Commonplace Digital Ltd.

Commonplace digital community engagement platform

Commonplace's digital community engagement and consultation platform is for cities, government, housing, energy, net-zero, transport and planning. Mobile optimised and trusted by millions, it maximises diverse participation through transparency, interactive maps, visual surveys and co-design tools. Simple setup and AI-powered dashboards save time and money through realtime insight and reporting.

Features

• Accessible, flexible mobile-first citizen engagement hub: online and offline tools
• Simple setup: specialist engagement templates, expert support (including site build)
• Local plan, masterplan, design code, S106, CIL, nature recovery, regeneration
• Active travel, town centre, neighbourhood, infrastructure, development. safer streets
• Survey features: skip logic, voice capture, map questions, visual polls
• Specialist maps: Heatmap, navigation, data, community mapping, stories, interactive masterplan
• Advanced dashboard, reporting, AI-powered text analysis, bespoke report service
• Exhibitions, surveys, town hall, ideas wall, poll, engagement hub tools
• Co-creation, co-design and participatory budgeting, virtual workshops
• BCorp specialising in social value, net zero, climate, community safety

Benefits

• Single hub for public engagement: planning, transport, policy, regeneration, housing
• Proven lower cost and time savings from automation, reporting, analysis
• High quality, high response engagements: a proven, reliable platform
• Access our community of 1M+: increase reach and insight
• High response rates from public, stakeholders, community, residents, employees, citizens
• Power positive participation: 67% of respondents approve of proposed changes
• Use continual communication and engagement to increase respondent sentiment
• Trusted and safe for respondents: 85% confirm identity and comments
• Reduce risks and increase transparency: powerful insights inform better decisions
• Proven success reaching under-represented audiences such as younger people

£2,250.00 to £50,000.00 a licence

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@commonplace.is. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

309165893513448

Contact

Mike Saunders
+44 (0)7492886747
sales@commonplace.is

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: None
• System requirements:
  • Internet connected device with user interface
  • Modern web browser

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Fix times for reported issues depend on the severity of the issue being reported: we triage and prioritise high ; ; We aim to provide a response to all enquiries within 12 hours, except during the weekend, when we will respond to urgent issues.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: None
• Onsite support: No
• Support levels: Customers can get in touch with Commonplace Support vie email or phone between the hours of 8.00am and 6.00pm Monday to Friday (excl UK public holidays) and by emailing customers@commonplace.is. Outside of these hours, we will respond to urgent and business critical issues.; ; We do not make an additional charge for basic support.; ; We provide additional support services and training based on the package tier that is purchased, details of which are in our Service Description and Pricing documents.; ; Customers can also pay extra for higher level support services and additional training, which is also detailed in our Pricing document,
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Every new user receives a welcome email, which provides an introduction to our service and links to essential information. Every new customer is assigned an Engagement Expert from our Customer Success team.; ; For all package tiers we provide: documentation via our online knowledge centre; a kick-off meeting to plan the project and promotion; extensive video content; and drop-in training sessions delivered by our Engagement Experts.; ; Our support team can be accessed via email or phone.; ; Depending on the package tier purchased, we provide bespoke kick-off meetings and bespoke training. These are all delivered by our Engagement Experts in our Customer Success team.; ; Additional services that can be added at an extra cost include:; Project management, planning and delivery of the discovery/scoping and build & launch phases. ; Support for your team to plan and deliver the ongoing launches or phases of the engagements and consultation.; Pre-launch quality assurance. ; Recommendations: such as how to make content work more effectively online; how to tweak your promotion plan to maximise reach; suggestions to get the most out of your dashboard insights; and so on. ; Regular email reports from your Customer Success lead, summarising numbers and making such recommendations.; Ongoing training; Quality assurance
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: Users can extract all of their data from our dashboard, with the exception of personal data provided by members of the public. To access this data, a request to our support team needs to be made. Transfer of the data is then made via a secure transfer.
• End-of-contract process: At the end of the contract term the customers will have the option to renew the licence for continued administrative functionality and support.; ; Should the contract not be renewed, the customer’s front-end Commonplace website will remain visible to the public, so they can see the feedback given to date, but closed for further commenting.; ; Before expiry of the contract, users can download data from their dashboard and request any additional information at no cost, downloads or other requirements from our support team. All necessary information for the end of contract can be acquired by a user via these processes.; ; When the contact ends, access to user dashboards will be removed. ; ; If a customer or user has requested it before the contract end date, depending on the exact requirement, we may agree to provide a download of information for a short period after the contract end date without additional cost.; ; Unless it has been agreed in advance, once the contract has expired, there may be a charge for any further data requirements or downloads.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Commonplace is a mobile-first service.
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: No
• Customisation available: Yes
• Description of customisation: Users can customise many areas of our service including level of content, look & feel, structure, navigation, language, survey questions and much more.; ; There are 5 levels of user role available: 1) Admin; 2) Surveyor; 3) Tester; 4) Communications manager; 5) Stakeholder. The Admin can assign individuals to each of the other 4 roles. ; ; Depending on the role assigned by the Admin to a user, they can customise the service through their dashboard. For customisation of a few elements of the service and add-ons, the Customer Success may be required to support. An example is the social media promotion campaign.

Scaling

• Independence of resources: Our service operates load-balancing and auto-scalable resources to ensure that it can respond to peaks in usage, meaning that users aren't affected by demand of others. These have been built and tested thoroughly over a period of time. ; ; The technical details are as follows:; At the front-end layer, AWS Application Load Balancer and nginx web servers scale in/out to receive user requests.; At the back-end layer, AWS EKS cluster is capable of autoscaling to meet the computing demand placed by said requests; At the database layer, clustered replicas can also autoscale to service the demand of the applications

Analytics

• Service usage metrics: Yes
• Metrics types: We provide a wide range of charts and metrics covering: visitors; referrals; respondents; demographics or respondents; questions answered by respondents and their responses; number of 'agreements' made; sentiment of responses. Customers can add tracking codes for specific campaigns that can be tracked. We offer an advanced service for real-time analysis of text comments, with a separate suite of usage metrics and analytics. Our AI-powered text analysis categorises, scores sentiment and then summarises all contributions into a report including headline bullets.
• Reporting types:
  • Real-time dashboards
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest: Physical access control, complying with CSA CCM v3.0
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Customer users can export data from their dashboard (subject to their user role). We do not allow data exports directly from the dashboard that include personal data but this data can be provided by our support team via a secure transfer.; ; End users (members of the community) each have a profile page where they can export, edit and delete their personal data.
• Data export formats: CSV
• Data import formats:
  • CSV
  • Other
• Other data import formats: GeoJSON

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: Data in transit within the Commonplace environment is all within a Virtual Private Cloud (VPC).

Availability and resilience

• Guaranteed availability: We work to 99.90% uptime targets and consistently over-achieve this target.
• Approach to resilience: The approach to datacentre resilience is available on request. It includes AI driven pattern recognition and anti-gaming technology.
• Outage reporting: We report outages: 1) As a banner on our dashboard (if the dashboard is available); 2) Via email to our customers

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
• Access restrictions in management interfaces and support channels: Access to every service used by company staff is approved and managed centrally and logged in the Access Rights Register.; ; Each service is on an automated schedule for access rights reviews. Depending on the level of risk associated with each service, these are 1x, 2x or 4x per year.; ; Services like AWS are reviewed quarterly, and services like Adobe (that holds no confidential or personal information) are reviewed annually.; ; We have an offboarding process for all leavers which includes removing access to systems and information when they leave. When an employee changes role, we also review their access rights.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Centre for Assessment
• ISO/IEC 27001 accreditation date: Originally accredited June 2021. Renewed in June 2022 and 2023.
• What the ISO/IEC 27001 doesn’t cover: All services covered
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Commonplace is ISO27001 certified. We run a compliant Information Management System; we have an information management working group that meets regularly; risks are reviewed at board level. As an ISO27001 service, we are audited annually.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: We have a Change Management Policy and log that incorporates information security and data protection, including the appointment of new suppliers. ; ; During the application development lifecycle our Information Security Officer reviews the scope and objectives of changes and completes our Change Management review, including a DPIA if required.; ; If impact on information security or data protection is identified, a detailed implementation plan is put into place. Any new risks are added to the risk register with appropriate controls implemented where required.; ; Appointment of suppliers is managed via our Supplier Selection procedure.; ; Our Change Management Policy is available from customers@commonplace.is
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: We use a range of services and methods to assist in identifying potential vulnerabilities. These include (but aren’t limited to):; ; Annual External Penetration Testing; ; AWS GuardDuty (Intelligent Threat Detection for AWS Estate) & CloudWatch (Application and Infrastructure Monitoring); ; Pingdom (Uptime and status); ; Dependabot/NVM (library and package version/updates); ; Where any action is required, a ticket is raised within the Development Management process and managed to deployment.; ; For Operations and other areas, any vulnerabilities discovered by our device management tools or team are recorded in the Events, Incidents and Weaknesses Register (managed by our Infosec Working Group) including remedial actions.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Automatic logging, monitoring and alerting is in place across the database, application and infrastructure.; ; We use 5-stages to respond to any issues or incidents identified:; Preparation;; Detection;; Triage and analysis;; Containment and neutralisation;; Post-incident learning;; ; Incidents are logged in our Incident Register, and mitigations planned using Application Incident Response Procedures and a Business Continuity Plan.; ; Where an incident impacts on personal data, we use our Data Breach Reporting Procedure.; ; We aim to fix production issues depending on severity according to: ; Priority1 - 4 hours; ; Priority2 - 24 hours; ; Priority3 - 48 hours; ; Priority4 - prioritised accordingly on backlog
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: We have pre-defined processes for managing incidents set out in our Incident Severity and Procedures Plan.; ; User can report incidents through our user chat facility that is available within the Commonplace app.; ; We use 5-stages to manage any issues or incidents identified: Preparation; Detection; Triage and analysis; Containment and neutralisation; Post-incident learning. Incidents are logged in our Incident Register, and mitigations planned using Application Incident Response Procedures and a Business Continuity Plan. Where an incident impacts on personal data, we use our Data Breach Reporting Procedure. ; ; Incident reports are prepared for high severity incidents, and circulated to customers on request,

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  The Commonplace platform helps councils and developers to plan for climate change adaptation through engaging with the local community to identify vulnerabilities and co-design solutions.

  Tackling economic inequality

  The Commonplace platform helps councils and developers to reduce economic inequality by understanding where the inequalities currently exist using our Community Heatmap and other tools. For example councils have used Commonplace to conduct cost of living engagement projects which inform changes to policy and prioritisation / direction of resources.

  Equal opportunity

  We will support the digital upskilling of communities where running engagement projects. This presents the opportunity for NEETs to take on a role, with support and training, to champion your engagements.

  Wellbeing

  Many customers use commonplace engagements to identify and co-produce solutions and policy to address wellbeing. Examples include air quality, community safety, active neighbourhoods, and social prescribing.; ; The platform delivers direct benefits to economic and social wellbeing through the opportunity for local people to participate in shaping the future of their area. We focus on making this as diverse and representative as possible. We pledge to support a diversity push, which could include collaborating on the design of a social media campaign, and specific demographic analysis, to create greater reach within specific BAME communities.

Pricing

• Price: £2,250.00 to £50,000.00 a licence
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Our free trial is open to any prospective customer. The four-week trial includes the basic platform features to allow customers to get a proper feel for its value. Restrictions include number of engagements; advanced survey tools; mapping; access to the community; advanced dashboard features and training.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@commonplace.is. Tell them what format you need. It will help if you say what assistive technology you use.