Artifax Software Limited

Artifax

Join a global community managing commercial and cultural spaces and activities with Artifax. Theatres, concert halls, festivals, museums, galleries, sports facilities, visitor attractions, schools and other venues use Artifax for event planning, room hire, staff and resource scheduling, finances, artistic and production schedules, tour bookings, document storage and online bookings.

Features

• Central shared calendar, document storage & contact management
• Intuitive, user-friendly interface
• Fully user customisable with custom fields & contextual forms
• Available in multiple languages or create your own
• Powerful search & reporting capabilities
• Sophisticated finances for multiple trading entities sharing a database
• Public API & Microsoft Office integration
• Optional artistic programming, attendee management, staff scheduling & guest logistics
• Granular user & group security permissions plus 2 Factor Authentication
• Flexible concurrent &/or named user licensing model

Benefits

• Eliminate duplication with a central database
• Increase efficiency with easy workflows & integrations
• Speed up the booking process with user-defined templates
• Gain business intelligence with KPIs & scheduled reports
• See a holistic view of people & organisations
• Manage complex deals, commission calculations & performance settlements
• Build dashboards in Excel with live data
• Translate any field or application string
• Maximise revenue with effective room & resource management tools
• Keep personal data safe & ensure compliance with the GDPR

£297 an instance a month

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at claire.robinson@artifax.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

129948860185054

Contact

Claire Robinson
020 3987 9737
claire.robinson@artifax.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: Planned maintenance, during which ArtifaxEvent may be inaccessible, takes place between 06:00 and 08:00 weekly on Fridays. ; ; Planned maintenance, during which ArtifaxAgora may be inaccessible, takes place between 20:00 and 22:00 weekly on Thursdays.
• System requirements:
  • Screen minimum resolution 1024 x 768
  • Desktop/tablet/mobile browser
  • Microsoft Word/other application capable of opening RTF files for reports
  • PDF reader for reports

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: During support hours, we usually respond to questions within 5 minutes.; ; Standard support:; Monday to Friday 09:00 to 17:30, except bank holidays.; ; Enterprise support:; Monday to Friday 08:00 to 18:00, except bank holidays.; ; Emergency phone number provided for out of hours support.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: All subscriptions include access to technical and end-user information and support services by phone, email and online, access to our community forums and free ArtifaxAcademy training.; ; On-site support is available at our standard day rates.; ; The services of technical account managers and cloud support engineers are available.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We provide tailored onsite and remote training as well as training at our head office in Epsom. Our dedicated documentation specialist ensures that the system administrator and user guides in our online Help Centre are updated and enhanced regularly. Our library of 'how to' videos is growing and we also offer online ArtifaxAcademy training and webinars, all free of charge.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Organisations can extract their data as ICS, XML, CSV and PDF files, and by using our API or Excel Toolbar.; ; They can also request a copy of their database.
• End-of-contract process: There are no offboarding costs other than a small charge for supplying a copy of the database, if required. All data is deleted 30 days after the end of the contract unless otherwise agreed.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: None
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: ArtifaxEvent and ArtifaxAgora are accessible via a web browser.
• Accessibility standards: None or don’t know
• Description of accessibility: We are working towards WCAG 2.0 AA.; ; Visual: Contrast, legibility and colour awareness are well supported. We are currently addressing potential misalignment on graphical calendar views when zooming or increasing text size.; ; Auditory: There are no auditory elements in the application.; ; Cognitive: In addition to the Visual considerations, we are continuously reviewing and improving consistency of controls in the application and simplicity of notifications.; ; Motor: We are mindful of users who prefer to use the keyboard, and are careful to properly organise and label screen elements.
• Accessibility testing: Currently we do not have documented interface testing with users of assistive technology.
• API: Yes
• What users can and can't do using the API: ArtifaxEvent includes a RESTful API enabling ability to pull/push information to/from the application. Unlimited API keys may be configured from within the application. Although the API covers a wide range of functionality, as yet not all areas of the application can be manipulated through its use. Additional API calls are being introduced with each release.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Rooms, resources, sales process (pipeline) statuses, booking statuses, event statuses, event activities, tasks, reports and templates can all be customised (names, text and background colours etc.). Specialist modules for artistic programming, attendee management, staff scheduling and guest logistics can also be fully customised. Groups can be created for individual and organisation contacts. Unlimited custom fields and ad-hoc/contextual forms can be created. Organisations can tailor an existing application language or create their own from scratch. Customisation can be carried out by end users with the appropriate security permissions (also customisable) and/or the organisation's system administrator.

Scaling

• Independence of resources: The ArtifaxCloud architecture has been designed, and is managed, to cater for large numbers of concurrent users - this includes load balanced web servers which can scale horizontally. Ongoing monitoring is used to ensure, as far as possible, that CPU usage across the various servers is maintained below 80%. Automated alarms are used to notify our support team should the CPU on any server remain above 80% for greater than 5 minutes. Any aspects of the application found to cause risk of high CPU usage and/or other performance related issues are passed through to Development Teams as a priority.

Analytics

• Service usage metrics: Yes
• Metrics types: Uptime, Number of users in the last 10 minutes, Events in the last 10 minutes, Arrangements in the last 10 minutes, Entities in the last 10 minutes, Total Scheduled Reports, Total Arrangements, Total Events, Total Entities, Total Rooms, Most recent Arrangement, Most recent Event, Most recent Entity. Other metrics can be provided.
• Reporting types: Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: In-house
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Users can extract their data as ICS, XML, CSV and PDF files, and by using our API or Excel Toolbar.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • ICS
  • XML
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: Access to the ArtifaxCloud infrastructure is restricted by IP range. AWS Security Groups are used throughout the infrastructure to restrict access between servers within the network, and to ensure only required ports and protocols are open.

Availability and resilience

• Guaranteed availability: Artifax uses commercially reasonable endeavours to make the Software; available 24 hours a day, seven days a week. Uptime since 2014 exceeds 99.98%. We do not offer service credits.
• Approach to resilience: Our data centre is provided by Amazon Web Services (AWS). Further information is available on request.
• Outage reporting: Users would be notified of outages via our online Help Centre. If a user has subscribed to the relevant articles, they would also receive an email.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: Staff access to all systems holding personal data is strictly controlled. Levels of access are set on a ‘minimum access required’ basis and system access requests must be approved by both the staff member’s line manager and custodian for each system. A software asset register is maintained and reviewed on a regular basis by each custodian
• Access restriction testing frequency: At least every 6 months
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: British Assessment Bureau (UKAS accredited)
• ISO/IEC 27001 accreditation date: Initial certification: 19/12/2016 | Latest issue: 22/02/2022
• What the ISO/IEC 27001 doesn’t cover: All our G-Cloud 12 services are covered.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: Self-Assessment Questionnaire (SAQ)
• PCI DSS accreditation date: May 2019
• What the PCI DSS doesn’t cover: All card data is secured as we only use PayPal Express Checkout. PayPal handles the payment card information on our behalf.
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • Cyber Essentials
  • ISO 9001:2015 for our Quality Management System

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Artifax is ISO 27001:2017 accredited and Cyber Essentials certified and has a comprehensive Information Security Management System (ISMS) in place. Our ISMS Policy document provides an overview of the company, the activities it carries out and the quality standards of operation to which it conforms. It also carries information about where procedures information is located and detailed information on documentation requirements for essential procedures. Artifax is a SME, so has a straightforward reporting structure. Artifax's Managing Director is the company's Information Security Manager (ISM), supported by the Senior Management Team (SMT).

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All changes within the application are tracked through a strict efficient workflow using industry standard issue management software. Issues are prioritised based on various aspects including impact, performance, risk etc. All application changes are reviewed by a secondary developer and checked by QA prior to being included in a release. In the source code repository, separate issue branches are used for every individual issue. All configuration changes within the ArtifaxCloud are tracked, with all calls to the AWS API logged using AWS CloudTrail. Worklogs are maintained for all work carried out during maintenance periods.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Information about potential threats is collated from internal and external sources, as well as by use of industry standard pen testing tools. All identified threats and/or vulnerabilities are assessed for risk and impact, and then categorised by priority. Any required service patches are fast tracked through the development cycle and deployed as soon possible once verified by the QA team.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Key metrics are monitored 24/7/365. These include CPU, RAM, Network Traffic Throughput, Latency and File Space Usage. All application instances are monitored 24/7/365. Real time virus protection is in place. Application access request logs are monitored and analysed. Any incidents are logged and analysed as a priority, with any required action initiated at the earliest opportunity.
• Incident management type: Supplier-defined controls
• Incident management approach: All occurring incidents within ArtifaxEvent, ArtifaxAgora and ArtifaxCloud are logged and tracked through a strict workflow using industry standard issue management software. Users can report incidents directly to our customer services team. Communication with users regarding incidents is managed through an industry standard help desk system.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  Working remotely therefore reduction in fuel consumption both in getting to and from the office, and in heating the office.; ; Remote service implementation, again reducing fuel consumption as opposed to on site implementation.; ; Side effects of this are reduced paper usage and reduced carbon emissions.

Pricing

• Price: £297 an instance a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at claire.robinson@artifax.com. Tell them what format you need. It will help if you say what assistive technology you use.