Huddle

Ideagen Huddle: Real-Time Document Collaboration and External File Sharing

Trusted public sector project collaboration software providing a secure client portal for document management, revisions and change approvals. Secure document tracking and version controls suitable for Official Sensitive documentation as well as content storage and content sharing capabilities.

Features

• Cloud-based Workspaces for secure collaboration and file sharing
• UK-only data centres and Official Government Security Classification compliant
• Secure external portal to stakeholder collaboration and project collaboration
• Document approval workflow and full user activity audit trail
• Automatic version synchronisation and version control
• Microsoft Office 365 integration including Office Online apps integrations
• Multi-device compatibility: desktop compatibility and mobile compatibility
• Advanced security features, user permissions management and secure document tracking
• File access control and project collaboration - team integration
• Document revisions and tasks discussion and file discussion

Benefits

• Official Sensitive content collaboration, secure file sharing and document management
• Private sector partner collaboration and multi-agency project management
• Cloud document collaboration software and real-time collaboration tool
• Project management software with intuitive design and secure client portal
• Create secure Workspaces for team project collaboration and file sharing
• Scaleable collaboration software, customisable workspaces and branded workspaces
• Document management, document revisions and document approval, version control
• External portal creation for stakeholder collaboration and content sharing
• Microsoft Office 365 integration, folder management and external portals
• Preview files online, secure document tracking and file access management

£2.00 to £6.11 a user a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at g-cloud@ideagenplc.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

142141746428760

Contact

Jen.Pemberton
+44(0)1629699100
g-cloud@ideagenplc.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: Huddle's Service Level Agreement guarantees uptime of 99.7% during any 3 month period. Our record shows we are always performing well above this SLA.; Maintenance patches and upgrades of the software are scheduled at a convenient time with 2 weeks prior notice.
• System requirements:
  • Proxy/public internet access (or whitelisting for Huddle's platform)
  • Windows 7 , 8 and 8.1 (64-bit only), and 10
  • OSX - The latest two released version
  • Firefox - The two latest, released versions
  • Chrome - The two latest, released versions
  • Safari on Mac - The two latest, released versions
  • Microsoft Edge - The two latest, released versions
  • IOS - The latest two released version
  • Android - All versions of Android above 7+ Nougat

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Ideagen operate on Priority Level; - Urgent – P1: Example: System Outage. We aim to respond within 1 hour; aiming to provide a resolution plan within 4 hours.; - High – P2: Example: Critical Component Failure. We aim to respond within 2 hours; aiming to provide a resolution plan within 8 hours; - Normal – P3: Example: Problematic Behaviour. We aim to respond within 8 hours; aiming to provide a resolution plan within 24 hours; - Low – P4: Example: Non-Critical Failure/Query. We aim to respond within 12 hours; we aim to provide a resolution plan within 48 hours
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AAA
• Phone support: No
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: The Chat functionality by ZenDesk (Zenchat) is compliant to WCAG 2.1 AA.
• Web chat accessibility testing: Limited
• Onsite support: No
• Support levels: We have a dedicated Ideagen Support Team that operates a risk-based triage process in order to prioritise all support requests. This is based on the impact to end users and also the severity of the issue as defined by the customer reporting the issue. This risk assessment will produce a priority level. Software issues (e.g. bugs, defects) are reviewed and verified by Ideagen’s Test and QA Teams. Once reviewed, the issue is given a severity which controls the time of a fix. Support is provided as part of annual maintenance cost.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Online training, access to knowledge base, user documentation.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Combination of users downloading and a CSV file of mappings being provided.
• End-of-contract process: In-built data export enables the retrieval of all file content and data (comments, metadata). When an account is suspended users with admin roles are provided with restricted access to all file content and data stored for a limited period of time. After 112 days Huddle will irretrievably delete all content remaining on the platform.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Secure (PIN protected) mobile app, featuring Remote Log-out and Wiping, and Encryption at Rest (AES 256). Huddle's mobile app is also Enterprise Mobility Management and Mobile Application Management ready and works with most major EMM and MAM providers, including MobileIron and Microsoft Intune.; Note: Advanced company admin and customisation features are currently not available on the mobile service.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: Huddle invests heavily in its user experience, we research, test and analyse our user interface to improve the usability, accessibility and overall experience.; Our web app is 'responsive' to different resolutions. This means we are able to make full use of the screen space available on your laptop or monitor, maximising the working area and presenting content to you in an optimal way.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: Huddle tests to ensure the service is HTML 5 compliant which allows the use of assistive technology.
• API: Yes
• What users can and can't do using the API: The Huddle API is built using HTTP standards. Developers should familiarize themselves with these standards and concepts before developing against the Huddle APIs.; Our reference point for the HTTP interactions is the httpbis working group with particular reference to the sections on messages and semantics.; The Huddle API currently provides extensive methods to work with files and folders, tasks, comments and people. We also provide a Changes API to allow you to efficiently query modifications to an object and its children.
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: Huddle can be customised in the functionality it provides or visual appearance depending on your use case or how you want to use the platform. ; Huddle has three core functionalities the product is built around – Files, File Request & Tasks. As a manager of a Workspace in Huddle you can customise your engagements by adding or removing these functionalities.; ; You change Huddle branding to match your own to offer a customised branded experience for you and your users.; ; You can apply Advanced Customisation to your Huddle account, improving trust & providing a strong sense of ownership; Your brand’s primary colour will be applied to accents instead of 'Huddle blue'; ; Your company logo will be presented in the top left-hand corner of your Huddle instance to strengthen your brand presence in Huddle.; ; You can change default Account and Sign In logo’s to match your brand.

Scaling

• Independence of resources: Hardware is initially provisioned to meet the expected demand of the customer. Our Huddle product auto scales both vertically and horizontally depending on the load and thresholds. This is monitored by our cloud operations team.

Analytics

• Service usage metrics: Yes
• Metrics types: User total and total storage allocation used.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Other
• Other data at rest protection approach: The virtual hard disks (VHD) are encrypted to AES256 bit encryption
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Through the huddle interface or through Ideagen's technical support.
• Data export formats: CSV
• Data import formats:
  • CSV
  • ODF
  • Other
• Other data import formats: Any format can be uploaded into Huddle

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: Encryption at rest (AES256)

Availability and resilience

• Guaranteed availability: The SLA provides a 99. 7% financially backed uptime guarantee. ; If the Monthly Uptime Percentage falls below 99.7% for any given month, you may be eligible for the following Service Credit:; ; Monthly Uptime Percentage Service Credit; < 99.7% 10%; < 99.5% 20%; If Ideagen fails to meet the minimum Monthly Uptime Percentage described above for a Service, you may submit a claim for a Service Credit;; Client must submit a claim to customer support at Ideagen that includes: (i) a detailed description of the Incident; (ii) information regarding the duration of the Downtime; (iii) the number and location(s) of affected Users (if applicable); and (iv) descriptions of your attempts to resolve the Incident at the time of occurrence
• Approach to resilience: Extensive fault tolerance technologies used, no single point of failure. Detailed information is available on request.
• Outage reporting: Automated active monitoring system and alerts are in place. If an outage is detected, clients will be informed via email or telephone depending on the severity.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: Ideagen have product specific as well as corporate access control policies that are assessed as part of our ISO accreditations. Ideagen operate on a least privilege basis. Access to servers containing client data are restricted to individuals demonstrating an appropriate need via an access request form. Only when access approval is granted, a token is sent to the requesters email address and only they can authenticate for a predefined amount of time. Even Ideagen "privileged" users in our cloud operations team are subject to the access control process described in the above statement.
• Access restriction testing frequency: Less than once a year
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
• Description of management access authentication: All access to client data is fully audited and tracked and is only accessed when necessary. ; ; Support have admin access through application layer. All access is fully audited and logged (with logs being held for a min 12moinths) ; ; Our cloud ops team can only access data in response to a support ticket and again this is all fully audited and logged. ; ; All access will fire an alert email to the technical operations group who will police our privilaged users.

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: United Registrar of Systems
• ISO/IEC 27001 accreditation date: 9/21/2021
• What the ISO/IEC 27001 doesn’t cover: All applied
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: Self validated by Worldpay
• PCI DSS accreditation date: 10/12/2021
• What the PCI DSS doesn’t cover: N/a. Ideagen use a system called Worldpay to process all of our credit card payments.
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: IT Health Check (ITHC) verified Pen Test

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: CE+, ITHC
• Information security policies and processes: Ideagen Huddle follow and are externally audited against the ISO27001 Information Security Management Standard. We are happy to share an overview of our policies through our Information Security Policies Overview document and will also share our ISO27001 certificate and Statement of Applicability. Furthermore, information on GDPR can be provided.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All changes are subject to Ideagen's change management policies and procedures that are audited as part of our ISO certifications. Risk is measured and appropriate mitigations defined as part of the change approval process. Each change is properly assessed to ensure that operational risk is reduced and measures are in place for back-out plans should an issue occur. Any high-risk change must be authorised by a senior manager.; Development adheres to a documented SDLC. From design to code to test through to release . Development and test strategies consider security aspects in both application and deployment activities.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Ideagen undertake ‘at least’ monthly internally managed vulnerability scans (Nessus), biannual internal penetration tests on the application later and externally managed annual penetration tests. (This would include a NetSparker scan, BurpSuite scan and Nessus scan) at both the infrastructure and the application layers. Findings from each assessment are reviewed, risk ranked, and assigned to the responsible team for remediation. The penetration test is provided by an external accredited provider and we are happy to share the results upon having a signed NDA. For further information Ideagen can share policies on our penetration testing, vulnerability and patch management.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Ideagen have a managed SIEM that collates events from a large number of sources (E.g. next gen end point EDR, Network OS etc). There are UEBA tools in use that also feed into the SIEM and raise alerts. Alerts are raised with the Cloud Operations Team. There is 24 hour , 365 days a year monitoring in place. Time to respond is based on severity of issue, issues go through a risk-based triage process and are classified as a Priority 1 to Priority 4 based on the impact to end users and also the severity/urgency of the issue.
• Incident management type: Supplier-defined controls
• Incident management approach: We have in place a Cyber Security Operations Centre consisting of dedicated team members, responsible for managing, investigating and resolving all areas relating to information security. We also have a Cyber Emergency Response Team made up from domain experts across the Ideagen business, the members of the CERT would change dynamically to respond to different incidents. The CERT is responsible for working alongside the SOC, extending the technical triage, investigation, resolution and communications. Ideagen staff are required and encouraged to report identified information security events and weaknesses.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  The Environment subject that has always been very important to us at Ideagen. We have had ISO14001:2015 Environmental accreditation since 2015 in the UK for which we monitor our energy consumption. As required by law we complied to ESOS Phase II and in 2020 and this year we have adhered to the requirement of the Streamline Energy and Carbon Reporting (SERC) requirement which requires that Ideagen’s carbon footprint is communicated at the end of each financial year via Directors’ Report.; As a software company our strategy re hosted products is based on Social Responsibility. Products are moved onto Amazon and Microsoft Cloud who have sustainable operations which include carbon footprint, renewal energy and a commitment to Corporate Social Responsibility.; We are presently working on our Net Zero Commitment Project. This means we will balance the whole amount of greenhouse gas (GHG) released and the amount removed from the atmosphere. We are looking at the key actions to take within our supply chain emissions, business travel – encouraging non-air transport modes and only travelling when absolutely necessary. Note at present all Ideagen employees are either homebased or have an option to work from home/office certain days of the week.; Also looking at the adoption of renewables across our sites, we will assess the current and expected relevant market availability of renewable energy tariffs or other renewable energy instructions (RECs,EACs etc.) and SBTi submission.; Our community lead is delivering to local schools learning about responsible business and a student challenge to create a service, event or activity that Ideagen could create that will be good for the community and/or the environment.; Ideagen has also decided to use the guidance provided by ISO 26000 as in the current environment we are becoming increasingly aware of the need and benefits of socially responsible behavior
• Covid-19 recovery:

  Covid-19 recovery

  Early and decisive actions were taken by senior management to focused on protecting team members, supporting our customers and positioning for the future.; As a software development company most of staff were already set up to work from home, and the remaining measures were quickly put in place to also work from home. Daily communication by line managers and between team members was encouraged and support and relevant measures put in place for those not able to work from home.; Social dialogue was maintained through online language, Yoga and Dance classes. Healthcare sessions e.g., Health Heart by British Heart Foundation are offered. Online meet up with other departments encouraged not just for work but through ‘coffee and chat’ sessions and book clubs.; Further measures implemented can be found within Ideagen’s COVID-19 Statement
• Equal opportunity:

  Equal opportunity

  Ideagen is an equal opportunities employer. Our policy is to treat all employees, job applicants, customers and suppliers equally regardless of their age, disability, gender reassignment, marital status, pregnancy, race (including nationality, ethnic or national origins), region or religious beliefs, sex or sexual orientation. Ideagen is committed to providing equal opportunities in employment and to avoiding unlawful discrimination in employment and against its customers or suppliers. ; ; We have a designated talent development team within our People team. We have a significant budget allocated to the ongoing development of talent. This includes apprenticeship opportunities from level 2 to degree level and a detailed development prospectus for all colleagues. Each apprentice is allocated a workplace mentor, in addition to line management support. ; Ideagen have built the Think Big community education programme with Nottingham Forest Community Trust. It is aimed at disadvantaged young people in secondary schools with a mission of ‘Motivating young people to be excited by Tech - inspiring them to think big about future employment in the Tech industry.’ All learning has mainstream and SEND versions. 50 Think Big Ambassadors (role models from Ideagen) have been trained to share their career stories; this includes sharing disability access and social mobility stories. ; Ideagen have a relationship with Autism East midlands, providing extended work experience projects with the purpose of reducing barriers beneficiaries face securing jobs and developing skills for the tech industry. ; Ideagen are a Cornerstone Employer. This is a national network of 300 businesses that connect through Local Enterprise Partnerships to support the local skills strategy. Inclusivity and SEND are key pillars in this work. ; Ideagen are an ‘enterprise adviser’ to Nottingham College. This includes training teachers and advisers on the tech sector, supporting students with their transition to work, curriculum industry insight, advice on employability skills and careers.
• Wellbeing:

  Wellbeing

  Ideagen offers a varied engagement plan from exercise classes, to health and wellbeing workshops. We have carried out Financial Wellbeing, British Heart workshops, Mindfulness and most recently Mental Health Training for Line Managers. Ideagen have added mental health onto our AXAC Policy, we have distributed mental health posters with contact numbers on to each office and we have a wellbeing room at our head office and in the new build in Kuala Lumpur. ; Ideagen have created a TEAMs page for Health and Wellbeing related literature. We have distributed literature on mental health via emails as well. We have created a mental health vision detailing how we will support our employees for this financial year with regards to mental health. We recently held a Time to Talk and Mental Health coffee and cake morning for employees in our Head office. ; Ideagen offer flexible working and working from home. We have recently carried out volunteering as part of National Volunteering week. ; We use Peakon as an anonymous employee survey to see how our employees feel about every aspect of their life at Ideagen from office to line manager and career prospects. We have the new recognition scheme to encourage employees to show a public recognition and cross departmental nominations for working together. This scheme offers monetary and non-monetary forms of recognition.

Pricing

• Price: £2.00 to £6.11 a user a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Fully functioning Huddle experience including all key features, in-app support and access to knowledge base. 14-day managed free trial tailored to individual requirements and are subject to agreement.
• Link to free trial: https://www.huddle.com/get-started/uk-government?utm_source=Referral&utm_medium=G-Cloud

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at g-cloud@ideagenplc.com. Tell them what format you need. It will help if you say what assistive technology you use.