CALVIUM

Place Experience Platform

The Place Experience Platform is an integrated system that lets you curate compelling content in a bespoke visitor app; combining wayfinding, trails, storytelling & real-time information. By controlling the visitor experience you can achieve place growth strategies and fuel the local economy.

Features

• Public, WCAG 2.1AA compliant iOS & Android Mobile app
• Location-aware multi-media content
• Rapid publishing of content and updates on multiple devices
• Cloud native, enterprise level security
• Analytics dashboard
• Multi-user collaboration
• Multi-language capability
• Offline functionality
• Custom maps
• Easy tour creation

Benefits

• Increases audience reach to attract more visitors to your destination.
• Compelling place-based stories to connect visitors to your destination.
• App is continually refreshed, ensuring latest up-to-date content.
• Scalable and secure
• Enhances data driven decision making
• Create and publish content, streamline production workflows and save budget.
• International visitors feel welcome when choosing their preferred language.
• Accessible anywhere, always-on visitor experience without a mobile signal
• Themed routes and experiential wayfinding
• Distribute footfall around a location -Increasing dwell time and spend

£15,000 to £40,000 a unit a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at jo@calvium.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

143101833090607

Contact

Jo Reid
01172262000
jo@calvium.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: No constraints
• System requirements:
  • Recent versions of Chrome, Safari, or Firefox
  • App iOS 14 & 15 and Android 9 and above

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Within 2 working days. Weekends are non working days.
• User can manage status and priority of support tickets: No
• Phone support: No
• Web chat support: No
• Onsite support: No
• Support levels: We provide email support for licensed users of our Place Management System. The support is included in the annual license fee of £3,000 for a maximum of 4 logins.; Additional logins can be purchased for £100 a seat.; We do not warrant the need for a technical account manager or cloud support engineer.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Each new client is assigned a Customer Success Manager. They will arrange an initial meeting with the client project manager and a further training workshop for everyone in the client organisation who will use the Place Mangement System.; Following the workshop the users will have access to documentation and training videos to refresh their memories when they come to using the PEP CMS on their own.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: All user content is first created outside the system. We advise clients to keep a copy of their content in uncompressed form so that they always retain their own data.; This means that there is not usually a need to extract their data at the end of the contract.; Calvium can provide a zip download of their content in exceptional circumstances.
• End-of-contract process: Calvium host and ensure that the mobile app and access to the PEP CMS is available for a year as part of the contract. After this period the client is asked to pay an annual service level agreements to ensure that the app remains available and the licenses to access the PEP CMS remain live.; If they decline to renew then Calvium will revoke client access to the PEP CMS and can, at any time, remove the app from the app stores.; In practice Calvium will keep the app available so long as it continues to provide a bug free user experience and until essential upgrades are required.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The public facing mobile app is the output of the service.; The main place management system is web based. After the public app is live, updates can be made via a mobile friendly web app version of the Place Management System which is restricted to updates to individual places only.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: The Place Management System is an easy to use web based system for uploading content, adding points of interest to a map and creating trails.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: We have tested with screen readers and accessibility audit tools.
• API: No
• Customisation available: Yes
• Description of customisation: They can specify the preferred foreground, background and highlight colours for the app based on their branding. They can provide a logo which will be included in the app splash screen. These will be provided through email .; They can also request labels in the app be changed to suit their context and content.; All licensed users can add their own content to the app which makes it unique to them.

Scaling

• Independence of resources: The service is hosted using scaleable products from Firebase that handle automatic horizontal scaling of resources as required which will handle variable and peak demand loads

Analytics

• Service usage metrics: Yes
• Metrics types: Number of individual users of the app, days they used it, places they visited, trails they used and most popular sights viewed
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest: Other
• Other data at rest protection approach: Data at rest is encrypted and stored in both Firebase Firestore and Cloud Storage for Firebase.
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: The client project manager should contact their Customer Success manager to ask for an export.
• Data export formats: Other
• Other data export formats:
  • Zip
  • JSON
  • JPG
  • PNG
  • MP3
• Data import formats: Other
• Other data import formats:
  • JPG
  • PNG
  • MP3

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: We will not bring down the PEP CMS for maintenance without 48 hours notice unless it is an emergency.; Our PEP CMS is hosted on Firebase and any server outages would be resolved within 24 hours.
• Approach to resilience: We use the Firebase product set which is designed to be resilient to server outages and we develop with resilience in mind (for example, user mobile apps work offline should a connection not be possible).
• Outage reporting: Service outages are reported via a status page at https://status.placeexperienceplatform.com

Identity and authentication

• User authentication needed: No
• Access restrictions in management interfaces and support channels: Access to management interfaces are restricted as users will need to be authenticated.; ; Support channels are provided via email addresses to contact.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: No audit information available
• Access to supplier activity audit information: No audit information available
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: British Assessment Bureau
• ISO/IEC 27001 accreditation date: 29/8/2021
• What the ISO/IEC 27001 doesn’t cover: Nothing
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Calvium defines all of its policities and processes to be compliant with ISO 27001.; Calvium’s top management has appointed an Information Security Policy Manager and Quality Control Manager who are responsible for the implementation and control of the Information Security Policy at Calvium.; Calvium use audit trails, permissions management, and regular documentation audits to ensure correct operation.; We make sure to frequently audit all the systems helping us in the prevention of information security system failures, information security leaks, system backup failures, information theft or any other information security breaches.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Our ISO27001 processes cover configuration and change management. ; Configuration is stored both in code and in third-party services (such as Firebase, Google Play Store, Apple App Store). Configuration changes are tested to ensure they work and have not caused a regression. Code changes are peer-reviewed via merge requests, which are committed to our version controlled git repositories.; We use multiple automated tools to scan changes for potential security problems such as NPM Audit, Fortify, FOSSA and other malware and virus scanning tools.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Our cloud services provider, Firebase, has extensive security management processes for all of their products. Our internal vulnerability management process is invoked as we become aware of an issue following ISO 27001. Threat information comes from dependency audits, internal testing and NCSC Early Warning. A risk and impact level assessment is performed by staff and appropriate measures are taken to resolve the issue and mitigate further issues. Depending on the priority given after assessment, we will resolve and complete mitigation within 24 hours to 2 to 4 weeks.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Our cloud services provider, Firebase, maintain their own systems for monitoring the protection of their systems. Our process involves daily security checks of dependencies to our server-side code. We also monitor for TLS/SSL certificate expiry. A risk and impact level assessment is performed by staff and appropriate measures are taken to resolve the issue and mitigate further issues. Depending on the priority given after assessment, we will resolve and complete mitigation within 24 hours to 2 to 4 weeks.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Our incident management process is invoked as we become aware of an issue following ISO 27001 and ISO 9001. A risk and impact level assessment is performed by staff and appropriate measures are taken to resolve the issue and mitigate further issues.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  Calvium is signed up to the SME Climate Hub and is taking positive actions to be carbon neutral by 2030.; The Place Experience Platform does not directly address fighting climate change but could be used to highlight places or activities that do if a client so wished
• Covid-19 recovery:

  Covid-19 recovery

  Our service helps the bounce back of towns and cities as part of their Covid-19 recovery. It supports organisations and businesses to manage and recover from the impacts of COVID-19 through new ways of working to enhance local economy:; Providing learning and development activities for new entrants to place marketing and management as well as existing organisations.; Enabling flexible ways to co-design and co-create services; e.g. with participating community groups, artists, local businesses and placemakers.; Creating new ways to attract visitors to a destination, distribute footfall and associated spend; increase opportunities for visitor dwell time and encourage repeat visits.
• Equal opportunity:

  Equal opportunity

  Calvium is an equal opportunity employer.; The Place Experience Platform provides an opportunity to support in-work progression to help people, including those from disadvantaged or minority groups, to move into higher paid work by developing new skills relevant to the contract; digital skills; content creation; storytelling and project management.
• Wellbeing:

  Wellbeing

  Ability to design content and mapping to support physical and mental health, and emotional wellbeing, through the delivery of the contract: influencing staff, suppliers, customers, communities and visitors.; Support strong integrated communities by involving local stakeholders in the design of content and help meaningful social mixing among people with different backgrounds.

Pricing

• Price: £15,000 to £40,000 a unit a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at jo@calvium.com. Tell them what format you need. It will help if you say what assistive technology you use.