Wattle

MemEx - Member, Supporter & Citizen Experience Platform

MemEx delivers unrivalled end-to-end audience (members, citizens and supporters) management through a suite of audience 'accelerators' designed to meet the needs of membership organisations, charities, and pubic sector bodies. MemEx is built on Umbraco's website CMS and Microsoft's Dynamics 365 CRM.

Features

• CRM
• Website CMS
• End to End Membership Management
• Event Management
• Member Engagement Benchmarking & Scoring
• Payments & Invoicing
• Training, CPD & Exam Management
• Case & Complaint Management
• Committee & Branch Management
• Online Communities & Forums

Benefits

• Comprehensive Membership Process Automation
• Automated Membership Renewals & Upgrades
• Member Self-Service Portal

£3.80 to £15.10 a user a month

• Education pricing available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at d.abraham@wearewattle.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

550031741529712

Contact

David Abraham
0117 9717547
d.abraham@wearewattle.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Microsoft Dynamics 365 for CRM. Umbraco for Website CMS.
• Cloud deployment model: Private cloud
• Service constraints: Ongoing planned maintenance and rolling 2-yearly upgrades.
• System requirements: Microsoft Dynamics 365 Licenses

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: CRITICAL - Respond and provide solution within 1 working day.; MEDIUM - Respond within 1 working day and provide a solution within 3 working days; GENERAL - Respond within 5 working days and provide a solution within a reasonable timeframe.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Onsite support
• Support levels: We provide UK business hours support during the working week. Out of hours support can be provided on request and at an agreed cost. ; We have a full Service Level Agreement that is signed of as part of the contractual process providing agreed response times and reporting.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We provide full user adoption and training prior to both UAT and go-live. Wattle will conduct on-site training with defined agendas engaging with users to ensure that they are trained on the areas of the MemEx platform that are critical to them. Wattle certified D365 and Umbraco Trainers provide standard and bespoke CRM and CMS training workshops, to drive improved user adoption, in several different formats all of which include reference guides and trainer packs:; ; • Training the Trainer; • Instructor-Led Team Training; • 121 Tuition; • Remote Bitesize Sessions
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Users can export data from Microsoft Dynamics 365 and the Umbraco CMS at any point. This uses the Software Development Kit (SDK), manually export data using the data export functionally.
• End-of-contract process: Wattle agree client specific exit strategies with each individual client. If offboarding support is required it will be at an additional cost charged on a time and materials basis.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Functionally the desktop and mobile solutions are identical.
• Service interface: No
• User support accessibility: WCAG 2.1 A
• API: Yes
• What users can and can't do using the API: We have an API toolkit that administrative users can interrogate and build on. This allows MemEx to be made easily available to 3rd party providers to interface with inbound and outbound in a secure way.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Microsoft Dynamics 365 is a highly customisable and flexible CRM system. The bulk of the customisations can be carried out without requiring custom development i.e. amending and creating new entities, views, fields, and workflow processes. ; ; The Umbraco CMS is a flexible website content management systems and can be developed to suit the fast majority of client requirements.

Scaling

• Independence of resources: Wattle deploys highly scalable Microsoft .NET platforms, running within Azure infrastructure, that can respond to bottlenecks and unexpected loads appropriately to automatically achieve a high level of concurrency. We can setup and fine tune rules on resource utilisation that allow us to quickly meet the demands of the system. At peak points of traffic, the system can automatically scale to meet it and descale once the need has subsided. This allows us to keep costs firmly under control without compromising on the customer experience.

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
• Data sanitisation process: No
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Data can be exported from Microsoft Dynamics 365 through the Export to Excel feature and using web service APIs documented in the Dynamics 365 SDK. Data can also be exported using the data export service.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Dynamics 365 online offers an SLA of 99.9% availability and will provide service credits should it not meet this.; ; Less than 99.9% uptime – Microsoft will issue a 25% service credit.; Less than 99% uptime – Microsoft will issue a 50% service credit.; Less than 95% uptime – Microsoft will issues a 100% service credit.; ; Microsoft provides a service level up-time commitment of 99.9%.; ; In the event that the service level falls below 99.9% for a given month, Microsoft will provide a Service Credit.; ; Microsoft SLA documentation is available here: https://docs.microsoft.com/en-us/office365/servicedescriptions/office-365-platform-service-description/service-level-agreement
• Approach to resilience: Microsoft Dynamics 365 is hosted in Microsoft data centers which have an array of technical and physical security measures and mechanisms to protect data.; ; These include secure perimeter fencing, video cameras, patrolling security personnel, secure entrances, and real-time communications networks. Microsoft blocks unauthorized traffic to and within datacenters, and security extends to each physical server unit.; ; Please see following link to the Microsoft Trust Centre: https://www.microsoft.com/en-gb/trust-center/product-overview
• Outage reporting: - Public dashboard via Microsoft; - API and Service Portal; - Customer email alerts

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: Modern authentication brings Active Directory Authentication Library (ADAL)-based sign-in to Office client apps across platforms, enabling sign-in features such as Multi-Factor Authentication (MFA), SAML-based third-party identity providers with Office client applications, and smart card and certificate-based authentication.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: Wattle solutions leverage Microsoft Cloud Services which comply to ISO/IEC 27001 and CSA CCM v3.0. as well as all global security requirements.
• Information security policies and processes: Wattle maintain a risk log of potential security risks and carry out regular penetration and SSL tests. The log is monitored regularly and processes are in place to ensure that any identified risks are acted upon and rolled out to clients as necessary. Regular reporting is provided to the Senior Management Team (SMT) and responsibility resides with the SMT.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Wattle has developed a proven and reliable implementation methodology, including a robust change management process which mitigates against project risks and provides an audit trail of amendments to the project’s terms of reference.; ; If, as a result of any change, additional project work is required, the Wattle Delivery Manager raises a Change Request (definition of change required and associated cost). This is followed by review by the Client and acceptance / rejection.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Microsoft delivers two wave releases per year which offer new capabilities / functionality. Wattle are notified of these updates in advance. We follow Microsoft guidelines and take a low code / no code approach to system development. This ensures ease of upgrade as the upgrade is usually backwards compatible. Our team test any update separately before applying to the client instance. Microsoft also deploy regular performance and reliability improvement updates throughout the year.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Dynamics uses Microsoft's Cyber Defense Operations Center which brings together security response experts from across the company to help protect, detect, and respond to threats in real-time. Staffed with dedicated teams 24x7, the Center has thousands of security professionals, data scientists, and product engineers to ensure rapid response and resolution to security threats.; ​; Informed by trillions of data points across an extensive network of sensors, devices, authentications, and communications, the Center employs automated software, machine learning, behavioral analysis, and forensics to help their teams counter threats with strong containment and coordinated remediation.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Microsoft’s approach to managing a security incident conforms to the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-61, and Microsoft has several dedicated teams that work together to prevent, detect, and respond to security incidents.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  Wattle realises that is has a responsibility to the environment beyond legal and regulatory requirements. We are committed to reducing our environmental impact and continually improving our environmental performance as an integral part of our business strategy and operating methods. We will encourage customers, suppliers, and other stakeholders to do the same.
• Equal opportunity:

  Equal opportunity

  Wattle is committed to encouraging equality, diversity, and inclusion amongst our team, and eliminating unlawful discrimination. The aim is for our team to be truly representative of all sections of society and our customers, and for each employee to feel respected and able to give their best. The organisation, in providing its services, is also committed against unlawful discrimination of customers or the public.
• Wellbeing:

  Wellbeing

  Wattle offer an Employee assistance programme (via BUPA) as an employee benefit that provides the team with support and practical advice on issues that might be impacting their wellbeing and performance.

Pricing

• Price: £3.80 to £15.10 a user a month
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at d.abraham@wearewattle.com. Tell them what format you need. It will help if you say what assistive technology you use.