Merkle UK One Ltd

Google Analytics 360 (Premium)

Google Analytics 360 is a hosted, SaaS web analytics platform used for measurement of websites and marketing channels.

Features

• Website analytics
• Real time access

Benefits

• Understand website performance
• Measure marketing performance
• Measure engagement with website content

£850 to £1,500 a unit a day

• Free trial available

Service documents

• Pricing document

  ODT

• Skills Framework for the Information Age rate card

  ODT

• Service definition document

  ODT

• Terms and conditions

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at david.spencer@merkle.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

384174257894329

Contact

David Spencer
+44 (0) 330 060 1813
david.spencer@merkle.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: N/A
• System requirements: Web based browser

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Within 1 hour, 09:00 - 17:00 weekdays.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Onsite support
• Support levels: We provide technical and analytics support to implement, analyse and generate insight on web analytics data.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We provide full implementation assistance.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: The Google Analytics 360 account is downgraded to the standard version, with users retaining access to the vast majority of data within the platform. Data can be also be exported from the platform prior to the end of the contract via the service APIs or the BigQuery integration. For more information on the ramifications of downgrading from Google Analytics 360 to Standard see: https://support.google.com/marketingplatform/answer/9013959?hl=en
• End-of-contract process: The ramifications of downgrading the Google Analytics service level from 360 to Standard are detailed here: https://support.google.com/marketingplatform/answer/9013959?hl=en

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Performance is better on desktop.
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: The Google Analytics 360 interface displays web analytics data in both tabular and graphical formats. The service provides a large number of default data views (reports) which can be customised through the addition of dimensions and metrics or by segmentation. The service interface also allows users to control account structure and settings. The interface is based on Material Design principles.
• Accessibility standards: None or don’t know
• Description of accessibility: Google is committed to making accessibility a core consideration from the earliest stages of product design through release. Their central accessibility team has a mandate to monitor the state of accessibility of Google products and coordinate accessibility training, testing, and consulting. Product teams are offered training to help incorporate accessibility principles into the design and release of products. Please see https://www.google.com/accessibility/customers-partners/ for more details.
• Accessibility testing: Google is committed to making accessibility a core consideration from the earliest stages of product design through release. Their central accessibility team has a mandate to monitor the state of accessibility of Google products and coordinate accessibility training, testing, and consulting. Product teams are offered training to help incorporate accessibility principles into the design and release of products. Please see https://www.google.com/accessibility/customers-partners/ for more details.
• API: Yes
• What users can and can't do using the API: The management API allows users to configure web analytics accounts and control user permissions. The core reporting API allows exporting of data from the main reporting setup.
• API documentation: Yes
• API documentation formats: HTML
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: The interface provides users with the ability to configure filters, goals and other setup functionality. Reports can also be edited and customised.

Scaling

• Independence of resources: Google's services operate over purpose built multi-tenant services which are designed to support millions of users. A resource management policy is established to monitor, maintain, and evaluate capacity demand.

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Google

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest: Other
• Other data at rest protection approach: Encryption at rest relies on multiple layers of encryption, including: Full Disk Encryption (FDE) using at least AES-128, File System Encryption using at least AES-128, and storage/database layer encryption using AES-256.
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Users may export data via several methods: download directly from browser-based (service) interface, APIs and via a native integration with BigQuery.
• Data export formats:
  • CSV
  • Other
• Other data export formats: JSON
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Other
• Other protection between networks: Google policy requires encryption of customer data in transit over untrusted networks, such as the Internet and between Google datacenters. Google support up to TLS 1.3, with Perfect Forward Secrecy enabled.
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: Google policy requires encryption of customer data in transit over untrusted networks, such as the Internet and between Google datacenters. Google support up to TLS 1.3, with Perfect Forward Secrecy enabled.

Availability and resilience

• Guaranteed availability: Google Analytics 360 SLAs are defined here: https://www.google.com/intl/en_us/ga360suite/sla.html) Summary: Analytics 360 Service collects Customer Data from Properties at an Uptime Percentage of at least 99.9%. The reporting interface for the Analytics 360 Service is available for Company's use at an Uptime Percentage of least 99%. Except as set forth in the Data Processing SLA Exceptions article available at https://support.google.com/analytics/answer/6223844?hl=en&ref_topic=2430414 (as modified from time to time at Google's sole discretion), the Analytics 360 Service processes collected Customer Data (1) within 4 hours of receipt at an Uptime Percentage of at least 98% for Properties that receive fewer than or equal to 2 billion Hits per calendar month and (2) within 24 hours of midnight (Pacific Time) at an Uptime Percentage of 98% of the time for Properties that receive more than 2 billion Hits per calendar month.
• Approach to resilience: The primary data availability mechanism is online replication, which provides for geographic redundancy across multiple production sites. Through the replication; disaster recovery is automatic, instantaneous and transparent to the customer. The availabiltiy objectives of this process provide for RTO & RPO equal zero.
• Outage reporting: Products and infrastructure teams maintain and test disaster recovery plans periodically and use a standardized incident management program for responding to outages. Please see: https://www.google.com/appsstatus#hl=en&v=status

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Policies and procedures have been designed to segregate duties and enforce responsibilities based on job functionality. For Google employees, access rights and levels are based on their job function and role, using the concepts of least-privilege and need-to-know to match access privileges to defined responsibilities. https://support.google.com/analytics/answer/2884495?hl=en
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: No audit information available
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Ernst and Young (Google), BM TRADA (Merkle UK One)
• ISO/IEC 27001 accreditation date: 17/04/2020 (Google), 17/01/2011 (Merkle UK One)
• What the ISO/IEC 27001 doesn’t cover: Any Merkle entities operating outside of UK are covered by different accreditations and certifications available to evidence on request where relevant.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Google's Information Security Team is tasked with maintaining the company’s defense systems, developing security review processes, building security infrastructure and implementing Google’s security policies. Within Google, members of the information security team review security plans for all networks, systems and services. They provide project-specific consulting services to Google’s product and engineering teams. They monitor for suspicious activity on Google’s networks, address information security threats, perform routine security evaluations and audits, and engage outside experts to conduct regular security assessments. Google has security policies that have been reviewed and approved by management and are published and communicated to employees and vendors with access to the Google environment. https://policies.google.com/privacy https://privacy.google.com/businesses/ Merkle UK Three follow ISO 27001 and NIST.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Google has established and documented mandatory configuration settings using an online maintained configuration in the Proprietary Version Control System that where appropriate draws from industry security guidelines for machines and network devices. The configuration reflects the most restrictive mode consistent with the operational needs of the system. Change Management policies, including security code reviews and emergency fixes, are in place, and procedures for tracking, testing approving, and validating changes are documented. Each service has a documented release process that specifies the procedures to be used. There is an ability to roll back changes if needed.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Google’s vulnerability management process actively scans for security threats using a combination of commercially available and purpose-built in-house tools, intensive automated and manual penetration efforts, quality assurance processes, software security reviews and external audits. Once a vulnerability requiring remediation has been identified, it is logged, prioritized according to severity, and assigned an owner. Such issues are tracked and followed up frequently until it can be verified that the issues have been remediated. Google also maintains relationships with members of the security research community to track reported issues in Google services and open-source tools. Google has a Vulnerability Reward Program: https://www.google.com/about/appsecurity/reward-program/
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Google’s security monitoring program is focused on information gathered from internal network traffic, employee actions on systems and outside knowledge of vulnerabilities. At many points across our global network, internal traffic is inspected for suspicious behaviour, such as the presence of traffic that might indicate botnet connections. This analysis is performed using a combination of open-source and commercial tools for traffic capture and parsing. A proprietary correlation system built on top of Google technology also supports this analysis. Additional information is available on request.
• Incident management type: Supplier-defined controls
• Incident management approach: We have a rigorous incident management process for security events that may affect the confidentiality, integrity, or availability of systems or data. If an incident occurs, the security team logs and prioritises it according to its severity. Events that directly impact customers are assigned the highest priority. This process specifies courses of action, procedures for notification, escalation, mitigation, and documentation. Google’s security incident management program is structured around the NIST guidance on handling incidents (NIST SP 800–61). Additional information is available on request.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  Accelerating climate change and natural resource constraints, digital transformation and the continued rise of inequality are transforming the environment in which we live and work. By using the power of digital communications and marketing, we can address inequality, create opportunities and uncover solutions to society’s greatest challenges. We do this through our work with stakeholders and by sharing our knowledge and talent with the communities in which we operate. Our aim is to drive the delivery of the UN Sustainable Development Goals and to deliver social impact across the globe.; Dentsu’s Environmental Policy requires that suppliers comply with applicable environmental legislation, identify and manage environmental impacts to achieve best in class environmental performance, and ensure staff are aware of the environmental impacts of their work activities.; We have an Environmental strategy centered around three pillars: Sustainable World, Fair and Open Society and Digital for Good. These represent areas where dentsu’s uniquely positioned to drive change, leveraging our capability in data and technology, creativity and innovation. Our strategy is fuelled by our people, and success will depend on multi-stakeholder collaboration as well as innovating our own operating model. Our Social Impact Report reflects on the progress made against our 2020 targets and goals, and also sets out the biggest opportunities for growth from good as we look at the next ten years and pivot our focus to our new 2030 strategy.; We know that for business growth to be truly sustainable, we must accelerate the transition to a low carbon future, and therefore we have committed to becoming a Net Zero emissions business by 2030. The radical decarbonisation of our business and value chain is only the first step – by raising awareness through our powerful work, we have also committed to helping 1 billion people make better, more sustainable choices.
• Equal opportunity:

  Equal opportunity

  Diversity, Equity and Inclusion (DEI) is firmly embedded in our company vision. Our global DEI principles outline our unwavering commitment to a diverse workforce that represents wider society and fostering inclusion and has been defined as a key competency for our employees in our behavioural framework. We want to foster an environment of growth, where ideas and contributions are actively encouraged. We need this culture of courage to continue to thrive in our fast-paced industry.; Our people have created our seven DEI pillars (Gender, Ethnicity, Mental Health, Religion, Parent and Carer, Disability and LGBTQ+). Each group is made up of individuals from Merkle and each programme is sponsored by a member of the Merkle Executive Team. We are proud to have been recognised as industry leaders by the likes of Microsoft who named us the winner of Global Inclusive Marketing and Culture Partner Award in 2020.; We believe everyone has the right to feel included in their place of work, and able to be their authentic selves. We know that diversity and inclusion in the workplace – that is, diversity of thought, background and experience – is what drives creativity and innovation, which in turn lets us produce truly great work. Our goal is to make Merkle an inclusive, equitable workplace that is representative of the markets in which we operate, and where our differences are celebrated. We seek to educate and empower our colleagues and effect positive change within the wider industry – because the benefits of diversity in the workforce are too strong to ignore.
• Wellbeing:

  Wellbeing

  Mental health has never been spoken about more candidly or frequently. Taboo still surrounds the topic, however, and many people feel unable or unwilling to talk about struggles with mental health in any setting, let alone a professional one. Work is a place where you spend a huge proportion of your week, and we believe it shouldn’t be somewhere that mental wellbeing is forgotten or put away in a box to be dealt with at another time. In fact, we believe quite the opposite. We seek to make Merkle a workplace with a formal support network for those struggling with, or affected by, mental health conditions, plus provide easy access to work mental health resources whenever they’re needed. By actively encouraging our senior leadership to speak openly about how mental health issues have affected them or those they love, we have seen an uptake in use of resources like our mental health first aiders. We raise awareness and educate the Merkle community on all conditions and their potential circumstances and aim to become a leading voice for change within corporate policy.; Dentsu has committed to three key areas of focus: flexibility and time off, upskilling and empowering managers, and support for home schoolers. All employees can access an array of support tools, including counselling, mental health first aiders, mindfulness platforms (inc. Headspace), three wellness days per year and a sickness policy that includes mental health leave.

Pricing

• Price: £850 to £1,500 a unit a day
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: A free (non-360) version of Google Analytics is available. A comparison of features is available here: https://marketingplatform.google.com/about/analytics/compare/
• Link to free trial: https://marketingplatform.google.com/about/analytics/

Service documents

• Pricing document

  ODT

• Skills Framework for the Information Age rate card

  ODT

• Service definition document

  ODT

• Terms and conditions

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at david.spencer@merkle.com. Tell them what format you need. It will help if you say what assistive technology you use.