guaranteed availability
-
Planned maintenance and downtime to be scheduled outside 9-5 GMT Monday to Friday.
Uptime guarantee not normally required however an 8 hour response time is provided and full backups are kept.
SLA can be provided on request. - Approach to resilience
-
Employs Google cloud services and Kubernetes to provide load balanced service.
Service is monitored. - Outage reporting
- Service status page with email alerts.
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- Identity federation with existing provider (for example Google Apps)
- Username or password
- Access restrictions in management interfaces and support channels
-
Users can manage their team members, individuals access levels and remove team members themselves.
Multiple access control levels defined. - Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- Identity federation with existing provider (for example Google Apps)
- Username or password
Audit information for users
- Access to user activity audit information
- No audit information available
- Access to supplier activity audit information
- No audit information available
- How long system logs are stored for
- Less than 1 month
Standards and certifications
- ISO/IEC 27001 certification
- No
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- Yes
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- No
- Security governance certified
- No
- Security governance approach
- Details can be provided on request.
- Information security policies and processes
-
Infrastructure is managed by a third party.
Our Information Security Policy can be provided on request.
All policies are reviewed annually as a minimum and signed off by a Director.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
- Technical decisions are defined and approved at a management level before development. Development is managed through GitHub, All changed are subject to automated testing and require review and approval from two or more people before integration to mitigate any potential vulnerabilities and maintain code quality.
- Vulnerability management type
- Undisclosed
- Vulnerability management approach
- Regular Internal auditing, bug fixes and patches, all tested within a test environment before deployment.
- Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
-
Sensitive data such as passwords are stored using industry standard encryption.
All services are monitored and if a compromise is detected services can be instantly suspended. - Incident management type
- Supplier-defined controls
- Incident management approach
-
Constant monitoring internally plus the Hugr community where issues can be reported to us by users.
All incident reports are responded to via the forum for transparency depending on the severity of the incident.
Secure development
- Approach to secure software development best practice
- Supplier-defined process
Public sector networks
- Connection to public sector networks
- No
Social Value
- Wellbeing
-
Wellbeing
The aim of the Mental Health and Wellbeing Policy is ‘To create an open and inclusive culture that supports the wellbeing of all’. Dig Inclusion’s responsibilities towards employees include:
- Ensuring that information on mental health is readily available; including access to the Mental Health and Wellbeing policy, annual training, and inductions for new starters.
- Employing a Mental Health First Aider(s) to provide thorough, confidential support, and ensuring that managers carry out regular reviews to touch base with employees.
- Issuing clear responsibilities and realistic targets, and offering flexible and reasonable working hours.
- Taking a hard line against workplace discrimination of any kind, including (but not limited to) racism, sexual harassment, and bullying. We aim to ensure that all employees feel able to speak up, and to foster good and healthy communication between employees.
- Providing an Employee Assistance Programme (EAP) with access to counsellors, and providing Wellness Action Plans for individual use (to be reviewed annually). These Wellness Action Plans are confidential, and are only required to be shared with the Mental Health First Aider.
- Not discriminating against anybody experiencing mental ill health, including new applicants, and current employees who take leave due to their mental health. A gradual and supported return to work will be offered for any such employees.
- Prioritising confidentiality, and discussing any issues in a considerate, sensitive manner. Information regarding an employee’s mental health will only be shared with their prior consent (unless in emergency cases where there is a risk of harm).
It is the responsibility of employees to raise any issues or concerns for themselves or others, and seek appropriate support from their line manager or the Mental Health First Aider. To ensure its relevance, the Mental Health and Wellbeing policy will be reviewed every twelve months.
Pricing
- Price
- £0 a licence a month
- Discount for educational organisations
- No
- Free trial available
- Yes
- Description of free trial
-
One person license is free.
Team options are paid for.