Brightwire

Survey software and feedback tool (Enterprise Feedback Management)

FRED: Feedback. Respond. Evaluate. Drive engagement. Organisations are increasingly seeking to connect with customers and engage with employees to measure satisfaction. With FRED you can create tailored, branched and multi-question two-way SMS based campaigns to increase response rates. Responses are saved and can be reported on for insight and action.

Features

• Instant NPS feedback survey via SMS and Email
• Quick and easy web interface to create campaigns and surveys
• Multi-threaded and branched questions
• Completely self-service and easy to manage
• Alerts and notifications
• Comprehensive reporting and data analysis
• Integration-capable with workflows and approvals
• Supports custom data attributes for analysis
• Survey staff, customers and stakeholders or events attendees using NPS
• Two-way messaging support

Benefits

• High response rates (typically 40%+)
• Multiple concurrently running surveys
• Improves agility through better data insight
• Comprehensive dashboard
• Better engagement with customers and stakeholders
• Integrates with other applications (e.g. CRM)
• Better handling of customer complaints and service issues
• Easy exporting for further analysis
• Instant engagement with customers via SMS
• Analyse how your customers feel with sentiment add-ons

£200 a unit a month

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at clare.millar@brightwire.net. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

602928761618632

Contact

Clare Millar
0131 541 2159
clare.millar@brightwire.net

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Dynamics 365 and SharePoint applications, consulting and custom development, business transformation consulting.
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
• Service constraints: None - clients have a choice of deployment and support models depending on organisational and infrastructure requirements.
• System requirements: Web browser

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: There are defined SLAs and Out of hours support models covering weekends and bank holidays. Support incidents are classed in three categories (Level 1 Critical, Level 2 Major and Level 3 Minor) each with four defined stages. A Level 1 incident has a maximum response time of 1 hour. Our support desk runs within office hours for the majority of clients, with year-round out of hours support also available on request.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Support levels are based on an agreed allocation of time per month, with time reporting to indicate usage. Support can be scaled back or topped up accordingly. Support is based on a day rate. For out of hours support this cover is based on the client's need and an appropriate cost is calculated. We have clear support procedures in place and a technical account manager as well as a nominated support engineer are both provided as part of the support agreement.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We offer a variety of training plans to help users start using the service. Some training is face to face for administrators but we have extensive user based online training for our SaaS offerings. User documentation is provided where required in electronic format. Onsite training: provided to groups of trainees who are usually split by administrative and user type. We recommend a 'train the trainer' approach with advocates who will be the key 'go to' people within the organisation, and provide floorwalking. User guides: these can either be documented or video guides for users and contain quick tips and handy reference information. Online training: we can provide online training if required - typically to larger groups of users. The level of onboarding and offboarding support depends on the customer's requirements. We can provide full support for organisations where there is an organisation-wide rollout, as well as pilot or trials within a specific business area.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
  • Other
• Other documentation formats:
  • DOC/DOCX
  • Video/Multimedia
• End-of-contract data extraction: All data can be exported as a SQL Server database backup or via reporting tools.
• End-of-contract process: The support agreement would normally allow for basic handover at contract end - however if there were more specific or custom requirements (such as a new target environment to which to replicate) then these would be assessed and a cost agreed with the Client. Brightwire will provide appropriate assistance to the client to extract any data or move to another supplier as required.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: None
• Service interface: Yes
• User support accessibility: WCAG 2.1 A
• Description of service interface: The application includes a cloud based portal to allow users controlled access into reports and configuration for feedback gathering.
• Accessibility standards: WCAG 2.1 A
• Accessibility testing: The application has been fully tested by end users including with screenreaders for visually impaired users as well as form testing with end users of varying abilities and needs.
• API: Yes
• What users can and can't do using the API: Users can submit data on people to be surveyed via the API.
• API documentation: Yes
• API documentation formats: HTML
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: A range of areas can be customised depending on client need - ranging from simple to complex workflows, triggers and notifications and reports (as examples). Questions can be branched and results are pulled back into a database, which can be easily integrated (for example) with Dynamics 365 and other line of business applications for a holistic view of your customers and better insight.

Scaling

• Independence of resources: There are multiple deployment routes - each of which would be assessed in the light of specific functional and non-functional requirements such as performance. Performance can be affected by user bandwidth/connectivity as well as network capacity. We implement techniques to improve application performance and can recommend hosting models that will reduce the risk of load that negatively impacts performance.

Analytics

• Service usage metrics: Yes
• Metrics types: Service usage might apply to two scenarios - the behaviour of the users consuming the service, on which analytics can be provided, and/or the draw-down of the support time allocation, analytics for which are typically provided on a monthly basis.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: All data can be exported as a SQL Server database backup or via reporting tools. The way in which we would recommend this be done would depend on customer need and the target environment.
• Data export formats:
  • CSV
  • ODF
  • Other
• Other data export formats: Excel
• Data import formats:
  • CSV
  • ODF
  • Other
• Other data import formats:
  • Excel
  • JSON

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Our guarantee for service level uptime is 99.9%. Should the service fall below this in a given quarter then a credit may be given against the applicable quarter's fee. This is based on a sliding scale.
• Approach to resilience: The underlying solution is based on a high availability configuration on a private cloud using vMWare vSphere. Further information is available on request.
• Outage reporting: Administrator dashboard with automatic error reports via alerts and notifications.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: Admin access is limited by role based controls built into the software to ensure that only users with appropriate rights have access to management functionality.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: Cyber Essentials Plus

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: Authentication is based around username and password with role based authentication within the application itself. All access to the application is over a TLS 1.2 encrypted secure channel.
• Information security policies and processes: We follow ISO 27001 methodology for policy and processes, and ensure that this is mapped closely to the Government's Cloud Security Principles. We have a defined reporting structure in place with ultimate responsibility for security and compliance resting with the CTO.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: We follow a structured change procedure, which provides a high degree of management and quality of output with a controlled approach to changes in scope – it being essential to track changes and ensure that all amendments are assessed and authorised. Specific processes for change management are as follows:; Request: Initiation of a change with a request for change (RFC);; Classification: Assigning a priority to the change after assessing its urgency and impact;; Authorisation: Processing the RFC through to the change advisory board;; Development: Developing the change, release management;; Release Management: Releasing the change for testing;; Review: Conducting post-deployment review.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We have a policy of applying all Microsoft related security patches within a day of them becoming available. For our hosting environment we subscribe to VMWare notifications and apply these to our private cloud environment within 3 days of them becoming available. For other general software that we use such as Umbraco we subscribe to notification lists and deploy these based on a triage of the exposure and risk and a prioritisation. Critical updates are always deployed as soon as they become available and always within a 4 hour window.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We limit exposure by only allowing access via firewall control to services which need to be accessed externally and have automatic lock out on accounts if suspicious activity is assumed or detected. We track and monitor invalid login attempts via event logging mechanisms and respond based on the SLA times as detailed earlier in this section.
• Incident management type: Supplier-defined controls
• Incident management approach: Users report incidents online using our incident reporting tool or by using our helpdesk. We have specific processes that are triggered by incidents being reported to us which are followed and users are able to track and monitor the incident as it progresses through the SLA that corresponds to its priority. All incidents are followed by an incident report explaining what happened and what action is to be taken to prevent a reoccurance.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  Brightwire is committed to delivering high quality and successful software applications which make a difference to our clients. We acknowledge that we, as a consumer and user of resources and a producer of waste products, have a responsibility to consider the environmental impact of our workplace and the health and well-being of our staff. Our environmental promise is to: - Comply with all relevant environmental legislation - Reduce our carbon footprint to net zero by 2025 - Progress initiatives that are in place such as our cycle to work scheme, - Reduce, reuse and recycle our waste using designated refuse bins and procedures for the recycling and safe disposal of items such as printer cartridges - Reduce the amount of natural resources used by conserving energy, water, paper and other materials and by recycling waste wherever possible - Educate and train our people to ensure everyone understands their role in reducing environmental impact and how we can work together to achieve this - Ensure that where possible our suppliers demonstrate an acceptable level of environmental awareness and performance - Encourage our clients, through our project work, to reduce use of natural resources (such as paper) by improving processes using online, in place of paper-based, tools We are committed to preventing and reducing environmental impact. We acknowledge that our work has a potential environmental impact and we have a duty to manage this in a responsible and ethical way. We do this by identifying impacts, and putting practical processes into place to mitigate them. Our full Carbon Reduction Initiatives and measures in place are detailed here: https://www.brightwire.net/about-us/carbon-reduction.aspx
• Covid-19 recovery:

  Covid-19 recovery

  At Brightwire we have supported our customers during Covid to maximise the value of their investment in technology by putting this to best use. One of our most significant examples is in a community initiative which supports vulnerable young people and those at risk across the country. In Covid and lockdown there was a significant risk that the needs of young people would not be met, and so we embarked upon a project to mitigate this. The result was that young people, their carers, social services and other stakeholders could hold sessions securely and remotely using Teams. Importantly a factor in engaging with this segment of the population was to provide easy, quick, and free access to the service. Our work in this area of technology supported the organisations involved and made sure that the needs of young adults continued to be addressed in spite of lockdown. Stakeholders were a core part of the service design and ultimate nationwide rollout. As an organisation, we also had a role to support our team of people. We ensured that all team members had equipment delivered to their homes, and that this was equivalent in standard to equipment in the office. We held daily meetings and created an informal 'chat' area to avoid feelings of isolation, and sent regular wellbeing gift boxes to staff in the post. We made a commitment to pay additional costs (such as broadband) for staff and minimised meetings and unnecessary travel. As we are moving back to an office environment, we are consulting with the team on hybrid working and ensuring this has a good fit with our business model and culture.
• Tackling economic inequality:

  Tackling economic inequality

  At Brightwire we set out to have a positive impact and tackling economic inequality is an area where we can gain small but nonetheless measurable results. Our office is based in a relatively rural area and the social value and positive impact we can make is on creating sustainable employment and in skills development. We have invested in training, learning and professional development for all of our team members, ensuring that everyone has the opportunity to develop. As an organisation we play a part in the creation of employment opportunities within our community, and invest to achieve this. Local employment opportunities within rural areas can be low, and as an employer we set out not only to recruit but to retain our staff with training, flexible working and by providing opportunities to develop skills in other areas of the business.
• Equal opportunity:

  Equal opportunity

  We are committed to fair work practices. Our people make us what we are. Respectful, confident without being arrogant, honest and open, along with a genuine curiosity to discover better ways of doing things, rock solid expertise and a willingness to share ideas - these values drive us and embody our culture. We love what we do, and this is reflected in the way we do things, and in our results. Here are some of the things we do to ensure fair work practices: Training We invest in training to make sure people have the right skills and qualifications. We commit to providing a number of training courses during the year, also ensuring we have qualified staff to maintain our Microsoft and Umbraco Gold Partnerships. Pay and conditions We monitor our salaries in line with those in our sector, and reward our staff with more than the average. We have always offered flexible working to suit people and help to achieve a work-life balance. We do not have zero hours contracts. We are an accredited Living Wage Employer and have made a pledge to the Scottish Business Pledge. Fairness We are an equal opportunities employer, committed to fairness of treatment, respecting the rights of individuals, dignity, diversity and a zero tolerance approach to discrimination. Our working environment is a place where people are able to develop their skills and talents free from discrimination or harassment. We are committed not only to meeting legal obligations but to the positive promotion of equality and diversity across our team. We are a close knit team based on strong principles of fairness and collaboration. We have a very strong family friendly environment, generous parental benefits, flexible working, team days, sharing ideas and taking part in STEM initiatives in our local community.
• Wellbeing:

  Wellbeing

  At Brightwire our people are what set us apart, and the wellbeing of individuals and our team is vital. We are committed to providing our people with respect, recognition and care that supports and improves the wellbring and mental health of our team. We follow the six standards enshrined in the Mental Health at Work Commitment, including: 1. Prioritising mental health. This includes routine check-ins with employees, taking feedback and implementing suggestions for improvement. 2. Work design and culture. We have a new, light and modern office space specially designed to create optimum physical workplace conditions, equipped with the best ergonomic furniture and taking into account the need for individual concentration as well as collaboration. We offer flexible, agile and family friendly working patterns and are an open, approachable employer. 3. Promoting an open culture. Together with our people, we set out to ensure that mental health is a subject that can be openly discussed. We have a culture where people can come forward for support and encourage initiatives such as exercise and increased awareness. 4. Organisational capability. Our private medical insurance includes wellbeing support, offered to all our team. We hold daily team meetings to bring everyone together and ensure that feedback is reviewed and actioned. 5. Provide tools and support. Through private medical insurance our people have access to webinars, tools and advice on mental health. We provide gym memberships, a wellbeing day off (in addition to annual leave) and targeted help such as occupational health. 6. Transparency and data analysis. One of the ways we assess wellbeing is to monitor our team's activity through resource planning. To ensure individuals do not feel overburdened, and in recognition of this, for example, we have a structured approach to planning which mitigates and avoids such situations and manages workload.

Pricing

• Price: £200 a unit a month
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: A vanilla free trial (i.e. without customisations) is available for a duration of 30 days with a limited number of SMS messages.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at clare.millar@brightwire.net. Tell them what format you need. It will help if you say what assistive technology you use.