CALVIUM

Place Experience Platform

To create engaging apps for mobile, web or street kiosks with all the functionality you need to engage people with place and attract visitors.
Your scalable content management system is designed to be used by teams from across your organisation streamlining your operations.

Features

• Public, WCAG 2.1AA compliant iOS & Android Mobile app
• Location-aware multi-media content
• Rapid publishing of content and updates on multiple devices
• Cloud native, enterprise level security
• Analytics dashboard
• Multi-user collaboration
• Multi-language capability
• Offline functionality
• Custom maps
• Easy tour creation

Benefits

• Increases audience reach to attract more visitors to your destination.
• Compelling place-based stories to connect visitors to your destination.
• App is continually refreshed, ensuring latest up-to-date content.
• Scalable and secure
• Enhances data driven decision making
• Create and publish content, streamline production workflows and save budget.
• International visitors feel welcome when choosing their preferred language.
• Accessible anywhere, always-on visitor experience without a mobile signal
• Themed routes and experiential wayfinding
• Distribute footfall around a location -Increasing dwell time and spend

£20,000 to £60,000 a unit a year

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at jo@calvium.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

108295034524987

Contact

Jo Reid
01172262000
jo@calvium.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: No constraints
• System requirements:
  • Recent versions of Chrome, Safari, or Firefox
  • Mobiles have recent versions of iOS and Android
  • Kiosk device certified Google partner with Google Play Services

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Within 2 working days. Weekends are non working days.
• User can manage status and priority of support tickets: No
• Phone support: No
• Web chat support: No
• Onsite support: No
• Support levels: We provide email support for licensed users of our Place Management System. The support is included in the annual license fee of £5,000 for a maximum of 4 logins.; Additional logins can be purchased for £100 a seat.; We do not warrant the need for a technical account manager or cloud support engineer.; Each client has a customer success manager allocated.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Each new client is assigned a Customer Success Manager. They will arrange an initial meeting with the client project manager and a further training workshop for everyone in the client organisation who will use the Place Mangement System.; Following the workshop the users will have access to documentation and training videos to refresh their memories when they come to using the PEP CMS on their own.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: All user content is first created outside the system. We advise clients to keep a copy of their content in uncompressed form so that they always retain their own data.; This means that there is not usually a need to extract their data at the end of the contract.; Calvium can provide a zip download of their content in exceptional circumstances.
• End-of-contract process: Calvium host and ensure that the mobile app and access to the PEP CMS is available for a year as part of the contract. After this period the client is asked to pay an annual service level agreements to ensure that the app remains available and the licenses to access the PEP CMS remain live.; If they decline to renew then Calvium will revoke client access to the PEP CMS and can, at any time, remove the app from the app stores.; In practice Calvium will keep the app available so long as it continues to provide a bug free user experience and until essential upgrades are required.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The public facing mobile app is an output of the service.; The main place management system is web based and content updates can be published to the live apps. The mobile apps support notifications and content download for offline use.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: The Place Management System is an easy to use web based system for uploading content, adding points of interest to a map and creating trails.
• Accessibility standards: WCAG 2.1 AAA
• Accessibility testing: We have tested with screen readers and accessibility audit tools.
• API: No
• Customisation available: Yes
• Description of customisation: They can specify the preferred foreground, background and highlight colours for the app based on their branding. They can provide a logo which will be included in the app splash screen. These will be provided through email .; They can also request labels in the app be changed to suit their context and content.; All licensed users can add their own content to the app which makes it unique to them.

Scaling

• Independence of resources: The service is hosted using scaleable products from Firebase that handle automatic horizontal scaling of resources as required which will handle variable and peak demand loads

Analytics

• Service usage metrics: Yes
• Metrics types: Number of individual users of the app, days they used it, places they visited, trails they used and most popular sights viewed
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest: Other
• Other data at rest protection approach: Data at rest is encrypted and stored in both Firebase Firestore and Cloud Storage for Firebase.
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: The client project manager should contact their Customer Success manager to ask for an export.
• Data export formats: Other
• Other data export formats:
  • Zip
  • JSON
  • JPG
  • PNG
  • MP3
• Data import formats: Other
• Other data import formats:
  • JPG
  • PNG
  • MP3

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: We will not bring down the PEP CMS for maintenance without 48 hours notice unless it is an emergency.; Our PEP CMS is hosted on Firebase and any server outages would be resolved within 24 hours.
• Approach to resilience: We use the Firebase product set which is designed to be resilient to server outages and we develop with resilience in mind (for example, user mobile apps work offline should a connection not be possible).
• Outage reporting: Service outages are reported via a status page at https://status.placeexperienceplatform.com

Identity and authentication

• User authentication needed: No
• Access restrictions in management interfaces and support channels: Access to management interfaces are restricted as users will need to be authenticated.; ; Support channels are provided via email addresses to contact.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: No audit information available
• Access to supplier activity audit information: No audit information available
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: British Assessment Bureau
• ISO/IEC 27001 accreditation date: 29/8/2021
• What the ISO/IEC 27001 doesn’t cover: Nothing
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • ISO 9001
  • ISO 27001

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: Cyber Essentials Plus
• Information security policies and processes: Calvium defines all of its policities and processes to be compliant with ISO 27001.; Calvium’s top management has appointed an Information Security Policy Manager and Quality Control Manager who are responsible for the implementation and control of the Information Security Policy at Calvium.; Calvium use audit trails, permissions management, and regular documentation audits to ensure correct operation.; We make sure to frequently audit all the systems helping us in the prevention of information security system failures, information security leaks, system backup failures, information theft or any other information security breaches.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Our ISO27001 processes cover configuration and change management. ; Configuration is stored both in code and in third-party services (such as Firebase, Google Play Store, Apple App Store). Configuration changes are tested to ensure they work and have not caused a regression. Code changes are peer-reviewed via merge requests, which are committed to our version controlled git repositories.; We use multiple automated tools to scan changes for potential security problems such as NPM Audit, Fortify, FOSSA and other malware and virus scanning tools.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Our cloud services provider, Firebase, has extensive security management processes for all of their products. Our internal vulnerability management process is invoked as we become aware of an issue following ISO 27001. Threat information comes from dependency audits, internal testing and NCSC Early Warning. A risk and impact level assessment is performed by staff and appropriate measures are taken to resolve the issue and mitigate further issues. Depending on the priority given after assessment, we will resolve and complete mitigation within 24 hours to 2 to 4 weeks.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Our cloud services provider, Firebase, maintain their own systems for monitoring the protection of their systems. Our process involves daily security checks of dependencies to our server-side code. We also monitor for TLS/SSL certificate expiry. A risk and impact level assessment is performed by staff and appropriate measures are taken to resolve the issue and mitigate further issues. Depending on the priority given after assessment, we will resolve and complete mitigation within 24 hours to 2 to 4 weeks.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Our incident management process is invoked as we become aware of an issue following ISO 27001 and ISO 9001. A risk and impact level assessment is performed by staff and appropriate measures are taken to resolve the issue and mitigate further issues.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Covid-19 recovery

  Covid-19 recovery

  Our Place Experience Platform helps local communities to manage and recover from the impact of COVID-19 by :; 1. Boosting Local Economies: By providing tools to create engaging digital experiences for local businesses, attractions, and events, the platform can help drive foot traffic and support economic recovery efforts. Digital guides, interactive maps, and virtual experiences can attract visitors and customers to businesses that have been adversely affected by the pandemic.; 2. Encouraging Tourism: by offering immersive digital experiences that showcase the unique attractions and cultural offerings of different places. This can help attract tourists and stimulate spending in local economies.; 3. Improve wellbeing: trails and local events mediated through the platform can encourage and support people to walk more and re-engage with society.

Pricing

• Price: £20,000 to £60,000 a unit a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: A trial account for 30 days. You have access to a sample location where you can try out the features within the platform and test them locally.; Transfer of any test data created in the trial period is not included.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at jo@calvium.com. Tell them what format you need. It will help if you say what assistive technology you use.