Skip to main content

Help us improve the Digital Marketplace - send your feedback

BloomReach B.V.

Bloomreach BrXM Cloud

With Bloomreach Cloud, you can quickly launch new initiatives, such as landing pages, content marketing campaigns, new communication channels and changes to your current digital environment, without having to wait for infrastructure to build and deploy them for you. Bloomreach Cloud is entirely customisable to the needs of the user.

Features

  • Users manage content, layout and workflow without IT involvement
  • Multichannel experiences across web, mobile and social. IoT ready
  • Responsive websites and content feeds to mobile and tablet apps
  • Multilingual websites with consistent layout and integrated translation management
  • Easy configurable targeting and personalisation for relevant omnichannel user experiences
  • Beste in class AI based (content) search capabilities
  • Secure and reliable platform based on AWS framework (EU located)
  • Open source background and REST-based framework drive ease of integration
  • Rapid development framework enables continuous delivery and digital experience innovation
  • Enterprise-level architecture guarantees optimal security, performance, reliability and scalability

Benefits

  • Bloomreach Cloud delivers Bloomreach-as-a-Service in the cloud
  • 24-7-365 support across the globe
  • Ongoing product maintenance delivering patches, hotfixes and security updates
  • Professional Services team delivering Bloomreach technical and business expertise
  • Certified local partner network ensure BloomReach expertise in your area
  • Education and training curriculum brings your organisation up to speed
  • Roadmap alignment keeps you informed about future product development
  • Experiments and testing to validate and optimise content and targeting
  • Engagement analytics provide insights into visitor behaviour and preferences

Pricing

£78,000 an instance a year

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at benjamin.mcdiarmid@bloomreach.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

1 2 3 0 8 6 2 3 7 6 7 3 2 1 5

Contact

BloomReach B.V. Benjamin McDiarmid
Telephone: +31657238081
Email: benjamin.mcdiarmid@bloomreach.com

Service scope

Service constraints
N/A
System requirements
None

User support

Email or online ticketing support
Email or online ticketing
Support response times
The following are the publicly available SLA response times and are subject to change in alignment with that document available here: https://www.bloomreach.com/en/about/cloud-sla
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
In addition to license cost, which includes Standard Support, further tiers start at the following pricing:
- Premium = £19,950 p/a*
Future support for implementation can be arranged with an account manager for work with Professional Services technical consultancy.
Every Bloomreach account has a dedicated account manager assigned to the account. For future application assistant a Service Delivery Manager can be arranged through professional services.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Bloomreach support new users with the setup and guidance into the platform, online training and extensive documentation which can be found via https://documentation.bloomreach.com/
Service documentation
Yes
Documentation formats
  • HTML
  • ODF
  • PDF
  • Other
Other documentation formats
None
End-of-contract data extraction
Copy the database to a new desired location.
End-of-contract process
Bloomreach will make, upon request, the data available for the customer to be copied into a new environment. This is included in the contract. Any extra support will need to be paid for.

Using the service

Web browser interface
Yes
Using the web interface
Users will have their own dashboard where they can edit, deploy, restart, check logs.
Web interface accessibility standard
None or don’t know
How the web interface is accessible
The web interface is available via a website and mobile device,
Web interface accessibility testing
Bloormeach customers have used ARIA (Accessible Rich Internet Applications) guidelines within their applications and built in workflows to lock these requirements in place for serving content with these guidelines in place. Utilizing additional scripts clients have the ability within the application to audit content for these guidelines and integrate with 3rd party tooling.
API
Yes
What users can and can't do using the API
An API allows users to access every available feature in the software, including changes, setup, etc. APIs can easily be served within the application and do not have the limitations for custom development.
Future development is in progress for enabling webhooks for real-time interactions for third-party notifications.
API automation tools
  • Ansible
  • Chef
  • Puppet
  • Other
Other API automation tools
  • Apache Maven
  • CICD Tools - Jenkins,Gitlab, CircleCL
API documentation
Yes
API documentation formats
  • Open API (also known as Swagger)
  • HTML
  • Other
Command line interface
Yes
Command line interface compatibility
  • Linux or Unix
  • Windows
  • MacOS
  • Other
Using the command line interface
The command line interface (CLI) in Bloomreach Experience Manager (brXM) offers developers and administrators a powerful way to interact with the system. However, its capabilities are usually geared toward advanced tasks and automation. Authoring properties disable users without access rights from utilizing areas of the CMS unrelated to their tasks. CLI limitations are also placed on the visual editor of the CMS to protect the application.
1. Setting Up the Service: Users can utilize the CLI to automate the setup and configuration of brXM. This includes initializing projects, configuring repositories, and setting up essential components. For example, users can create and deploy new projects or modules using Maven commands. Configuration files can also be edited directly from the CLI to adjust server settings or database connections.

2. Changes The CLI allows for direct manipulation of the platform's deployment and operational aspects. Users can deploy new code, update existing features, and execute scripts that modify content or configurations within the repository. Automation scripts can be run to efficiently handle repetitive tasks, like content migration or batch updates.

Scaling

Scaling available
Yes
Scaling type
  • Automatic
  • Manual
Independence of resources
Dedicated virtual machines for the application.
Usage notifications
Yes
Usage reporting
  • Email
  • Other
Other usage reporting
Client's receive access to Humio tool for insights on the site traffic and can query results to review site traffic and usage.

Analytics

Infrastructure or application metrics
Yes
Metrics types
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Yes
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery
Yes
What’s backed up
  • Databases
  • Logfiles
Backup controls
There is a standard backup schedule based on IT best practices. Nightly backups are stored in a different location.
Datacentre setup
Multiple datacentres with disaster recovery
Scheduling backups
Supplier controls the whole backup schedule
Backup recovery
  • Users can recover backups themselves, for example through a web interface
  • Users contact the support team

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
  • Other
Other protection within supplier network
HTTPS Encryption, AWS VPN, AWS Direct Connect, AWS Transit Gateway, S3 Transfer Acceleration, strict enforcement policies and a compliance for SOC2 and other ISO guidelines

Availability and resilience

Guaranteed availability
Guaranteed 99,9% availability per year - SLA can be find via: https://www.bloomreach.com/en/about/cloud-sla
Approach to resilience
This information is available on request.
Outage reporting
There is a public dashboard and customers will receive outage reports.

Identity and authentication

User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google apps)
  • Username or password
Access restrictions in management interfaces and support channels
IP-based whitelisting, dedicated networks, dedicated VPN
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Username or password
Devices users manage the service through
  • Dedicated device on a segregated network (providers own provision)
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
https://aws.amazon.com/compliance/programs/
ISO/IEC 27001 accreditation date
https://aws.amazon.com/compliance/programs/
What the ISO/IEC 27001 doesn’t cover
https://aws.amazon.com/compliance/programs/
ISO 28000:2007 certification
Yes
Who accredited the ISO 28000:2007
IS Partner LLC
ISO 28000:2007 accreditation date
09/02/2023
What the ISO 28000:2007 doesn’t cover
Available upon request and context of the question.
CSA STAR certification
No
PCI certification
No
Cyber essentials
No
Cyber essentials plus
No
Other security certifications
Yes
Any other security certifications
  • ISO 22301
  • SOC2 Type 2
  • 5 ISO Certifications

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
A list of all Bloomreach certifications can be found at https://www.bloomreach.com/en/about/security
ISO 9001ISO 27001ISO 27017ISO 27018ISO 22301GDPR certificationSOC 2 (Type 2) Report (Provided upon request, under NDA)

Bloomreach Content utilizes a wide variety of appropriate logging and auditing functions to track access to, and operations on, the platform. Examples include:- Humio - Used within the brCloud infrastructure for operational log management- Filebeat and Logstash for general log parsing- Sysdig for platform monitoring- User operation logs are managed by a combination of the platform and the customer's IAM platform (where appropriate)All logs and audits are encrypted at rest.  For a full description of the security options within the platform, please refer to the Security section within our product documentation
Authorizations are stored and configured in Bloomreach and incorporate a strong, but logical, User/Group/Role/Permission model that is applied across both the content and the operations that may be applied to that. This model is flexible in that it allows for the definition of additional roles and groups and maximum flexibility over the application of permissions. These can also be applied across different channels as well.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
This is documented and available upon request
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Our vulnerability policy includes processes regular web scans for potential threats to identify vulnerabilities. Once a vulnerability is identified, it is tracked and assigned for resolution. The QA team qualifies new releases on private instances for protection.
Bloomreach performs security monitoring, including checking internal traffic for suspicious behavior, performing network analysis, and examining system logs to identify unusual behavior.

Our incident management ensures the confidentiality, integrity, or availability of our client's resources or data. If an incident occurs, the security team identifies it, reports it, and provides a resolution priority based on urgency. https://www.bloomreach.com/en/security-at-bloomreach
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Please find the process documented here: https://documentation.bloomreach.com/14/about/security-procedure.html. There is also a BCP available upon request.
Incident management type
Supplier-defined controls
Incident management approach
Please find the process documented here: https://documentation.bloomreach.com/14/about/security-procedure.html. There is also a BCP available upon request.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
Yes
Who implements virtualisation
Supplier
Virtualisation technologies used
Other
Other virtualisation technology used
AWS
How shared infrastructure is kept separate
Client data is stored within a unique AWS RDS database using a single-tenant model, thereby providing logical separation.

Energy efficiency

Energy-efficient datacentres
Yes
Description of energy efficient datacentres
https://aws.amazon.com/about-aws/sustainability/

Social Value

Social Value

Social Value

  • Covid-19 recovery
  • Wellbeing

Covid-19 recovery

Enabling healthcare providers in the UK to get information vital for recovery and long-term care. Providing citizens accurate information about long term symptoms and a source for guidance, not misinformation

Wellbeing

Providing citizens of the UK information on weather reporting and activity to plan their lives and vacation planning appropriately through bloomreach hosted solutions as well as guidance on Bloomreach hosted institutes.

Pricing

Price
£78,000 an instance a year
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
There is an option to start with a free trial. Please contact Bloomreach via sales@bloomreach.com
Link to free trial
https://www.demo.onehippo.com/ and https://cms.demo.onehippo.com/?0

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at benjamin.mcdiarmid@bloomreach.com. Tell them what format you need. It will help if you say what assistive technology you use.