Cantarus

MemConnect Mobile App Platform

MemConnect is our platform for building the perfect app for your residents or other stakeholders. With a range of out-of-the-box and bespoke features tailored to your needs - e.g., online community, reporting potholes, bin reminders and jobs boards - MemConnect is the ideal way to connect with your community.

Features

• Reporting of Potholes, Fly-tipping & More
• Online Community
• Jobs Board
• Podcasts & Videos
• News & Blogs
• Digital Publications
• Analytics & Business Intelligence
• Privacy & Data Protection
• App Store Management
• Single Sign-On & Persistence

Benefits

• Enable easy in-app reporting of issues with geolocation details
• Connect with users in a rich online community/forums environment
• Integrate with your existing jobs board provider
• Full-featured podcasts and video delivery
• News and blogs content from your website displayed in-app
• Online magazines and journals available in-app
• Intuitive analytics like active users, session duration and engagement percentage
• Our apps implement privacy by design and strong security
• Let us navigate the complexity of app store submissions
• Enable login with existing website credentials

£19,995 a licence a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at enquiries@cantarus.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

652299684741763

Contact

Lee Adams
0161 971 3200
enquiries@cantarus.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: None
• System requirements:
  • IOS 15+
  • Android 12+

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Our standard support is provided between the hours of 0900 and 1730 British time, Monday to Friday excluding public holidays.; ; We also provide dedicated 24/7 Business Critical support depending on the hosting package selected.; ; Service level targets – specifically the time within which we aim to be actively working on a resolution – for support are as follows (excluding on-site support):; ; Business Critical Within 1 business hour; High Priority Within 4 business hours; Medium Priority Within 2 business days; Low Priority Within 5 business days
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Our standard support is provided between the hours of 0900 and 1730 British time, Monday to Friday excluding public holidays. 24-Hour Severity 1 support is also available on some hosting packages.; ; Standard timebank support is purchased on a per man-day basis and can be used across any of the Cantarus service offerings - any purchased time which is unused during the month can be rolled over for up to 3 months.; ; Standard timebank charged at £995/day with a 1 day minimum.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: A MemConnect consultant will work with the buyer to determine the best configuration for their app through a full discovery process as well as a MemConnect designer on the look and feel of the app. Once an implementation plan has been decided the consultant can work with the buyer to implement the solution. Once services have been configured and tested, a training session will be provided on how to use the MemConnect cloud for app admin task. Following this, a handover to our Client Success team will be provided, during which training on our support ticketing system and timebank reporting will be provided via an online session.
• Service documentation: No
• End-of-contract data extraction: MemConnect uses APIs to populate content and authenticate within the app. Very little data is held on the user on contract end and we will delete any data on removal.
• End-of-contract process: We would remove the app from both stores and shut down the associated systems. We would also block access to the cloud panel and the ticketing system.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: None
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: The MemConnect cloud dashboard provides a single interface for management of all your app configuration, logging and reporting.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: We have an internal Experience Design team who focus on to accessibility. They have a documented internal accessibility strategy, are trained in running usability tests and have implemented a design system built on accessible principles for our most recent app projects.
• API: Yes
• What users can and can't do using the API: All app features are accessible via API.
• API documentation: No
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: The MemConnect app can be customised in a number of different ways. Firstly, whilst built on a design system the app will utilise a clients branding within the app. These includes fonts, colours, wording etc. Also where needed the client can also build bespoke areas which can be designed as required. ; ; The app is also customisable through integrations; a client can choose which integration to use and which not to use, such as including a blog and not including videos. The client can also choose where this content comes from further adding customisation. ; ; The main customisations are initially done in discovery and design where we realise the clients requirements, but these requests for changes can be made in our three weekly release schedule. ; ; The MemConnect cloud also offers areas of customisation, this includes the changing of certain app text, adding promotional elements and sending push notifications.

Scaling

• Independence of resources: The MemConnect platform runs on dedicated Virtual Machines with a resource allocation provided by the hypervisor. The services are then containerised and resources are managed by the container orchestration software to ensure all customers receive a fair share of resources.

Analytics

• Service usage metrics: Yes
• Metrics types: The dashboard provide detailed audit data on the users who have logged in to the service, the applications they have been using, analytics data and details of security events.
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: We don't hold any user data, so we do not offer this service.
• Data export formats: Other
• Other data export formats: None
• Data import formats: Other
• Other data import formats: None

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: The MemConnect Solution shall be available to Authorised Users from the Go Live Date during the Subscription Term 99.99% of the time calculated on a monthly basis. Where the MemConnect Solution is not so available, the Client will be credited with an amount calculated monthly as an aggregate of all Down Time in accordance with the following table: ; ; Monthly Uptime Percentage ; ; Service Credit ; ; (% of Monthly Equivalent Fee) ; ; <99.90 ; 5% ; ; <99.00% ; 15% ; ; <95.00% ; 25% ; ; <90.00% ; 50% ; ; <75.00% ; 100%
• Approach to resilience: Resource Monitoring and automated migration of VMs - Automatic reboot if VM or host is detected to have failed - Underlying Multi-node Cluster design - High Availability network design
• Outage reporting: Outages will be reported to users via email and a maintenance page where possible.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: Support channels are locked to a limited number of contacts who are allowed to raise requests on their behalf. These contacts are the only people who are allowed to raise tickets either via the web-portal, e-mail, or telephone.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: Between 1 month and 6 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Between 1 month and 6 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: Cyber Essentials Plus
• Information security policies and processes: We are Cyber Essentials Plus certified and place security and compliance at the centre of the services we provide. Our data protection, communications and freedom of information practices have been externally audited by NCC Group. We maintain and execute a number of internal policies around Information Security, GDPR and Data Protection that each team within the business are responsible for executing on, with managers of each team accountable for implementation. Our data protection policy includes our principles around GDPR, data subject rights, information on personal data breaches and how to handle these, data protection impact assessments, training and information on our Data Protection Manager's roles and responsibilities. Developers receive security training in order to ensure that our team is always following security best practice and are aware of recent developments in the field.We work closely with a number of government bodies and local authorities. As such, we're well-versed in the extensive regulatory and compliance standards imposed upon suppliers, including GDPR and the DPA.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All changes should be requested via raising a support ticket with the Client Success team. The request will then be triaged, and allocated to the relevant internal team. The change will be assessed for any potential security or availability impact, and if appropriate a quote provided to the customer. Once agreement is in place a change request is raised. Where the change is judged to have a possible affect on the security of the site, or requires a change to a global setting to be changed the CR is escalated to a senior manager for review.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Where available we subscribe to security feeds from all our suppliers. When notification of an issue is received, we immediately assess these based on the CVSS score and the use of the feature or application within our environment. Using this data we decide if the patch can be deployed as part of our regular monthly patching schedule, or if we need to directly contact customers in order to arrange an additional at-risk window.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Full monitoring is implemented for the application and services itself. The Monitoring Service continuously executes multiple individual performance tests per Service Component at an interval no longer than 5 minutes from multiple datacenters.
• Incident management type: Supplier-defined controls
• Incident management approach: Full details of this process are documented in the Cantarus Incident Management Policy. Users who suspect an issue should immediately report this to the Information Security Manager. Depending on the scope of the potential incident, this may then immediately be escalated to the board of directors. Once an event has been verified as a potential issue, this will also be raised with the customer. On completion on the investigation and and remediation activity, the customer will be provided with a full incident report.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Fighting climate change

  Fighting climate change

  The solution utilises the latest public cloud technologies. Public clouds combat climate change by deploying innovative solutions aimed at cutting down carbon footprints and promoting sustainability in various sectors.

Pricing

• Price: £19,995 a licence a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at enquiries@cantarus.com. Tell them what format you need. It will help if you say what assistive technology you use.