GRANICUS-FIRMSTEP LIMITED

Granicus Government Experience Cloud for Housing

The Granicus Government Experience Cloud is a comprehensive cloud-based solution for communications, citizen engagement, digital services, and customer service. It’s designed to enable stronger relationships, improved trust, and excellent customer experiences.

Features

• Manage customer interaction using centralized online tools
• Use digital and mobile optimised portal to enable online services
• Send personalised and targeted newsletters, bulletins and alerts to subscribers
• Build and grow large audiences to engage with service users
• Utilise online public consultation and engagement tools
• Enable Surveys, Quick Polls, Discussion Forums, Ideation, Interactive Mapping
• Embed polls and surveys on the website for high engagement
• Fully complies with General Data Protection Regulation (GDPR)

Benefits

• Rationalise existing legacy IT systems by converting to one platform
• Automate forms and processes to save time and money
• Digitally transform your organisation with scaleable solutions for public sector
• Lower IT costs using a cloud/hosted solution with automatic updates
• Utilise low code solutions that do not require onsite maintenance
• Integrate with other solutions/applications using free, easy, DIY tools
• Drive behaviour change using targeted email marketing campaigns
• Use custom designed on-brand and mobile responsive email templates
• Access to multiple feedback tools across multiple consultation phases
• Consistently collect, analyse, report, and present data

£67,565.00 a licence a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at uk-sales@granicus.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

430930054039215

Contact

Asim Ali
0800 048 7518
uk-sales@granicus.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Granicus govService, Granicus govDelivery, Granicus TMS, Granicus Engagement HQ, Granicus Experience Group (GXG.
• Cloud deployment model: Public cloud
• Service constraints: None
• System requirements:
  • Dependent on options chosen. May include:
  • Supported web browser
  • Connection to the Internet
  • Lightweight VM/server provision for LIM and optional FAM Modules

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Please see our licence agreement for further information.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: Web chat solution is tested to meet accessibility standards.
• Onsite support: Yes, at extra cost
• Support levels: Support is standard and included within the license. This includes full access to our online support desk which can be accessed via our online portal, email and live chat. Phone support is available for most services.; ; Our service includes access to a Customer Success manager, whose role is to help customers to get the best use of our service offering ideas and sharing best practice and the experience of the user community.; ; Access to our govCommunity portal is also included, providing a collaborative environment to discuss, learn and share with other platform customers.; ; On-site support is optionally available for select services.; ; Please see our service description document and product listings for full support details.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We provide a dedicated project manager to onboard new clients in addition to a dedicated account manager throughout the life of the contract. For on boarding we typically provide project management, help to adopt our environments, workshop training, development and technical consultant services. On-boarding projects are developed for each client based on their project requirements.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: Should a customer decide to cancel their agreement, the customer's data will be returned securely. Data format will be dependent on service and may include CSV, XLS and SQL.; ; Depending on product, customers can also download their data at any time via the portal.
• End-of-contract process: Decommissioning is included in the licence cost. Granicus will confirm the date on which customer access will be terminated.; ; Granicus will then decommission the service in line with its security and decommissioning policies. Applicable data will be returned securely via CSV, XLS and SQL.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The end user interface has been designed/optimised for both desktop and mobile devices. The back office administrator interface, while not designed or tested specifically for mobile devices, allows access to features.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: The platform includes a browser based web interface which allows users to access the service directly from a web browser.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: The platform aims to meet WCAG AA standards utilising standard in-built browser accessibility features.
• API: Yes
• What users can and can't do using the API: The Government Experience Cloud provides a comprehensive range of open API's as standard to support data connectivity with third party systems. Specific functionality will depend on modules taken but include:; ; • Creating new cases; • Updating existing cases; • Creating subscribers; • Updating subscribers; • Sending SMS/Email and voice messages; • Creating web content; • Updating web content; • Consultation information across forums, stories, questions, engagement contributions, quick polls, surveys, ideas, projects and users; ; Test environments will vary by module. ; ; Further API information is available on request.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: The Government Experience Cloud provides a comprehensive range of configuration options for each module.; ; Clients have full control over the personalisation of the service including branding, look and feel, layout aspects, features, content and much more. ; ; The platform can be branded to become an extension to your existing web presence, providing end users with a highly consistent user experience.; ; For further details please see our service description document and individual product listings.

Scaling

• Independence of resources: The Government Experience Cloud is a SaaS platform based on multi-tenanted and single tenanted architecture. The platform has been designed to scale based on overall workload, enabling the platform to process millions of transaction per year and to be scaled for many more as required. As an example the platform currently supports over 300 million subscribers and over 20 million transaction requests.

Analytics

• Service usage metrics: Yes
• Metrics types: The Government Experience Cloud provides an extensive range of metrics and reporting options. Please see our service definition and individual product listing for further details.
• Reporting types:
  • API access
  • Real-time dashboards
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Other
• Other data at rest protection approach: Please contact for full details.
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Users with appropriate administration permissions (set by the client) can export their data at any time.; ; Data can also be exported via optionally connected third party reporting tools and via API.; ; Specific options will be dependent on platform module.
• Data export formats:
  • CSV
  • ODF
  • Other
• Other data export formats:
  • SQL
  • JSON
  • XML
  • Database
  • XLS
  • PDF
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • SQL
  • JSON
  • XML
  • Database
  • XLS
  • PDF

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection within supplier network: Please contact us for further details.

Availability and resilience

• Guaranteed availability: Availability ranges from 99.95 to 99.00%.; ; Please contact us for further details.
• Approach to resilience: The platform has been designed from the ground up to be highly resilient with build in redundancy as standard. Redundancy is provided via two platform instances hosted within different data centres.; ; Please contact us for further details.
• Outage reporting: Service status is communicated via our customer portal, email alerts and sms alerts.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
• Other user authentication: Authentication is required for clients to access platform modules. Authentication for the public/citizens is optional as defined by the client.; ; Support for third party authentication providers is also available.; ; Please contact us for further details.
• Access restrictions in management interfaces and support channels: Access restricted by user permissions and role based access controls.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: Reviewed 01/2021 & 03/2022
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • Cyber Essentials
  • FedRAMP
  • Please see our product/listings for further details on certification applicability

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Granicus has many security policies and processes that support both ISO 27001:2013, the NCC Cloud Security Principles and FedRAMP (based on NIST 800-53r4), covering everything from physical security to system communications to vendor security. Processes are created for each NIST 800-53 control family and are documented on an internal wiki site.; ; All employees are required to sign an Acceptable Use Policy that spells out the requirements. Failure to follow the security policies/processes can result in disciplinary action from Human Resources, up to and including termination.; ; Please contact us for specific details.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Tickets are created for all changes. These tickets include information on potential customer impact, QA steps, and a backout process. The changes are all reviewed at change management meetings and must be approved before being implemented. Changes are also reviewed for potential security impact.; ; Individual physical components are tracked through a combination of an asset inventory and through the ticketing system that identifies the components that are changing.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Infrastructure is scanned on a monthly basis. A ticket is created for each identified vulnerability for tracking throughout the lifecycle, and an internal remediation timeline is set depending on the severity. Teams meet weekly to review the vulnerabilities and identify timelines and ensure that issues aren't missed.; ; In addition to scanning, Granicus subscribes to the UK National Cyber Security Centre, US-CERT and individual vendor security mailing lists so we are notified when important vulnerabilities are identified. Tickets are created for each of these as well and follow the same process as scans.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Granicus utilises both network and host-based intrusion detection systems that send logs to a centralised location for proper correlation.; ; If a compromise is suspected, the incident response team is mobilised to investigate and confirm/deny the actual breach. If a breach is confirmed, the customer support team reaches out to all impacted customers immediately and provides updates every 20 minutes until the issue is contained (the same process is used for any incident). A root cause analysis (RCA) is then provided after the remediation, generally within 48 hours.
• Incident management type: Supplier-defined controls
• Incident management approach: Incident management is performed in accordance with Granicus’s ISO27001 accredited incident management process which identifies the flow from incident detection to remediation, including many high-level processes.; ; Customers can report incidents to support. This kicks off the process, which includes automatically generating a ticket and beginning the triage process.; ; Internally, a detected incident is reported to customer support so that the team can communicate to any impacted customers. Updates are sent every 20 minutes for severity 1 issues.; ; For impactful incidents, after it is remediated, a root cause analysis (RCA) is provided to impacted customers, generally within 48 hours.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  Granicus aim to be an environmentally and green aware company. Our platform has received awards for its positive environmental impact and we are incredibly proud to partner with customers to address climate change challenges through digital government services. ; ; Providing residents with means to digitally transact with their local authority inherently helps reduce a community’s carbon footprint. Traditional paper processes can be significantly reduced or eliminated, thereby reducing costs, paper wastage, postage and associated delivery impact. Work processes delivered via the platform will also significantly reduce the requirement for face-to-face interactions for many types of service, reducing local travel and associated emissions. ; ; Combining our self-service and communications capabilities provides ways to reduce environmental impact. One UK council have increased recycling rates and reduced missed bin collections through the platforms deployment. When customers enter their addresses in a form, the platform automatically stores up the customer’s collection day and routes; enabling automatic reminders to be sent. In future, the customer receives personalised, timely, and automated bin collection communications. This combination has not only improved sign-up rates and outreach but improved the efficiency and consistency of collections.; ; Similarly, engagement features promotes a hybrid consultation environment to reduce the dependence on in-person and paper document-rich approaches.; ; Climate change discussions necessitate flexibility to promote meaningful dialogue. Government Experience Cloud is the only unified platform providing comprehensive engagement tools in three environments, within which tools can be blended to work for your particular audience and topics to broaden engagement and reach. ; ; Many of our global clients have successfully used the platform to engage on climate topics. One UK council mounted a video highlighting the climate change issue and proposed local actions. They asked residents for ideas on what the Council could do and invited questions.
• Covid-19 recovery:

  Covid-19 recovery

  Many customers, spanning central and local governments, healthcare and emergency services, have acknowledged the sheer power they could harness during the pandemic by leveraging our cloud platforms’ intuitive, easy-to-use user interfaces to quickly deploy critical messages to residents, providing urgent support. ; ; Services usually delivered face-to-face or telephone transitioned to the web, taking advantage of highly-scalable digital communications technologies (email, SMS, social, web) to deliver vital information to broad audiences in real-time. Powerful engagement tools enabled councils to not only continue critical consultation activities robustly, but discuss and develop COVID strategies to help community, business and individuals. Almost 4 billion COVID-related messages helped communities access the critical information needed to navigate the rapidly-evolving pandemic situation. ; ; A UK city council deployed a Granicus Experience Cloud workflow within 48 hours to identify their most vulnerable residents who were shielding. The use case was subsequently expanded to manage provision of food, medical supplies, and recruit 780 care workers. These care workers then used the platform to deliver emergency care, securely capturing case notes and completing well-being checks.; ; As agencies move to the Government’s ‘Living with COVID’ plan, there will still be need for COVID-related communications, services and dialogues. Staff can shift existing digital approaches to address specific areas of continuing local need, such as promoting local retraining/recruitment initiatives or providing information and support to residents impacted by the disease. Since staff have complete autonomy over sites and newsletters, creation and format/content changes are simple, agile and efficient.; ; The pandemic has been a significant world history event; each community must find ways in which to record and celebrate significant events and achievements. Many councils use our engagement features to capture COVID experiences through written, audio/video accounts. For example, COVID volunteer communities share volunteering stories and opportunities, while inspiring and engaging potential future interest.
• Tackling economic inequality:

  Tackling economic inequality

  Councils can support and promote local business and encourage economic growth using the Granicus Experience Cloud (GXC). Agencies can facilitate efficient, multi-way communication among local business, suppliers, citizens and themselves. They can springboard initiatives to identify high growth sectors; determine local gaps in demand; analyse supply chain requirements and develop strategies to encourage growth. ; ; The platform can also allow agencies to run targeted, multi-channel recruitment campaigns; as an example, one or more UK police services have successfully promoted their need to hire additional resources. Many of our health service customers who use The Government Experience platform as an internal communications tool have topics relating to HR, recruitment and apprenticeship opportunities.; One city council uses the platform to reduce homelessness. The council screen and rapidly assess in real-time whether a housing application will be successful. They also provide signposting to services and information adjusted for the customer's circumstances. ; Information presented in a consistent manner and embedded calculations considerably reduce housing officers’ workload and lead to quicker, more consistent decisions. In addition, the council’s ‘Home-finder Priority Application’ collects customers’ details from their online profile, then automatically determines whether their immigration status makes them eligible for housing services. This ensures appropriate services and information is provided at the earliest moment.; Engagement Q&A’s and forums can be set up for local employers’ information, targeting particular industry sectors, locations etc.; “open house” sessions scheduled with business organisations (e.g. Chamber of Commerce); opportunities promoted via news feeds; “Did you know?” resources supplied; registration/enquiry forms provided.; ; Engagement tools can also help gain intelligence regarding local requirements, opportunities and challenges for such training initiatives as apprenticeship or work placement programmes. Specific demographic information (e.g. young adults or adults who lost employment due to the pandemic) will help match training to current skills gap.
• Equal opportunity:

  Equal opportunity

  Socially-disadvantaged/at-risk residents may find it difficult to reach local council news, services and support; council staff may equally struggle to identify, reach and address these individuals’ needs. Those without a fixed address, or who find it difficult to assimilate non-digital written content without aids are potentially excluded from information exchange or support.; ; Our platforms help staff create easy-to-use content, forms and workflows for online communications and services. Our design tools are accessibility compliant; content is compatible with common Web browsers and accessibility booster tools. The platforms can be reached from a range of mobile devices and intuitive user interfaces mean staff can use them without specialist experience. Since platform logins are web-based, there is no requirement to work in a specific location, meaning staff could work remotely if required. ; ; As Granicus Experience Cloud services are consistently-displayed for both staff and customers, CSAs can use both online and mediated channels to support customers normally digitally excluded to go online, use the digital service or even achieve basics like setting up an email address, browsing the internet etc.; customers can then reach improved opportunities for housing, employment or financial support. ; ; Using the engagement features to consult with community, agencies can conduct hybrid engagements to match participants’ availability and access requirements. Agencies can form improvement roadmaps to include identifying gaps in service provision, ideas for new service requirements and local needs. The platform can subsequently involve residents in forming strategies for employment, training and care/support initiatives. ; ; A central government’s consultation regarding a national disability insurance scheme gathered rich personal stories via our platform to drive profound public policy change. Stakeholders discussed technical, legislative and policy questions in moderated forums. About 300 compelling personal stories gathered by guest books and hosted media helped drive the policy debate that eventually led to disability care legislation.
• Wellbeing:

  Wellbeing

  Increasingly, councils and other government agencies are establishing corporate goals to promote healthy living and wellbeing to its residents. The range of focus runs from making locations more accessible and conducive to walking, biking and other exercise to healthy eating ideas, mental and physical health support resources and both team and individual challenges.; ; For example, customer consultations about walking, hiking and biking trails or leisure facilities using Government Experience Cloud have led to informed planning and design influenced by those who will use and benefit from those spaces. Similarly, a council could conduct engagement exercises regarding the need for physical or mental health resources to support residents impacted by the pandemic.; ; When the parents registered a birth through a county council’s platform workflow, a message was automatically sent using the comms features to trigger an invitation for the Hungry Little Minds series of newsletters. By collecting specific information through the use of questions (e.g. birth date), the council were able to tailor future information over the course of the campaign to send age-appropriate content throughout the first few weeks and months of the child's life. ; ; If this campaign were dovetailed with the platforms engagement features, the early years user community and local parents could both engage and learn with others in similar situations using discussions, story sharing and idea exchange features to support their journeys with growing families. The council sponsoring the user communities could also gain useful insights about the group’s attitudes or needs through quick polls or surveys, which could later generate specifically focused consultations. To close the circle, activities and insights could be promoted and reported on back with communication tools.; ; A relatively new example is a dedicated children’s portal which focuses on provision of a range of services including wellbeing, care and education of children.

Pricing

• Price: £67,565.00 a licence a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at uk-sales@granicus.com. Tell them what format you need. It will help if you say what assistive technology you use.