Be the brand experience ltd

Be the brand - Digital Asset Management, Marketing Workflow & Approvals

Digital Asset Management provides a library for all communications and brand assets to help people find and reuse content. The integrated workflow module automates and standardises the briefing and reviewing procedures associated with creating content and obtaining approval. Video/pdf commenting and team task management support the process.

Features

• Digital Asset Management for asset lifecycle management
• Asset search via filters, data search, "in asset" text search
• Asset check-in/check-out to workflow and autoalerts for asset archiving
• Agency briefing via workflow and dynamic forms
• Integrated workflow to manage review and approval
• Video and pdf review comment capture
• Task manager to view and prioritise own tasks
• Team task manager to re-prioritise, re-assign, share the teams work
• API for data and files to facilitate open integration
• Real time reporting with excel download and report scheduler

Benefits

• Reduced design costs and items reused
• Reduced number of review cycles due to in parallel reviews
• Less time spent looking for digital assets
• Consistent agency briefing increases quality of output
• Standardised, automated procedures reduce error and reduce training
• Greater visibility of bottlenecks and resource availability
• Reduced risk of using the wrong asset or auto-expired assets
• More time for value added creative work
• Increased leverage & return from creative investment
• Faster creation of communications

£650 an instance a month

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ross@be-thebrand.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

403736836032462

Contact

Ross Jenner
020 7199 0370
ross@be-thebrand.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: No constraints.
• System requirements:
  • Compatible browser
  • Internet connectivity

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Response time is 1 hour, support is UK 9-5 UK working days (not weekends nor bank holiday), resolution times depend on issue severity. Priority 1 support for "system unavailable" level of issues operates 24/7, including weekends.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: We have two levels of support. Standard support is unlimited and is included in the monthly ASP fees. You will have 1-2 system guardians which will be the first port of call when your end users have a query. We would liaise with the system guardian for any query they cannot resolve.; ; We also provide enhanced support where we will take direct queries from a larger group of users. This is an optional service which is often used just after going live but we can extend it where necessary. The cost of this varies but begins at £600 / month + vat.; ; Each client is provided with an Account Manager throughout deployment and ongoing operations. Upon going live they are transferred to the support desk for day-to-day queries. The Account Manager still remains in contact with quarterly or bi-annual meetings held throughout the year.; ; Technical resources are available if needed but support generally tends to be configuration based.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: PDF User guides and System Administration guides are provided along with onsite training and online /webinar based training. ; Prior to training, a configuration workshop is typically run with superusers / system administrators to capture the initial configuration requirements; this may be onsite or online. ; A configuration testing session is then run to provide the deployment team with knowledge to perform some testing prior to launch. The deployment team may then provide other users with training or this can be delivered by Be the brand. ; Generally we find that different user groups require different levels of training; a one-page "get started" guide may suffice for low level users while system administrators will require more in depth training.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: A range of reports, which are all downloadable into excel or csv format, provide an extract of some key data. Be the brand experience will provide an extract of the files / assets on the system and additional data in csv format if needed.
• End-of-contract process: The administrator logins remain active for 2 months following contract end. This provides time for the client to download the required reports/ data and files. ; If a bulk download of data or files is requested from be the brand we will change no more than 2 days resource time to provide the extract.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: We have used responsive design to enable the application to be used on a range of devices. It is a bit difficult to use the functionality on phones, due to small screen size, but is very effective on newer tablets. We have focused on optimising the approvals functionality for mobile devices because that is were we see the most demand.
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: The first step is to request an API key from bethebrand. This will be used for all your requests.; In addition, the API key you use has a set of permissions in the bethebrand system, which must be tailored by bethebrand to suit your use of the API. ; By default, only a subset of the API will be accessible.; The bethebrand API is a REST architecture which sends & receives JSON. Each object in the system will have an endpoint with the standard GET, PUT, POST & DELETE verbs, with some offering additional GET endpoints for operations like filtering or sorting.; ; The API allows you to do such things as search for Assets, Create Projects, run Reports, as well as query the status of your Workflows throughout the system.
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: There is a high level of configuration capability restricted to users with the appropriate permissions. Data forms and data field content/ format can be configured via the administration screens and changes saved in real time. User attributes such as teams and / or profiles can be configured similarly.

Scaling

• Independence of resources: Shared resources are not independent - we use capacity planning and load testing to ensure adequate capacity for all users. Scalability is integral to the architecture of the solution - enabling more resources such as CPU, storage or memory to be added quickly with no downtime.

Analytics

• Service usage metrics: Yes
• Metrics types: Concurrent user numbers/ graph; Asset views/ downloads/ distributions; Asset RAG (proximity to expiry); Asset ownership and lifecycle ; Workflow task allocation and status; User asset ownership/ views/ downloads/ distributions; System Availability
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: Less than once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Other
• Other data at rest protection approach: Logical controls, client data is segmented from other clients. Each client uses separate websites, application, database and file structures. This ensures that data from one client cannot be accessed by another.
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: All reports are available as an excel download from the application. There are 34 standard reports meeting a broad scope of data requirements. Where additional data needs are identified a bespoke report can be written. The cost ranges from £400-£1200 depending on complexity.
• Data export formats: Other
• Other data export formats: Excel
• Data import formats: Other
• Other data import formats: No upload facility

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: 99.5% SLA covering availability with a service credit equivalent to the proportion of fees incurred during the downtime.
• Approach to resilience: Resilience is built into the solution in a number of ways. We host the application in multiple data centres. The primary data centre has a multi-host / multi-component configuration ensuring we have multiple layers of resilience built in.
• Outage reporting: Email alerts to our support team report any outages. A dashboard report of availability provides historical visibility.; Planned outages are communicated to system administrators in advance.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Username or password
  • Other
• Other user authentication: SAML / ADFS single sign on available.
• Access restrictions in management interfaces and support channels: The built-in permission flags are used to develop user roles with restricted permissions and access to functionality. These can be amended by appropriately permissioned users. Internally we restrict high level admin permissions to a small group of people.
• Access restriction testing frequency: At least once a year
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: Security governance is a board level responsibility of the Chief Technology Officer. IT Security Policy and other related policies are in place and checks are carried out via weekly and monthly procedures to ensure compliance. Team briefings are carried out to ensure that IT security is discussed and communicated to all team members.
• Information security policies and processes: We have our own IT Security policy which is based on ISO27001 but not accredited. It is reviewed by clients regularly. It includes procedures and controls to ensure that the policies are followed.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Changes are tracked using our internal change and issue management system. Each change is tagged with a branch, so that it is clear which branch a change must be carried out in. In our development environment we use a system for build and continuous integration. We also have a source control system in place. Changes are tested on our development environment, before being packaged into a release. Once a release is finalised it is then available to update on our staging and live environments.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We get inputs for patches and threats from multiple sources. Vendors of hardware/software, threat alert services and our hosting partner all supply information. This is reviewed, with any patches managed as a change on our change tracking system, prioritised accordingly.; High Priority patches can be fast-tracked within 24 hours, all other patches will be bundled together and patched at the next available service maintenance window; usually during an upcoming weekend.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Security scanning in place, centralised malware protection in place, intrusion/bad request attempts alerting in place, sending through to our alerting dashboard, that is monitored and managed by our DevOps team. There is auto blocking in place to ban IP addressed that are submitting suspicious requests.
• Incident management type: Supplier-defined controls
• Incident management approach: Incidents are logged on our internal issue tracking system and managed from there. Incidents that cannot be resolved immediately by the first point of contact will be assigned to the technical team to action.; ; All incidents will be recorded in terms of symptoms, basic diagnostic data, and information about the issue and services affected. Incidents are reported to the Client Manager or by calling the Be the brand experience and are logged on our tracking system.; ; If the issue is a High Priority Security Incident, the client is notified by phone and email within 3 hours.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Fighting climate change

  Fighting climate change

  Be the brand is committed to achieving Net Zero. We have already achieved this is both Scope 1 & 2 of the GHG protocol and we are working towards scope 3.; All be the brand products aid companies reduce the use of printed materials thus aiding our clients achieve their Net Zero goals

Pricing

• Price: £650 an instance a month
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Either:; a) Free Access to our demo application for a period of 2 months for a limited number of users; or,; b) Full or partial configuration of a pilot version for a 2 -3 month period with asset import and training - small fee involved.
• Link to free trial: Please request - user set up and permissioning required

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ross@be-thebrand.com. Tell them what format you need. It will help if you say what assistive technology you use.