Townbase

Townbase HobbyGuide Websites

Townbase HobbyGuide is designed for towns, cities, select media, and organisations promoting hobbies and interests. Build a comprehensive hobby guide within days and crowsource with local enterprises, NGO's and hobby organizers. The best solution for all age groups and ideal to support families and elderly

Features

• Fully managed cloud infrastructure and self managed web service
• Multi-language support
• Transactional systems integration
• Set of RESTful API's for content ingestion and sharing
• Highly adaptable information and data model
• Integrations to Social Media Platforms
• Translation tools and translation agency integrations
• Automated data back-ups and security management
• Integrated Analytics & reporting
• Supports all operating systems, browsers and devices

Benefits

• Smart management of digital services
• Pre-configured content creation flows
• Content & Submission approval, authoring and moderation flows
• Integrated task based user guidance (help texts)
• Page and content level accesses management
• Automated content quality approvals flows
• Easy calendar and scheduling features
• Possibility to launch own advertising network (native)
• Easy agency onboarding to manage services
• Business directory features. Integrate to i.e.: Companies House

£8,000 to £20,000 a licence a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at contactus@townbase.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

663695726505030

Contact

M. J. Lintunen
+447551737073
contactus@townbase.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Service can be plugged into several services:; 1. Marketing&Sales tools (HubSpot, MailChimp, SurveyMonkey, Salesforce etc); 2. Analytics and Business Intelligence (Google Analytics, PowerBI etc); 3. Government services (Companies House, Land Registry, HMRC etc); 4. Transactional systems (Stripe, PayPal, etc) ; 5. Scheduling systems (Appointlet etc); 6. Social Media ( Flockler etc)
• Cloud deployment model:
  • Public cloud
  • Private cloud
• Service constraints: No constraints
• System requirements: No systems requirements - Web application based software as service

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: Standard 09:00-17:00 Tier2 & Tier3 support available for 90£/month. Response time less than an hour. ; - Phone; - Email; - Chat; ; Extensions to SLA (Service Levels) have additional costs.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: No
• Support levels: Our SLA's are described in the SaaS licensing agreements and tailored to client needs. ; ; Standard SLA; 1. 09:00-17:00 1h response time; 2. max. 1 working day turn around time / resolution time for critical errors.; ; Standard SLA is inclusive of 90£/month support charge.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Our templated onboarding included in the start-up price includes everything needed to launch a service successfully:; ; 1. Workshops; 2. Training sessions; 3. Design reviews
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: We offer standard tools as part of the license agreement:; ; REST API's to extract data / content; CSV file exports; XML exports
• End-of-contract process: Service can be closed anytime and content and users can be exported to new service via RESTful API's or via CSV / XML exports or other back-up files. ; ; Once service is closed Townbase will close the licensed instance.; ; In the end of the contract client has 3 months time to utilize / transfer content.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: HTML5 based front-ends automatically scale to all screen sizes and device types on commercially available browsers.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: Web-application based Software is accessible via Desktops, Mobile, Laptops and Tablets.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: Yes.
• API: Yes
• What users can and can't do using the API: Users may use a set of RESTful API's to ingest content or pull content. There are also advanced tools to export content in various forms.
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Wireframes ; Look & Feel & Design (colors, fonts, html objects); Automated content ingestion of export channels / partners; Selection of 3rd party content channels ; Automated Email Senders and related email templates content; Can run on any customer dedicated domain

Scaling

• Independence of resources: Townbase uses server virtualization provided by Amazon Web Services. ; ; Client based real time monitoring ensures optimal capacity for a need.; ; The solution is designed to be able to manage large user volumes. It is built on Amazon Web Services infrastructure, where the load is currently monitored and gets adjusted in case the threshold are exceeded.

Analytics

• Service usage metrics: Yes
• Metrics types: Full suite of analytics and dashboards ; - Actions; - Visitors; - Predictions
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: Less than once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: RESTful API's; XML; CSV
• Data export formats:
  • CSV
  • Other
• Other data export formats: RESTful API's
• Data import formats:
  • CSV
  • Other
• Other data import formats: API's

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: SLA agreed per client. We offer multiple options for SLA's per specific use cases and service needs. Generally provided as: 99% Platform level : 99,98 % (2021)
• Approach to resilience: Resilience is based on the following principles; - User data is transferred only in secured form ; - User data is stored securely and backed up into separate availability zone ; - User permissions are strongly controlled and limited and all services are built as separate with their own users and data; - Service and operations are governed based on guidelines ; - Personnel are trained to be security aware ; - Software architecture is built based on security principles ; - User and their permissions are managed and controlled 9; - All admin and data related activities can only be accesses by authenticated and authorised individuals; - External interface and scripts are forbidden unless specifically allowed 12. Secure service administration; - Main admin accounts are strongly controlled and limited ; - Audit trail is tracked and made available on need basis
• Outage reporting: Client has a dashboard to usage statistic which is a real time dashboard. Client can enable email and SMS reports per request.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Access to managemt interfaces and support channels are controlled and based on invitations only. The users are regularly reviewed and updated as needed. Where possible, SSO with MFA is enabled
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: No, it is based on industry best practises and experience.
• Information security policies and processes: Following policies are put in place; - Security Policy ; - End User Devices Security Standard ; - User Identity Management Principles ; - Access Management Principles and Controls ; - Password Rules and Delivery Instructions ; - Cloud Hosting Security Standard ; - Security in Software Development Lifecycle ; - Information Classification Guidelines

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: 1. Identify the change; 2. Assess the impact; 3. Decide on introducing the change; 4. Plan the introduction of the change; 5. Implement the change; 6. Verify the impact; 7. Make corrections, if needed
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Security is an essential part of our software development process and the security needs to be built in, not just tested. We are using open source and third party tools and services to regularly scan potential vulnerabilities. Our services also get audited and tested by our clients.; If any vulnerabilities are found, the patches are made based on the severity and the patch availability. In shortest, the patches can be updated within two hours, but typical deployment time is 48 hours.; Potential threat information is collected from 3rd party suppliers, forums and from our clients.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We are using third party tools and services to regularly scan abnormalities.; If any abnormalities are found, we will analyse the severity and then plan the required actions.; ; In shortest, the changes can be made within minutes, but typical deployment time is 48 hours.
• Incident management type: Supplier-defined controls
• Incident management approach: We follow industry standard incident management processes, where certain common event workflows are partially automated.; Users can reports incidents through web form, email, chat and phone.; Incidents reports are provided as agreed in the service governance model with that particular client.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  Carbon footprint; ; Townbase aims to be carbon neutral by end of 2026. We will have fully green energy operations by 2026 and will offsets our office carbon footprint with a tree planting program. We already operate a fully paperless offices and we recycle our computers and other hardware equipment. Our server capacity will be operated with 100% green energy by 2026.
• Covid-19 recovery:

  Covid-19 recovery

  N/A
• Tackling economic inequality:

  Tackling economic inequality

  N/A
• Equal opportunity:

  Equal opportunity

  Engagement & Inclusion; ; Townbase has engaged with many university students working on problems facing the digital world. University students from partners like Helsinki University of Applied Sciences, Surrey University and Warwick University, school of management have helped us to dig in deeper into challenges in building more digital and accessible societies.; ; Townbase also support young people getting their first steps in the work life by hiring young professionals via Kick-Start program for paid internships. In these paid internships young professionals learn to apply their knowledge obtained from universities in real life challenges.; ; As we are a small organisation our diversity guidelines are being drafted. We currently employ both men and women and from varied backgrounds. We celebrate diversity as we believe this will benefit not only us, but our clients as well: different perspectives, points of views and backgrounds build a fertile ground for new ideas, points of views and make our operations more resilient and successful.
• Wellbeing:

  Wellbeing

  N/A

Pricing

• Price: £8,000 to £20,000 a licence a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Our like for like demo service can be used as demonstration version
• Link to free trial: https://www.townbase.com/en-UK/topic/61f1c1940329b91f0aa0b2e8?mode=blogs&count=9

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at contactus@townbase.com. Tell them what format you need. It will help if you say what assistive technology you use.