SORCE Limited

Engage Intranet Software

Sorce provides flexible intranet software and associated implementation services. Our Engage intranet product enables organisations to manage corporate communications and business processes, and integrate with other systems to provide employees with a single portal into disparate information. Services are offered to help plan and implement the most successful intranet possible.

Features

• Contacts directory and user management
• Document Management
• Powerful search
• Usage analytics
• Office 365 integration
• Customisable and easy integration
• Responsive design plus mobile app
• Flexibility of design
• Content personalisation and relevance
• Authentication, access controls and audit trail

Benefits

• Flexibile in every way (design, functionality and integration)
• Facilitates corporate communications and streamlines business processes
• Accessible from anywhere on any device
• Easy to use and administer
• Quick and easy to implement
• Makes documents easy to find, control and audit trail
• Evolves with your business and future proof
• Industry focused supplier with 20 years experience
• Tailored to your business for optimum employee engagement
• Multilingual facilitates multinational working

£0.50 to £9.40 a person a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at jeremy.stewart@sorce.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

116538439111011

Contact

Jeremy Stewart
01635 551777
jeremy.stewart@sorce.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: N/A
• System requirements: All necessary system components (e.g SQL) are included

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: 4 hours
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Sorce provides support to trained administrators, who can contact the help desk to ask questions or seek advice relating to the Sorce software. ; ; A support engineer will be assigned to the ticket, who will assist by advising on the utilisation of the software and identify problems and suggest workarounds. The response will be within 4 hours.; ; The hours of coverage for assistance are from 09.00 to 17.00 GMT Monday to Friday, excluding public holidays.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: The Sorce offering typically includes effort to understand our client’s requirements, and subsequently build an intranet that meets those specific requirements. An Express package of services is available for clients that do not wish to spend time planning and implementing a bespoke intranet. ; A tailored intranet will be implemented, complete with branding, page and navigation structure. Training will then be delivered on the page building and administration processes.; User documentation is available within the software on key features and functionality.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: All intranet contents can be provided in the form of a database and file system. Sorce offers consultancy services to export specific data from the system database as required.
• End-of-contract process: The contract fees cover use of the software for the duration of the contract, including software licences, hosting and support and maintenance. One software update per annum is included within the contract fees.; At the end of the contract the software will no longer be available to the client. A copy of all intranet contents in a database and file system can be provided. Specific data export services can be provided on a chargeable basis as required.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Engage pages respond to the device that is being used to access them, so a consistent experience can be applied to desktop and mobile users. It is possible to reorder content for different devices and also configure whether content is shown across all devices, to ensure that the most relevant user experience is applied to each device. A mobile app is also available for Android and iOS.
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: No
• Customisation available: Yes
• Description of customisation: Engage features an Application Development environment, which provides Sorce clients with all of the capabilities to customise the software that are available to Sorce consultants. This could include simple changes such as adding a field to a standard form, or creating a new application to replace a paper based process and meet a specific business process requirement.; Any user who has attended the Sorce Application Development training course would be able to perform these activities. This course lasts 2 days, and covers the process of developing a completely new application from beginning to end.

Scaling

• Independence of resources: Sorce offers a private cloud environment option, meaning that each client can have a dedicated instance of the software, which is unaffected by usage of other instances.

Analytics

• Service usage metrics: Yes
• Metrics types: Analytics are provided to help you understand your intranet’s usage, and focus your intranet team’s efforts accordingly. Charts are provided on key usage metrics such as page views and individual content views.; These can be supplemented with Google Analytics if required.; It is also possible to query the Engage database to show more granular analytics if required.
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest: Physical access control, complying with CSA CCM v3.0
• Data sanitisation process: No
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Clients can access their databases directly if they wish, to export their data. Knowledge of SQL Server would be required in order to extract the data. There is also functionality within the user interface to export data to CSV format.
• Data export formats: CSV
• Data import formats:
  • CSV
  • Other
• Other data import formats: XML / JSON

Data-in-transit protection

• Data protection between buyer and supplier networks: Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network: Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: 100% assured by contractual commitment; Full terms and SLA is available on request but, with respect to hosting fees, for each FULL percentage point (1%) by which the Availability in a Measurement Period [typically a calendar month] is reduced below the target Availability (or First Measurement Period Availability where applicable), a Service Credit shall be due to the Customer equal to 3% of the Service Fees payable by the Customer in respect of the Services for such Measurement Period.
• Approach to resilience: 3 individual data centres, linked by resilient network infrastructure.; Full information is available on request.
• Outage reporting: Alerts are available via email and a public dashboard.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Engage access control covers all aspects of the application including management interfaces. Only authorised users can access the management functions such as group membership, assigning access rights, etc.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: British Assessment Bureau
• ISO/IEC 27001 accreditation date: 5/5/2022
• What the ISO/IEC 27001 doesn’t cover: Only the hosting element is covered.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • PCI compliant data centre
  • ISO 9001 : 2008

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • CSA CCM version 3.0
  • ISO/IEC 27001
• Information security policies and processes: We follow information security policies and processes in accordance with our ISO27001:2013 accreditation

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Configuration and change management approach is in accordance with our ISO9001:(2008) and ISO27001:2013 accreditation. Processes capture who requested the change and why, who will implement the change, process tracking and assessment of the risk and contingency plan.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: As part of our ISO 27001 accreditation, we carry out stringent risk assessment and contingency planning exercises. Threats are identified internally by a dedicated person.; Service and security patches are applied in line with the SLA
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Potential compromises are identified by carrying out risk assessment and contingency plans in accordance with our ISO 27001 accreditation. If a potential compromise is found, a risk assessment will be carried out to determine the influence the compromise could have on the business. From here, a contingency plan will be drawn up. We respond to any incidents immediately, and ensure our customers are updated in accordance with our Service Level Agreements
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: As part of our ISO 27001 accreditation and compliance, we have a set process for incident management. Users can report incidents in a number of ways, including telephone and email; we will then follow the process to deal with the incident accordingly. We provide incident reports in either writing or via email.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Covid-19 recovery:

  Covid-19 recovery

  Intranets are fundamental tools for proving corporate communications and managing tasks across disparate workforces.; ; As hybrid working has become the norm for many post pandemic workplaces, an effective intranet is more important than ever for enabling staff to feel connected with their employer and their colleagues.; ; Engage is accessible from anywhere on any device and provides a consistent experience for staff, regardless of whether they are working on the frontline, from an office, or from home.; ; Engage is packed full of features for enabling employees to communicate with each other and get work done, from wherever they may be working.

Pricing

• Price: £0.50 to £9.40 a person a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Trial sites are available on request which enable users to trial the full end user experience. Limited content contribution functions are also enabled. Trial sites are available for up to 1 month.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at jeremy.stewart@sorce.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.