GRANICUS-FIRMSTEP LIMITED

Targeted Messaging Service (TMS)

Targeted Messaging Service (TMS) forms part of the unique govDelivery platform and network. It is a Software-as-a-Service solution that makes critical, large-scale email and SMS communication between government and the public more effective and reliable. TMS enables highly personalised, one-to-one and one-to-many messages with citizens and organisations.

Features

• Easily integrate with legacy applications via TMS APIs
• All interactions with TMS are encrypted over SSL
• No Mass emailing restrictions
• Automated service
• Deployment does not require significant time, resources on your part
• Statistics provided to help measure engagement/interaction
• Analytical tools included
• ISO 27001 certified company and fully GDPR compliant

Benefits

• No need for new business process
• Highly secure encrypted over SSL
• Fulfils public expectations for digital interaction
• Ensures message delivery to stakeholders
• Unlimited mass mailing ability
• Statistics provided to help measure engagement/interaction
• All data handled in accordance with ISO27001 and GDPR

£1,308.00 a unit a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at uksalesteam@granicus.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

673419968311853

Contact

Asim Ali
0800 048 7518
uksalesteam@granicus.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Granicus govService, Granicus govDelivery, Granicus TMS, Granicus Engagement HQ, Granicus Experience Group (GXG), Granicus Government Experience Cloud (GXC)
• Cloud deployment model: Public cloud
• Service constraints: None
• System requirements:
  • Supported web browser
  • Connection to the Internet

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Please see our licence agreement for further information.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: Web chat solution is tested to meet accessibility standards.
• Onsite support: Yes, at extra cost
• Support levels: Support is standard and included within the license. This includes full access to our online support desk which can be accessed via our online portal, email, phone and live chat.; ; Our service includes access to a Customer Success manager, whose role is to help customers to get the best use of our service offering ideas and sharing best practice and the experience of the user community.; ; Access to our govCommunity portal is also included, providing a collaborative environment to discuss, learn and share with other platform customers.; ; We offer regular free webinars for customers to help brush up their skills and review the potential use of additional services.; ; Please see our Service Description document for further details.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We offer an implementation manager who will coordinate all the Granicus aspects of the online training and account set up. They will build out the account, working directly with the customer's team to ensure that online training sessions are set up at convenient times. All sessions are exclusive to the customer and can be recorded for future reference. Online documentation is available, as are webinars both live and recorded. When the account is live a Customer Success Consultant is appointed to help support the customer with ideas and explain new developments and share best practice.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: Should a customer decide to cancel their agreement, the customer's data will be returned securely via a CSV file.
• End-of-contract process: Decommissioning is included in the licence cost. Granicus will confirm the date on which customer access will be terminated.; ; Granicus will then decommission the service in line with its security and decommissioning policies. Applicable data will be returned securely via a CSV file.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The end user interface has been designed/optimised for both desktop and mobile devices. The back office administrator interface, while not designed or tested specifically for mobile devices, allows access to features.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: The main service features to send messages are accessed via API. The platform includes a browser based web interface to view reporting metrics.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: The platform aims to meet WCAG AA standards utilising standard in-built browser accessibility features.
• API: Yes
• What users can and can't do using the API: The platform has a comprehensive set of open API which permits extensive use of the service, allowing sms, email and voice messages to be sent. Full information on the API can be found at http://developer.govdelivery.com; ; Further API information is available on request.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Clients have full control over the personalisation of the service including the content sent and where applicable branding, look and feel (for email).

Scaling

• Independence of resources: Targeted Messaging Service is a SaaS application and is based on a multi-tenant type of architecture. Each account is securely separated from each other and all the resources are managed as a large pool. This architecture scales horizontality based on overall workload.

Analytics

• Service usage metrics: Yes
• Metrics types: TMS reports provides real-time management data specific to the activity completed in your account.
• Reporting types:
  • API access
  • Real-time dashboards
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: Other locations
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Customer with appropriate administration permissions (set by the customer) can export their data at any time via the govDelivery portal. Information can be transferred via the APIs if previously integrated; ; Users with appropriate administration permissions (set by the client) can export their data at any time via the portal. Information can be transferred via the APIs.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network:
  • IPsec or TLS VPN gateway
  • Other
• Other protection within supplier network: Please contact us for further details.

Availability and resilience

• Guaranteed availability: Availability is 99.00%.
• Approach to resilience: GovDelivery has redundancy built into each of its Tier 3 two data centers. Redundant switches, load balancers and firewalls allow maintenance on an individual network device with no customer impact. The server infrastructure is completely virtual and the build process has been automated so that extra capacity can be added in minutes when needed. In the case of a complete datacentre failure, processing would failover to the secondary data centre that is 1,000 miles away. Data is replicated in near-real time between the two centres to ensure a short Recovery Point Objective (RPO).
• Outage reporting: Service status is communicated via our customer portal, email alerts and SMS alerts.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
• Other user authentication: Authentication is required for clients. Authentication not required for public/citizens.
• Access restrictions in management interfaces and support channels: Access restricted by user permissions, role based access controls and 2FA.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: Reviewed 26/03/2022
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: FedRAMP

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Granicus has many security policies and processes that support both ISO 27001:2013, the NCC Cloud Security Principles and FedRAMP (based on NIST 800-53r4), covering everything from physical security to system communications to vendor security. Processes are created for each NIST 800-53 control family and are documented on an internal wiki site.; ; All employees are required to sign an Acceptable Use Policy that spells out the requirements. Failure to follow the security policies/processes can result in disciplinary action from Human Resources, up to and including termination.; ; Please contact us for specific details.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Tickets are created for all changes. These tickets include information on potential customer impact, QA steps, and a backout process. The changes are all reviewed at change management meetings and must be approved before being implemented. Changes are also reviewed for potential security impact.; ; Individual physical components are tracked through a combination of an asset inventory and through the ticketing system that identifies the components that are changing.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: The entire infrastructure (application, database, servers/devices) is scanned on a monthly basis. A ticket is created for each identified vulnerability for tracking throughout the lifecycle, and an internal remediation timeline is set depending on the severity. Teams meet weekly to review the vulnerabilities and identify timelines and ensure that issues aren't missed.; ; In addition to scanning, Granicus subscribes to the UK National Cyber Security Centre, US-CERT and individual vendor security mailing lists so we are notified when important vulnerabilities are identified. Tickets are created for each of these as well and follow the same process as scans.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Granicus utilises both network and host-based intrusion detection systems that send logs to a centralised location for proper correlation. If a compromise is suspected, the incident response team is mobilised to investigate and confirm/deny the actual breach. If a breach is confirmed, the customer support team reaches out to all impacted customers immediately and provides updates every 20 minutes until the issue is contained (the same process is used for any incident). A root cause analysis (RCA) is then provided after the remediation, generally within 48 hours.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Incident management is performed in accordance with Granicus’s ISO27001 accredited incident management process which identifies the flow from incident detection to remediation, including many high-level processes.; ; Customers can report incidents to support. This kicks off the process, which includes automatically generating a ticket and beginning the triage process.; ; Internally, a detected incident is reported to customer support so that the team can communicate to any impacted customers. Updates are sent every 20 minutes for severity 1 issues.; ; For impactful incidents, after it is remediated, a root cause analysis (RCA) is provided to impacted customers, generally within 48 hours.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  Traditional marketing and newsletter approaches to government communications have depended heavily on the use of paper-based publications delivered to resident households by post or other means. This approach carries a significant carbon footprint, even when the newsletter is recycled. In addition, the ability to share the newsletters or highly personalise its contents is extremely limited. ; The addition of email publication services significantly reduces the carbon footprint of newsletter production, but the delivery reliability or consistency can vary depending on the service used to perform the delivery. ; ; Organisations with large user bases (e.g. central government benefits, licensing, taxation, healthcare, education or other bodies) need to send high volume bursts of similar messages targeted to specific individuals. They encounter a number of challenges: time and effort is required to personalise and process the bulk email transmissions; internal email systems are often slowed or stalled by the volume of transmission. Data security may not be considered sufficient to transmit personal information electronically, so many organisations have continued to send some communications via post or courier. These disconnected transactions, create additional timeliness and delivery risk issues and nullify any carbon footprint gains offset by email transmissions.; ; Granicus Targeted Messaging Service (TMS) is partnered with our ISO 27001-accredited communications platform and linked to your existing user database or system via API. Organisations can send regular large-scale message transmissions containing highly-personalised confidential information (e.g. license renewals, tax statements, benefit decisions) quickly, reliably and securely via email and SMS. Granicus’ trusted relationship with ISPs as a ‘government only’ software provider ensures a consistently high delivery rate. With TMS, a large-scale digital message transaction has a significantly lower environmental impact while its delivery is secure, consistent and timely.
• Covid-19 recovery:

  Covid-19 recovery

  Many of our clients have acknowledged the sheer communications power they could harness during the pandemic by leveraging our cloud platform’s ability to quickly set-up and relay critical messages. Almost 4 billion COVID-related messages were sent to help communities access the critical information and services they needed to navigate the rapidly-evolving COVID situation, locally and nationally.; ; During the same period, however, when organisations with large user bases (e.g. central government benefits, licensing, revenue, healthcare, education or other bodies) needed to send high volume bursts of similar messages targeted to specific individuals, they encountered a number of challenges: time and effort was required to personalise and process the bulk email transmissions; internal email systems were often slowed or stalled by the volume of transmission; if an external email service was used, the deliverability was often low. Data security was not considered sufficient to transmit personal information electronically, so many organisations continued to send postal communications. This both disconnected transactions and created additional timeliness and delivery risks.; ; Granicus Targeted Messaging Service (TMS) is partnered with our ISO 27001-accredited communications platform and linked to your existing user database or system via API. Organisations can send regular large-scale message transmissions containing highly-personalised confidential information (e.g. license renewals, tax statements, benefit decisions) quickly, reliably and securely via email, SMS and voice message. Granicus’ trusted relationship with ISPs as a ‘public sector only’ software provider ensures a consistently high delivery rate for email.; ; As agencies move to the Government’s ‘Living with COVID’ plan, there will still be a need for COVID-related communications topics. Staff have started to shift existing content and topics to address specific areas of ongoing need in their area, such as promoting local retraining/recruitment initiatives or providing information, support to those residents impacted by the disease and funding to help residents financially recover.
• Tackling economic inequality:

  Tackling economic inequality

  Organisations who utilise the govDelivery already know the value of being able to reach out to large networks of citizens. But what if you could go a step beyond that to reach out to citizens one-to-one? It would be a crucial component in helping to drive your outcomes, such as reducing Economic Inequality.; ; Our Targeted Messaging Service (TMS) can help with these efforts. Targeted messages can provide specific resources and information for an individual recipient, such as an acknowledgment of signing up for an email list or financial guidance, a reminder about a grant application, or even an appointment reminder. It allows for millions of personalised messages to be sent at once via email, sms and voice message, which saves printing, labour, and postage costs while still connecting with citizens on a personal level.; ; By using TMS, your organisation can help to promote employment opportunities, keep users in the loop on economic support packages, support local businesses and drive any other outcomes and behaviours to help you tackle inequality. The content of the personalised messages are entirely within your control, allowing TMS to support your strategic outcomes such as making society fairer or supporting specific groups or individuals.
• Equal opportunity:

  Equal opportunity

  Traditionally, many socially-disadvantaged or at-risk customers may have found it difficult to connect, interact and keep current with local provider news, services and support; conversely, provider staff may be challenged to identify and reach these individuals so that their views and needs are heard and addressed.; ; Paper-based messages delivered to households limit the audience to mainstream audiences. Those without a fixed address, or who find it difficult to assimilate non-digital written content without aids are inherently excluded from the information contained in a publication; furthermore, the content may not be relevant to these individuals.; ; By using Granicus TMS to distribute digital community information, our clients can ensure that a wider range of their customers receive their messages and can be engaged in their communications strategy. This not only includes email, but also SMS and voice message capability, allowing you to choose the medium most suited to your target audience.; ; Organisations with large user bases (e.g. central government benefits, licensing, revenue, healthcare, education) may need to send high volume bursts of similar messages targeted to specific individuals. If the content requires detailed personal information to ensure the messages reach a large but specific audience, this may not be possible with existing systems.; Granicus Targeted Messaging Service (TMS) is partnered with our ISO 27001-accredited communications platform and securely linked to your existing user database or system via API. Organisations can send multiple large-scale message transmissions containing highly personalised confidential information (e.g. license renewals, tax statements, benefit decisions) quickly, reliably and securely via email, SMS and voice message. Granicus’ trusted relationship with ISPs as a ‘public sector only’ software provider ensures a consistently high delivery rate for email ensuring none of your customers are excluded from your communications.
• Wellbeing:

  Wellbeing

  Increasingly, agencies are establishing corporate goals to promote healthy living and wellbeing for residents and general community. Theses may include improving patient experiences throughout hospital and doctors’ surgery journeys.; However, when organisations with large user bases (e.g. central government benefits, healthcare, education) must send high volume message bursts containing information targeted to specific individuals, they might encounter a number of challenges: time and effort is required to process personalised bulk email transmissions; internal email systems may be slowed by the volume of simultaneous transmission; if an external email service is used, the deliverability is often low. If data security is not be considered sufficient to transmit substantial personal information electronically, some organisations continue to post some communications. This both disconnects transactions and creates additional timeliness and delivery risk issues.; ; An important example is recurring health screening programmes administered by health services on a national basis. Although general appointment emails/text messages may be sent to individuals from the health service, a detailed letter is also posted. In addition, results of the screening are not sent electronically, but rather by post. The waiting period and disconnection have a definite impact on patience experience and wellbeing.; ; Granicus’ Targeted Messaging Service (TMS) is partnered with our ISO 27001-accredited communications platform and linked to your existing user database or system via API. Organisations can send regular large-scale message blocks containing highly-personalised confidential information (e.g. license renewals, tax statements, benefit decisions) quickly, reliably and securely via email, SMS and voice message. Granicus’ trusted relationship with ISPs as a ‘public sector only’ software provider ensures consistently high delivery rates for email, ensuring none of your customers are excluded from your wellbeing communications.

Pricing

• Price: £1,308.00 a unit a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at uksalesteam@granicus.com. Tell them what format you need. It will help if you say what assistive technology you use.