Unboxed Consulting Ltd

e-Petitions

e-Petitions enhances political engagement by allowing citizens to create, circulate, and sign petitions. Once they reach the required number of signatures, the outcomes of parliamentary debates are shared with the petitioners. This service is currently employed by the UK, Scottish, and Welsh Parliaments, and the Government of Jersey.

Features

• Create petitions and share them with your network
• View government-debated petitions with linked supporting video, text, and documents
• View responses by government to petitions
• Customise for different political organisations from national to local level
• Petition management and moderation
• Government response and debate management
• Strong cyber security for fraud prevention
• Securely hosted on AWS
• Geo-restrict signatures by IP address lookup
• Notify petition supporters of updates

Benefits

• Increases public involvement with politics in a constructive way
• Enables public engagement and dialogue with elected representatives
• Highly scalable to match popular demand from the public
• Offers insights on topics central to public interest
• Provides insights into regional issues
• Gives an accessible voice to the whole population
• Simple to use, following GDS design best practices

£700 to £2,000 a unit a day

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales-team@unboxedconsulting.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

496248451680410

Contact

Jo Oliveira
+44 (0)20 7183 4250
sales-team@unboxedconsulting.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: No, the product will be customised and configured to your organisational needs. Once implemented, maintenance is scheduled to fit with your requirements.
• System requirements: N/A: this product is cloud based, accessed via web

User support

• Email or online ticketing support: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Web chat
• Web chat support availability: 24 hours, 7 days a week
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: Untested but stated on Slack website
• Onsite support: Yes, at extra cost
• Support levels: We provide second and third line support for priority 1 and 2 events. This is either 24 hours a day 7 days a week or business hours only.; ; The cost for the support service is either £6,300/month for 24/7 or £3,150/month for business hours only.; ; After the first hour, issue remediation costs £170/hour.These events are resolved by our cloud support engineers.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: E-Petitions requires customisation to fit your organisational needs. Our team of designers and developers work with you to establish the requirements and then deliver a customised solution within agreed timescales. This is charged on a day rate basis.; A part of this service is training your team on how to use e-Petitions.
• Service documentation: No
• End-of-contract data extraction: Our engineers can work with you to extract the data in the format you need. e-Petitions does not contain generic user data export functionality.
• End-of-contract process: The service offered here is a bespoke customisation of e-Petitions, this will be charged on a time and material basis. e-Petitions will either: (a) be implemented on your instance of AWS; or (b), on Unboxed’s instance of AWS.; In the case of (a), once the implementation is complete, there are no further costs. With (b) you will be invoiced monthly hosting fees until such point as you wish to cancel the service or migrate the hosting.; Unboxed is available to provide ad-hoc support on a time and material basis and, should you require it, an ongoing guaranteed support contract. These are additional costs to the initial project.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The product has been created with responsive design, this means that regardless of the device being used to access it, the interface is displayed in an optimal way for that format.
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: No
• Customisation available: Yes
• Description of customisation: Prior to go-live, all implementations are customised by our designers and developers to fit your organisational needs. We will scope this collaboratively with you, we charge for our team based on their day rates.

Scaling

• Independence of resources: E-Petitions is hosted on AWS and is engineered for scalability.

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: Less than once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Physical access control, complying with SSAE-16 / ISAE 3402
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: User data is not exported. We can work with you to create custom exports based on your organisational requirements.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Other
• Other protection between networks: SSH for remote console access
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: SSH for remote console access

Availability and resilience

• Guaranteed availability: E-Petitions is hosted on AWS and availability, aside from scheduled maintenance of the product, mirrors that of AWS.; Unboxed offer an additional support service, to assist in the event of high priority issues.
• Approach to resilience: E-Petitions is built with a combination of automated test suites and manual user acceptance testing. Code is written to NCSC secure development principles and includes automated testing against OWASP identified security risks. App development framework (Ruby on Rails) provides automatic protection against CSRF, XSS and SQL injection attacks.; ; e-Petitions environments are built using IaC ensuring reproducibility and rapid reconstruction. Apps use managed services for things like cache, databases, etc. which provide automated management of updates and backups. Managed database service (AWS RDS) has both failover and point-in-time recovery - the latter provides the ability to recover lost data should accidental deletion occur.; ; e-Petitions is deployed in an autoscaling configuration that allows increasing the number of servers rapidly in response to a change in demand. e-Petitions is fronted by load balancers and CDNs with WAF configurations that allow blocking/rate limiting of requests by ip address and addition of extra rules to combat emerging threats.; ; Apps use a variety of monitoring tools like Appsignal and CloudWatch alarms to proactively alert us to errors and performance problems. Apps also include custom monitoring for exceptional events such as fraud detection.; AWS data centres use redundancy, failover, and geographic diversity.
• Outage reporting: E-Petitions is integrated with AppSignal which sends phone and email alerts using Pager Duty in the event of an outage, relevant parties are notified.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Management information for e-Petitions is only available via identity federation with an existing provider. Named individuals in your organisation are the only people who can access our support channels.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: Cyber Essentials Plus
• Information security policies and processes: Directors and the CTO are responsible for Information Security. All Unboxed staff report to them in this area and comply with a Cyber Essentials Plus certified policy. Policies are enforced through training, spot-checks and device management software.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: E-Petitions environments are built using IaC and stored in GitHub along with the source code of the application. Any changes to either the configuration or source code is raised using a pull request which is then peer reviewed (including security assessment) before being merged. The management of this process is done via the Trello kanban tool. Apps have a staging/preview environment where changes can be tested for user acceptance before being deployed to the live environment.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: E-Petitions source code repositories are configured to automatically create pull requests should a CVE security alert be published for a dependency. These pull requests are then expedited through the change management process depending on the vulnerability score and whether the application is affected by the specific mechanism in the CVE.; Servers are configured to apply updates automatically and send Slack notifications if an update requires the server to be restarted. Servers are regularly refreshed to use the latest system images so that minimal updates are required when scaling.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: E-Petitions uses a combination of monitoring tools such as Appsignal and CloudWatch to alert should we see elevated error rates, individual exceptions or performance problems such as external APIs being slow to respond or returning errors. Servers are also configured to log all commands to external services which prevents tampering and remote access is notified externally to Slack where it can be challenged and confirmed. Apps also have internal custom monitoring to alert to suspicious patterns of behaviour. Response to P1 issues is within an hour, the type of response is dependent on the issue.
• Incident management type: Supplier-defined controls
• Incident management approach: During implementation of e-Petitions, the team works closely with you from customisation based on your requirements through to go-live. If you elect to engage Unboxed in a support contract post go-live, we provide second and third line support. We have a dedicated team trained in resolving common issues, progress on which is fed back on an hourly basis. Nominated individuals within your organisation report a P1 or P2 issue using our dedicated support phone number, after they have performed initial triage. Once the incident has been resolved, Unboxed will provide an incident report.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Unboxed is working across a wide range of areas to combat climate change, from small incremental changes within our office processes to larger, national level activities. We are committed to minimising our environmental footprint and supporting the UK Government’s sustainability goals. ; ; Activities include:; ; Creating Char.gy (https://char.gy/), an electric vehicle lamppost chargepoint solution and digital application, supporting the end-to-end EV charging experience, and uptake of EVs in residential areas through on-street charge points, using 100% renewable energy; Supporting local green initiatives - in 2022, we ran a campaign to help young aspiring football players reduce their use of single-use plastic. #PlayersAgainstPlastic encourages players to think about how they can take small steps to improve their impact on the environment.; ; Raising money for charity - in 2022, we joined Ride the Change, a 225 mile cycle tour raising awareness about positive climate solutions and connecting with our local like-minded community; ; Providing teams to work with other organisations (e.g. Department for Business, Energy & Industrial Strategy) on projects that are working towards fighting climate change; Using a green energy company to provide all of our office electricity; ; Providing a ‘Cycle to Work’ scheme to support employees with an alternative to private and public transport, and reduce personal carbon footprints; ; Zero waste to landfill - we work with First Mile to fulfil our zero waste to landfill commitment. This involves being careful about the choices we make when it comes to office supplies, thoughtfully selecting our materials and suppliers to make it easy for our team to reduce energy use.; ; Giving unused equipment a second life - we use Freecycle to give away any office equipment and furniture we no longer need. We’re also committed to fixing and refurbishing phones and laptops for our team members, rather than buying new ones.

  Covid-19 recovery

  Throughout the Covid-19 pandemic and beyond, we continue to adapt and iterate our working processes to support our employees and customers, and meet government guidance.; ; Activities to support Covid-19 recovery include:; ; Prioritising engagement with local community groups affected by the pandemic, ensuring their voices shape our design and development practices. Through workshops, we empower community members to actively participate in the design process, fostering inclusion; ; Providing a hybrid working environment to all employees, enabling people to work from a combination of our office, their home, on-site, and from other locations (e.g. working spaces); Creating opportunities for fully-remote employment; ; Ensuring the wellbeing of employees who may need to shield through additional support channels; ; Giving employees the flexibility to decide when, and how often they would like to work from our office; ; Supporting our customers with hybrid working practices, working with them to decide the best appropriate cloud-based communication tools and systems to collaborate, and support our work; ; Developing skills and building capabilities by working with individuals from underprivileged backgrounds, providing expertise in user experience design and digital innovation.

  Tackling economic inequality

  Unboxed has a track record of providing tangible opportunities to support new businesses, jobs, and skills through a variety of channels.; ; Activities include:; ; Job and skills training - partnering with local organisations and educational institutions, Unboxed team is consistently involved in local programmes that provide training, mentoring and coaching specifically targeting communities facing economic challenges. These programs will equip participants with in-demand skills relevant to the healthcare technology sector, such as user experience design, service design and coding, thereby enhancing their employability and facilitating upward mobility. Some of these programmes include: Rails Girls London, BeMe Mentoring, Tutorfair (underprivileged kids in coding), Young Green Britain Challenge, Codebar, Service design network UK; ; Upskilling within organisations that we’re working with “on the job” in agile, user-centred and digital skills through one-to-one working, pairing, coaching, mentoring, running workshops, and other methods to build sustainable in-house teams, skills, and capabilities; ; Always considering digital inclusion and accessibility - we ensure our work prioritises accessibility, providing guidance and resources to bridge the digital divide for vulnerable populations. Partnering with local authorities through our project work, we promote digital inclusion and reduce health disparities.; ; Creating and running an in-house development bootcamp (“Unbootcamp”) to support cohorts of individuals from non-development backgrounds into development roles through a structured, hands-on, and supportive programme; ; Regularly organising and running Techqala (https://www.techqala.com/), a Cape Town-based startup accelerator/business innovation camp/team-bonding experience, created to bring together local South African startups (with complimentary places), and international corporate innovators for a week of learning and creative business thinking

  Equal opportunity

  Unboxed is committed to equal opportunity for employees, partners, and the wider community. We actively address the disability employment gap and promote a diverse, inclusive workplace where all can thrive. We understand the importance of building a diverse, inclusive team, recognising that this directly improves the quality of insights delivered through our work.; ; Activities include:; ; Supporting students by providing ‘on the job’ work experience, enabling them to gain hands-on experience by joining our project teams for periods of time (e.g. ‘My Year 11 work experience with Unboxed’: https://unboxed.co/blog/my-year-11-work-experience-with-unboxed/) and ‘Working with Unboxed’ https://unboxed.co/blog/leyarnis-work-experience/); ; Working with apprentices through joining our project teams, and collaborating on a day-to-day basis to upskill in-house teams, and build internal capabilities through one-to-one working, pairing, coaching, and other techniques; ; Ensuring our culture, the way we promote ourselves, and the recruitment process, are all focused on increasing the diversity of the organisation. One result is that the company has shifted from being very male dominated, as is typical in the tech sector, to being over 50% female including senior technical roles.; ; Holding ongoing inclusion training with external facilitators for our employees, covering areas including inclusion within our recruitment processes, intent and impact, psychological safety, and how you want to be treated in the workplace; ; Successfully shifting our organisational demographics to be over 50% female, including senior technical roles, challenging the male-dominated norms prevalent in the tech sector. We conduct ongoing inclusion training facilitated by internal wellbeing experts to educate our employees on topics such as kindness at work, psychological safety, and creating inclusive work environments.

  Wellbeing

  Unboxed is actively working to maintain an inclusive workplace with a culture and environment that strives to promote the wellbeing of our people so that everyone has a sense of belonging and feels involved, empowered to do their best, and be successful.; ; We work hard to maintain our culture of openness through promoting a positive work-life balance, remaining open in communication, creating positive working relationships, and encouraging diversity of thought and behaviour.; ; Activities include:; ; Employing a dedicated wellbeing and people role to provide wellbeing support to our whole team; ; Facilitating monthly wellbeing drop-in sessions across a variety of mental and physical wellbeing topics, including how to listen well, gratitude, and more, to support people with communication, and managing relationships; ; Holding third-party mental health awareness workplace training courses, with topics including intent and impact, and signs and symptoms of wellbeing issues, to support our employees; ; Monthly one-to-one personal reflection sessions, as a way for each employee to reflect on, and progress their personal and career development; ; A wellbeing Slack channel to share articles, resources, tips, and other content as additional support; ; Regularly writing, and publishing blog posts to share what we’re experiencing and learning with the wider world (e.g. ‘Supporting the wellbeing of a remote digital team’: https://unboxed.co/blog/supporting-the-wellbeing-of-a-remote-digital-team/)

Pricing

• Price: £700 to £2,000 a unit a day
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales-team@unboxedconsulting.com. Tell them what format you need. It will help if you say what assistive technology you use.