PRINT IMAGE NETWORK LTD (Trading as UK Engage)

UK Engage Secure online nominations

Our secure online nomination solution is used for board & council/committee elections. It’s easy to use and flexible. With encryption and email confirmation embedded, our solution makes it easy undertaking candidate nomination processes. Our system can be branded with a client’s logo, colour scheme and imagery to increase engagement.

Features

• Online Nomination site (PDFs, FAQs, Videos/Social Media Links)
• Platform Supports Candidate submissions (including Proposers/Supporters)
• Confirmation emails embedded to improve user confirmation
• Open Rates and Click through monitoring emails providing engagement statistics
• Candidate login security with Two Factor Authentication (2FA)
• Aesthetically pleasing digital interfaces. Fully customisable with multi-language options.
• Platform optimised for desktop, laptop, tablet or smartphone.
• SSL Secured using the latest secure encryption certification

Benefits

• Customisable digital solutions to present the customers brand identity.
• Help the environment using digital solutions by reducing Printing/Postage
• Fully Managed Election Services (Digital/Postal) Nominations to publishing the Results
• Independent Election Scrutineer awarded Customer Service Excellence (UK Cabinet office)
• Improve Member/Voter Engagement utilising extraordinary artwork and design
• User friendly digital experience facilitates engagement by reducing barriers
• Mobile optimised technology allows 'Nominations on the move' via Smartphone
• Digital products fully supported by our Admin Support Team
• ISO9001 & 27001, Certified Cyber Essentials and Fully GDPR compliant
• Registered with Information Commissioner’s Office covering Data Protection

£1,350 a unit

• Education pricing available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at a.tye@uk-engage.org. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

488969815077247

Contact

Andy Tye
0161 209 4808
a.tye@uk-engage.org

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: None
• System requirements: Internet enabled device with browser

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We respond to service requests (Working days: Monday to Friday, 9am-5pm, excluding bank holidays) dependent on the type of service issue, to ensure we prioritise the most critical need: ; Down time: Within 4 working hours ; Software failure: Within 4 working hours ; Problem not affecting key functionality: Within 4 working hours ; Query: Same and/or next working day
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: We provide a fully managed election service with a dedicated/named account manager working with the customer on Working days: Monday to Friday, 9am-5pm, excluding bank holidays. ; ; We provide end-user support via email and telephone on Working days: Monday to Friday, 9am-5pm, excluding bank holidays. We aim to answer the phone within 3 rings. ; ; Any support required outside these hours can be provided (price on application)
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: As part of our ISO 9001 and Customer Service Excellence standards, we operate a robust onboarding process to welcome clients to our service. ; Our 5 Stages of Onboarding are:; 1. Compliance: Administration of GDPR documentation, agreements and internal setup; 2. Welcome: Introduction to the team and named account manager for daily contact; 3. Consultation: Most if not all of your requirements, regarding your process, will have been covered in any tender response, meetings or partner plan. However, this is an opportunity to clarify requirements and complete a comprehensive project brief, which your Account Manager will follow. We will also set expectations for the service ahead and goals you would like to achieve for the project. ; 4. Planning: Your Account Manager will help plan the specifics of your process including timetables, any pertinent requirements set out in your election rules (or Articles of Association/Constitution), voting methods, design (based on previous examples of voting materials or entirely new concepts) which will require adhering to your brand guidelines. ; 5. Project Duration: As a new client, we ensure that your experience and result are as you expect. Our Account Managers will adhere to the timescales set to ensure the process meets every single deadline.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: At the close of the nomination process the client is sent all candidate details to undertake the moderation checks. All client data is destroyed 30 days after the voting period closes unless prior agreement is made. Updates throughout the nomination period are available from the account manager.
• End-of-contract process: After the election has concluded, we will undertake a review process and look to obtain your feedback. We will also raise the invoice for the electoral services provided. Arrangements will be made for the data to be destroyed in line with any agreement or legislation. Also we will send details of any communication relating to changes of member details such as email address, etc.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The service is device agnostic and will scale automatically and dynamically to the browser screen size.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: The site is developed with accessibility in mind and meets WCAG 2.1 AA standards.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: Used WCAG testing software that assessed the platform to determine which standards the site met.
• API: No
• Customisation available: Yes
• Description of customisation: Our system can be setup to use the clients branding, including:; • Logo; • Images/pictures/video; • Coprorate colour; • Languages; • downloadable document; • Copy text; ; Our account management team will undertake all customisations with the details provided and send you a link for you to review. The final site will be signed off by you before it goes live.

Scaling

• Independence of resources: We use load-balancing infrastructure that is setup to accommodate for peaks of activity, ensuring the operational effectiveness remains constant. As we control the number of users that can access the system at any time, we can proactively plan to scale the systems if required, especially if large volumes of use are expected. We constantly monitor use of the system and have also have Ddos protection mechanisms in place to allow system performance in the event of any targeted activity

Analytics

• Service usage metrics: Yes
• Metrics types: Metrics can be provided by your account manager
• Reporting types: Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Physical access control, complying with another standard
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: We use Citrix Sharefile for all data transfers that is encrypted and provides an audit trail along with user notifications. Access to the system is controlled via link, username and password being provided to the responsible person on the client side, once GDPR agreements are in place. Stored files are protected using AES 256-bit encryption in addition to unique per-file keys. All our file transfers adhere to our ISO27001 certification processes
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: The system is installed on dual redundant server hardware meaning it any aspect of our server fails the redundant server takes over in a fraction of a second, Therefore our systems uptime availabilty is more than 99.99%
• Approach to resilience: Data security is paramount for running election processes, which is why we invest significantly in our systems, physical/virtual protection, processes, policies, certifications & staff training. Further details are available on request.
• Outage reporting: Our technical team are alerted by SMS and email of any outage, however our systems are also monitored externally by our hosting provider with relevant SLA’s in place for any remedial action required.

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: Access to the management interface is via a small group of our staff via password and username. The service is a managed service whereby the administration is undertaken by our staff to independently manage the election process to remove any perceived bias. The client account manager will facilitate any need the client has acting as the communication channel with the technical/administration team.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users receive audit information on a regular basis
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: ISOQAR
• ISO/IEC 27001 accreditation date: 29/10/21
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: As part of our ISO27001 certification we have the following policies and processes in place relating to information security:; - Back up policy; - Cryptographic control policy; - Network disaster recovery policy; - Data protection policy; - Access and password policy; - Data breach procedure; - Software installation policy; - Secure data file transfer policy; - Access protocol policy; - Removable media policy; - Information security policy and manual; All policies state the processes required to be followed, reporting structure and escalation procedure.; We also have cyber essentials certification.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: We use version control processes with documented release notes to ensure all configurations in a live environment are tracked and managed. All implementations need to be authorised before implementation/roll out. All changes go through a request assessment process before development is undertaken, this includes an impact assessment on the security of the system. Full testing is undertaken before any updates are made to the live system. This is essential to both ensure the security of the system but also to ensure the security of the online voting process.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Vulnerability management for our systems is an integral part of our ISO27001 and Cyber Essentails certification. We regularly assess all possible risks to the services we offer and have mitigation procedures in place to accomodate for any considered scenario. This forms part of our business continutiy and risk managment processes. All systems where data is present are proactivley monitored and scanned to ensure all the latest patches are applied when released keep our systems current and updated. We also have endpoint protection that monitors and patches our antivirus, malware, etc.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: All our systems are constantly monitored in relation to network traffic/access, files, operating systems, firewalls to identify any potential compromises. Our ISO27001 policies define how quickly we respond to any incident along with the remedial action and escalation processes, depending on the issue, severity, risk and impact. Some of these processes are automatic and instantaneous such as our Ddos protection systems that immediately kick in when any malicious activity is identified.
• Incident management type: Supplier-defined controls
• Incident management approach: We have a structured incident management process as part of our ISO27001 certification. The process covers how incidents are reported, what action is then undertaken for containment/recovery, any investigation process, how, who and when we notify of the incident and finally how we review and evaluate the incident and its impact.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  The Climate Emergency declaration has set us on a path to carbon neutrality with the Net Zero vision to see our business not be a net contributor to climate change by 2050. We are part of the green industrial revolution that ensures that the UK meets the Net Zero Target. The primary focus is on Carbon Dioxide (CO2) but our company wide approach also tackles all recycling and energy use. We are relentlessly looking to innovate our specific methods and processes to aid this mission, working with our customer and supply chains. ; ; In 2021 we conducted an environmental impact study, the first step to understanding the impact our business has. The audit covered all aspects of our companies’ operations including; supply chain, energy use, manufacturing processes and waste management. Once we had a clear understanding, we set our goals on sustainability and began to implement the changes, including:; ; • Increasing the amount of waste recycled vs landfill.; • Updating procedures to reduce the amount of printable material produced, therefore reducing waste.; • Upgrading light fittings to energy saving equivalents.; • Reducing the use of cars for business travel and opting for rail or other public transport where possible.; • Lowering the carbon cost of employee’s commute by implementing and encouraging the use of a Cycle to Work scheme. This scheme has been taken up by 3 employees so far.; • Introducing hybrid working models and removing the commute for employees working from home. ; ; In order to maintain our commitment to achieving Net Zero, we have adopted the following carbon reduction targets. We project our carbon emissions will decrease to 35,000 tCO2e by 2028. This is a reduction of 16.74%

  Covid-19 recovery

  As a business we have undertaken a review post-Covid to ensure recovery and any lessons learnt in case of any further pandemic, these include:; • Financial and services damage assessment; • Review of our business model; • Review of risk and contingency plans; • Review of staff working arrangements; The outcome of the review led to the implementation of new policies and training processes to strengthen our business, protect our staff and visitors from COVID-19, and to support the COVID-19 recovery effort, ensuring client delivery and smooth system operation moving forward. Subsequently, we also worked with providers approved by the UK Government’s Educational and skills Funding Agency, to provide apprenticeships, so creating employment, re-training opportunities for those left unemployed by COVID-19, in our sector, other provisions for our staff include:; • The online solutions provided to staff to enable working from home or shielding from COVID-19 to work productively and collaboratively and fulfil their work remotely.; • Our hybrid working model enables all staff to work from home or in the office and is routinely adapted in response to feedback from staff surveys to mitigate the isolation and mental health impact of remote working. We operate weekly team days and fortnightly company meetings and arrange social activities, to support productivity and well-being for our staff.

  Tackling economic inequality

  Our head office is located in the Manchester area (Manchester ranks 6 out of 326 local authorities in England, where 1 is the most deprived) and as such employ staff from all areas around Manchester. ; ; We are proud of our diverse workforce. Our staff are fully trained and must follow our Equal Opportunities policy. We have a diverse supply chain including new businesses, entrepreneurs, start-ups SMES, VCES and mutuals.; ; Working with providers approved by the UK Government’s Educational and skills Funding Agency, we provide apprenticeships, so providing educational attainment relevant our contracts, including training schemes that address skills gaps and result in recognised qualifications and to support employment and skills opportunities in the high growth solution services sector.; ; We also have many suppliers based in the North of England that are used for election materials production and associated services. Each year our staff select 3 charities we contribute to helping indirectly to tackle economic inequality. We also provide democratic services to improve areas of the UK via the Business Improvement District processes. We are committed to tackling economic inequality where possible throughout our business.

  Equal opportunity

  We have completed equality, diversity, and inclusion training for all staff. This displays our commitment to The Equality Act 2010, the objective and learning outcome is to know the protected characteristics as well as the benefits of an equal and diverse workplace. ; ; Equality, diversity, and inclusion (EDI) training is important because it helps our employees to understand the value and benefits of creating an inclusive workplace culture where everyone feels respected, valued, and included. Training helps employees to be able to recognise and challenge unconscious biases, can lead to more fair and objective decision-making. Additionally, it can help individuals understand the importance of treating everyone with dignity and respect regardless of their gender, race, religion, age, sexual orientation, or other characteristics. We believe EDI can create a workplace that attracts and retains a diverse range of talent, which can lead to increased creativity, innovation, and productivity. When individuals feel valued and included, they are more likely to contribute their best work and collaborate effectively with colleagues from diverse backgrounds.; ; Training is conducted through independent training co-ordinator iHasco annually, it requires a pass with a minimum score of 90%.

  Wellbeing

  We provide all staff access to a comprehensive wellbeing programme and run a full employee assistance programme (EAP) with the aim to support and empower staff to create an inclusive, flexible, and quality employment. This has been provided through specialist EAP providers ‘PAM Assist’ for 2+ years. ; ; We are currently the only election services provider awarded the Customer Service Excellence standard. We operate a method of constant appraisal both remotely and on a one-to-one basis. Our directors also actively support staff to enable them to take on their own challenges and move out of their comfort zone. Through an atmosphere of honesty and integrity, staff are willing to take on new tasks knowing that they are well supported.

Pricing

• Price: £1,350 a unit
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at a.tye@uk-engage.org. Tell them what format you need. It will help if you say what assistive technology you use.