INVOTRA LIMITED

CommsGrid

CommsGrid is for internal communications professionals looking to streamline the management of internal comms publishing schedules. Create and manage content requests with ease in a single source of truth. Visualise and report on your communications pipeline in real-time. CommsGrid is powered by Invotra.

Features

• Grid: Visualise your communications publishing schedule
• Customise: Setup campaigns and structures to meet your comms needs
• Workflow: Ensure your comms are delivered correctly and on time
• Reporting: Report on your comms pipeline through real time metrics
• Integrate: Pull your schedule directly from your intranet
• Notify: Receive real-time notification updates on your comms pipeline
• Publish: Auto-publish your content directly from CommsStudio
• Access: Control access rights to align with your comms workflow

Benefits

• Efficiently manage all of your comms in a centralised place
• Align your comms teams with a single source of truth
• Provide visibility to stakeholders of your comms schedule
• Empower employees to have their voice heard
• Improve your comms processes through real-time reporting
• Never miss an update with real-time notifications
• Quickly see all content due for publishing this week/month
• Manage comms on the move with mobile access

£20 a user a month

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@invotra.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

430334618683310

Contact

Billy Clackers
01483 672592
sales@invotra.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Invotra Intranet
• Cloud deployment model: Public cloud
• Service constraints: Any perceived constraints will be reviewed and agreed as part of the mutually agreed Service Design.
• System requirements: Modern Personal Computer

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: CommsGrid customers can raise incidents and support queries via our Helpdesk Portal and we will endeavour to respond within 2 business days.
• User can manage status and priority of support tickets: No
• Phone support: No
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: CommsGrid customers have 24/7 access to our Helpdesk Portal where they can raise incidents and support queries. This support service is free of charge.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: CommsGrid provides you with everything you need within the product and online to get going. We're confident that you can use CommsGrid straight away without the need of any heavy onboarding process due to its intuitive experience.; ; Invotra's professional services arm, Invuse, can also provide an extensive onboarding service should you need it.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: Users can extract their data via the APIs at any point in time from the service. If additional requirements are required you can raise a ticket via the helpdesk.
• End-of-contract process: We include standing down and secure termination of your CommsGrid service. Bespoke off-boarding can be requested based on the customers needs. This may include specific data extraction requirements, exit review processes etc and may incur additional costs.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: No difference between desktop and mobile in regards to functionality. The mobile version is fully responsive.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: We have a service interface that is available to customers and can be provided if requested.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: CommsGrid is compliant to WCAG ‘AA’ standards for users who access the system. However, simply saying that we meet the standards is not enough. We go above and beyond being compliant in order to create a positive user experience for 100% of users. We travel the UK to meet with accessible software users, conducting user testing with people of differing types of disabilities and assistive software. The aim of the testing is to identify the different methods in which users would interact with the system and to identify the varying competency with the assistive technology. From this we are able to adapt the user interface to accommodate multiple variations of techniques used depending on the disability and competency with assistive technologies. We understand that a continuous software development life cycle creates an environment where the user interface will change. Therefore user testing is conducted at stages where either there has been major user interface changes or to verify that previous challenges have been remedied.
• API: Yes
• What users can and can't do using the API: Customers can use APIs to exchange data. More information can be provided upon request.
• API documentation: Yes
• API documentation formats: Other
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: All configuration can be done via the service itself by dedicated administrators of the system.; ; Configuration includes branding, workflows and content structure.

Scaling

• Independence of resources: The platform is designed to automatically scale when resources across the stack begin to reach certain thresholds. These thresholds are identified through the monitoring system within the platform. If the monitoring system identifies a metric that exceeds a threshold, new resources are provisioned to accommodate the load. The resource consumption is constantly monitored which prompts for optimisation activities to proactively scale up resources where required.

Analytics

• Service usage metrics: Yes
• Metrics types: CommsGrid provides insights into your communications schedule.
• Reporting types:
  • API access
  • Real-time dashboards

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: CommsGrid supports APIs for data extraction.
• Data export formats: Other
• Other data export formats: JSON
• Data import formats: Other
• Other data import formats: JSON

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: AWS VPC

Availability and resilience

• Guaranteed availability: 99% uptime is guaranteed by CommsGrid.
• Approach to resilience: CommsGrid is a cloud native application which is built from the ground up to be fully fault tolerant and resilient.
• Outage reporting: Email alerts

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: All processes and policies are detailed within an internal system which is available for review on request. The system fully supports all policies and processes required for ISO 27001.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users receive audit information on a regular basis
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Alcumus, ISOQAR
• ISO/IEC 27001 accreditation date: 15 March 2019
• What the ISO/IEC 27001 doesn’t cover: We do not have any exclusions for our ISO 27001:2013 certification.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: We currently hold the ISO/IEC 27001:2013 certification and have no exclusions. All policies and processes are stored within our internal system which can be made available for review upon request. The system fully supports all policies and processes set out by the International Standards organisation and is outlined in the requirements for ISO 27001:2013. To ensure that all staff follow the information security policies and processes, we conduct annual Security Awareness Training, followed up by an Information Security questionnaire. In addition to this, if there are any updates on these policies or processes, it is communicated to all staff via our intranet and a signed list of all policies that have been read are kept on each staff member's HR file.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Invotra’s change process is published on our UK Government customer portal GOV.invotra. Our changes are managed through our change management process. Invotra tracks all system changes including but not limited to: product enhancement releases, service component version upgrades and security patching, Invotra also has supplementary security incident and business continuity processes in place which are available upon request.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Technical resources are subscribed to security feeds/mailing lists to be notified of security improvements. The security patches are expedited or applied as part of a development cycle depending on severity (assessed according to an internal scoring system). For OS vulnerabilities we defer to the OS vendor's assessment. OS patches are deployed monthly. We also get information about any potential threats from OS vendor, application vendors, package repositories and our internal QA.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: All application requests are monitored using AWS WAF (Web Application Firewall) which applies a set of rules to a HTTP conversation. These rules cover common attacks such as Cross-site Scripting (XSS) and SQL Injection. All processes and policies related to response and timings are detailed within an internal system which is available for review on request. The system fully supports all policies and processes required for ISO 27001.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Incident management processes for customers are published on our UK Government customer portal GOV.invotra. We have predefined processes for reporting, tracking and closing incidents. Customers have access to our dedicated Invotra HelpDesk Portal where they can raise new incidents and review incident statuses both current and historic. Incident reporting is available upon request.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Covid-19 recovery:

  Covid-19 recovery

  As a cloud based company we are able to work fully remotely. We have an open, transparent and vibrant culture and were keen to maintain this during the pandemic. Being remote meant not only did we miss collaborating face to face, as a business we were unable to visually see how someone was physically and mentally. Therefore we worked continuously to ensure our culture and wellbeing: Creating a Covid-19 hub for signposting and information Encouraging staff to have their cameras on ensuring face to face interactions. An instant messaging group for all staff to engage and share non work related content Hosting virtual quizzes and coffee mornings Walking Wednesdays Hosting a virtual Christmas Party Increasing 121 communications, with daily virtual standups and having a continuous open door policy Introducing Rate My Team sessions for managers to discuss individuals enabling us to identify and resolve issues as soon as they occur and provide the relevant wellbeing support or resource to work towards a long term solution and future prevention. The office was made Covid safe as part of our return to work programme, with many touch points removed, sanitising stations, signposting and social distancing. We split the company into two teams, rotating fortnightly, to create a more comfortable workplace. We were also very mindful of those who were shielding or had anxieties around Covid-19 by continuing to enable remote working. We designed and built an intranet for NHS Test and Trace and the Department for Health & Social Care using Invotra’s service for 15,000+ users and 10 merging agencies, in response to the demand for a powerful internal communications tool. We delivered a Covid-19 Guidance Hub to DWP within 5 days in March 2020 to provide 100,000+ intranet users access to critical information required at the time.

Pricing

• Price: £20 a user a month
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Contact us for more information.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@invotra.com. Tell them what format you need. It will help if you say what assistive technology you use.