COMPUCORP LIMITED

Open Social - Open-source Cloud Hosted Drupal Based Community Platform

The Compuco Community Platform is an exciting enterprise social network based on the Open Source Drupal platform. The platform provides a safe and curated online space where member stakeholders can collaborate, discuss and share ideas whilst also giving enterprise grade security and privacy options to administrators.

Features

• Instantly familiar social media user interface
• Workspaces for user collaboration, information sharing and project management.
• Document management with versioning, check-out / check-in.
• Enhanced group permissions - public, private groups, show/hide members
• Group access application process
• Group application questions
• Polls / surveys / Events
• Communication tools: direct messaging, email notifications, and announcements.
• Detailed analytics and platform usage metrics
• Moderation tools

Benefits

• Reduced costs for thousands of users through Open-source licence model
• Unlimited user licenses scaling to thousands of users
• Increased engagement with stakeholders and constituents for public communities
• Centralised platform for collaboration
• Fully responsive and accessible on any device
• Open APIs for integration with other tools
• Easy upgrades
• The full flexibility for customisation of an open source platform

£950 to £1,300 a unit a day

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at hello@compuco.io. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

153768543937957

Contact

Jamie Novick
0207 096 3336
hello@compuco.io

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: Scheduled security updates are normally applied monthly and require a small amount of system downtime (normally around 30 mins). We agree with clients to agree to a suitable maintenance window in order to apply these which can be outside of normal working hours. ; ; Drupal requires PHP with a MySQL or equivalent database.
• System requirements: Latest version of all major web browsers

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We provide a 4h response time for high priority issues during standard working hours (9am - 5.30pm) weekdays. Our standard contracts are Monday to Friday, but weekend support is available at an additional cost.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Yes, at an extra cost
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: We use the ""Freshdesk"" platform for managing support requests with their integrated chatbot. Their Internal web strategy includes; - accessibility solutions.; - Integrated accessibility in their strategy and design practices.; - They regularly validate and test their website for compliance with WCAG.
• Onsite support: Yes, at extra cost
• Support levels: We provide a range of Helpdesk Support options which are based on the number of required hours per month. Clients can always increase this number of hours if needed or purchase additional use ad-hoc support hours. ; ; All our customers are allocated an Account Manager who has regular check-ins to discuss strategic focus and further products or enhancements.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: The Compuco implementation process is focused on helping the Community Platform to deliver tangible outcomes for our clients. We are able to offer an end to end implementation service including discovery, configuration, training (both on and offsite) as well as supporting with complex data migrations. We will also supply full documentation of all processes that have been designed as part of the onboarding.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
  • Other
• Other documentation formats: Video
• End-of-contract data extraction: As a user you will always be able to download data via the application export features, but for more technical administrators we can provide a database export for you in any prescribed format.
• End-of-contract process: If at the end of the contract you wish to move to a new system we would work with you and your new supplier to define an exit strategy so that your organisation could continue to operate with minimal disruption over the transition period. There is no “one size fits all” approach as every organisation’s circumstances are different, but by working together we are confident that the handover can be achieved to your satisfaction.; ; We would be happy to work with any supplier to support migration to the new system, and can help with extracting data in a number of formats and providing advice and guidance as to the structure of the original data files. Once the migration has been confirmed we would decommission the old site. We would run through our final exit checklist to ensure all non-required data and access is removed from our systems before notifying the client of the same.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: None
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: Yes
• What users can and can't do using the API: Drupal has a highly configurable API which can allow any level of integration required. API's would however need to be configured to meet your integration requirements.
• API documentation: Yes
• API documentation formats: HTML
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Drupal is a highly flexible platform that supports high levels of customisations from within the application interface. This includes adding fields to various entities in the system. It is also possible to select from and install a wide array of community contributed extensions which add additional functionality. Should further customisation be necessary, the open source nature of the platform allows us to develop the platform in any way needed, and is unconstrained. We would be happy to discuss any developments as part of any implementation.

Scaling

• Independence of resources: Our hosting infrastructure ensures that customer instances are logically separated to prevent users from accessing resources not alloted to them. Compuco AWS-powered hosting ensures that customers are segregated via security management processes/controls at the network and hypervisor level.

Analytics

• Service usage metrics: Yes
• Metrics types: User last login date/time. ; Further metrics are possible and available on request. ; Full integration with google analytics available on request.
• Reporting types: Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: As a user with appropriate permissions, data can be exported in a number of ways but primarily using the built in CSV exporter or via a number of reporting options.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Compuco's AWS-hosted systems guarantee 99.99% availability of the service except for any scheduled maintenance downtime as may be agreed with the customer. Higher levels of availability with high availability infrastructures are available at request. Failure to meet agreed levels of availability will result in service credits awarded to the customer.
• Approach to resilience: AWS currently provides SLAs for several services. Due to the rapidly evolving nature of AWS’s product offerings, SLAs are best reviewed directly on their website via the links below: ; • Amazon EC2 SLA: http://aws.amazon.com/ec2-sla/ ; • Amazon S3 SLA: http://aws.amazon.com/s3-sla ; • Amazon CloudFront SLA: http://aws.amazon.com/cloudfront/sla/; • Amazon Route 53 SLA: http://aws.amazon.com/route53/sla/ ; • Amazon RDS SLA: http://aws.amazon.com/rds-sla/ ; • AWS Shield Advanced SLA: https://aws.amazon.com/shield/sla/ ; ; Our well-architected solutions on AWS leverage AWS Service SLA’s and unique AWS capabilities such as multiple Availability Zones, which ease the burden of achieving specific SLA requirements.
• Outage reporting: Compuco’s incident reporting system ensures that outages (service failure, web site unavailable, etc) are reported directly to responsible parties via e-mails, so that necessary actions can be taken. An API is available on request.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: 2-factor authentication; Public key authentication (including by TLS client certificate); Identity federation with existing provider (for example Google Apps); Dedicated link (for example VPN); Username or password
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: AWS
• ISO/IEC 27001 accreditation date: 22 November 2023
• What the ISO/IEC 27001 doesn’t cover: Compuco does not hold the certification directly, however, our hosting provider AWS has certification for compliance with ISO/IEC 27001:2013, 27017:2015, 27018:2019, and ISO/IEC 9001:2015.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: Stripe / Coalfire
• PCI DSS accreditation date: Valid through date: March 31 2025
• What the PCI DSS doesn’t cover: Compuco does not hold the certification directly, however, Stripe , our preferred online payment partners, have current Payment Card Industry Data Security Standard (PCI DSS) certification. ; ; • PCI DSS v3.2 Level 1 Service Provider ; ; We can also integrate with other online payment providers as required who can provide this certification for e-commerce functionality.; ; We can also integrate with other online payment providers as required who can provide this certification for e-commerce functionality.
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: Cyber Essentials Certification ; Additionally we operate an ISO 9001 aligned quality manual and ISO 27001 aligned information security policy. Our quality manual underpins our approach to software development, testing and release processes. Our information security policy underpins our approach to data management, staff training, development processes and internal data management.
• Information security policies and processes: Compucorp implement formal, documented policies and procedures that provide guidance for operations and information security within the organisation.; ; Compucorp is committed to a robust implementation of Information Security Management. It aims to ensure the appropriate confidentiality, integrity and availability of its data by maintaining policies in a centralised and accessible location.; ; A copy of our policies are available on request.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Changes to the service are managed as described by our quality manual. ; ; All code changes are subject to multiple stages of review, before being committed to a fully auditable version control system. Automated and manual tests are then run before the changes are applied to any live environment.; ; Automated and manual tests are then run before the changes are applied to any live environment.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: At the application level Compucorp monitors Drupal and Open Social's Security notices. Drupal and therefore Compucorp use a risk level system based on the NIST Common Misuse Scoring System (NISTIR 7864). Each vulnerability is scored using this system and a number is assigned between 0 and 25. Security release "windows" are the first and third Wednesday every month, PDT timezone. A release window does not necessarily mean that a release will actually be made however. The hosting platform (operating system, software, and applications) receives automated security patching for all software directly from the OS maintainers.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Our comprehensive webserver monitoring solution will alert us to unusual system activity, unauthorised intrusion attempts, usage abuse, and network/application bandwidth usage. Near real-time alerts flag incidents and our infrastructure team will take immediate action at the infrastructure or application level to correct any issues identified.
• Incident management type: Supplier-defined controls
• Incident management approach: Users report incidents via online ticket, email or telephone to our support team who will then investigate, categorise and escalate these to our Information Security Management Team as required. Urgent issues are given clear priority and are treated as soon as possible. We retrospective all information security incidents in order to identify solutions to ensure they are mitigated in future.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Compuco's sustainability policy aims to minimise environmental impact and promote societal contribution. It addresses emissions sources like electricity usage, corporate expenses, and employee commuting.; ; Principles:; ; - Compliance: Meet or exceed relevant laws and regulations.; - Integration: Incorporate sustainability into all decisions.; - Awareness: Ensure staff are informed and committed.; - Technology: Use advanced tech to reduce environmental impact.; ; Practical Steps:; ; - Travel and Meetings: Prioritise sustainable transport and teleconferencing.; - Equipment and Resources: Optimise data usage, conserve energy, and minimise waste.; - Externalities: Encourage staff volunteering and offset carbon emissions.; ; When implemented the Compuco Community Platform can serve as a dynamic hub for education, engagement, collaboration, and advocacy, empowering individuals and communities to take meaningful action in the fight against climate change.

  Covid-19 recovery

  Compuco recognised the challenges brought about Covid-19 and understands the likelihood of continued uncertainties in the near future. However, with over half of its team already accustomed to remote work, Compuco was well-equipped to support organisations during the main outbreak. It seamlessly transitioned to a fully distributed model, leveraging its experience to assist clients in their own remote work transitions. Compuco conducted client sessions, feedback, and training remotely using high-quality tools, resulting in increased efficiency and client engagement. ; ; In a post-COVID era, Compuco will continue to operate primarily in a distributed manner, capitalising on the efficiency and flexibility it offers. Remote client interactions and collaboration will remain prominent, with a continued emphasis on utilising the best available tools for effective communication and project management. The company has incorporated lessons learned during the pandemic to further optimise its operations and support clients in navigating potential future disruptions. ; ; As a product, Compuco's Community Platform can aid in COVID-19 recovery by sharing information, fostering support networks, coordinating resources, supporting local businesses, promoting mental health, facilitating volunteerism, and advocating for policy changes. It can serve as a central hub for communities to connect, collaborate, and support one another during the recovery process.

  Tackling economic inequality

  Compuco's approach to tackling Economic Inequality covers a range of practical steps:; ; - We prioritising fair hiring practices and diversity within our workforce.; - We are a Certified Living Wage Employer.; - Where necessary, we will establishing skill development programs for underrepresented groups.; - We engage with local communities through outreach and partnerships, for example our landlord's Educational Charity.; - We offering up to 2 days of volunteering per year to each of our employees whci can be spend providing services to organisations addressing inequality.; - We supporting diverse suppliers and vendors.; ; Our Community Platform can help in the fight against economic inequality by providing access to resources, empowering individuals economically, offering skill-building and networking opportunities, advocating for policy changes, promoting inclusive economic development, collecting data for informed decision-making, and encouraging civic engagement. Through these initiatives, the platform can help bridge the gap between economic opportunities and marginalised communities, creating a more equitable and inclusive society.

  Equal opportunity

  Compuco is dedicated to fostering an inclusive work environment free from discrimination based on various grounds. This commitment extends to its services, ensuring equal access for all clients and customers. The company upholds respect and dignity for all employees and clients. Personal data handling aligns with Compuco's Data Protection Policy.; ; We ensure fair treatment in recruitment, promotion, training, and other aspects of employment based on merit and qualifications.; ; Organisations can use the Compuco Community Platform to promote equal opportunity by providing access to resources, fostering skill development, facilitating networking and mentorship, advocating for inclusivity, promoting awareness of diversity and inclusion issues, celebrating diversity, and incorporating feedback mechanisms to ensure equal participation for all members of the community. Through these initiatives, the platform helps level the playing field and create a more inclusive environment where everyone has an equal chance to succeed.

  Wellbeing

  Compuco prioritises the physical and mental health of its team members through several initiatives:; ; - Encourages taking control of health with a Wellness Day annually for preventive care.; - Provides an extra day off on employees' birthdays.; - Offers two paid volunteering days per year for supporting charitable causes.; - Grants bereavement or compassionate leave in cases of serious illness or death in the immediate family.; - Provides a personal development allowance for learning and growth.; - Offers access to a Private Health Insurance Scheme for UK employees.; - Grants two Friday afternoons off between June and August to encourage relaxation.; - Supports flexible work arrangements for better work-life balance.; - Organises various social events, both in-person and online, to foster team bonding and well-being.; ; Our Community Platform can promote the well-being of workers by providing access to information, resources, and networking opportunities tailored to their needs. It can offers skills development, financial stability tools, advocacy for fair policies, health and wellness support, and mechanisms for feedback and support.

Pricing

• Price: £950 to £1,300 a unit a day
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Compuco can provide a full demonstration version of the system to clients to use for an agreed period of time (up to 1 month).

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at hello@compuco.io. Tell them what format you need. It will help if you say what assistive technology you use.