Audience Answers - arts, culture, heritage and creative data-driven insights portal

Service scope

Software add-on or extension: No
Cloud deployment model: Public cloud

Hybrid cloud
Service constraints: Service constraints
Our services are specifically designed for the arts, culture, place, creative, and heritage sectors, focusing on the unique needs and challenges of these fields. This specialisation allows us to provide tailored solutions that enhance engagement, manage collections, and support cultural preservation. However, this focus may limit applicability for industries outside these sectors, as the tools and strategies are optimised for the specific workflows, regulatory requirements, and audience engagement strategies prevalent in the arts and heritage domains.
System requirements: Support for major web browsers like Chrome

User support

Email or online ticketing support: Email or online ticketing
Support response times: Response times are 48 working hours between Monday to Friday (unless they are marked as urgent when it is will be 24 hours).
User can manage status and priority of support tickets: Yes
Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
Phone support: Yes
Phone support availability: 9 to 5 (UK time), Monday to Friday
Web chat support: No
Onsite support: Yes, at extra cost
Support levels: Our integrated support offering is designed to provide comprehensive assistance tailored to the Buyers needs. This support package includes: • Dedicated Account Manager: You will have a Dedicated Account Manager who oversees your project from start to finish, providing personalised support and ensuring that all your requirements are met efficiently. • 24/7 Access to our ticketing system: Our dedicated support system with FAQs and support documentation is available around the clock and our support team are able to assist within the hours of 9am to 6pm Monday to Friday. This premium level of support is priced as a percentage of your overall service cost, but additional support can be charged at the SFIA day rates.
Support available to third parties: Yes

Onboarding and offboarding

Getting started: Getting started with Audience Answers is streamlined and user-friendly, designed to ensure that users can quickly leverage the full potential of our service:
1. Self-Service Form Request: Users can begin by filling out a self-service form that captures basic information and specific requirements. This form is accessible online and allows for immediate engagement.
2. Support Team Contact: For users who prefer direct interaction or need guidance, our support team is available to assist with the onboarding process. They can be reached via email, phone, or live chat.
3. Onboarding Review: Once initial contact is established, we schedule an onboarding review session. A consultant will discuss the specific requirements.
4. User Account Creation: We then set up user accounts and provide credentials, ensuring users have access to the system.
5. Customisation and Training: Depending on the user’s needs, customisation of insights and features may be implemented. We can provide online training, in-person support a dedicated support site to help users navigate and optimise their use of the service.
6. Ongoing Cloud Support Services: For complex requirements or further customisation, our Cloud support services are available to provide additional assistance and ensure users achieve their desired outcomes with the platform.
Service documentation: Yes
Documentation formats: HTML

ODF

PDF
End-of-contract data extraction: At the end of a contract, users can securely extract their data through a straightforward process facilitated by our dedicated account team. To initiate the data extraction, users should contact their account manager, who will guide them through the procedure and ensure compliance with all security protocols.

The preferred method for secure data transfer is via SFTP (Secure File Transfer Protocol), which provides robust encryption for data in transit. Alternatively, other secure transfer methods can be arranged based on the user's specific security requirements and preferences.

The account team assists in scheduling the data transfer, ensuring that it occurs at a convenient time for the user and within the terms of the contract's end date. Before the transfer, data is prepared, consolidated, and, if necessary, converted into a commonly used format as agreed upon by both parties, ensuring it is readily usable post-transfer.

Throughout the process, the account team remains in close communication with the buyer to address any concerns and to confirm the secure and complete transfer of all requested data, thus ensuring a smooth and compliant transition at the contract's conclusion
End-of-contract process: At the end of the contract, our account team collaborates closely with the buyer to decommission the service securely and efficiently. This process follows a standard template, including deactivating user accounts and revoking access.

Decommissioning Steps:
1. Notification and Planning: Buyers are notified in advance to plan the decommissioning process.
2. Data Handling: We discuss and arrange for the return or destruction of Buyer data and any buyer-owned intellectual property (IP) per their instructions.
3. Service Shutdown: User accounts are deactivated, and service access is revoked.
4. Final Audit: A final audit ensures all obligations are met and no residual data remains, unless legally required.
The contract price covers service usage, ongoing support, and standard end-of-contract data handling. Additional services such as extensive data extraction or specific data format conversions during decommissioning may incur SFIA day rate charges. These potential additional costs are clearly communicated during contract negotiations and end-of-contract discussions to ensure transparency. This structured approach ensures a clear, compliant, and trouble-free transition at the contract’s conclusion.

Using the service

Web browser interface: Yes
Supported browsers: Internet Explorer 11

Microsoft Edge

Firefox

Chrome

Safari

Opera
Application to install: No
Designed for use on mobile devices: Yes
Differences between the mobile and desktop service: Mobile Version
- Responsive Design: The layout adjusts to fit smaller screens, prioritising ease of use and readability. Text sizes are increased, and images or elements are resized accordingly.
- Condensed Navigation: Menu options are moved behind dropdowns or into a "hamburger" menu (three horizontal lines). This menu typically appears at the top corners of the screen, providing access to various sections of the service without cluttering the view.
- Touch-friendly Interface: Buttons and links are made larger to accommodate touch interactions, ensuring that elements are easily tappable.
Service interface: No
User support accessibility: WCAG 2.1 AA or EN 301 549
API: Yes
What users can and can't do using the API: The Audience Answers Data Mesh architecture enables users and their partners to securely transmit data automatically through a well-defined Application Programming Interface (API). This API facilitates seamless and secure data integration by establishing a standardised communication protocol that any authorised system can use to connect and transfer data.
The process begins with authentication, where each user or partner system must provide credentials to verify their identity. This ensures that only authorised entities can access the API. Once authenticated, the API supports encrypted data transmission to maintain confidentiality and integrity. Data sent through the API is encapsulated in HTTPS protocols, safeguarding it against interception or tampering during transit.
Furthermore, the API is designed to handle various data formats and structures, enabling flexibility in how data is sent and received. It also provides error handling mechanisms to ensure data consistency and reliability. Users and partners can leverage this API to automate their data workflows, ensuring efficient and secure data exchanges as part of the broader data mesh infrastructure.
API documentation: Yes
API documentation formats: HTML

PDF
API sandbox or test environment: Yes
Customisation available: Yes
Description of customisation: TO ENTER

Scaling

Independence of resources: Our data architecture's scalability ensures the independence of resources by dynamically adjusting capacity based on demand, thereby maintaining performance without overloading any single component. This is achieved through automatic scaling solutions that can seamlessly expand or contract resource allocation. Additionally, our DevOps play a crucial role, monitoring system performance and resource utilisation. Analytics tools detect and resolve potential issues before they impact service quality, ensuring each client's operations remain isolated and unaffected by others, thus upholding robust performance and reliability

Analytics

Service usage metrics: Yes
Metrics types: 1. Uptime/Availability: Percentage of time the service is operational.
2. Response Time: Time taken to respond to user requests.
3. Incident Frequency: Number of reported incidents within a specific period.
4. Freedom of Information: Frequency and type of reports (or support provided to Buyer)
5. System Performance: Metrics on throughput, capacity, and system utilisation.
6. Security Incidents: Frequency and type of security breaches.
Reporting types: Reports on request

Resellers

Supplier type: Not a reseller

Staff security

Staff security clearance: Other security clearance
Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations: Yes
Data storage and processing locations: United Kingdom

European Economic Area (EEA)
User control over data storage and processing locations: Yes
Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency: Less than once a year
Penetration testing approach: In-house
Protecting data at rest: Physical access control, complying with CSA CCM v3.0

Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process: Yes
Data sanitisation type: Explicit overwriting of storage before reallocation

Deleted data can’t be directly accessed
Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach: Users can easily export insights directly from our service using embedded features that allow for the downloading of data in PDF or CSV formats, accessible through the user interface. For data formats or exports not available through these standard options, our support team is ready to assist. Upon request, they can facilitate additional data exports tailored to specific needs, ensuring users have access to their data in the required format for further analysis or reporting. This combination of self-service tools and support assistance ensures flexibility and user convenience.
Data export formats: CSV

ODF
Data import formats: CSV

ODF

Data-in-transit protection

Data protection between buyer and supplier networks: Private network or public sector network

TLS (version 1.2 or above)

IPsec or TLS VPN gateway
Data protection within supplier network: TLS (version 1.2 or above)

IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability: We guarantee a 99% uptime for our services, excluding scheduled maintenance windows. This commitment is enshrined in our Service Level Agreement (SLA), ensuring high availability and reliability of our services.

SLA Details:

Availability Guarantee: Our SLA promises an operational uptime of 99% over each calendar month, calculated excluding previously scheduled maintenance periods. These maintenance events are communicated in advance to minimize any disruption to your operations.

Monitoring and Reporting: We continuously monitor our systems and provide clients with monthly uptime reports, which detail the service performance and any downtime occurrences.

Our SLA policies are designed to provide assurance and demonstrate our commitment to maintaining high levels of service availability, ensuring that our clients can depend on our services for their critical operations.
Approach to resilience: Our service is designed with resilience as a core principle to ensure continuity and robustness under various operational conditions. Here’s how we achieve this:
Multi-Layered Resilience Design:
• Redundancy: Critical components of our infrastructure, including servers, storage, and network devices, are configured in a redundant setup across multiple data centers. This redundancy ensures that if one component fails, another can seamlessly take over without impacting service availability.
• Data Replication: We employ real-time data replication across dispersed data centers within the EU. This not only protects data integrity but also ensures data availability even if one location suffers a disruption.
Data Centre Resilience:
• Physical Security: Our data centres are equipped with state-of-the-art security measures, including biometric access controls, surveillance cameras, and 24/7 monitoring.
• Environmental Controls: We use advanced environmental controls to manage temperature and humidity, ensuring optimal performance of hardware. Backup power supplies and generators are in place to handle power outages.
• Network Connectivity: Multiple network paths and providers ensure that our network remains operational even if one provider experiences issues.
By integrating these resilient features into our service design, we can assure our customers of our commitment to maintaining high service availability and robust security.
Outage reporting: Our service employs a robust system for outage reporting to ensure users are promptly informed of any service disruptions. Here’s how we manage and report outages:
Real-Time Monitoring: We actively monitor our service across all operational stages—from development through to deployment and production. This continuous surveillance enables swift detection and response to any potential outages.
Notification Systems:
• Email Alerts: As soon as an issue is detected, email notifications are sent to registered users, with continuous updates provided until the issue is resolved.
• Mobile App Notifications: Our service includes a mobile app that sends push notifications directly to users’ devices, alerting them to any disruptions.
• Text Messaging: For critical alerts, we also use text messages to ensure that users receive immediate and direct communication regarding service interruptions.
Alert Levels: Our alert system is tiered, categorising notifications by severity. This ensures that users receive information that is pertinent to the urgency and potential impact of the outage.
Through these communication channels, we ensure that users are well-informed and can make necessary adjustments during any service disruptions, maintaining effective management and minimal operational impact.

Identity and authentication

User authentication needed: Yes
User authentication: 2-factor authentication

Identity federation with existing provider (for example Google Apps)

Username or password
Access restrictions in management interfaces and support channels: Access to our service is tightly controlled through email verification and role-based permissions, which restrict access to specific features and functionalities based on user needs. Access levels are carefully managed by a nominated admin, typically the buyer's designated champion(s). This ensures that only authorised personnel can access sensitive management interfaces and support channels, effectively safeguarding against unauthorised access and maintaining the integrity of the system. These measures are critical for protecting our management environments and ensuring secure operations.
Access restriction testing frequency: At least every 6 months
Management access authentication: 2-factor authentication

Identity federation with existing provider (for example Google Apps)

Username or password

Audit information for users

Access to user activity audit information: Users contact the support team to get audit information
How long user audit data is stored for: Between 6 months and 12 months
Access to supplier activity audit information: Users contact the support team to get audit information
How long supplier audit data is stored for: At least 12 months
How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

ISO/IEC 27001 certification: No
ISO 28000:2007 certification: No
CSA STAR certification: No
PCI certification: No
Cyber essentials: Yes
Cyber essentials plus: No
Other security certifications: No

Security governance

Named board-level person responsible for service security: Yes
Security governance certified: Yes
Security governance standards: Other
Other security governance standards: Our service is Cyber Essentials certified and aligns with cloud security principles. We are actively working towards ISO/IEC 27001 certification to enhance our information security management system, ensuring continuous improvement in our security measures and compliance.
Information security policies and processes: Our information security framework is anchored by stringent policies and processes, meticulously overseen by our dedicated Data Executive. This role is pivotal in ensuring robust Information Governance and Security Systems and the enforcement of our Information Security Policies.
Our security policies cover various aspects, including but not limited to data protection, access control, risk management, and incident response. These policies are regularly reviewed and updated to align with evolving security threats and compliance requirements. Training and awareness programs for staff, ensuring that policies are well-understood and consistently applied across the organisation.
To ensure adherence to these policies, the Data Executive implements a structured reporting system that allows for real-time monitoring and immediate action on security issues. Regular audits are conducted to assess compliance, identify potential vulnerabilities, and measure the effectiveness of current security measures. Remedial actions are prioritised and implemented based on audit findings, ensuring continuous improvement of our security posture.
This comprehensive approach guarantees that our information security practices are not only compliant with current standards but are also robust and proactive in mitigating risks.

Operational security

Configuration and change management standard: Supplier-defined controls
Configuration and change management approach: We manage configuration and change through a structured process, beginning with a Statement of Work (SoW) to confirm initial specifications. Changes are handled via Change Request documentation submitted to the Account Manager, ensuring traceability. These requests are then processed through our systemised internal procedures, covering authorisation and development phases. All service components are tracked throughout their lifecycle. Each change is rigorously assessed for potential security impacts by our team to mitigate risks and ensure stability is maintained throughout the service’s evolution.
Vulnerability management type: Supplier-defined controls
Vulnerability management approach: Our vulnerability management is overseen by the Data Executive and informed by both our development team and external sources like US-CERT. We proactively assess threats through continuous monitoring and regular security testing throughout the platform's lifecycle. Patches are deployed swiftly upon identification of critical vulnerabilities. We stay updated on potential threats through alerts from reputable security organisations and industry-standard sources, ensuring a robust defense against emerging security challenges. This comprehensive approach ensures our services remain secure and resilient against threats.
Protective monitoring type: Supplier-defined controls
Protective monitoring approach: Our proactive monitoring approach is designed to ensure the continuous security and performance of our services.
1. Continuous System Scanning: We use monitoring tools that assess our systems for signs of abnormal activity or potential security threats. This includes automated scanning for vulnerabilities, performance anomalies, and unauthorised access attempts.
2. Regular Updates and Patch Management: As part of our proactive stance, we regularly update our systems and apply security patches proactively. This ensures that vulnerabilities are addressed before they can be exploited.
By maintaining a vigilant/proactive monitoring system, we can ensure the high reliability, availability, and security of our services.
Incident management type: Supplier-defined controls
Incident management approach: Our incident response policy is designed to effectively manage/mitigate any potential compromises. Here’s how we approach protective monitoring:
1. Identification of Potential Compromises: We use monitoring tools within the development and production environments to scan our systems for unusual activity that may indicate a compromise.
2. Response to Potential Compromises: Our incident response team is immediately notified. Our team follows a structured protocol thorough investigation to understand the extent and impact of the breach.
3. Speed of Response: All incidents are addressed according to an SLA that specifies response times, ensuring quick action to minimise potential risks and impacts.

Secure development

Approach to secure software development best practice: Supplier-defined process

Public sector networks

Connection to public sector networks: No

Social Value

Covid-19 recovery
Tackling economic inequality
Wellbeing

Covid-19 recovery

In the context of COVID-19 recovery, our services focus on harnessing cultural data to help arts and culture organisations navigate the post-pandemic landscape. By analysing trends and impacts, we can identify resilient strategies that enable these institutions to reconnect with their audiences, innovate in their offerings, and secure necessary funding. Our data-driven insights also guide organisations in reconfiguring physical spaces and digital presence to align with new health guidelines and audience expectations, ensuring a safe and engaging cultural experience.

Tackling economic inequality

Addressing economic inequality within the arts and culture sectors involves using data to uncover and tackle disparities in access and participation. Our services support organisations in understanding the demographic and socio-economic composition of their audiences and the broader community. This insight allows for the development of programs and policies that are inclusive and equitable, ensuring that cultural enrichment benefits a diverse range of participants. Additionally, we provide data that can help argue for targeted funding and resources, aiming to level the playing field and foster a more inclusive cultural landscape.

Wellbeing

Enhancing community wellbeing through arts and culture is a crucial focus of our data services. By analysing engagement patterns and feedback, we help organisations to craft experiences that promote mental health and overall wellbeing. This includes identifying therapeutic aspects of cultural participation and tailoring programs to serve as powerful tools for healing and social connection. Our insights aid in creating initiatives that address specific community needs, such as programs for seniors, youths, and marginalised groups, ensuring that the arts remain a vital part of maintaining and enhancing community health and happiness.

Pricing

Price: £3,600 to £87,000 a unit a month
Discount for educational organisations: No
Free trial available: No

Audience Answers - arts, culture, heritage and creative data-driven insights portal

Features

Benefits

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Pricing

Service documents

Cookies on Digital Marketplace

Audience Answers - arts, culture, heritage and creative data-driven insights portal

Features

Benefits

Pricing

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Social Value

Pricing

Service documents