SocialOptic Ltd

ThisBeforeThat

ThisBeforeThat is a process mapping, dependency and flow mapping application that allows rapid documentation of data flows (for example for GDPR), organisation and service processes and operating procedures or dependencies. It can also map ecosystems and relationships and support root cause analysis as well as impact model creation.

Features

• Real-time mapping and visualisation.
• User defined relationship types.
• Multiple layout options.
• Change log and audit trail.
• PDF and CSV data export and developer REST API.
• Data secured with SSL encryption and digital certificates.
• Cyber Essentials+ and IASME certified with guaranteed UK data residency.
• Responsive web-interface with touch, pen and mouse support.

Benefits

• Visualise and share complex processes and dependencies.
• Collaborative discovery and documentation, engaging all stakeholders.
• Full audit trail of decision making, scoring, participants and criteria.
• Clearly defines, manages and logs interactions.
• Wide range of role types to support existing processes.
• Manage and monitor decision making biases and undue influence.
• Define, manage and weight decision making criteria.
• Support and document mapping and flows.

£25 a user a month

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@socialoptic.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

321187197812261

Contact

Caalie Ellis
0203 393 6591
sales@socialoptic.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
• Service constraints: No.
• System requirements:
  • Working internet connection
  • A supported browser

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Within 4hrs of receipt within office hours.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AAA
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: Tested using validation tools and manual testing.
• Onsite support: Yes, at extra cost
• Support levels: SocialOptic prides itself on providing friendly and effective customer service and support. Standard support hours are from 8am to 6pm Monday to Friday, excluding bank and public holidays. ; ; The service is available and monitored on a 24x7 basis, via the SocialOptic service assurance infrastructure, and support requests can be raised electronically 24x7. The support service includes telephone, email, web-based and in-app support for all issues and queries.; ; Calls are handled by our highly skilled staff, and call severity will be categorised under the following three levels: ; Severity 1 – Complete loss of service affecting multiple users. Response time < 30 minutes.; Severity 2 – Partial loss of service affecting a minority of users. Response time < 60 minutes.; Severity 3 – Issue affecting and individual user. Response time < 4 hours.; ; We provide a named support contact for each account, so that there is someone familiar with the particular use case, and able to answer questions within the organisational context.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: The on boarding process is managed according to PRINCE 2 project management principles or Agile, according to customer preference. SocialOptic allocates a named contact to provide support, who will work with you to understand your objectives and requirements, and build a milestone-based project plan that will include the process for go-live. SocialOptic provide user documentation that assumes no prior experience, including a "Getting started" guide. The platform is intuitive and online/telephone training sessions are conducted directly with users, supported with pdf documentation. Post launch, the account team are available to answer any questions or provide support to ensure successful implementation of the system. Optional tailored web-based or on-site training is available for groups. There is an optional import service, to automate importing of existing data, and our support staff are on hand to help with questions.
• Service documentation: No
• End-of-contract data extraction: CSV export
• End-of-contract process: Users can remove their own user accounts, or accounts can be disabled (locked) via an administrator account. Users can export data as text CSV (comma separated variable) files, with descriptive headers, prior to deleting their account. Data is exported over a secure TLS encrypted link, using a standard web browser. Exporting of data is freely available via the web interface. Key data may also be exported in PDF format, as reports. Our team are available to help with off-boarding, and there is no charge for exporting data. At the end-of-contract all user accounts and user data will be removed from live systems within 7 days, and expired from backups by rotation, within 30 days.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: No differences
• Service interface: Yes
• User support accessibility: WCAG 2.1 AAA
• Description of service interface: A fully featured and easy to use interface with built in documentation.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: Fully tested using both automated and manual testing and feedback from a user panel of assistive technology users. Testing includes desktop screenreader software including JAWS, Dragon, VoiceOver, NonVisual Desktop Access (NVDA) and ChromeVox.
• API: Yes
• What users can and can't do using the API: ThisBeforeThat APIs allow users and application developers to create, update and delete items in ThisBeforeThat. APIs are secured by API keys and protected by configuration.
• API documentation: Yes
• API documentation formats:
  • HTML
  • ODF
  • PDF
• API sandbox or test environment: Yes
• Customisation available: No

Scaling

• Independence of resources: A multi-tenant architecture designed to guarantee that the activities of one instance has no adverse effects on others. Each instance is handled in independent processes, with separately managed memory, disk and processor resources. Multiple servers are used with advanced load balancing to dynamic resource scaling. This ensures independence even under heavy loads.

Analytics

• Service usage metrics: Yes
• Metrics types: Number of users
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: CSV export, PDF reports, API
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • PDF
  • XLSX
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: SocialOptic has extensive operational experience, running Software as a Service platforms for over 15 years. All systems are monitored 24x7 and target a 99.999% availability level, by using fully redundant systems with automated switch over. There are no scheduled maintenance windows that are excluded from the SLA, and SocialOptic operates a "zero-downtime" methodology for system updates. Should availability fall below the target SLA, a support request can be raised to obtain a pro rata refund for any outage over 30 minutes. Availability is measured to the edge of the data centre, and does not cover users' Internet Access or third party remote systems.
• Approach to resilience: Services are delivered via two geographically distributed data centres, with multiple load-balanced servers in each, and real-time data replication for disaster recovery and continuity, together with continuous monitoring, back up, an additional stand-by data centre location and transparent availability reporting via a service status page.
• Outage reporting: Public status page

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: User credentials with MFA are used to secure management interfaces and support channels and provide strong authentication. All communications make use of session level encryption to protect confidentiality and data integrity, and all connections are logged. Access controls are subject to regular review, as part of the overall security policy, and scanning and penetration testing is used to increase assurance.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: You control when users can access audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: IASME

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: IASME and Cyber Essentials Plus
• Information security policies and processes: Information Security is a board level responsibility, and is a standing agenda item at all board meetings. Security policies and procedures are regularly reviewed. SocialOptic meets the requirements of Cyber Essentials and is Cyber Essentials Plus certified, and operates the core controls of the ISO27001 standard. We adhere to the model of the Cabinet Office Security Policy Framework and implement the CESG Cloud Security Principles and the requirements of UK GDPR legislation. Change control systems are used throughout the service process, together with regular security scans.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: All code and system configurations are managed through a version control system with a full change management process and audit log, ensuring complete traceability of changes across every aspect of our platform. All software and configuration changes go through a code review process, with changes tested in staging environments and then changes are rolled out through a deployment process with deployment checks and automated fallback.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: SocialOptic follows a systematic approach to identify, evaluate, remediate, and report on security vulnerabilities in a timely and efficient manner. Patches and updates are regularly applied to all systems and all systems and software are maintained in accordance with Cyber Essentials. We employ continuous, automated scanning tools alongside periodic manual assessments to uncover and assess vulnerabilities across our network, applications, and systems. We also use external security intelligence sources to identify threats and inform our operations. Upon detection, vulnerabilities are promptly classified according to their severity, to prioritise remediation efforts, and we operate a responsible disclosure policy.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Protective monitoring processes monitor all user session and API activity, as well as service configurations. Logs are collected and analysed for potential surveillance, inappropriate use, or breaches. Where incidents are identified, the Incident Management Process is followed, and remedial action taken, if required.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: SocialOptic has a defined Incident Management Process which is regularly reviewed. This includes Incident identification, Incident logging, Incident categorisation, Incident prioritisation, Initial diagnosis and Escalation. It is a closed loop process including resolution and communication throughout the lifecycle of the incident. Global incidents are reported via the status page & public feeds, while individual user incidents are communicated via the user's preferred communications channel.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  SocialOptic have committed to achieving Net Zero by, or ahead of, the 2050 target of industry standard Carbon Reduction Plans.; As a Software-as-a-Service business, our primary carbon footprint source arises from data-centre power consumption. These initiatives form our commitment to becoming carbon neutral: ; Transition to Renewable Energy: ; By 2025 100% of SocialOptic data-centre power will be from renewable energy sources.; Energy-Efficient Infrastructure: ; SocialOptic currently operates with at least 50% less server capacity than comparable technology businesses, using infrastructure that is 93% more efficient than legacy IT infrastructure. This efficiency is achieved through strategic infrastructure management, optimisation, and ongoing investments in cutting-edge technologies. ; Serverless Technology: ; We are actively implementing a full migration to serverless technology across our infrastructure. This innovative approach ensures that compute power is consumed only on-demand, eliminating the need for dedicated server infrastructure and wasted capacity. ; Continuous Monitoring and Improvement: ; SocialOptic is committed to regularly monitoring our environmental impact. We will continue to explore and adopt emerging technologies and best practices to enhance our energy efficiency and minimize our carbon footprint. ; Innovation and Research: ; Our software development methodology includes resource consumption assessment and monitoring, which ensures that our code runs efficiently, as well as securely, and provides energy efficiency measures for our development team. We invest in on-going research to identify and adopt sustainable technologies and operational approaches that further reduce our environmental impact. ; Stakeholder Engagement: ; We involve our key stakeholders, including employees, customers, and partners, in our sustainability initiatives.; Supply Chain Sustainability: ; Through our long-standing commitment to the Good Business Charter, we are committed to working with suppliers who share similar environmental values. We incorporate sustainability criteria into our procurement process.; ; We do not currently use Carbon Offsetting as we would rather focus our efforts on direct reductions in our energy consumption, using renewables wherever possible.

  Covid-19 recovery

  SocialOptic are SocialValue UK Pioneer Members and committed to creating SocialValue. SocialOptic has create opportunities for employment in the high growth technology industry to individuals made unemployed due to the impacts of COVID-19. Since 2020, 50% of new hires have been sourced from other COVID-19 impacted industries.; ; SocialOptic operates a flexible working structure and has provided equipment to employees to facilitate remote working. These provisions have enabled staff to primarily work from home, with 94% of days worked remotely. These changes delivered effective social distancing when it was needed, and support employees and their families needing to isolate or who are suffering from direct or indirect effects of COVID-19, allowing time for household and family responsibilities during a challenging time, and allowing them to support their local communities.; ; SocialOptic have conducted research for businesses help them understand the challenges and impacts new ways of working have on business and health. This research has led to organisational change and commitments aimed at improving employee wellbeing, and improving physical and mental health.

  Tackling economic inequality

  As an SME, SocialOptic contracts many SME’s in its supply chain, and any new business conducted through SocialOptic will support this endeavour. SocialOptic also delivers entrepreneurship mentoring to University students by partnering both with SETsquared, a regional Business Incubator and regional universities. In recent years SocialOptic has also offered internship opportunities to local undergraduate students. ; ; SocialOptic supports innovation and disruptive technologies. Recent examples include new products from Microsoft, spearheading their AI technology. This is leveraged to deliver lower cost, higher quality outputs.; ; The SocialOptic supplier selection process evaluates sustainability, scalability, and the use of continuous improvement methodologies. Internally SocialOptic designs for scalability and longevity of technology and optimisation of resource utilisation (increasing productivity).; ; We are committed to fair and responsible supply chain collaboration. We are certified by the “Good Business Charter” who promote and assess the following commitments: real living wage, fairer hours and contracts, employee well-being, employee representation, diversity and inclusion, environmental responsibility, paying fair tax, commitment to customers, ethical sourcing, and prompt payment to suppliers.

  Equal opportunity

  SocialOptic are committed to equal opportunities and supporting people with different needs. Our promotion of home and flexible working enables staff and suppliers to work in environments that suit them and change working hours to help manage their conditions.; ; SocialOptic support and train employees in the use of screen readers and educate our customers and suppliers in accessibility tools to create more inclusive work environments. SocialOptic offer support to respondents using screen readers to complete surveys, and to give them additional skills in making the best use of accessibility tools. SocialOptic has also developed a short training course in building accessible surveys which is available to any platform user. ; ; SocialOptic put employees through accessibility training to further our staff understanding of accessibility requirements and experiences from the user perspective. This training informs choices and considerations for survey and platform design, increasing our existing competency in accessibility and ensuring the best possible experiences for those with a range of accessibility needs.; ; SocialOptic engage with employee representatives regularly in board level meetings (one of our Good Business Charter commitments) ensuring there is a voice that represents employees around the boardroom table. Employees are encouraged to share ideas and communicate openly with board members, aiding in the identification of inequalities in the workforce. 50% of recent new hires came from outside the technology industry - SocialOptic have committed to the training and upskilling of staff which will create opportunities for increased incomes.

  Wellbeing

  SocialOptic operates a flexible working structure and remote working. These provisions support employees and their families when experiencing challenges in their health, helping employees to fulfil their caring and family responsibilities whilst also being able to work. These commitments also support family life and community integration by allowing flexibility to support community activities. The impact of these outcomes is a positive change in employee health and wellbeing. SocialOptic also encourage ‘walking calls’ which offer an opportunity for staff to exercise outside during the working day, leading to physical and mental health benefits.; ; SocialOptic applies methodologies from the Agile software development domain across the whole business. An element of this is working collaboratively to solve problems, supporting, encouraging, and motivating all team members. This supportive and encouraging approach extends to our staff and supplier network; sharing high stress loads and working together to solve problems supports the wellbeing and mental health of our staff and suppliers, from sharing healthy recipes, to identifying technologies to help support the health and well-being of team members.

Pricing

• Price: £25 a user a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@socialoptic.com. Tell them what format you need. It will help if you say what assistive technology you use.