UPLAND SOFTWARE UK LIMITED

Rant & Rave

Upland Rant & Rave is a cloud-based feedback solution that brings Customer Voice into the heart of the business. We do this by making feedback requests simple and engaging, focusing on what’s important. We provide real time, actionable insight presented in dashboards that are designed to engage and support action.

Features

• Real-time feedback capture
• Multi-channel feedback capture
• Pro-active / Triggered feedback capture
• Responsive / always-on feedback capture
• Intuitive, persona led dashboards
• Industry-leading sentiment engine
• Customer recovery module
• Frontline engagement
• Deep dive customer insight analytics

Benefits

• Increase the volume and quality of actionable insight
• Gain immediate access to feedback
• Quickly identify root cause of dissatisfaction
• Recover customers and reduce complaints
• Democratise feedback and empower frontline teams
• Celebrate employees
• Drive continuous improvements with evidence
• Complete view of satisfaction across all customer journeys

£30,000 an instance a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@uplandsoftware.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

252012796896998

Contact

Heather Babington
0161-362-6518
gcloud@uplandsoftware.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: N/A
• System requirements:
  • Latest versions of Edge/Chrome/Firefox/Safari
  • Broadband Internet connectivity
  • PC/laptop/MAC/Tablet with access to the Internet
  • IP & port whitelisting: https://app.rantandrave.com
  • Data exported via CSV, XLS or XLSX formats

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: P1 - 1 business hour; P2 - 4 business hours; P3 - 1 business day; ; Monday to Friday support, 09:00 - 17:00 UK
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: No
• Support levels: P1 - Urgent - Production system Defect that prevents business critical work from being done, no Workaround exists, and Defect impacts most Users;; Defect causes a material loss of Customer Data in production system; or; Security-related Defect.; ; P2 - High - Production system Defect that prevents business critical work from being done and a Workaround exists; or; Defect violates the material specifications in the Documentation and impacts Customer’s production system.; ; P3 - Normal - All other Defects.; ; Cloud incident (outage) - Upland’s cloud service is unavailable and/or inaccessible for all Users.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Upland Rant & Rave provides complete implementation, training, ongoing support, upgrades, maintenance, and consulting services. There is a range of local and remote post-implementation support and consulting services available to you.; ; Upland Professional Services will complete the implementation process so the customer is enabled and trained to support future configuration effort themselves. This is configuration of the tool’s inherent functionality through the GUI menus and options – and not customising source code. The initial implementation workshops will focus on the business architecture and analysis that must proceed any configuration in the user interface.; ; Training options; ; Upland Software offers a comprehensive range of training options tailored to fit each customer's specific needs and for each of our solutions offerings. Choose from instructor-led classes, simulations and train-the-trainer programmes — delivered in-person, remotely, or via computer-based training. Training will take place during the implementation for system admins and then formal sessions will be held for specific roles once the configuration is fully defined. Train the trainer is the preferred approach for end users – this ensures that you the customer is the ultimate owner of your tool.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Users are always able to extract data at any time. On contract end (or before) Rant & Rave will provide a number of data options but, in summary, this can be done either by manually extracting the data via the dashboard using XLS or by pulling the data via our API. You will be the data controller and thus all the data is yours. Once agreed, all data is destroyed and a Data Destruction certificate is issued.
• End-of-contract process: As per Terms & Conditions we will delete all the relevant data according to the relevant standards in a timeframe that is mutually agreed. This deletion requires no statement of work is included. Additional work will require a statement of work and relevant scoping. A Data Destruction Certificate will be issued once the process is agreed and completed.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Dashboards will re-size based on the mobile device used
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: The Rant & Rave platform offers RESTful web interfaces which supports the solicitation of feedback requests and return of data via API. It provides methods for accessing data via XML which can be used to import back into our clients' data warehouse.
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: Customers can select power users to be trained as administrators. These administrators have access to an administrative panel within Rant & Rave. All administration and configuration is achieved through the same browser interface that is used by end users. All screens, forms, reports, views are configured through the browser interface. No coding knowledge or skill is needed to perform configurations within Rant & Rave.

Scaling

• Independence of resources: Rant & Rave is a standard 3-tier application with Web, Application and Database tiers. Each tier can be scaled horizontally and vertically. Customer data is logically segregated; however, we put multiple customers on each of our application and database servers. We are a multi-tenant system to capitalize on the economies of scale for resources and ongoing operational maintenance.; ; Additionally, Rant & Rave utilizes Amazon Web Services (AWS) for hosting (Infrastructure-as-a-Service) to ensure the high-level application performance needs of our global customer base are fulfilled.

Analytics

• Service usage metrics: Yes
• Metrics types: Analytics are a core component of the Rant & Rave analytics function and contain a robust collection of reports.; ; Response rates, user logins, solicitations are all available via dashboards.
• Reporting types:
  • API access
  • Real-time dashboards
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Other
• Other data at rest protection approach: Data at rest encryption
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Many areas of Rant & Rave that provide summations of data (e.g., Visual Portals, Dashboards, drill-through reports) can be exported in a variety of common formats (e.g., PDF, PowerPoint and Excel, etc.). Rant & Rave has the ability to generate a full data export in any format preferred (e.g. Excel).
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • XLS
  • XLSX
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • JSON
  • XLS

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Our guaranteed uptime is 99.5%
• Approach to resilience: Rant & Rave’s services are monitored 24/7/365 using a combination of tools ranging from some home-grown end to end business tests through to standard monitoring using Pingdom, Nagios and Elasticsearch, LogStash and Kibana, with alerts being triggered via email, SMS and Pager Duty. Rant & Rave also has daily system checks done by humans morning and evening to validate all system components. In hours and out of hours incidents are managed by the Production Operations team with named engineers on a rota for system alerts and escalation routes to senior incident managers both in and out hour of hours. Rant & Rave aim to inform customers at all times about service affecting incidents and Rant & Rave has internal incident procedures, SLA targets and RCA
• Outage reporting: E-mail alerts

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: Rant & Rave will authenticate users via the customers identity provider via OpenID Connect (OIDC)
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Certification Europe
• ISO/IEC 27001 accreditation date: 19/02/2024
• What the ISO/IEC 27001 doesn’t cover: The following organization functions are managed by this ISMS:; ; · Customer Success; · Finance & Accounting; · Human Resources; · Enterprise IT; · Leadership team; · Legal Counsel; · Marketing; · Cloud Operations; · Product Development; · Sales; · Security and Compliance; · Services (Implementation); · Software Development; · Solution Consulting; · First-, Second- and Third-line Support
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: Upland Software’s product lines are accredited or follow best practices as defined by various bodies in relation to their standards and procedures. These include, but are not limited to:; ++ SSAE-16 / ISAE 3402; ++ SOC 2; ++ Privacy Shield
• Information security policies and processes: Upland’s security framework is based on the ISO 27001 framework. Upland Rant and Rave is ISO27001 certified. Upland has a VP of Security and Compliance who has remit and resources to ensure all information security policies are maintained.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Rant & Rave has a formal change and patch management process for dissemination into production environments. The process involves the development of features/enhancements, unit testing, building and hardening, and then full regression testing in a QA environment prior to production deployment. Controls are in place to ensure that our production environment is only accessible by certain key employees as part of the production roll-out process or for troubleshooting. We schedule change and patch deployments to occur off business hours/days and include checks on build procedures and validations to ensure successful deployments.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Upland participates in the following security forums and professional associations: SANS, insecure.org, w3.org, cert.org, and securityfocus.com. Additionally, alerts are sent to us from Microsoft and Adobe security departments, and we receive alerts from the 3rd party organization conducting our quarterly vulnerability scans and 24x7 monitoring services.; ; We receive alerts via Microsoft on software and OS updates/patches. We use Microsoft Server Update Service (WSUS) to deploy and manage security patch updates.; Patches are tested prior to installation. We make every attempt to install critical security patches as soon as possible while ensuring compatibility and testing requirements are met.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Upland’s Security Organization performs monitoring activities in order to continuously assess the quality of internal control over time. These activities are used to initiate corrective action through department meetings, client conference calls, and informal notifications. Management performs monitoring activities on a continuous basis, taking necessary actions as required to correct deviations from company policy and procedures.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Upland Software manages incidents by identifying and responding to them quickly, notifying key support and management personnel in a timely manner, restoring service as soon as possible, determining the cause of the incident, and taking appropriate steps to prevent future incidents. Our incident management process also allows us to quickly notify external organizations that may have been affected by an incident, including customers and partners. We employ internal and external; monitoring systems that periodically verify the state of each Upland cloud-based software product.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Equal opportunity

  Equal opportunity

  Our commitment to diversity, equity, and inclusion; At Upland, we recognize the importance of diversity, equity, and inclusion for our team members, our customers, and the communities which they represent.; ; We are committed to educating ourselves and doing the necessary work so we can identify opportunities to create impact where it matters most to our team members and to build a richer sense of community for all.; ; Because at the end of the day we want everyone to feel seen, respected, and heard.

Pricing

• Price: £30,000 an instance a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@uplandsoftware.com. Tell them what format you need. It will help if you say what assistive technology you use.