Frontify AG

Frontify

A brand building platform where a user-friendly Digital Asset Management meets customised portals. Create a single source of truth for your brand through a ecosystem including brand guidelines, campaign toolkits, design systems, employer brand, asset management, digital and print templates, AI, customisable workflows and project collaboration.

Features

• Brand Management Platform
• Brand Portal Software
• Digital Asset Management (DAM)
• Digital and Print Templating
• Campaign Toolkits and Campaign Management
• Digital Brand Guidelines
• Design System
• Employer Branding
• Multi Brand management
• Creative Workflow Management

Benefits

• Ensure consistent brand depiction across regions & touch-points.
• Save time by centralising assets and guidelines for easy access.
• Quick easy creation and localisation of assets via templating
• Increased marketing effectiveness via enhanced campaign enablement
• Save costs by reducing wasted time and increasing asset reuse
• Save costs by reducing reliance on agencies for asset creation
• Ensure content relevancy, resonance via personalised content for users
• High user adoption from enhanced market leading user experience
• Understand engagement with brand assets & guidelines via comprehensive analytics
• Quicker project deployment via enhanced internal and external collaboration tools

£11,040 a licence a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at alistair.barfoot@frontify.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

266678351862764

Contact

Alistair Barfoot
+44(0)7837277931
alistair.barfoot@frontify.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: No
• System requirements: HTML5 capable bowsers including Edge, Firefox, Chrome and Safari

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: This is dependent on the service levels agreed.; ; The standard free of charge SLA is 8 hours but in reality it is much quicker than this. We have a live chat function in the application which in reality leads to a response time of minutes rather than hours.; ; Support is provided in European and American working hours Monday to Friday.
• User can manage status and priority of support tickets: No
• Phone support: No
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: Frontify is currently in the process of obtaining full compliance with the WCAG standard (version 2.2) on level AA until the end of 2024.; ; Our web chat is part of our product and can easily be accessed through the browser interface. While we don't offer traditional phone support customers can always reach out to their customer success manager to set up video calls for support.
• Onsite support: No
• Support levels: Frontify provides three Service Level packages based on the customers needs, covering expected uptime and support. SLA Standard is included in the cost but our Premium and Elite packages cost extra.; ; A technical account manager can be requested during the onboarding phase and a customer success manager will be assigned to your account for most needs
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: At Frontify, new clients embark on a thorough onboarding journey guided by a dedicated Customer Success Manager, along with additional team members as required such as an onboarding specialist and a technical account manager if necessary. The objective is to achieve an effective and efficient set-up of the new client. ; ; This process involves structured consultancy and training sessions, covering not just platform use but also planning for the client's long-term success and vision for their Frontify account. Account success planning sessions explore long-term strategies, adoption strategies, and platform training. ; ; Onboarding and implementation follows a bespoke plan for each client based on their situation, goals & objectives. The plan includes real time sessions around account planning, roll-out strategies, and training sessions. ; ; Regarding build options: clients can manage this in-house but also have the option to outsource elements to Frontify or certified Frontify agency partners for services such as asset migrations and comprehensive account build and rollout management. ; ; Overall, Frontify places great emphasis on thorough onboarding and implementation, working closely alongside our clients to ensure initial and long term success
• Service documentation: Yes
• Documentation formats: Other
• Other documentation formats: Online via help.frontify.com
• End-of-contract data extraction: The data handover is usually contractually defined and can vary from customer to customer. For customers with whom nothing has been contractually agreed and who would like to have their data exported, the data is exported as follows:; > Metadata and tags, comments: CSV (via API); > Assets (PDF, Images): Files as uploaded (via API or package); > SQL Dump of the database, if needed; Frontify is flexible here. Should the target system require other formats (in case of a system migration), these can usually be provided.
• End-of-contract process: This is typically discussed on a case by case basis and contractually agreed. Frontify is able to support with the data extraction at the end of the contract (note this does not entail migration support) and is able to provide contacts for migration partners.; In terms of data deletion, everything will be deleted in accordance with the NIST 800-88 publication, within a 90 day retention time, performed by AWS. For archiving reasons we may keep backup copies for up to 12 months before permanent deletion.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • MacOS
  • Windows
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The service is built for HTML5 browsers and will automatically scale based on your device. The service is no different between mobile and desktop.
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: Via our API you are able to create custom bi-directional integrations with your Frontify platform. Examples could be an integration between Frontify and a CMS or a marketing platform allowing access to digital assets in Frontify in the 3rd party tool. ; ; Frontify also offers many out of the box integrations with different 3rd parties. You can view these integrations at the following link:https://www.frontify.com/en/integrations/; ; You can access full information about our API at https://developer.frontify.com/
• API documentation: Yes
• API documentation formats:
  • HTML
  • Other
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Frontify provides our clients with extensive customisation options. Our platform features a highly adaptable portal CMS, offering over 50 different content blocks for dynamic content display. This allows our clients to create brand portals, DAM portals, campaign hubs and more that accurately represent their brand identity and values. Moreover, clients have the freedom to customise site navigation to enhance user experience further. ; ; Then Frontify goes a step further by offering a Software Development Kit (SDK), enabling clients to develop custom content blocks tailored to their specific requirements and displaying their content in a unique way. This empowers clients to integrate unique content seamlessly, ensuring engaging and interactive experiences across their portals. It means that with Frontify, there are no limitations to how content is displayed, as clients can easily create bespoke content blocks that align with their brand vision.

Scaling

• Independence of resources: Frontify is a SaaS solution and can be scaled based on the customer’s needs. We use a combination of clustering, load-balancing, and replication to ensure no single system failure point. Each of our regions makes use of two or more availability zones, with redundancy across them to ensure robust availability.

Analytics

• Service usage metrics: Yes
• Metrics types: In the analytics dashboard you'll find a valuable content usage overview showing how it's directly impacting the brand's performance and against key metrics in line with your contract, ie. average Monthly Active Users and Storage usage. These analytics allows customers to pinpoint data that will help anticipate risks and opportunities in the future or act upon assets, documents, or even guideline content with low performance.
• Reporting types:
  • Real-time dashboards
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Both exporting (saving as a PDF) and printing Guidelines are possible in the same way - by selecting to "Print" Style Guide and then either printing it or saving it as a PDF.; The data handover at the end of the term is usually contractually defined and can vary. For customers with whom nothing has been contractually agreed, the data is exported as follows: Metadata and tags, comments: CSV (via API), Assets (PDF, Images): Files as uploaded (via API or package), SQL Dump of the database.
• Data export formats:
  • CSV
  • Other
• Other data export formats: PDF
• Data import formats:
  • CSV
  • Other
• Other data import formats: https://help.frontify.com/en/articles/5810426-uploading-assets-to-frontify

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Our guaranteed uptime is 99.5%, which can then be increased up to 99.9% by purchasing a higher SLA. In total there are two paid SLAs.; ; Uptime can be accessed online: https://status.frontify.com
• Approach to resilience: Frontify is hosted with AWS, one of the biggest data center providers which takes care of the security of the physical locations. ; ; All data for enterprise customers is located in a VPC protected environment with a logically separated database and dedicated file storage. All services that make up the Frontify system are highly available. We use a combination of clustering, load-balancing, and replication to ensure no single system failure point. Each of our regions makes use of two or more availability zones, with redundancy across them.
• Outage reporting: Our performance can be accessed at any time via:; https://status.frontify.com

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
• Other user authentication: Frontify fully supports SSO as long as it provides SAML 2.0 or OpenID Connect.
• Access restrictions in management interfaces and support channels: For access purposes, we use dedicated roles and access for database administrators, general administrators, and support staff. In addition, we follow the principle of least privilege. All our employees are technically forced to use 2-factor-authentication whenever possible as well as our password policy for all internal and external tools. Access reviews take place every 6 months and are defined in our access management policy.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Other
• Description of management access authentication: Separation between management/admin profile and regular profile.

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: Between 6 months and 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Between 6 months and 12 months
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: TÜV Rheinland Cert GmbH
• ISO/IEC 27001 accreditation date: 2021-06-15
• What the ISO/IEC 27001 doesn’t cover: N/a – The scope of the ISMS encompasses all assets, operational processes, and services associated with the Frontify application and the entirety of the company's business operations, including all teams and business units, regardless of their physical location or execution method.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: TISAX

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: In addition to our ISO 27001 certification, Frontify is certified against the Cyber Essentials standard and the TISAX standard. Frontify has also been successfully assessed by the DCSO Cloud Vendor Assessment Service.
• Information security policies and processes: Our ISMS including all policies cover various aspects, including access control, data encryption, risk management, incident response, and compliance with relevant regulations. These policies are regularly reviewed and updated as part of our compliance program.; ; In terms of our reporting structure, the security team together with the CISO directly report to the CEO ensuring close collaboration with senior management. Further our security team makes an effort to collaborate with cross-functional teams to ensure that security measures are integrated into every aspect of our operations.; ; To ensure compliance with our policies, we perform regular internal as well as external audits, conduct employee awareness trainings and harden all systems to ensure robust technical controls.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Frontify follows a structured procedure for all changes concerning our infrastructure and application. Relevant changes are analysed and prioritised according to their impact as well as risk. Should there be a security concern the Information Security Office is taken into the process as well. The appointed person responsible for the product area must approve each change before development and as part of the procedure all changes must undergo manual and automatic testing procedures.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Frontify uses various methods to conduct vulnerability management which include the use of a weekly vulnerability scan, an active bug bounty program as well as customer-initiated pen testings. Further we are subscribed to multiple news feeds to stay informed about emerging security threats.; ; Vulnerabilities which fall into a defined risk criteria, trigger alerts and are prioritised for remediation based on their potential impact to the Service. ; Frontify patches as follows: critical, immediately but no later than 7 days / high, immediately but no later than 14 days / moderate, immediately but no later than 30 days / low, on evaluation.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Frontify operates a centralised logging system that facilitates 24/7 monitoring, reporting, and traceability. In case of unusual behaviour on our production systems, our Security Team is alerted through our Security Operations Center. ; ; Frontify has an incident management and reporting process that covers all our internal operations and the services provided to our customers. If a security breach leads to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to customer data, we’ll notify the customers immediately but no later than 48 hours.
• Incident management type: Supplier-defined controls
• Incident management approach: Frontify has an incident management framework that is based on the cycles of identification, recording, assessment, response and escalation. For this Frontify has appointed a dedicated incident response team, which is trained on a regular basis.; ; Incident reporting happens either through users or customer raising issues directly to the Information Security Office or through our automated security playbooks that recognize common attacks in an automated way.; ; In case of an incident we provide detailed incident reports, outlining what happened, how it was resolved, and what steps Frontify is taking to prevent it from happening again.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  We encourage environmentally friendly behaviors. Besides complying with Swiss and international laws on environmental protection, we strive to do our part every day to keep our impact on the environment to a minimum, and to always look for better practices. ; ; Today, some of our small initiatives with a significant impact include:; • Efficient use of energy (e.g. assessing heating usage and setting a central thermostat to a specific, comfortable temperature); • Separation of waste before collection and recycling as far as possible; • Promotion of public transport for commuting; • Home office whenever possible; • Near sourcing (e.g. local food providers)

  Equal opportunity

  Frontify is an equal opportunity employer. It is company policy to take affirmative steps to ensure that all employment decisions are based on legitimate business considerations and that all Employees and job applicants are treated without any form of discrimination. In particular, this applies to: age, race, religion, ethnicity, sex, gender, gender identity or expression, physical or mental disability, military status, marital and familial status, and sexual orientation. ; ; At Frontify, we believe in being true to ourselves: We are committed to creating and fostering an inclusive environment of vibrant individuals whose diverse perspectives build our collective future. We aim to provide equal opportunities and nurture a workplace free of harassment and discrimination.; ; Some of our DE&I initiatives include:; • Objective recruiting process with diverse interviewers; • Unconscious bias training for hiring managers; • Data collection in weekly surveys around diversity, inclusiveness, and non-discrimination; • Group analysis around workplace engagement and DE&I surveys to identify whether some groups have a different experience than others; • Opportunity to comment anything anonymously in Peakon and in the weekly all-hands meeting; • Pay equity analysis together with PwC and the Swiss Federal Statistical Office; • Introduction of an employee powered group for DE&I topics ; • Analysis of workforce/leadership/applicant diversity; • Structured strengths assessments and review sessions with individuals and teams; to celebrate differences; • Integration of apprentices and employees with difficulties to integrate in the primary labor market (we also work with an agency, Förderraum, who supports people with disabilities / difficulties to integrate in the primary labor market).

  Wellbeing

  At Frontify, we prioritise the wellbeing of every individual, fostering a community of care and support where every voice is valued and respected. Collaboration is at the heart of our ethos, ensuring that everyone feels included and their fundamental rights upheld without exception. We are committed to creating a secure and respectful environment where each person's unique personality can thrive. Discrimination in any form is actively opposed, promoting an inclusive culture where everyone feels at home and supported in their personal and professional growth. We invest in our employees' wellbeing from day one, building relationships based on trust and providing comprehensive training and support to unlock their full potential. Our commitment extends to ensuring a safe and comfortable workplace, with regular checks and provisions for remote workers to feel equally supported. Health and safety are paramount, with strict adherence to laws and regulations, proactive risk assessments, and flexible working arrangements to promote a healthy work-life balance. We are dedicated to upholding universally recognised labour standards, guaranteeing the rights and freedoms of every employee, and fostering an environment of fairness, equality, and opportunity for all.

Pricing

• Price: £11,040 a licence a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: A 14 day Proof of Concept can be arranged

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at alistair.barfoot@frontify.com. Tell them what format you need. It will help if you say what assistive technology you use.