Cyber Media Solutions Ltd.

Audience Engagement Platform

The Audience Engagement Platform (‘AEP’) is an ‘off-the-shelf’ website platform for health and wellbeing, social prescribing and wider public sector projects. It empowers easy and flexible publication and editing of content. The AEP’s annual licence is inclusive of hosting, SSL certificate and security patching.

Features

• Fully responsive website platform seamlessly optimises presentation for different devices
• Publish landing pages, articles, news, blogs, campaigns, events and resources
• Intuitive editor for creating content and uploading images and documents
• Embed video media from YouTube or Vimeo
• ‘Social-media-style’ collaborative spaces for stakeholders with polls and discussions
• Optional directory of services to promote local community offers
• Integrated notification management enables users to easily set their preferences
• Automatic prompts for editors to check content is up-to-date
• UK hosting, SSL certificate and security patching included in licence

Benefits

• Launch an engagement website quickly and easily
• Ideal for public health, social prescribing and community engagement initiatives
• Create attractive, easy-to-use directory of services for clients to explore
• All-in-one, cost-effective solution, supported by an experienced team
• Look and feel can be customised to your organisation’s brand
• Internal accessibility specialists provide advice and expertise on PSBAR compliance
• Delivered under an ISO 9001:2015 Quality Management System
• Operated under an ISO 27001:2022 Information Security Management System

£10,500 a licence a year

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at enquiries@cyber-media.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

545584337081521

Contact

Tony Bonser
01785 222350
enquiries@cyber-media.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
• Service constraints: No
• System requirements:
  • Web browser
  • Internet / data connection

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Target response times are summarised as follows. Critical Priority Issue: 2 hours; High Priority Issue: 4 hours; Medium Priority Issue: 1 day; Low Priority Issue: 2 days; Request for Enhancement: 14 days. ; Support is available Monday - Friday, 9am - 5pm (excluding Bank Holidays).
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Support is provided as standard as part of the annual Theseus product licence. We have a dedicated product support team that provides professional support to clients. The target response times, identified by our Theseus Service Level Agreement (SLA), are summarised as follows. Critical Priority Issue (system unavailable): 2 hours; High Priority Issue (partially unusable, significantly affecting operation): 4 hours; Medium Priority Issue (aspect causing difficulty): 1 day; Low Priority Issue (a general question): 2 days; Request for Enhancement: 14 days.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Our standard offer includes high quality online training materials.
• Service documentation: Yes
• Documentation formats: Other
• Other documentation formats: Training portal / video media
• End-of-contract data extraction: We will provide a standard extract of core data.
• End-of-contract process: We will provide a standard extract of core data. If additional data migration or extraction services are required, these are available via our Rates Card.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: N/A.
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: No
• Customisation available: Yes
• Description of customisation: Custom design is available via Rates Card.

Scaling

• Independence of resources: We use reliable and reputable suppliers. Environments are actively monitored and resources allocated to ensure service standards are maintained. Each deployment features a separate application instance to maximise resilience and security.

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: Less than once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: We will provide a standard extract of core data.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: The in service availability has been, and is planned to be, better than 99.95%. We operate a transparent SLA. In all cases the times indicated are targets and we will make best endeavours to meet or exceed these targets.
• Approach to resilience: Information and Business Continuity Plan available on request.
• Outage reporting: System maintenance and upgrades are performed outside of business hours. Customers are informed of any planned service outage in advance via email. In the event of unplanned outage, customers will receive a report on the cause of the outage and its remediation.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Account management features enable configuration of user permissions.
• Access restriction testing frequency: Less than once a year
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 22/02/2024
• What the ISO/IEC 27001 doesn’t cover: N/A.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: We operate an ISO 27001:2022 Information Security Management System supported by a comprehensive range of policies, procedures and processes, subject to ongoing review. Top level policies include (among others): Information Security Policy, Software Management Policy, Threat and Vulnerability Management Policy, Cloud Services Policy, Clinical Safety Policy.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: We maintain change logs for all our components and services.; ; Significant change must be assessed through compilation of a testing plan with clear acceptance criteria and security impact assessment.; ; The individual responsible for testing must be identified and briefed regarding the testing they will need to undertake.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Our infrastructure is scanned using Nessus. All new software is risk assessed in line with our software management policy. Security patches are applied within 14 days of the update being made available by a vendor. To identify potential threats the NVD and CVE databases are regularly reviewed.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We use a multilayer approach including firewalls and endpoint protection.
• Incident management type: Supplier-defined controls
• Incident management approach: We have an Information Security Incident Policy that defines our response.; All staff will be made aware through their contract of employment, training and by their team manager of what is considered to be an incident.; Information security weaknesses, events and incidents will be reported immediately by staff to the ISM as soon they are seen or experienced.; The ISM will be responsible for closing out the incident. This includes reports to external authorities.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Equal opportunity

  Fighting climate change

  Cyber Media is committed to minimising adverse environmental impacts and a proactive approach to implementing measures with ongoing positive environmental benefits.; ; All our environmental commitments are measurable and demonstrable as we operate an ISO 14001:2015 certified Environmental Management System (‘EMS’).; ; Any non-conformities are logged, monitored and efficiently resolved.

  Equal opportunity

  As a company we are committed to equal opportunities within our recruitment process and professional development functions.

Pricing

• Price: £10,500 a licence a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at enquiries@cyber-media.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.