CIVIC

Cookie Control GDPR Compliance solution

Cookie Control is a universal solution for GDPR cookie compliance. It's used for controlling, recording user consent, managing cookies on any platform. With an elegant user-interface that doesn't hurt the look and feel of a website. CookieControl helps you to fully comply with the GDPR, CCPA and IAB TCF 2.0

Features

• GDPR complience
• EU cookie law complience
• User Friendly
• Flexible User Interface
• CCPA and IAB TCF2.0 compliance
• Drupal, Wordpress, Joomla! modules
• Cross Platform
• Explicit Consent Model
• Third Party Cookies Opt Out Support
• GDPR Consent recording and management

Benefits

• GDPR complience
• EU cookie law complience
• GDPR Consent recording and management
• Multilingual
• Geolocation
• Subdomain support
• Flexible API
• CCPA
• IAB TCF2.0

£39 an instance a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@civicuk.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

704861157220677

Contact

Greg Rouchotas
0131 624 9830
gcloud@civicuk.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
• Service constraints: No constraints or limitations
• System requirements:
  • CMS
  • Website

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: For critical issues we respond within 0.5 hours.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), 7 days a week
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: We have done some testing to assistive technologies.
• Onsite support: Yes, at extra cost
• Support levels: -Paid support to cover all licence types; -We provide a technical account manager and cloud support engineer
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: The users can sign up on our website. Full deployment and user documentation is provided
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: The uses can extract their data in CSV format using our online service
• End-of-contract process: Removal of user accounts, user data and API keys

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
  • Windows Phone
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: There are no functional difference between the mobile and desktop version
• Service interface: Yes
• User support accessibility: WCAG 2.1 AAA
• Description of service interface: The use has full control of the application and consent records
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: We have done some testing to assistive technologies.
• API: No
• Customisation available: Yes
• Description of customisation: The interface and look and feel of the application can be customised via CSS. Users with a paid licence can customise the interface

Scaling

• Independence of resources: We operate multiple custers of servers to deliver the service and monitor the load to ensure optimal performance at all times.

Analytics

• Service usage metrics: Yes
• Metrics types: We can provide metrics for the usage of the service
• Reporting types: Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Physical access control, complying with another standard
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Users can export their data through our website in CSV format
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: We provide detailed SLAs for network and application uptime. The SLAs are available on request.
• Approach to resilience: We operate multiple clusters of servers to deliver performance and resilience. The infrastructure is constantly monitored by our automated tools and alerts are raised for any event that needs intervention by our support team. DDOS protecting in place.
• Outage reporting: Any outages are reported via email.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: Access to management interfaces is available only via private or VPN links. Two factor authentication is required to access these links
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: QMS International
• ISO/IEC 27001 accreditation date: 13/05/2008
• What the ISO/IEC 27001 doesn’t cover: Nothing
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • DCI Cyber Essentials
  • ISO 27001:2013

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: We have a number of information security policies as dictated by ISO 27001. These include: -Information Security Policy -Access Control Policy -Anti-Piracy Policy -Backup Policy -Bring your own device (BYOD) Policy -Cloud Computing Policy -Email & Internet Acceptable Usage Policy -Leaving Policy -Network Systems Monitoring Policy -Password Policy -Remote Access and Mobile Computing Policy -Social Media Policy -Virus Protection Policy Our information security manual is reviewed and tested annually. The testers and external auditors report their findings to the board.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: We control our configuration and change management processes through our ISO27001 and ISO9001 policies
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We use external third parties to perform penetration testing on a regular basis. We also use internal industry standard scanners to perform bi-weekly penetration tests. IDS software is employed to ensure there are no breaches. We monitor all major security lists to ensure we are notified of any threats in a timely manner.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We use internal and external monitoring and Intrusion detection systems to identify potential problems or compromises. In the event of a potential compromise our board level security officer is notified as well as the potentially affected clients. We respond to potential incidents immediately.
• Incident management type: Supplier-defined controls
• Incident management approach: We have a number of processes to deal with common events through our ISO27001 and ISO9001 processes. Users can report incidents via email, telephone or online through our issue tracking system. We provide reports and root cause analysis reports via email.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  With the understanding that Climate change is one of the largest risks to the world future, CIVIC has taken positive actions that will help to reduce its impact it has on the climate. These steps include:; - Using suppliers with sound environmental polices.; - Purchasing equipment that has the best possible energy rating; - Increased use of virtualisation and cloud software to reduce the energy demands; - Increased use of remote conferences, reducing the impact of travel; - When travel is required, the focus is on transporting staff on public transport.; - The use of natural light within the office and fitting of energy-efficient lights; - Look to implement 100% recycling ; - Recycle or donate all electronics; - The majority of staff now work virtually, further reducing travel; - One of our Board members has been involved in mentoring a team in the Fuel Change Challenge and continues to offer support.
• Covid-19 recovery:

  Covid-19 recovery

  The effects of the Covid-19 Pandemic has impacted us all and CIVIC has looked at ways to support our staff, customer, suppliers and our local communities that include.; - Recruiting people with a focus on further training, allowing people who have lost jobs in other industries an opportunity to retrain; - Supporting our staff with their recovery and allowing changes in their working environments/relationships that allow them to support their family and communities; - Allowing customers flexibility in contract terms, so that they can continue in business and finding other ways to support them; - Implemented a flexible working plan, where people can be onsite or offsite, depending on their comfort level; - Improved space and working environment for each staff member; - Giving staff the time, space and support to discuss how they are feeling and to provide support, where necessary
• Tackling economic inequality:

  Tackling economic inequality

  CIVIC undertakes the following actions to tackle Economic equality; - Support startups and small business with mentoring; - Encourage and support in undergoing further education; - Recruiting people with a focus on further training, allowing people who have lost jobs in other industries an opportunity to retrain; - Staff have developed and supported CPD objectives that allow them to develop and increase their opportunities; - Embrace and support emergent technology in our supply chain to provide growth and leverage the opportunities; - Actively engage our supply chain in the bidding process and support them in achieving the levels needed to deliver the service; - Work with suppliers and staff to improve their resilience, both financially and logistically (examples of this have been helping with improving remote working)
• Equal opportunity:

  Equal opportunity

  CIVIC actively works towards equality in the following ways:; - We have worked with our Neurodiversity staff to make the environment pleasant and made sure they that have any tools and support that is required; - Training is available to any staff member who is interested and is discussed during the hiring process to make sure that people have the support to improve; - Our staff support several charities that focus on inclusion for disabled people, and this behaviour is encouraged.; - We support our staff who decide to undertake further education, making sure that they have the time and flexibility to both work and study. This support is also in most cases financial; - We deliver training on modern slavery to our staff at the regular all-staff meetings and have appointed Directors for them to flag any concern that they have about CIVIC, our suppliers, or customers; - Likewise, we do not discriminate on any perceived groupings such as race, sex, background when hiring or promoting staff and this can be seen by the naturally occurring diversity within our staff, the management team and Board; - We have regular staff assessments, which include pay and mobility that we oversee to make sure of equality.
• Wellbeing:

  Wellbeing

  The wellbeing of our staff and wider working environment is critical to our activities:; - Our staff have designated individuals to raise any concerns to that are not part of their normal management structure; - With our staff who may require support, an assessment of the possible support and a discussion on what is practical is undertaken, at which point a Board member is made responsible for the followup; - Our office and working environments are audited to make sure Ca they are safe; - Staff are made aware of mental heath through discussion and training and we endeavour to offer support to any member of staff that needs support; - We encourage staff to engage with the community, an example is the support of the openuk inclusivity agenda for open-source in the UK

Pricing

• Price: £39 an instance a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Full use of cookie control.; Not all types of interfaces are included.; There is no limitation on the time period.
• Link to free trial: https://www.civicuk.com/cookie-control

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@civicuk.com. Tell them what format you need. It will help if you say what assistive technology you use.