Hootsuite Inc

Hootsuite Social Advertising

Hootsuite Social Advertising provides a seamless solution for managing and optimising organic & paid social media ads across multiple platforms.

Features

• All your ads in one place
• Simplified campaign management

Benefits

• Improved ad campaign effectiveness
• Expert Services to enhance your strategy & optimisation

£240 to £540 a licence a year

• Education pricing available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Gcloud@hootsuite.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

264663926633265

Contact

Robert Mumby
00447737472732
Gcloud@hootsuite.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Hootsuite Enterprise social media management platform
• Cloud deployment model: Public cloud
• Service constraints: Hootsuite is a SaaS solution. An internet connection and web browser are required. ; ; Like all SaaS platforms, Hootsuite does not have periodic releases of updates or software versions. Rather, our development teams work to improve our platforms on a continual basis. Updates are made on a daily basis – as such it is not practical (or possible) to provide notification of updates.; ; Please note that each platform will be operational and available to Customer 24 hrs/day, 7 days/week at least 99.9% of the time in any calendar months. Please see the following link for more details: https://hootsuite.com/legal/enterprise-service-level-agreement.
• System requirements:
  • NA
  • NA

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: -4 hour SLA for customers who purchase 'Premier Services'; -1 business day SLA for customers who do not purchase 'Premier Services'
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: Hootsuite continually reviews the accessibility of its services and works with a third party accessibility speacialist to ensure that we are maintaining optimal standards in this areas. ; Hootsuite is WCAG 2.1AA compliant Hootsuite provides customer service training to our employees on our accessibility policies and procedures, including services and features that provide accessibility to our customers. We are committed to working towards an inclusive environment that is accessible to all.
• Onsite support: No
• Support levels: Premier Services Customers:; -4hr SLA; -web chat, ticket (email) & phone; ; Non Premier Services Customers:; -1 business day SLA; -web chat & ticket (email)
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: On day 1, requirements are gathered through discovery calls and demos of proposed solutions throughout the sales process, and once aligned, are transferred to the Customer Success team. During onboarding, we begin with a Kickoff call to introduce the solution and to present known goals and strategies. Our Professional Services team has a methodical and phased approach to launch projects, and will be with you from your first day to assist, deploy, train and enable your teams through industry-leading, implementation plans. We begin with Discovery, in which we conduct a thorough needs analysis to confirm best practices for our client's use cases and run through our project plan. We then conduct training, configure users, teams, access permissions and analytics, iterating with our client until sign-off. Hootsuite also provides support through an international team which operates in multiple timezones. Support is via email, phone or online chat. Your Hootsuite team will act as a dedicated resource to connect you with the right resources to solve any technical issues you may need support with.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • ODF
  • PDF
  • Other
• Other documentation formats: PPT
• End-of-contract data extraction: All user activity and social media data can be exported by users directly from the Hootsuite platform. Your Hotsuite team will also be able to support you with any requests related to this.
• End-of-contract process: If you decide not to renew your agreement your service will be downgraded from Hootsuite Enterprise to Hootsuite Free.; ; A comparison of the functionality differences between Hootsuite Enterprise and Free can be found here:; https://hootsuite.com/plans

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: Hootsuite Social Advertising lets you manage your paid social campaigns across platforms from one place. See how your paid and organic campaigns perform across Facebook, Instagram, X (formerly Twitter), and LinkedIn.; ; Hootsuite Social Advertising helps you streamline your social marketing workflows and maximize your ad spend. Boost your most popular organic posts to reach more people. Create ad campaigns, track performance, and make adjustments to improve results. Generate rich analytics reports to see which campaigns work best.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: Hootsuite is committed to making our website's content accessible and user friendly to everyone. If you are having difficulty viewing or navigating the content on this website, or notice any content, feature, or functionality that you believe is not fully accessible to people with disabilities, please contact our Customer Service team and provide a description of the specific feature you feel is not fully accessible or a suggestion for improvement. We take your feedback seriously and will consider it as we evaluate ways to accommodate all of our customers and our overall accessibility policies. Additionally, while we do not control such vendors, we strongly encourage vendors of third-party digital content to provide content that is accessible and user friendly. Hootsuite is committed to providing a respectful, accessible, and inclusive environment for all of our employees and customers in the Province of Ontario. Our goal is to meet the standards outlined in the province’s Accessibility for Ontarians with Disabilities Act (AODA) and to break down barriers to goods, services, and employment opportunities provided by Hootsuite. In order to achieve its goals Hootsuite has developed and implemented a variety of policies and procedures.
• API: No
• Customisation available: No

Scaling

• Independence of resources: The services architecture is highly available and redundant as it is fully located in the AWS cloud, distributed across multiple AWS availability zones, and based on the Service Oriented Architecture (SOA) and Microservices architecture. AWS has wide regional and geographical redundancy and high scalability.

Analytics

• Service usage metrics: Yes
• Metrics types: Usage reports can be requested by customers at any time. Usage data is based on click events and other meaningful activities. These metrics are due to be added as self-service metrics in Hootsuite before the end of Dec 2024.
• Reporting types:
  • Real-time dashboards
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: Other locations
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Physical access control, complying with SSAE-16 / ISAE 3402
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Data can be exported by users at any time in PDF, PPT, XLS & CSV formats
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • PPTX
  • PDF
  • XLSX
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: The Hootsuite Platform will have a Service Availability of at least 99.9% of the time in any calendar month (the “Service Availability SLA”). Where reasonably possible, Hootsuite will provide at least 24 hours' advance notice to Customer of scheduled maintenance in excess of 30 minutes. If Hootsuite does not meet the Service Availability SLA, Customer will be eligible to receive the Service Credits described below. This Service Availability SLA states Customer's sole and exclusive remedy for any failure by Hootsuite to meet the Service Availability SLA:; -< 99.9% - >= 99.0% - 3 service credits (days of service added to end of contract term); -< 99.0% - >= 95.0% - 7 service credits (days of service added to end of contract term); -< 95.0% - >= 95.0% - 15 service credits (days of service added to end of contract term)
• Approach to resilience: Hootsuite has built-in resiliency provided through its hosting in the AWS cloud across multiple availability zones, and the AWS backup services.
• Outage reporting: Customers are updated on system status and outages through our status webpage, http://status.hootsuite.com/. We also post information on the @hootsuite_help Twitter feed.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
• Other user authentication: All users regardless of being an employee or a customer must authenticate prior to accessing any system. Customer can authenticate natively to the Hootsuite dashboard and use the optional two factor authentication or use the Single Sign On option. Employees with privileged access to the system must use two factor authentication (2FA/MFA) and those with access to the production environment must use additional authentication controls (such as specific AWS access keys, SSH certificates, etc.). Hootsuite supports native login to Hootsuite (which also supports two factor authentication) or it can also support SSO via SAML compatible system from the customer side.
• Access restrictions in management interfaces and support channels: Access to the production environment is possible only from the Hootsuite offices and from the VPN using SSH. For administrators to manage the AWS operational console, they must log in to the production console environment using two factor authentication. The administrator roles are assigned accordingly by the AWS IAM system. Privileged access is logged in all such systems and the Hootsuite Security Operations team has alerting set up to detect abuse.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
• Description of management access authentication: Access to the production environment is possible only from the Hootsuite offices and from the VPN using SSH. For administrators to manage the AWS operational console, they must log in to the production console environment using two factor authentication. The administrator roles are assigned accordingly by the AWS IAM system. Privileged access is logged in all such systems and the Hootsuite Security Operations team has alerting set up to detect abuse.

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Orion
• ISO/IEC 27001 accreditation date: 09/11/2023
• What the ISO/IEC 27001 doesn’t cover: N/A Please visit Hootsuite's Trust Center to request access to the certification: https://www.hootsuite.com/trust-center.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: Control Gap Inc.
• PCI DSS accreditation date: 11/09/2021
• What the PCI DSS doesn’t cover: Hootsuite is PCI compliant as Level 3 Merchant. Hootsuite has contracted with PCI DSS compliant third-party payment processors to handle all credit card transactions. Hootsuite itself does not collect, process, or store any PCI data. Hootsuite systems are PCI DSS v3.2.1compliant with respect to the mechanisms they use to communicate with the third-party payment processors. Hootsuite Security reviews the third parties' certification annually. ; ; Please note that Hootsuite enterprise customers are invoiced and therefore don't use credit card payments.
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • FedRAMP LI-SaaS
  • SOC 2 Type II

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Security policies reflect the security postures of Hootsuite and set the principles that Hootsuite employees, processes, and systems must adhere to. Security policies are also the major artifacts that we may share with our auditors for compliance purposes and with our customers for winning opportunities. The policies must be reviewed and updated annually to reflect current organizational status and to adhere with compliance requirements. The InfoSec GRC team is responsible for updating the policies at least annually. More information is available via our SOC 2 report (https://www.hootsuite.com/trust-center). ; ; Information Security Policy; Asset Management Policy; Configuration Management Policy; Endpoint Policy; Information Classification Policy; Security Risk Management Policy; Human Resource Policy; Acceptable Use Policy; Access Control Policy; Cryptography Policy; Physical & Environmental Security Policy; Change Management Policy; Network Security Policy; Logging & Monitoring Policy; Supply Chain Risk Management Policy; Security Incident Management Policy; Business Continuity and Disaster Recovery Policy; Operations Backup Policy; Password Policy; Vulnerability Management Policy; Bring Your Own Device (BYOD) Policy; Secure Software Development Lifecycle Policy; Password Construction Standard; CoPilot policy

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: New features, functionality, and design changes go through a review process. In addition, code is tested and manually peer-reviewed prior to being deployed to production. Our security team works closely with our product and engineering teams to resolve any additional security or privacy concerns that may arise during development.; ; The change management procedure is documented and part of our ISMS. It's externally audited for both SOC 2 and ISO27001. ; ; Please also visit the Trust Center for more information: https://www.hootsuite.com/trust-center.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Hootsuite has a vulnerability management program in place to identify and remediate vulnerabilties in the product and the supporting infrastructure. Security code review, domain scans and external penetration testing is performed to identify vulnerabilities in the product code and infrstructure. Additionally, vulnerability scans are performed on the production servers and third party dependency libraries to identify and remediate the patch vulnerabilities.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Hootsuite has 24/7 monitoring and alerts setup for any security incidents. ; All security bugs are risk ranked and rated:; Critical severity - time to acknowledge is 4 hours and time to resolution is 14 calendar days; High severity - time to acknowledge is 1 day and time to resolution is 30 calendar days; Medium severity - time to acknowledge is 7 days and time to resolution is 90 calendar days; Low severity - time to acknowledge is 7 days and time to resolution is 180 calendar days
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Hootsuite has an incident management team, program and policy. ; ; Within the policy, the following areas are covered:; SIRT; Incident detection; Assessment and response; Post-incident analysis; Security incident response plan; ; The policy was last reviewed and updated in February 2023. For more information, please review Hootsuite's SOC 2 report, which is available upon request via our Trust Center: https://www.hootsuite.com/trust-center.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Please review the following link for more information on the social impact Hootsuite commits to: https://www.hootsuite.com/social-impact.

  Tackling economic inequality

  Please review the following link for more information on the social impact Hootsuite commits to: https://www.hootsuite.com/social-impact.

  Equal opportunity

  Please review the following link for more information on the social impact Hootsuite commits to: https://www.hootsuite.com/social-impact.

  Wellbeing

  Please review the following link for more information on the social impact Hootsuite commits to: https://www.hootsuite.com/social-impact.

Pricing

• Price: £240 to £540 a licence a year
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Gcloud@hootsuite.com. Tell them what format you need. It will help if you say what assistive technology you use.