Bloomreach BrXM Cloud
With Bloomreach Cloud, you can quickly launch new initiatives, such as landing pages, content marketing campaigns, new communication channels and changes to your current digital environment, without having to wait for infrastructure to build and deploy them for you. Bloomreach Cloud is entirely customisable to the needs of the user.
Features
- Users manage content, layout and workflow without IT involvement
- Multichannel experiences across web, mobile and social. IoT ready
- Responsive websites and content feeds to mobile and tablet apps
- Multilingual websites with consistent layout and integrated translation management
- Easy configurable targeting and personalisation for relevant omnichannel user experiences
- Beste in class AI based (content) search capabilities
- Secure and reliable platform based on AWS framework (EU located)
- Open source background and REST-based framework drive ease of integration
- Rapid development framework enables continuous delivery and digital experience innovation
- Enterprise-level architecture guarantees optimal security, performance, reliability and scalability
Benefits
- Bloomreach Cloud delivers Bloomreach-as-a-Service in the cloud
- 24-7-365 support across the globe
- Ongoing product maintenance delivering patches, hotfixes and security updates
- Professional Services team delivering Bloomreach technical and business expertise
- Certified local partner network ensure BloomReach expertise in your area
- Education and training curriculum brings your organisation up to speed
- Roadmap alignment keeps you informed about future product development
- Experiments and testing to validate and optimise content and targeting
- Engagement analytics provide insights into visitor behaviour and preferences
Pricing
£78,000 an instance a year
- Education pricing available
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
1 2 3 0 8 6 2 3 7 6 7 3 2 1 5
Contact
BloomReach B.V.
Benjamin McDiarmid
Telephone: +31657238081
Email: benjamin.mcdiarmid@bloomreach.com
Service scope
- Service constraints
- N/A
- System requirements
- None
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- The following are the publicly available SLA response times and are subject to change in alignment with that document available here: https://www.bloomreach.com/en/about/cloud-sla
- User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- None or don’t know
- Phone support
- Yes
- Phone support availability
- 24 hours, 7 days a week
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
-
In addition to license cost, which includes Standard Support, further tiers start at the following pricing:
- Premium = £19,950 p/a*
Future support for implementation can be arranged with an account manager for work with Professional Services technical consultancy.
Every Bloomreach account has a dedicated account manager assigned to the account. For future application assistant a Service Delivery Manager can be arranged through professional services. - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- Bloomreach support new users with the setup and guidance into the platform, online training and extensive documentation which can be found via https://documentation.bloomreach.com/
- Service documentation
- Yes
- Documentation formats
-
- HTML
- ODF
- Other
- Other documentation formats
- None
- End-of-contract data extraction
- Copy the database to a new desired location.
- End-of-contract process
- Bloomreach will make, upon request, the data available for the customer to be copied into a new environment. This is included in the contract. Any extra support will need to be paid for.
Using the service
- Web browser interface
- Yes
- Using the web interface
- Users will have their own dashboard where they can edit, deploy, restart, check logs.
- Web interface accessibility standard
- None or don’t know
- How the web interface is accessible
- The web interface is available via a website and mobile device,
- Web interface accessibility testing
- Bloormeach customers have used ARIA (Accessible Rich Internet Applications) guidelines within their applications and built in workflows to lock these requirements in place for serving content with these guidelines in place. Utilizing additional scripts clients have the ability within the application to audit content for these guidelines and integrate with 3rd party tooling.
- API
- Yes
- What users can and can't do using the API
-
An API allows users to access every available feature in the software, including changes, setup, etc. APIs can easily be served within the application and do not have the limitations for custom development.
Future development is in progress for enabling webhooks for real-time interactions for third-party notifications. - API automation tools
-
- Ansible
- Chef
- Puppet
- Other
- Other API automation tools
-
- Apache Maven
- CICD Tools - Jenkins,Gitlab, CircleCL
- API documentation
- Yes
- API documentation formats
-
- Open API (also known as Swagger)
- HTML
- Other
- Command line interface
- Yes
- Command line interface compatibility
-
- Linux or Unix
- Windows
- MacOS
- Other
- Using the command line interface
-
The command line interface (CLI) in Bloomreach Experience Manager (brXM) offers developers and administrators a powerful way to interact with the system. However, its capabilities are usually geared toward advanced tasks and automation. Authoring properties disable users without access rights from utilizing areas of the CMS unrelated to their tasks. CLI limitations are also placed on the visual editor of the CMS to protect the application.
1. Setting Up the Service: Users can utilize the CLI to automate the setup and configuration of brXM. This includes initializing projects, configuring repositories, and setting up essential components. For example, users can create and deploy new projects or modules using Maven commands. Configuration files can also be edited directly from the CLI to adjust server settings or database connections.
2. Changes The CLI allows for direct manipulation of the platform's deployment and operational aspects. Users can deploy new code, update existing features, and execute scripts that modify content or configurations within the repository. Automation scripts can be run to efficiently handle repetitive tasks, like content migration or batch updates.
Scaling
- Scaling available
- Yes
- Scaling type
-
- Automatic
- Manual
- Independence of resources
- Dedicated virtual machines for the application.
- Usage notifications
- Yes
- Usage reporting
-
- Other
- Other usage reporting
- Client's receive access to Humio tool for insights on the site traffic and can query results to review site traffic and usage.
Analytics
- Infrastructure or application metrics
- Yes
- Metrics types
-
- CPU
- Disk
- HTTP request and response status
- Memory
- Network
- Number of active instances
- Reporting types
-
- API access
- Real-time dashboards
- Regular reports
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Security Clearance (SC)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
-
- United Kingdom
- European Economic Area (EEA)
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Supplier-defined controls
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- Another external penetration testing organisation
- Protecting data at rest
- Encryption of all physical media
- Data sanitisation process
- Yes
- Data sanitisation type
- Deleted data can’t be directly accessed
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Backup and recovery
- Backup and recovery
- Yes
- What’s backed up
-
- Databases
- Logfiles
- Backup controls
- There is a standard backup schedule based on IT best practices. Nightly backups are stored in a different location.
- Datacentre setup
- Multiple datacentres with disaster recovery
- Scheduling backups
- Supplier controls the whole backup schedule
- Backup recovery
-
- Users can recover backups themselves, for example through a web interface
- Users contact the support team
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Legacy SSL and TLS (under version 1.2)
- Other
- Other protection within supplier network
- HTTPS Encryption, AWS VPN, AWS Direct Connect, AWS Transit Gateway, S3 Transfer Acceleration, strict enforcement policies and a compliance for SOC2 and other ISO guidelines
Availability and resilience
- Guaranteed availability
- Guaranteed 99,9% availability per year - SLA can be find via: https://www.bloomreach.com/en/about/cloud-sla
- Approach to resilience
- This information is available on request.
- Outage reporting
- There is a public dashboard and customers will receive outage reports.
Identity and authentication
- User authentication
-
- 2-factor authentication
- Identity federation with existing provider (for example Google apps)
- Username or password
- Access restrictions in management interfaces and support channels
- IP-based whitelisting, dedicated networks, dedicated VPN
- Access restriction testing frequency
- At least once a year
- Management access authentication
-
- 2-factor authentication
- Username or password
- Devices users manage the service through
-
- Dedicated device on a segregated network (providers own provision)
- Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- At least 12 months
- Access to supplier activity audit information
- Users have access to real-time audit information
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- https://aws.amazon.com/compliance/programs/
- ISO/IEC 27001 accreditation date
- https://aws.amazon.com/compliance/programs/
- What the ISO/IEC 27001 doesn’t cover
- https://aws.amazon.com/compliance/programs/
- ISO 28000:2007 certification
- Yes
- Who accredited the ISO 28000:2007
- IS Partner LLC
- ISO 28000:2007 accreditation date
- 09/02/2023
- What the ISO 28000:2007 doesn’t cover
- Available upon request and context of the question.
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- No
- Cyber essentials plus
- No
- Other security certifications
- Yes
- Any other security certifications
-
- ISO 22301
- SOC2 Type 2
- 5 ISO Certifications
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
-
A list of all Bloomreach certifications can be found at https://www.bloomreach.com/en/about/security
ISO 9001ISO 27001ISO 27017ISO 27018ISO 22301GDPR certificationSOC 2 (Type 2) Report (Provided upon request, under NDA)
Bloomreach Content utilizes a wide variety of appropriate logging and auditing functions to track access to, and operations on, the platform. Examples include:- Humio - Used within the brCloud infrastructure for operational log management- Filebeat and Logstash for general log parsing- Sysdig for platform monitoring- User operation logs are managed by a combination of the platform and the customer's IAM platform (where appropriate)All logs and audits are encrypted at rest. For a full description of the security options within the platform, please refer to the Security section within our product documentation
Authorizations are stored and configured in Bloomreach and incorporate a strong, but logical, User/Group/Role/Permission model that is applied across both the content and the operations that may be applied to that. This model is flexible in that it allows for the definition of additional roles and groups and maximum flexibility over the application of permissions. These can also be applied across different channels as well.
Operational security
- Configuration and change management standard
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Configuration and change management approach
- This is documented and available upon request
- Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
-
Our vulnerability policy includes processes regular web scans for potential threats to identify vulnerabilities. Once a vulnerability is identified, it is tracked and assigned for resolution. The QA team qualifies new releases on private instances for protection.
Bloomreach performs security monitoring, including checking internal traffic for suspicious behavior, performing network analysis, and examining system logs to identify unusual behavior.
Our incident management ensures the confidentiality, integrity, or availability of our client's resources or data. If an incident occurs, the security team identifies it, reports it, and provides a resolution priority based on urgency. https://www.bloomreach.com/en/security-at-bloomreach - Protective monitoring type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Protective monitoring approach
- Please find the process documented here: https://documentation.bloomreach.com/14/about/security-procedure.html. There is also a BCP available upon request.
- Incident management type
- Supplier-defined controls
- Incident management approach
- Please find the process documented here: https://documentation.bloomreach.com/14/about/security-procedure.html. There is also a BCP available upon request.
Secure development
- Approach to secure software development best practice
- Conforms to a recognised standard, but self-assessed
Separation between users
- Virtualisation technology used to keep applications and users sharing the same infrastructure apart
- Yes
- Who implements virtualisation
- Supplier
- Virtualisation technologies used
- Other
- Other virtualisation technology used
- AWS
- How shared infrastructure is kept separate
- Client data is stored within a unique AWS RDS database using a single-tenant model, thereby providing logical separation.
Energy efficiency
- Energy-efficient datacentres
- Yes
- Description of energy efficient datacentres
- https://aws.amazon.com/about-aws/sustainability/
Social Value
- Social Value
-
Social Value
- Covid-19 recovery
- Wellbeing
Covid-19 recovery
Enabling healthcare providers in the UK to get information vital for recovery and long-term care. Providing citizens accurate information about long term symptoms and a source for guidance, not misinformationWellbeing
Providing citizens of the UK information on weather reporting and activity to plan their lives and vacation planning appropriately through bloomreach hosted solutions as well as guidance on Bloomreach hosted institutes.
Pricing
- Price
- £78,000 an instance a year
- Discount for educational organisations
- Yes
- Free trial available
- Yes
- Description of free trial
- There is an option to start with a free trial. Please contact Bloomreach via sales@bloomreach.com
- Link to free trial
- https://www.demo.onehippo.com/ and https://cms.demo.onehippo.com/?0