Syrenis Ltd

SMART Stakeholder Engagement Platform

SMART, a secure cloud stakeholder management system for classifying and communicating with stakeholders (GDPR Compliant); classify using tags, map and track change in stakeholders’ attitudes, use dynamic web forms, automate responses, use broadcast email/SMS facilities, create engagement programmes, plus secure document collaboration, social-media management and full virtual press office module.

Features

• Organisation and person-level view of engagement touch points
• Simple stakeholder selection and loading processes
• Stakeholder mapping including change reviews and phasing
• Organisation linking - to identify and track complex relationships
• Smart tag feature for instant data classification and one-touch selection
• SMART web forms to gather stakeholders and additional information
• Email & SMS creation, broadcast and reporting
• Event planner including automatic invites and response management
• Secure document collaboration portal with review and publish management
• Fully featured Press Office Module

Benefits

• Understand who your primary stakeholders are, and communicate effectively
• Make sure messages are consistent, but tailored for specific audiences
• Stakeholder mapping, graphically track changes in attitude over time
• Measure if stakeholder communications strategies are working
• Improved audience engagement through targeted and triggered communications
• Gather stakeholder opinion directly in SMART using forms and surveys
• Compliance management with PECR, FOI, SAR, GDPR and DPA
• Integral help system, provided by SMART system developers
• Extensive graphical reporting across all aspects
• Highly scalable platform (1- 1000 users) with <60 minute set-up

£4,215 a user a year

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at glenn.jackson@syrenis.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

618906357008827

Contact

Glenn Jackson
+44(0)204 551 9501
glenn.jackson@syrenis.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: No
• System requirements: Web access over https is required plus browser

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: 9am-5.30pm Monday-Friday 1 hour; Emergency support available out of hours by arrangement
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Service desk hours are 09:00am to 17:30pm however tickets can be raised electronically at any time within SMART.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We plan with clients how current stakeholder records are going to be imported and if any measures such as re-permission are required. We then arrange training and often host user groups to enable questions to be asked directly prior to go live.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: We export all data into a standard format using CSV text files and deliver securely to the client.
• End-of-contract process: Any formatting (away from its native form) of the stakeholder data and history that is required will be chargeable on a time basis. Also if any special delivery instructions are required this might incur a fee (such as secure manual delivery).

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Public facing forms and surveys are all tested to be mobile friendly. Reports are also mobile friendly. The main application is best used via a screen of at least 800 x 600 pixels though.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: Web based portal for configuration of the platform.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: A regulatory body has worked with us to audit and confirm that our technology meets the standards above and also executes in real life situations.
• API: Yes
• What users can and can't do using the API: The API is for the insertion and update of stakeholder and SMART user records from a clients internal systems.
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Configuration of all core services enables a host of possibilities.; SMART can be used to power any web based form or survey where information needs to be captured and reported on in a secure way.; In addition any extra configuration a customer may require can be done to an agreed specification and fixed cost.

Scaling

• Independence of resources: We use independent secure instances and distribute tasks by type across a load balanced architecture.

Analytics

• Service usage metrics: Yes
• Metrics types: SMART has a comprehensive MI suite that enables real time reports to be generated at any time. All reports can be saved for reuse. In addition regular reports can be scheduled to be delivered via email to a distribution list of users.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Users can export data if they have permission in either a PDF, CSV or Excel format.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • PDF
  • Excel
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection within supplier network: All data in encrypted at rest and user permissions are constantly reviewed.

Availability and resilience

• Guaranteed availability: Measurement period: Month; ; Target service level: 99.9% (no more than 43 minutes and 12 seconds downtime in 30 days); ; Minimum Service Level: 99% (no more than 7 hours and 12 minutes downtime in 30 days ); ; Service credits; Licence value credit per day late in excess of Minimum Service Level
• Approach to resilience: We have mirrored locations, services, storage and full redundancy. Details available by request.
• Outage reporting: We use a range of external and internal service management systems to notify support staff via email and SMS to any outages.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
• Other user authentication: Security questions.
• Access restrictions in management interfaces and support channels: SMART users have individual permission profiles that control access. These are regularly reviewed and administrated by the client. User activity is also monitored and recorded. This is available to the client by specific request.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Dedicated link (for example VPN)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: EY Certify Point
• ISO/IEC 27001 accreditation date: 18/11/2022
• What the ISO/IEC 27001 doesn’t cover: Services outside of AWS (Amazon Web Services)
• ISO 28000:2007 certification: No
• CSA STAR certification: Yes
• CSA STAR accreditation date: 18/11/2022
• CSA STAR certification level: Level 2: CSA STAR Attestation
• What the CSA STAR doesn’t cover: Anything outside of AWS Amazon web Services
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • Cyber Essentials Certified
  • Approval to Operate from the Home Office
  • SOC 2 Type II

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: Approval to Operate from the Home Office; Cyber Essentials Certified
• Information security policies and processes: Syrenis have a documented Information Security programme in place. The Information Security programme must maintain as a minimum a data flow diagram demonstrating the flow of information through our environment and descriptions of the technical and physical safeguards designed to protect Syrenis Ltd and/or Customer Information. ; ; Our Information Security programme includes a risk assessment, to determine the value and sensitivity of the information we hold, and the level of protection currently being applied to that information. This programme is reviewed on an annual basis. Any material changes to operations or business arrangements or other circumstances are assessed to see if they impact the Information Security Program and documentation is updated along with additional training if required. ; ; Syrenis only disclose information to those third parties whom are contractually bound to protect information in a manner consistent with the applicable privacy policies, limit the use of the information only for expressed purposes, and in accordance with the express implicit or explicit consent, unless a law or regulation specifically allows or requires otherwise.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: We operate a change management system and a software version control capability that together allow us to manage technical changes to our products. Services are first tested in isolation, then incorporated into a Quality Assurance platform for user group acceptance testing, and then finally released onto Production once they have passed all these tests. We also operate a scheduled programme of penetration testing to scan for vulnerabilities. Finally as a backstop measure we take images of our environments before and after upgrades so we can quickly revert if problems are encountered.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We carry out a risk assessment and always err on the side of caution. We are part of the CISP alert community, and the Checkpoint Threat Cloud. Our environment consists of two types of intrusion prevention technology, and has anti-bot and anti-virus capability at the network layer. We also implement geo protections which block large ranges of IP addresses for countries that have no need to access our systems. Much of this gets automatically updated but we also manually apply patches as needed. Servers are usually patched within 7 days of patches being issued.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Monitoring is as follows: 1) Intrusion Prevention Monitoring – Servers have an IPS service running on them connected to a central dashboard warning us of hacking attempts, allowing us to take pre-emptive actions. 2) Firewall Monitoring – Our firewall is from a different technology vendor to the IPS used as part of our defence in depth approach. Alerts and Events are streamed in real-time to a monitoring station, critical events are then issued to staff. Server Monitoring - . This is via AWS Cloudwatch which issues alerts and caries out simple actions such as starting up additional capacity if required.
• Incident management type: Supplier-defined controls
• Incident management approach: We have a web based incident management tool that our customers can also access. It allows users to report incidents and provides Management Information to customers that need it. We review the incidents on a daily basis as a team and discuss every one so we can ensure a) someone is working on it and b) assess if there is a security element to the incident.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: Yes
• Connected networks: Police National Network (PNN)

Social Value

• Social Value:

  Social Value

  Wellbeing

  Wellbeing

  Syrenis demonstrates a robust commitment to staff wellbeing by providing access to private healthcare services through a leading service providers scheme for all team members. This initiative ensures that employees receive comprehensive medical care, promoting both physical and mental health. Through this, Syrenis shows proactive steps to support the health and wellbeing of its contract workforce, aiming to create a positive impact on both the physical and mental health of all individuals involved in its operations by fostering a culture that prioritizes wellbeing.

Pricing

• Price: £4,215 a user a year
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at glenn.jackson@syrenis.com. Tell them what format you need. It will help if you say what assistive technology you use.