Syrenis Ltd

Cassie

Cassie is a secure, cloud-based, enterprise-level application managing all aspects of personal data, consents and preferences (Global Privacy/GDPR compliance including Legal Basis).Complete audit-able history of personal data, seamlessly integrated into your infrastructure offering self-service to individuals so they can directly access Cassie to manage their consent/ preferences with your organisation.

Features

• Low cost secure enterprise personal information management platform, cloud based
• Enterprise level scalability and future proofing, Multilingual and Multi-Brand
• Can absorb historic personal data & preferences, configurable business rules
• Can connect to multiple online platforms gathering data & preferences
• API, widget & push technology to update host systems
• Customisable and Configurable Consumer & Customer service preference portals
• 3-way preference values, Preference Holidays and Granular Level Consent
• Advanced data collection, form builder and data distribution
• Cookie management, website scanner & security identification

Benefits

• Protect IT investment by connecting to existing systems
• Secure & fast to commission
• Automatically scales to meet demand
• Single point-of-truth for all personal data across the enterprise
• Traceable forms/widgets gather preferences & managing data
• Update systems with privacy changes in real-time or batch mode
• Dedicated customer/consumer/stakeholder management portal
• Ensures that ‘no response’ doesn’t result in unnecessary opt-outs
• Configurable customer service interface for call centres & sales teams
• Gather additional data directly into Cassie via widget or API

£2,000 to £8,500 a licence a month

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at glenn.jackson@syrenis.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

631149838517893

Contact

Glenn Jackson
+44(0)204 551 9501
glenn.jackson@syrenis.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Any web based form.; Any CRM.; Any data warehouse.; Full API to connect to any system that supports connections.
• Cloud deployment model: Private cloud
• Service constraints: No
• System requirements: The management portal is web based

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: 9am-5.30pm Monday-Friday 1 hour. Emergency support available out of hours by arrangement
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Service desk hours are 08:30am to 17:30pm however tickets can be raised electronically at any time. Contact details are: +44(0)1928 622-302 (Europe) or +1 (613) 801-0799 (USA/Canada). Service response times: P1 – 1hr P2 – 4hrs P3 – 8hrs Technical account management available at extra cost.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Account and project managers are assigned and an agreed project plan is created with timescales and key deliverables. Flow diagrams showing the full data audit and processing are also created at the beginning to help maintain an over view of the interaction between processes and systems.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • ODF
  • PDF
• End-of-contract data extraction: We will export as per instruction from the client, typically this would be a standard format using CSV text files delivered securely.
• End-of-contract process: Any formatting (away from its native form) of the preference data and history that is required will be chargeable on a time basis. Also if any special delivery instructions are required this might incur a fee (such as secure manual delivery).

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The administration portal (manages options and configuration) needs a larger screen.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: Web based portal for configuration of the platform.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: A regulatory body has worked with us to audit and confirm that our technology meets the standards above and also executes in real life situations.
• API: Yes
• What users can and can't do using the API: Almost everything can be done via the restful API. Full documentation is available on request.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Every customer journey is different. Cassie allows for complete customisation and configuration via the admin portal. Marketing resource can deliver customised forms, widgets and emails. Consent statements can be created quickly and easily within the portal. All external facing portals can be customised and configured to ensure that the experience of managing personal data and preferences feels familiar and seamless to your end users. All managed and controlled by you.

Scaling

• Independence of resources: We use independent secure instances and distribute tasks by type across a load balanced architecture.

Analytics

• Service usage metrics: Yes
• Metrics types: Cassie has a comprehensive reporting suite that enables real time reports to be generated at any time. All reports can be saved and exported. In addition regular reports can be scheduled to be delivered via email to a distribution list of users.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Users can export data if they have permission in either a PDF, CSV or Excel format.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection within supplier network: All data in encrypted at rest and user permissions are constantly reviewed.

Availability and resilience

• Guaranteed availability: Measurement period: Month Target service level: 99.9% (no more than 43 minutes and 12 seconds downtime in 30 days) Minimum Service Level: 99% (no more than 7 hours and 12 minutes downtime in 30 days ) Service credits Licence value credit per day late in excess of Minimum Service Level
• Approach to resilience: We have mirrored locations, services, storage and full redundancy. Details available by request.
• Outage reporting: We use a range of external and internal service management systems to notify support staff via email and SMS to any outages.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: Cassie users have individual permission profiles that control access. These are regularly reviewed and administrated by the client. User activity is also monitored and recorded. This is available to the client by specific request.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: Yes
• Who accredited the ISO 28000:2007: EY Certify Point
• ISO 28000:2007 accreditation date: December 15, 2017
• What the ISO 28000:2007 doesn’t cover: All services are provided by Amazon Web Services
• CSA STAR certification: Yes
• CSA STAR accreditation date: 31st March 2018
• CSA STAR certification level: Level 2: CSA STAR Attestation
• What the CSA STAR doesn’t cover: Services outside of AWS (Amazon Web Services)
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • Cyber Essentials Certified
  • Approval to Operate from the Home Office

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: Approval to Operate from the Home Office. Cyber Essentials Plus Certified
• Information security policies and processes: Syrenis have a documented Information Security programme in place. The Information Security programme must maintain as a minimum a data flow diagram demonstrating the flow of information through our environment and descriptions of the technical and physical safeguards designed to protect Syrenis Ltd and/or Customer Information. Our Information Security programme includes a risk assessment, to determine the value and sensitivity of the information we hold, and the level of protection currently being applied to that information. This programme is reviewed on an annual basis. Any material changes to operations or business arrangements or other circumstances are assessed to see if they impact the Information Security Program and documentation is updated along with additional training if required. Syrenis only disclose information to those third parties whom are contractually bound to protect information in a manner consistent with the applicable privacy policies, limit the use of the information only for expressed purposes, and in accordance with the express implicit or explicit consent, unless a law or regulation specifically allows or requires otherwise.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: We operate a change management system and a software version control capability that together allow us to manage technical changes to our products. Services are first tested in isolation, then incorporated into a Quality Assurance platform for user group acceptance testing, and then finally released onto Production once they have passed all these tests. We also operate a scheduled programme of penetration testing to scan for vulnerabilities. Finally as a backstop measure we take images of our environments before and after upgrades so we can quickly revert if problems are encountered.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We carry out a risk assessment and always err on the side of caution. We are part of the CISP alert community, and the Checkpoint Threat Cloud. Our environment consists of two types of intrusion prevention technology, and has anti-bot and anti-virus capability at the network layer. We also implement geo protections which block large ranges of IP addresses for countries that have no need to access our systems. Much of this gets automatically updated but we also manually apply patches as needed. Servers are usually patched within 7 days of patches being issued.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Monitoring is as follows: 1) Intrusion Prevention Monitoring – Servers have an IPS service running on them connected to a central dashboard warning us of hacking attempts, allowing us to take pre-emptive actions. 2) Firewall Monitoring – Our firewall is from a different technology vendor to the IPS used as part of our defence in depth approach. Alerts and Events are streamed in real-time to a monitoring station, critical events are then issued to staff. Server Monitoring - . This is via AWS Cloudwatch which issues alerts and caries out simple actions such as starting up additional capacity if required.
• Incident management type: Supplier-defined controls
• Incident management approach: We have a web based incident management tool that our customers can also access. It allows users to report incidents and provides Management Information to customers that need it. We review the incidents on a daily basis as a team and discuss every one so we can ensure a) someone is working on it and b) assess if there is a security element to the incident.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: Yes
• Connected networks: Police National Network (PNN)

Social Value

• Fighting climate change:

  Fighting climate change

  Syrenis Ltd is committed to preventing pollution and to complying with all relevant environmental legislation, regulations and other environmental requirements.; We regularly evaluate the environmental impact of our activities, products and; services and we will take action to continually improve our environmental performance.; ; It is our policy to:; ; • Minimise the use of energy, water and natural resources; • Minimise waste through prevention, re-use and recycling where possible; • Dispose of waste safely and legally; • Avoid the use of hazardous materials, where practical; • Work with environmentally responsible suppliers; • Prevent environmental damage and minimise nuisance factors such as noise and air pollution.; ; We will define environmental objectives, targets and improvement actions that are related to this policy and to our significant environmental aspects. We will regularly evaluate progress.; ; We are committed to providing relevant environmental training and promoting environmental awareness to employees and, where appropriate, to suppliers and to communicating our environmental performance.; ; We will implement processes to prevent environmental non-conformities and to ensure that we are prepared to deal with potential environmental emergencies.; This policy will be regularly reviewed and updated to take account of organisational priorities and changes, environmental legislation and best practice.
• Covid-19 recovery:

  Covid-19 recovery

  We are committed to engaging fully with the learnings from the Covid-19 pandemic to evolve our business. ; ; Our business grew rapidly during this time, but successful innovations to staff working patterns, team collaboration, client preferences for engagement and other issues need analysis and optimisation. ; ; 1. Reflect ; ; We have engaged consultants to help us think through and redefine our core values, ways of working and the benefits we offer our clients in the broadest sense. ; ; 2. Recommit ; ; We have increased our focus on workforce wellbeing and purpose. These include physical, psychological and financial concerns – both in the workplace and at home. ; ; 3. Re-engage ; ; We know that our clients’ own ways of working have shifted, and in many cases their core objectives have undergone radical shifts. We are committed to working with all our existing clients to ensure that our service meets their needs. ; ; 4. Rethink work, workforces and workplaces ; ; After a period of working from home, we have successfully introduced hybrid working, with staff able to choose the model and pattern of office attendance that suits them. ; ; Staff social and briefing meetings encourage all staff members to attend with colleagues at least once every couple of months. ; ; As our increasingly global clients demand staff availability to fit in with their time zone, we are developing new models of staff shifts and responsibilities. ; ; 5. Reboot – HR and People Operations Priorities ; ; HR are embracing the possibilities of ‘agile learning’ - helping staff learn how to use new tools quickly when required.; ; HR will also have a crucial role in helping to integrate individuals’ redefined needs with our business needs for excellent customer service, innovation and agility. Rather than a conflict between these two sets of requirements, we have evolved a synergistic model of working which delivers for our colleagues and clients.
• Tackling economic inequality:

  Tackling economic inequality

  As a technology provider, Syrenis have the capability of generating highly skilled and sought after positions in a sector that is very high growth. These roles enable candidates from all levels to benefits from the growth of our business, whether this be via our Apprentice involvement or through to more senior positions. As an equal opportunity employer, we encourage a broad cross section of skills, ability and cultures to work within our company and given the change in work culture, we now recruit from all areas of the UK.; ; As well as recruiting experienced employees, our culture is one of hiring based on the right attitude. By recruiting staff with this mindset, we are able to train and cross train employees, which often leads to industry recognised qualifications. ; ; Technology is leading the way with our economic recovery. This is driving more opportunities across the whole economic spectrum.
• Equal opportunity:

  Equal opportunity

  The Company recognises that discrimination is not only unacceptable, it is also unlawful.; ; The Company’s aim is to ensure that no job applicant or employee is discriminated against, directly or indirectly, on any unlawful grounds.; ; By including this policy in the Employee Handbook, all employees are made aware that the Company will act in accordance with all statutory requirements and take into account any relevant codes of practice.; All job applicants will be considered solely on their ability to do the job. Interview questions will not be of a discriminatory nature.; ; All promotions will be made on merit in line with the principles of the policy.; ; Employees who have a disability will receive the necessary help, within reason, to enable them to carry out their normal duties effectively.; ; This policy will be assessed at regular intervals to ensure that equality of opportunity is afforded to all employees.
• Wellbeing:

  Wellbeing

  Our policy to address all work-related illnesses and in particular stress, to control, reduce or eliminate so far as is reasonably practicable.; ; We recognise that our personnel are the Business’s most valuable assets and that any problem associated with work-related stress is a management duty.; ; Whilst stress-related problems of short duration often resolve; themselves, it is long-term stress that the Business aim to address.; ; Through the risk assessment process, we will continue to identify hazards and assess all mental and physical risks to health and safety with the objective of reducing them.; ; The main problem with stress is the self-realisation that we are actively suffering from it. Others affected by our stress symptoms tend to shy away from broaching the subject as it may be construed as interference or just being nosy.; ; Stress is usually brought about by an accumulation of minor irritations that cannot be resolved in the time scale we wish and/or with the desired outcome. However, there may be one single event or set of circumstances that combine to provide the additional; stress overload. Some examples are: -; ; Possible environmental stressors include noise, temperature, overcrowding and humidity.; ; Possible work-related stressors include working to tight deadlines, overwork and change; to organisation. Other issues that may have an impact include: –; ; • Under challenged / Promotion prospects / Job satisfaction; • Racial or sexist remarks; • Personal relationships with other employees; • Travelling; • Harassment and confrontation.; ; Stress counselling can often have a stigma that it is only for the 'weak' or 'mentally ill', however the reverse is actually true.; ; It is our policy that all employees can approach management to raise any concerns relating to stress. All conversations will be; addressed in the strictest confidence and we will try and assist any individuals suffering from stress.

Pricing

• Price: £2,000 to £8,500 a licence a month
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at glenn.jackson@syrenis.com. Tell them what format you need. It will help if you say what assistive technology you use.