TICKETS.COM LIMITED

ProVenue ®

Tickets.com is a global ticketing technology solutions provider focused on sports and live entertainment. Our ProVenue platform is a full service, integrated ticketing solution enabling organisations to sell tickets to consumers under their own brand. ProVenue provides clients with a 360° view of buying habits and preferences of their customers

Features

• A fully hosted solution (SaaS) with unlimited users
• A full service, integrated ticketing platform
• User friendly mobile responsive interface
• Scalable solution
• A fully responsive, intuitive online customer experience
• Fully integrated email marketing platform and CRM tools
• Native Access Control solution for scanning and validating tickets
• Powerful and highly flexible reporting
• Open Architecture for APIs and Integration
• Replicated database

Benefits

• Increase online revenue through our digital ticketing technology
• Build and control events from inception through to final reconciliation
• Singular system providing inventory control across all sales channels
• Ability to schedule reports
• Create targeted automated email campaigns and measure success
• Manage membership and loyalty programs
• Support for pre-sales, discounted tickets and exclusive events access
• Customer support and dedicated account management
• Client Knowledge Portal and customer training
• High standard of system availability and security

£2,500 to £500,000 an instance a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at uk.sales@tickets.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

668103947909244

Contact

Nick Kinsella
01908 027900
uk.sales@tickets.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
• Service constraints: Tickets.com achieves 99.9% plus system uptime. Systems are monitored 24/7 to ensure maximum availability, reliability, and performance. Our UK support team are available 6am until 10pm, 7 days a week.; ProVenue® provides a virtually unlimited number of configuration options – system users, buyer types, events, packages, price scales, user traits, promotions, offer codes, etc. Tickets.com recognises the importance of providing continuous enhancements for our clients. All upgrades are provided at no additional cost. Upgrades and enhancements are released on a modular basis monthly.
• System requirements:
  • Latest browser versions
  • Reliable internet connection
  • Hardware or software based VPN
  • Boca Ticket Printer (If hard ticket printing is required)

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Tickets.com prides itself on world class customer service and key to this is maintaining good communication. Please see our response times as per our Service Level Agreement.; - Critical Incident response within 15 minutes once verified; - Major Incident response within 15 minutes once verified; - Minor Incident response within 1 hour once verified; - Advice Request response within 2 working days of request; In addition to our UK support team, we have a Global Network Operations Centre (NOC) who monitor all our platforms 24/7.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 A
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Onsite support
• Support levels: The UK Customer Service hours of operation are:; Office support: Monday - Friday, excluding public UK holidays, between 9:00 AM and 5:30 PM UK Time.; On call support: Provided from 6am to 10pm 364 days of the year excluding Christmas Day.; The Support team can be contacted via phone, email, or the Service Now Client Portal.; The Client Knowledge Base hosted on the Tickets.com Customer Portal contains feature-specific user documents and training videos accessible 24-hours per day, 7-days per week by authorised users. All Knowledge Base documents and videos are time-stamped and updated regularly to ensure relevance.; Additionally, we have a Network Operations Centre (NOC) monitoring our platforms 24/7 (i.e., Infrastructure, Network, Application and Database) utilising predictive alerts and notifications, communication, and resource management as preventative measures to significant incidents.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Tickets.com will coordinate a training plan specific to our client’s business needs and work with the Client Consultant to build a tailored training programme. ; ; Our ProVenue Trainers will design, develop, and deliver customised training solutions to ensure a strong knowledge base within the organisation. During the initial training period, our trainers will train the staff, from a "train-the-trainer" perspective. Our goal is to provide our clients with the training tools necessary to "own" the training of your policies and procedures to future staff using the ProVenue Platform. ; ; For those organisations that prefer ongoing, tailored, client-specific training, optional professional services engagements may be scheduled. ; ; All training occurs within a training environment in order not to impact live client data. Typically, five days of training is required for the system administrators and shorter durations for other departments. However, based on our clients scheduling and specific business needs, Tickets.com may schedule follow-up training on an as-needed basis. Additionally, the Client Knowledge Base within the Tickets.com customer portal contains feature-specific user documents and training videos that can be accessed 24 hours per day, 7 days per week by authorised users. All Knowledge Base documents and videos are time-stamped and updated regularly to ensure relevance
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
  • Other
• Other documentation formats: Video webinar
• End-of-contract data extraction: Tickets.com recommends using standard patron and transaction reporting and exports from ProVenue.
• End-of-contract process: Please note Tickets.com complies with all PCI-DSS controls and standards. As mentioned previously, Tickets.com recommends using standard patron and transaction reporting and exports from ProVenue. Any additional requests are quoted as a professional services engagement.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: ProVenue® is a browser-based, hosted web interface, designed to enable flexible, seamless integration of products and services as well as other 3rd party applications and is powered by an open technology platform. ; The ProVenue Reporting Portal can be accessed remotely and provides reports that are available in desktop and tablet interfaces.; MyProVenue is a next-generation web interface, entirely devoted to optimising the patron’s desktop and mobile ticketing experience. The intuitive interface streamlines everything from buying tickets to managing account preferences, all within a responsive framework that works on any device or browser.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: ProVenue is the back-office ticketing system where ticketing inventory is easily created and managed. The system facilitates ticket sales and allows for real-time online and offline ticketing transactions. ProVenue is a fully hosted web-based solution globally accessible.; Users are assigned various roles and permissions which limit the functionality available to users. Information related to specific patron accounts, events, packages, and order information are all able to be protected so that only privileged users can view this data.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: Tickets.com ensures that the ProVenue suite of services operates in a manner compliant with the Rehabilitation Act of 1973 and the Americans with Disabilities Act (ADA) of 1990 (42 U.S.C. 12101 et seq.), including to the extent applicable the accessibility requirements of WCAG 2.0 AA standards. Services are warranted to be performed in a professional and workmanlike manner in substantial compliance with applicable specifications.; Tickets.com maintains an ongoing commitment to provide accessible products to all ticket purchasers. For example, ProVenue accommodates accessible seating by providing functionality that permits hold codes to be placed on applicable seats, including companion seats, that box office users can access when such seating is requested. When an accessible seat is needed, the box office user simply changes to the appropriate hold code to lock seats. For internet purchases, Tickets.com offers patrons a self-service selection of accessible seats via best available and via the Seat Map in addition to having outside reviewers audit our ticket purchasing flow for compliance based on the standards under Web Content Accessibility Guidelines.
• API: Yes
• What users can and can't do using the API: Our open architecture enables third-party solutions to integrate seamlessly with ProVenue. Through the Registered Developer Program, Tickets.com customers can tap into the knowledge, expertise and experience of innovative solutions industry-wide, making Tickets.com clients integration capabilities virtually limitless.; Our Registered Developer Program benefits both venues and third-party solution providers. We provide developers with the tools necessary to seamlessly integrate their technology and services with the ProVenue platform. Our suite of open platform tools, including data replication services, data feeds, push services, and our REST-based real-time APIs provide access to critical data.; Development access is provided via a sandbox and to our Partner Portal, a web-based community where our partners have access to the latest documentation, community-based support, best practices, and frequently asked questions.
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
  • Other
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: ProVenue® provides a virtually unlimited number of customisable configuration options – system users, buyer types, events, event type, packages, price scales, user traits, promotions, offer codes, etc. ; ; Integrators and clients have the ability to build integrated solutions via our Registered Developer Program. These integrations leverage REST-based APIs, database replication, and data feeds to create a myriad of solutions. Through Tickets.com’s Registered Developer Program, our clients and their partners can create a bespoke solution that include services such as access control, CRM, dynamic pricing, inventory management, loyalty, membership, stored value, parking, seat upgrades, secondary market, etc.

Scaling

• Independence of resources: Tickets.com’s cloud based hosted infrastructure is a multi-tiered, high-availability architecture that provides a scalable footprint to deliver ProVenue in a Software as a Service model. The technology is designed to take advantage of best-of-breed open-source components. ProVenue provides different access and security models designed to support a variety of organisations and deployment options. ; Tickets.com can deploy a virtual waiting room for high demand on sales utilising Akamai. This solution protects high-demand on-sales. In addition to managing high volumes of traffic, this solution also detects and manages BOT and automated traffic.

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: Other locations
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: ProVenue offers a vast array of reports and exports to suit any venue’s needs. Our reports are exported into a CSV format which can be tailored and modified to be ingested into other systems. Tickets.com's support team as always is happy to provide guidance in this area, if custom exports are required please note professional service fees may apply. ; ; Additionally, through our Registered Developer Program, we offer integrators and clients, who join the program, the ability to build applications and integrations, leveraging our REST-based APIs, database replication product, Data Feeds, and Real-time Messaging.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • PDF
  • Excel
  • Embedded HTML
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • PDF
  • Excel
  • Embedded HTML

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Tickets.com achieves 99.9% plus system uptime. Systems are monitored 24/7 to ensure maximum availability, reliability, and performance. ; Full Service Level Agreements are available upon request.
• Approach to resilience: The ProVenue hosting environment has been designed to accommodate multiple disaster scenarios. To accomplish this Tickets.com maintains multiple hosting facilities, located throughout the United States and around the world as well as cloud-based services. Further information is available on request.
• Outage reporting: Tickets.com will first open an internal conference bridge for on-call engineers, the first-level team and the responding Incident Response Team (IRT) to gather. The Tickets.com Client Support team will next be notified, and they will in turn notify our clients. Depending on the level of the incident this communication may be made by phone or e-mail. Tickets.com is committed to ensuring minimum downtime while emphasising the importance of restoring the system in the shortest amount of time.; ; Furthermore, as part of our PCI DSS requirements, we have a formal internal incident response plan in place. This plan consists of six phases for any incident including preparation, detection, containment, notification, eradication and recovery, and post-incident reflection. We review our incident response plan and process annually; it is also audited by a third party annually.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: In ProVenue, users are assigned various roles and permissions which limit the information available to users on a need-to-know basis. Information related to specific patron accounts, events, packages, and order information are all able to be protected so that only privileged users can view this data. Each user is assigned a unique login which requires a password. All passwords are fully encrypted both during transmission and in storage. Only privileged users are allowed to create new accounts and to manually reset passwords. The user must create and rotate passwords using a password strength that meets PCI requirements.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: VikingCloud
• PCI DSS accreditation date: 31/5/23
• What the PCI DSS doesn’t cover: Everything Covered
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • PCI DSS 4.0 compliant
  • SSAE18 - SOC1 type 2 compliant
  • Data Centres are Uptime Institute Tier III certified facilities
  • HITrust standards
  • HIPAA compliant

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: PCI DSS compliant; PA-DSS compliant; SSAE18 - SOC1 compliant; Data Centres are Uptime Institute Tier III certified facilities; HITrust standards; HIPAA compliant; Offer connectivity to an average of 11 Network service providers per data center; Uptime Institute M&O Stamp of Approval (Management and Operations Approved site) Cyxtera Technologies
• Information security policies and processes: Tickets.com complies with all PCI and SOC1 requirements including but not limited to - ; • Internal Vulnerability Scanning; • External Vulnerability Scanning; • Intrusion Detection & Prevention (IDS); • Wireless Analyzer; • Penetration Testing; • File Integrity Monitoring; • Web-Facing Application Scanning; • Risk Management Review; Further information is available upon request.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: We employ a structured Software Development Life Cycle (SDLC) that includes the development of long-term strategic goals which helps drive our release planning and the inclusion of evolving security requirements as per Payment Card Industry Data Security Standards (PCI DSS) and Statement on Standards for Attestation Engagements (SSAE) No. 18. For example, Tickets.com Networks Department is responsible for the network infrastructure, including firewall management. All changes are subject to Tickets.com Change Management Policy. Users create a ServiceNow Change Request, where the scope is defined and assessed, a plan of action is made and any changes are built/tested before implementation.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: As a PCI-DSS Level 1 SAP-D-SP (Service Provider) audited company we perform a penetration test twice a year. we have a strong group of internal web, API, and network/system penetration testers who continuously assess apps and networks after each change. we leverage an attack surface management service, a network/system/application, and vulnerability scanners that continuously test our external security posture. Medium-critical findings are sent to the vSOC team for immediate handling. ; ; Tickets.com’s Security Team routinely reviews web-facing applications with Rapid7 InsightAppSec. Additionally, ModSecurity, Akamai, and Signal Sciences are used as web application firewalls (WAF) to protect the application from web attacks.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Tickets.com tests security controls, limitations, network connections, and restrictions to ensure the ability to adequately identify and stop any unauthorized access attempts.; As part of our PCI DSS requirements, we have a formal internal incident response plan in place. This plan consists of six phases for any incident including preparation, detection, containment, notification, eradication and recovery, and post-incident reflection. We review our incident response plan and process annually; it is also audited by a third party annually. Tickets.com is committed to ensuring minimum downtime while emphasizing the importance of restoring the system in the shortest time possible.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Tickets.com will first open an internal conference bridge for on-call engineers, the first-level team and the responding Incident Response Team (IRT) to gather details and facts. The Tickets.com Client Support team will next be notified, and they will in turn notify our clients. Depending on the level of the incident this communication may be made by phone or e-mail. Tickets.com is committed to ensuring minimum downtime while emphasizing the importance of restoring the system in the shortest amount of time.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Tickets.com is committed to promoting sustainability. Concern for the environment and promoting a broader sustainability agenda are integral to our professional activities and the management of the organisation. We aim to follow and promote good sustainability practice, to reduce the environmental impacts of all our activities and to help our suppliers, clients, and partners to do the same.; ; Our Sustainability Policy is based upon the following principles: ; • To comply with, and exceed where practicable, all applicable legislation, regulations, and codes of practice.; • To integrate sustainability considerations into all our business decisions.; • To ensure that all staff are fully aware of our Sustainability Policy and are committed to implementing and improving it.; • To minimise the impact on sustainability of all office and transportation activities.; • To make clients and suppliers aware of our Sustainability Policy and encourage them to adopt sound sustainable management practices.; • To review, annually report, and to continually strive to improve our sustainability performance. ; ; Tickets.com continues to work on sustainability initiatives with our parent company Major League Baseball who are also heavily invested in sustainability - please see further details here - https://www.mlb.com/mlb-together/green

  Covid-19 recovery

  Tickets.com worked closely with clients and colleagues during the Covid-19 Pandemic. ; ; We provided all clients with a Social Distancing Handbook, which focused on helping our clients, to safely bring patrons back to live events. ; ; We changed venue seating configurations, customised event sales by zones and reserved options, set up contactless purchasing, and offered unattended pedestal scanners for access control. ; ; All Tickets.com staff have access to our MLB Remote Work Policy and Guidelines.

  Equal opportunity

  Tickets.com provides equal employment opportunities (EEO) to all staff, potential staff, and other individuals without regard to race, religion or belief, sex, pregnancy or maternity, sexual orientation, nationality, national origin, ethnic origin, age, disability, gender reassignment, or marital or civil partner status ("Protected Characteristics").; ; Tickets.com complies with applicable laws governing non-discrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment, including hiring, placement, promotion, termination, redundancies, leave, compensation, benefits, and training.; ; Tickets.com expressly prohibits any form of unlawful harassment based on Protected Characteristics. Equal opportunity in employment is one of Tickets.com's highest priorities.; ; Tickets.com is committed to creating a workplace that promotes mutual respect, acceptance, teamwork, productivity and safe operations among people from all backgrounds. In this environment, values of fairness, integrity and respect for the individual should guide the efforts of all of our employees, as well as Tickets.com's policies and practices. It is imperative that Tickets.com continues to develop its understanding of how to value and manage the richness and strength of its diversity in order to achieve success. In addition, Tickets.com desires to compete successfully for the most qualified candidates in an increasingly diverse talent pool.; ; Our key objective is for Tickets.com to be a fair and professional workplace and to become the employer of choice for the most talented.; ; Tickets.com's commitment also extends to its supplier base. As we procure the many goods and services required to operate and strengthen our business, we establish and support business relationships with diverse businesses (women-owned, minority owned, veteran owned, LBGT-owned and other enterprises). We manage the Supplier Diversity effort through our Diverse Business Partners Program and believe that this business-to­ business strategy benefits Tickets.com and the communities we serve by broadening our selection of quality, competitive companies.

  Wellbeing

  T.CARES is our community outreach program that keeps growing. We support the communities where we work & live across the globe. It is the heart of what it means to have a human experience.; ; As a global organisation, the impact we can have on communities is huge. T.Cares is the umbrella under which we get to celebrate the contributions that have happened. Strong partnerships with our clients & organisations help the communities where we all work & live.; ; We are honored to work with a variety of nonprofit organisations & generous clients that provide charity fundraising, community services, & create unforgettable live experiences for those in need.; ; We also provide unique marketing opportunities through these philanthropic partnerships.; ; The wellbeing of our staff is of the upmost importance to us. We offer flexible working conditions, a range of health and wellbeing initiatives and a generous holiday package along with yearly pay reviews.

Pricing

• Price: £2,500 to £500,000 an instance a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at uk.sales@tickets.com. Tell them what format you need. It will help if you say what assistive technology you use.