PRINT IMAGE NETWORK LTD (Trading as UK Engage)

UK Engage Secure online nominations

Our secure online nomination solution is used for board & council/committee elections. It’s easy to use and flexible. With encryption and email confirmation embedded, our solution makes it easy undertaking candidate nomination processes. Our system can be branded with a client’s logo, colour scheme and imagery to increase engagement.

Features

• Online Nomination site (PDFs, FAQs, Videos/Social Media Links)
• Platform Supports Candidate submissions (including Proposers/Supporters)
• Confirmation emails embedded to improve user confirmation
• Open Rates and Click through monitoring emails providing engagement statistics
• Candidate login security with Two Factor Authentication (2FA)
• Aesthetically pleasing digital interfaces. Fully customisable with multi-language options.
• Platform optimised for desktop, laptop, tablet or smartphone.
• SSL Secured using the latest secure encryption certification

Benefits

• Customisable digital solutions to present the customers brand identity.
• Help the environment using digital solutions by reducing Printing/Postage
• Fully Managed Election Services (Digital/Postal) Nominations to publishing the Results
• Independent Election Scrutineer awarded Customer Service Excellence (UK Cabinet office)
• Improve Member/Voter Engagement utilising extraordinary artwork and design
• User friendly digital experience facilitates engagement by reducing barriers
• Mobile optimised technology allows 'Nominations on the move' via Smartphone
• Digital products fully supported by our Admin Support Team
• ISO9001 & 27001, Certified Cyber Essentials and Fully GDPR compliant
• Registered with Information Commissioner’s Office covering Data Protection

£1,200 a unit

• Education pricing available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at a.tye@uk-engage.org. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

145318049358958

Contact

Andy Tye
0161 209 4808
a.tye@uk-engage.org

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: None
• System requirements: Internet enabled device with browser

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We respond to service requests (Working days: Monday to Friday, 9am-5pm, excluding bank holidays) dependent on the type of service issue, to ensure we prioritise the most critical need: ; Down time: Within 4 working hours ; Software failure: Within 4 working hours ; Problem not affecting key functionality: Within 4 working hours ; Query: Same and/or next working day
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: We provide a fully managed election service with a dedicated/named account manager working with the customer on Working days: Monday to Friday, 9am-5pm, excluding bank holidays. ; ; We provide end-user support via email and telephone on Working days: Monday to Friday, 9am-5pm, excluding bank holidays. We aim to answer the phone within 3 rings. ; ; Any support required outside these hours can be provided (price on application)
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: As part of our ISO 9001 and Customer Service Excellence standards, we operate a robust onboarding process to welcome clients to our service. ; Our 5 Stages of Onboarding are:; 1. Compliance: Administration of GDPR documentation, agreements and internal setup; 2. Welcome: Introduction to the team and named account manager for daily contact; 3. Consultation: Most if not all of your requirements, regarding your process, will have been covered in any tender response, meetings or partner plan. However, this is an opportunity to clarify requirements and complete a comprehensive project brief, which your Account Manager will follow. We will also set expectations for the service ahead and goals you would like to achieve for the project. ; 4. Planning: Your Account Manager will help plan the specifics of your process including timetables, any pertinent requirements set out in your election rules (or Articles of Association/Constitution), voting methods, design (based on previous examples of voting materials or entirely new concepts) which will require adhering to your brand guidelines. ; 5. Project Duration: As a new client, we ensure that your experience and result are as you expect. Our Account Managers will adhere to the timescales set to ensure the process meets every single deadline.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: At the close of the nomination process the client is sent all candidate details to undertake the moderation checks. All client data is destroyed 30 days after the voting period closes unless prior agreement is made. Updates throughout the nomination period are available from the account manager.
• End-of-contract process: After the election has concluded, we will undertake a review process and look to obtain your feedback. We will also raise the invoice for the electoral services provided. Arrangements will be made for the data to be destroyed in line with any agreement or legislation. Also we will send details of any communication relating to changes of member details such as email address, etc.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The service is device agnostic and will scale automatically and dynamically to the browser screen size.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: The site is developed with accessibility in mind and meets WCAG 2.1 AA standards.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: Used WCAG testing software that assessed the platform to determine which standards the site met.
• API: No
• Customisation available: Yes
• Description of customisation: Our system can be setup to use the clients branding, including:; • Logo; • Images/pictures/video; • Coprorate colour; • Languages; • downloadable document; • Copy text; ; Our account management team will undertake all customisations with the details provided and send you a link for you to review. The final site will be signed off by you before it goes live.

Scaling

• Independence of resources: We use load-balancing infrastructure that is setup to accommodate for peaks of activity, ensuring the operational effectiveness remains constant. As we control the number of users that can access the system at any time, we can proactively plan to scale the systems if required, especially if large volumes of use are expected. We constantly monitor use of the system and have also have Ddos protection mechanisms in place to allow system performance in the event of any targeted activity

Analytics

• Service usage metrics: Yes
• Metrics types: Metrics can be provided by your account manager
• Reporting types: Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Physical access control, complying with another standard
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: We use Citrix Sharefile for all data transfers that is encrypted and provides an audit trail along with user notifications. Access to the system is controlled via link, username and password being provided to the responsible person on the client side, once GDPR agreements are in place. Stored files are protected using AES 256-bit encryption in addition to unique per-file keys. All our file transfers adhere to our ISO27001 certification processes
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: The system is installed on dual redundant server hardware meaning it any aspect of our server fails the redundant server takes over in a fraction of a second, Therefore our systems uptime availabilty is more than 99.99%
• Approach to resilience: Data security is paramount for running election processes, which is why we invest significantly in our systems, physical/virtual protection, processes, policies, certifications & staff training. Further details are available on request.
• Outage reporting: Our technical team are alerted by SMS and email of any outage, however our systems are also monitored externally by our hosting provider with relevant SLA’s in place for any remedial action required.

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: Access to the management interface is via a small group of our staff via password and username. The service is a managed service whereby the administration is undertaken by our staff to independently manage the election process to remove any perceived bias. The client account manager will facilitate any need the client has acting as the communication channel with the technical/administration team.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users receive audit information on a regular basis
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: ISOQAR
• ISO/IEC 27001 accreditation date: 29/10/21
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: As part of our ISO27001 certification we have the following policies and processes in place relating to information security:; - Back up policy; - Cryptographic control policy; - Network disaster recovery policy; - Data protection policy; - Access and password policy; - Data breach procedure; - Software installation policy; - Secure data file transfer policy; - Access protocol policy; - Removable media policy; - Information security policy and manual; All policies state the processes required to be followed, reporting structure and escalation procedure.; We also have cyber essentials certification.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: We use version control processes with documented release notes to ensure all configurations in a live environment are tracked and managed. All implementations need to be authorised before implementation/roll out. All changes go through a request assessment process before development is undertaken, this includes an impact assessment on the security of the system. Full testing is undertaken before any updates are made to the live system. This is essential to both ensure the security of the system but also to ensure the security of the online voting process.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Vulnerability management for our systems is an integral part of our ISO27001 and Cyber Essentails certification. We regularly assess all possible risks to the services we offer and have mitigation procedures in place to accomodate for any considered scenario. This forms part of our business continutiy and risk managment processes. All systems where data is present are proactivley monitored and scanned to ensure all the latest patches are applied when released keep our systems current and updated. We also have endpoint protection that monitors and patches our antivirus, malware, etc.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: All our systems are constantly monitored in relation to network traffic/access, files, operating systems, firewalls to identify any potential compromises. Our ISO27001 policies define how quickly we respond to any incident along with the remedial action and escalation processes, depending on the issue, severity, risk and impact. Some of these processes are automatic and instantaneous such as our Ddos protection systems that immediately kick in when any malicious activity is identified.
• Incident management type: Supplier-defined controls
• Incident management approach: We have a structured incident management process as part of our ISO27001 certification. The process covers how incidents are reported, what action is then undertaken for containment/recovery, any investigation process, how, who and when we notify of the incident and finally how we review and evaluate the incident and its impact.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  We seek to minimise waste, promote recycling, reduce energy consumption, reduce harmful emissions and work with suppliers and customers on practical environmental programmes. In production of any printed election materials, there are programmes in place for the re-use resources by the following methods: ; ; • All waste material is segregated into specific waste streams and is sent to registered local waste management companies for recycling and reuse where possible. (Examples of recycled materials include: all waste paper cut-offs/flat sheets, cardboard, plastic film, aluminium plates, waste litho and digital ink tins/cans); • Recycling of toner/ink cartridges ; • Confidential waste is sent for shredding and recycled into tissue and toilet tissue products; • 100% closed loop recycling system for paper and chemicals.; ; Use of environmentally friendly goods:; ; We are very familiar with the Government’s guidelines regarding the revised scope of papers used within the public sector. The minimum recycled content is now 75% for coated and uncoated printing.; ; We provide both Forest Stewardship Council (FSC®) and Programme for the Endorsement of Forest Certification Schemes (PEFC) accredited paper stock. ; ; In addition, the printing ink used is vegetable based thus eliminating the use of isopropyl alcohol. This reduces volatile organic compound emissions and substrate and ink waste whilst improving working conditions and enhancing print quality. Toxic emissions are reduced by using a water-based sealant and alcohol-free font solution in print presses.; ; Where-ever possible we advocate for the use of online election systems, that overall reduce the carbon footprint of running an election, compared with the traditional paper based approaches.
• Equal opportunity:

  Equal opportunity

  Having supplied scrutineer services for many years, we are aware of the challenges clients face when looking to members that are represented by many different groups.; ; We will do our utmost, as far as our remit as your election services provider allows, to communicate your equality, diversity, and inclusion (EDI) message to your membership, for the purposes of engaging with underrepresented groups and individuals. ; ; We feel that balanced groups that are elected from diverse backgrounds with diverse skill sets, are more likely to advocate member engagement and change the culture. Therefore, the main purpose of EDI messaging, in this context, is to encourage underrepresented groups of members to get involved in the Election process.; ; Nomination Stage: To feel confident, enthused and empowered to put themselves forward for nomination.; ; Election Stage: To feel their voice is important in deciding the outcome of the election and deciding who is qualified, skilled, and passionate enough to make decisions on their behalf.; ; How we will do this: ; The ideal scenario is that each client is aware of any current inclusivity or diversity initiatives that are already happening in their organisation. This way, we can take core messaging and themes and apply them to our range of election materials. This approach often requires the buy-in of senior management, inclusivity task forces, and communications, to ensure a consistent message is being communicated.; If an organisation does not have such an initiative, we can call upon our team of designers and communications experts to create an EDI concept that will work for your (a) organisation and will (b) cover profiles which are aligned to UK equality legislation: -; • age; • disability; • ethnicity or race; • gender; • religion or belief; • sexual orientation
• Wellbeing:

  Wellbeing

  It is our duty of care to support all employees’ health, safety and wellbeing and in order to do this to a reasonable level, we provide a safe working environment, we protect staff from discrimination and carry out regular risk assessments. In addition to this we believe it is essential that all Leaders, Managers and First Aiders are trained to recognise and deal with mental health issues effectively. To achieve this we have also contracted PAM assist to help us deliver our Wellbeing policy and support our staff (see attached appendices) As part of our wellbeing policy, we cover the following subjects: • Know what Mental Health is • Why people develop Mental Health conditions • Role of the Mental Health First Aider • Providing advice and practical support for a person presenting a Mental Health condition • Recognising and managing stress and Identifying signs and symptoms of: • Depression • Anxiety • Psychosis • Eating Disorders • Suicide • Self Harm • Understand impact of alcohol and drug abuse on Mental Health • 'CARE' Mental Health action plan • Implementing positive Mental Health cultures in the workplace. We also have a Mental Heal Champion on site, who staff can talk to in private. An area has been created where these sessions can take place discreetly, or if individuals just need time out to reflect. In addition all members of staff are enrolled with an external HR provider and entry membership is funded by us. Our External HR provider helps employees take control of their own health and wellbeing giving them access to essential services and support. All staff can gain access to GPs and medical specialists, gain emotional support via counselling services as well as guidance on health, fitness and lifestyle.

Pricing

• Price: £1,200 a unit
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at a.tye@uk-engage.org. Tell them what format you need. It will help if you say what assistive technology you use.