Skip to main content

Help us improve the Digital Marketplace - send your feedback

Forfront Limited

e-shot™ for internal communications

e-shot™ is the internal communication platform trusted by the public sector to manage highly effective internal messaging.

Whether it is staff newsletters or emergency comms, e-shot gives you a simple solution for sending targeted and accessible messaging to your audience.

Features

  • Deliver internal newsletters and campaigns
  • Verify emails as internal and trusted
  • Drag and drop design tools
  • Forms, landing pages and intranet pages
  • Manage and segment staff and stakeholder data
  • Data analytics, mapping, and custom reporting
  • Integrations and REST API
  • Enhanced security – SSO, MFA and logging
  • UK-based infrastructure, data storage and operations

Benefits

  • A complete solution for staff engagement
  • Automate communications to improve staff awareness
  • Easily create responsive and accessible content
  • Target campaigns based on HR or behavioural data
  • Personalise messages using segmentation and dynamic content
  • Unlimited users and emails
  • Segment platform for multiple departments
  • Free training and proactive support
  • Data sovereignty in the UK

Pricing

£1,500 a licence a year

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at daniel.hare@forfront.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

4 0 6 7 6 4 4 9 4 7 9 3 3 8 6

Contact

Forfront Limited Daniel Hare
Telephone: 020 3320 8777
Email: daniel.hare@forfront.com

Service scope

Software add-on or extension
No
Cloud deployment model
Hybrid cloud
Service constraints
We always proactively inform our customers of any scheduled maintenance or if there is an issue affecting the services both by e-mail and on the e-shot™ dashboard. In the case of peak time traffic overload, we apply contingency in the form of intelligent delivery procedures in order to protect the reputation of our customers’ domains and IPs.
System requirements
Requires browser with internet access

User support

Email or online ticketing support
Email or online ticketing
Support response times
Our Customer Success team will respond promptly during standard support hours. Monday - Friday, 8:30am - 6pm.

Median first response time (Jul - Dec 2023) was 1 minute.  

Median time to close (Jul - Dec 2023) was 1h 14m.  

24/7 support is also available for critical issues. Our team also proactively monitor our systems 24/7.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
WCAG 2.1 AA or EN 301 549
Web chat accessibility testing
Our web-chat technology is provided by a third party who undertake testing and review, more information is available https://www.intercom.com/blog/messenger-accessibility/.
Onsite support
Yes, at extra cost
Support levels
Support is included as part of your software subscription. Our Customer Success team provide remote support for a full range of issues including technical support, training, best-practice advice, account management and administration.

On demand support materials are also provided in the form of videos, interactive guides, written guides and help documentation.

We also provide proactive support to ensure customers can derive maximum benefit from using our solutions.

Priority is given to issues that prevent a customer from using the software to complete a time sensitive task as per our published SLAs. Should a support requirement be deemed as consultancy, then additional charges may apply.

Our Customer Success team are supported by our technical teams including Infrastructure, Deliverability and Development. Technical Account Management is provided by the Customer Success team and Cloud Support is provided by our Infrastructure team who continually monitor our solutions and solve issues proactively.

The following is a link to our SLA: https://www.e-shot.net/assets/pdf/e-shot_service_level_agreement.pdf
Support available to third parties
Yes

Onboarding and offboarding

Getting started
We offer a fully managed onboarding service. Our G-Cloud pricing document sets out various onboarding options that represent a typical deployment for different use cases and different types of public sector organisation.

Our onboarding team will provide project management, consultancy, training and design work to get things set up to your specific requirements. Simple projects can be delivered in days. Projects for larger organisations typically last between 6-8 weeks depending on the requirements in areas such as integration and migration from another solution.

New user training is included as standard at any time and our team can also provide bespoke training remotely or in person.

For all G-Cloud customers we provide a dedicated testing account, support for official domains and proactive DNS monitoring via NCSC Mailcheck.

GovDelivery Migration service is also available
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
The platform caters for bulk data export via UI or API with relevant permissions.
End-of-contract process
The contract will end at the point the license expires, unless a renewal is agreed. The license includes the purchased software, hosting arrangements, all product updates and standard support.

All data, reports and templates are available for extraction up until the date of leaving without charge. Once deadline has been reached, account is closed and archived. After this period the account will be deleted from the system and only an archived backup copy will be kept for the period required by data protection guidelines.

Using the service

Web browser interface
Yes
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Email and campaign authoring is only available on desktop service. Mobile service is restricted to reporting and analytics.
Service interface
No
User support accessibility
WCAG 2.1 AA or EN 301 549
API
Yes
What users can and can't do using the API
E-shot™ has a REST API that is accessible over HTTPS.

API access is granted by an API key that can be restricted to specific accounts and IP addresses where necessary. API key requests must be submitted by an authorised administrator via our support system. The appropriate login credentials are then supplied to the client who will use these credentials in all API requests made to e-shot™. Further documentation detailing the functionality available for the APIs can be found at: https://www.e-shot.net/assets/pdf/rest_api_guide.pdf.

The REST API has full read and write capabilities over the main entities including contacts, campaigns, sources, groups and website activity.
API documentation
Yes
API documentation formats
  • Open API (also known as Swagger)
  • PDF
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
E-shot™ can be customised extensively to accommodate different needs with control over user management, branding, templates and sending identities.

e-shot™ can also be set up into multiple accounts so that different organisational units can have their own customisations.

Each e-shot™ account can be white-labelled by a customer to have their own logo that appears on the UI and reports sent by the system.

Individual users can customise reporting and analytics and certain elements of the UI.

From an API perspective, customisation is extremely versatile with e-shot™ functions built into third party systems on a bespoke basis where needed.

Scaling

Independence of resources
The e-shot platform is housed on its own infrastructure in a secure UK data centre with scalable architecture and a significant headroom.

Each client has their data stored in a separate database dedicated to the client.

Analytics

Service usage metrics
Yes
Metrics types
All interactions with a campaign sent by e-shot are tracked and reported in real time. Data is recorded against the sent Campaign and individual Activity Log of each contact.

Graphical presentation of opens, clicks, forwards, unsubscribes and bounces of every email campaign you send. Build and save custom reports that can be configured with all the power of a database query from within our user interface.

Saved custom reports can then be run with a single click and shared throughout your organisation.

All service usage metrics are also available via API integration.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Via user interface
Data export formats
  • CSV
  • Other
Other data export formats
Via API or integration
Data import formats
  • CSV
  • Other
Other data import formats
  • Excel
  • Via API or integration

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
The platform operates a 99.9% availability with scheduled maintenance windows out of hours. Customers are immediately informed if there is an issue affecting services via e-mail and platform notification. If it is a high or crisis priority issue, the customers will be periodically updated with the status. All the time frames above are based on the working hours schedule 09:00 – 18:00 Monday to Friday excluding Public Holidays. Please refer to Forfront Service Level Agreement pdf for full details.
Approach to resilience
High availability architecture
Outage reporting
Outages detected by our monitoring systems result in 24/7/365 notifications to the Operations Team. They would triage and if necessary, escalate these issues.

Clients are notified in the dashboard and by email to the client's authorised administrator . Details of cause and mitigation available on request.

Any serious unexpected or long outages result in communication to authorised administrators of affected customers. Details of cause and mitigation available on request.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
Username and password.

Restriction based on IP can be implemented upon request.

e-shot includes the ability to be authenticated using MFA and enforce this on all users of an account, as well as the ability to login using your Microsoft account details.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
Description of management access authentication
The management of the e-shot™ platform can only be performed from a separate Office network which is linked via dedicated/permanent IPSec Site to Site VPN Tunnel. This VPN Tunnel is protected by AES256 encryption and SHA256 authentication with pre-shared key. Access via this Site-to-Site VPN is further restricted at user level to only authorised personnel by 3rd party software with encrypted username password. .

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
URS Holdings (United Registrar of Systems) A UKAS accredited organisation
ISO/IEC 27001 accreditation date
19/10/2021
What the ISO/IEC 27001 doesn’t cover
Not Applicable. All Forfront activities, including those related to the provision of the e-shot platform are covered by the ISO27001 certification.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
Yes
Other security certifications
Yes
Any other security certifications
  • DMA DataSeal
  • NHS Digital Toolkit

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
Cyber Essentials Plus
Information security policies and processes
We are ISO 27001 accredited and Cyber Essentials Plus Compliant. We have implemented DevOps processes and practices. The website adheres to the OWASP standards for web security.

Only tested code is promoted from Development to UAT to Production via use of automated deployment system. It is not possible for code to be promoted to Production without first going to the Development and UAT environments.

We review our implemented policies annually.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Changes requested to a system are written up into a UAC driven change request specification document, with supplied estimates for delivery. This takes into consideration standards agreed with the client; e.g. OWASP.

The deliverable components of a specification are created as tasks in our issue tracking system and assigned to a SPRINT delivery. Code changes are checked-in against a task to provide an audit that will be reviewed and tested.

Only the release management team can promote software to public facing environments. This is carried out using an automated delivery platform.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Issues encountered by users of the system go to first line support who will triage the issue. Issues encountered by the application or monitoring facilities are triaged by the Operations Team. These issues can be received by: Text, Phone, Web Chat or Email.

Triaging takes into consideration the impact of an issue according to our definitions associated with Critical, High, Medium and Low priority issues.
E.g. Critical issues are where the system is unusable or cannot be used to carry out critical business functions and no work around exists.

The following is a link to our SLA:
https://www.e-shot.net/assets/pdf/e-shot_service_level_agreement.pdf
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Firewall logs and application notifications are monitored and Forfront can respond quickly to any incidents.

Cloud security services including WAF OSWAP and DDoS protection.
Incident management type
Supplier-defined controls
Incident management approach
Users may report incidents by phone, email or via chat. Once escalated, we have incident management processes which cover roles and responsibilities for incident handling. Updates will usually be provided to affected customers in real time. Details of cause and mitigation are available on request to authorised administrator contacts.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Social Value

Social Value

Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

Fighting climate change

Forfront Ltd is committed to achieving Net Zero emissions by 2050.
We are committed to reducing environmental impact and continually improving our environmental performance as an integral part of our business strategy and operating methods. The e-shot infrastructure was migrated, in 2024, to one of the UK’s most energy efficient data centres, which uses 100% carbon free, renewable energy. The centre maintains ISO14001 for best practice in environmental management. All equipment and infrastructure installed and sourced is of the highest energy efficiency rating possible that can be deployed. Also in April 2024 we made some major upgrades to our infrastructure, the combination of new Generation servers and Virtualisation Technology, which has further reduced our carbon footprint.

We integrate environmental considerations into everyday operations in a number of ways:

• Reduce levels of energy consumption: We use energy efficient equipment and recently replaced all office lighting with more energy efficient LED lights
• Procure items and services from sustainable sources: We obtain services, equipment, and power from providers that are committed to environmental protection – such as our current hosting partner, detailed above
• Reduce use of consumables: We recycle equipment and limit the use of office consumables
• Reduce travel impact: We achieve this by using technology for collaboration and meetings. A significant proportion of our staff travel to work via bicycle, and we have arranged with our landlord to provide facilities for bicycle storage. Travel to external meetings and conferences/events utilises public transport in the first instance.
• Prevent and reduce pollution: We actively pursue the reduction of our use of substances and processes that adversely affect the environment
• Encourage employee participation: We encourage all employees to participate in the operation and management of this policy and our working environment

Tackling economic inequality

Forfront, a privately-owner SME, is committed to deliver social value improvements through all business endeavours.

Recruitment: We continue to develop our recruitment practices and employment conditions in line with the five foundational principles set out in the Good Work Plan and expect to create additional employment opportunities under this framework. We propose to recruit for additional staff from the local area, in roles that encompass areas where there are known national skills shortages.

Apprenticeships: Additionally, we actively support the government apprenticeship schemes. We currently have 2 apprentices working at Forfront and have recently converted 3 apprentices to full time positions upon completion of their apprenticeship. We also continue to offer work experience and placement opportunities to local schools and colleges and assess opportunities to widen this remit with each additional successful tender.

Continuing Professional Development: We fully support the team’s ongoing commitment to personal and professional development (CPD) and ensure that they can benefit from skills growth and undertake a minimum of 12 hours CPD per annum. We will look for ways to exceed this level where possible. The team will also continue to benefit from a range of internal training and distance learning materials on relevant topics including cybersecurity.

New Technologies: This forms part of a wider and sustained effort to embrace innovative and disruptive technologies for both our own operations and as part of delivering innovative solutions to our clients. In tandem with this, we continue to work towards ensuring we modernise delivery in areas including security, accessibility, and collaboration.

Accredited Living Wage Employer: This means that every member of staff working for Forfront Limited will earn a real Living Wage. Over 9,000 organisations, including Forfront Limited, voluntarily choose to pay the real Living Wage because we believe that a hard day’s work deserves a fair day’s pay.

Equal opportunity

We believe in creating a working environment and culture where every individual can feel safe, enjoy a sense of belonging and is empowered to achieve their full potential. Forfront is committed to the promotion and delivery of equality, diversity and inclusion as well as offering all employees dignity at work. We believe that people from different backgrounds bring fresh ideas, thinking and approaches which make the way work is undertaken more effective and rewarding.
An excerpt from our Equality Diversity and Inclusion Policy:
“The Company will not tolerate direct or indirect discrimination against any person on grounds of accent, age, caring responsibilities, colour, culture, visible and invisible disability, gender identity and expression, mental health, neurodiversity, physical appearance, political opinion, pregnancy and maternity/paternity and family status and socio-economic circumstances amongst other personal characteristics and experiences.
This applies to recruitment, contract of employment, career progression, training, transfer, or dismissal. It is also the responsibility of all employees in their daily actions, decisions, and behaviour to endeavour to promote these ideas and this policy, to comply with all relevant legislation and to ensure that they do not discriminate against colleagues, customers, suppliers, or any other person associated with The Company.”
Flexible working: Opportunities for flexible working patterns are available. We also provide assistance to employees who are or become disabled, making reasonable adjustments, to provide continued employment.
Employee Assistance Programme: All employees have access to our Employee Relations Manager for one-to-one meetings in confidence, as well as help from our Mental Health Ambassadors and through the EAP programme. We also have an open-door policy to any company director and opportunity for anonymous input through a suggestions box.
Supply chain management: Forfront has a responsibility to ensure that we work fairly and that our suppliers and partners promote equality and reflect our high standards.

Wellbeing

Our procedures include structured activities at the beginning and end of each week for all staff, designed to promote health and wellbeing. We propose to continue delivering twice-weekly sessions to the team working on the contract as part of this proposal. As an organisation, we have made The Commitment to the 6 standards of Mental Health at Work.

Employee Assistance Programme: All employees have access to our Employee Relations Manager for one-to-one meetings in confidence, as well as help from our Mental Health Ambassadors and through the Avensure EAP programme. We also have an open-door policy to any company director or The Company’s CEO to discuss any concerns, along with an opportunity for anonymous input through a physical suggestion box in the office.

Flexible working: Opportunities for flexible working patterns are available. We also provide assistance to employees who are or become disabled, making reasonable adjustments, to provide continued employment.

We also share any information and templates that we use with our wider audience so they have ready-made employee information emails that they can send as solus or part of a wider well-being support programme – these are some examples https://news.comms.e-shot.net/yco5/Design/8847-4rj2, https://news.comms.e-shot.net/yco5/Design/24e4-gjj0 and https://news.comms.e-shot.net/yco5/Design/8ezc-mc23

Pricing

Price
£1,500 a licence a year
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at daniel.hare@forfront.com. Tell them what format you need. It will help if you say what assistive technology you use.