GRANICUS-FIRMSTEP LIMITED

EngagementHQ - Patient engagement software for improving healthcare

EngagementHQ is the world's leading public consultation platform, where healthcare professionals can engage with the communities they serve to reduce healthcare inequality. EngagementHQ turns stakeholder input into actionable insights so public health investments and innovations are patient-centred, cost-effective, and aligned to local care expectations.

Features

• Participation Tools: Surveys, Quick Polls, Discussion Forums, Ideation, Interactive Mapping
• 24 / 7 Expert Moderation and denylist filtering
• ISO27001, GDPR (General Data Protection Regulation) and WCAG 2.1 Certified
• Multi-Department Hubs (Private and Public)
• Real-time feedback, custom reporting dashboards, and sentiment analysis
• Participant Relationship Management (PRM) database with audience segmentation
• Email campaigns, project subscriptions & notifications
• Embeddable tools for cross-channel engagement
• Single Sign On (SSO), Draft sharing, pre-built templates, user-access controls
• Integrations Library & API Access (Participatory Budgeting, Email Marketing)

Benefits

• Coordinate engagement programs from beginning to end across the IAP2-spectrum
• Outsource moderation and ensure a safe space for your community
• Mitigate risk, adhere to equity standards, and ensure inclusive participation
• One engagement platform for all your organisation’s needs
• Identify, reach and hear from underrepresented population groups
• Centralise and analyse real-time community data
• Automate closed-loop communications and build community trust
• Gather cost-effective and scalable insights across your technology stack
• Streamline internal processes, review and approvals
• Access data through our APIs and Integrate with third-party services

£6,000.00 a unit a year

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at uksalesteam@granicus.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

705842887644625

Contact

Asim Ali
0800 048 7518
uksalesteam@granicus.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Granicus govService, Granicus govDelivery, Granicus TMS, Granicus Engagement HQ, Granicus Experience Group (GXG), Granicus Government Experience Cloud (GXC).
• Cloud deployment model: Public cloud
• Service constraints: None
• System requirements:
  • Supported web browser
  • Connection to the Internet

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Please see our licence agreement for further information.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: No
• Web chat support: Web chat
• Web chat support availability: 24 hours, 7 days a week
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: Web chat solution is tested to meet accessibility standards.
• Onsite support: Yes, at extra cost
• Support levels: Support is standard and included within the license. This includes full access to our online support desk which can be accessed via our online portal, email, and live chat.; ; Our service includes access to a Customer Success manager, whose role is to help customers to get the best use of our service offering ideas and sharing best practice and the experience of the user community.; ; Access to our govCommunity portal is also included, providing a collaborative environment to discuss, learn and share with other platform customers.; ; Please see our Service Description document for further details and information about additional support levels.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We offer an implementation manager who will coordinate all the Granicus aspects of the online training and account set up. They will build out the account, working directly with the customer's team to ensure that online training sessions are set up at convenient times. All sessions are exclusive to the customer and can be recorded for future reference. Online documentation is available, as are webinars both live and recorded.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: Should a customer decide to cancel their agreement, the customer's data can be accessed and downloaded via the portal in Excel and PDF format.
• End-of-contract process: Decommissioning is included in the licence cost. Granicus will confirm the date on which customer access will be terminated.; ; Granicus will then decommission the service in line with its security and decommissioning policies. Applicable data will be available to download via the portal in Excel and PDF format for a 90 day period.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The end user interface has been designed/optimised for both desktop and mobile devices. The back office administrator interface, while not designed or tested specifically for mobile devices, allows access to features.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: The platform includes a browser based web interface which allows users to access the service directly from a web browser.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: The platform aims to meet WCAG AA standards utilising standard in-built browser accessibility features.
• API: Yes
• What users can and can't do using the API: The platform has a comprehensive set of contribution API's which allows developers to integrate and extend the service capabilities. API information is available to customers on certain licence types only.
• API documentation: Yes
• API documentation formats:
  • HTML
  • Other
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: Clients have full control over customisation using the content management features of system. Custom branding, look and feel, layout aspects, templates and styles can be managed using this functionality.

Scaling

• Independence of resources: EngagementHQ is a multi-tenanted platform, hosted using Amazon Web Services (AWS) EC2 Elastic Computing environment which allows the platform to scale with demand. Each account is securely separated from each other and all the resources are managed as a large pool. This architecture scales horizontality based on overall workload, enabling the platform to process millions of transaction per year and to be scaled for many more as required.

Analytics

• Service usage metrics: Yes
• Metrics types: EngagementHQ provides an array of reporting options including:; ; • Site-wide Activity; • Project Activity; • Engagement Tool Activity; • Participant Demographics and Traffic Sources; ; EngagementHQ incorporates a key matrix of Aware-Informed-Engaged (AIE) visitor typology providing detail of site or project visitation and how informed and engaged visitors are with the site and individual engagement projects.; ; • Aware visitors have visited a site or project; • Informed visitors have sought to find our more information by accessing resources within a consultation project; • Engaged visitors have provided feedback on your consultation project; ; Please see our service definition for further details.
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Users with appropriate administration permissions (set by the customer) can export their data at any time via the portal. Information can be transferred via the APIs.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • Excel
  • PDF
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network:
  • IPsec or TLS VPN gateway
  • Other
• Other protection within supplier network: Please contact us for further details.

Availability and resilience

• Guaranteed availability: Availability is 99.75%.
• Approach to resilience: EngagementHQ is hosted on Amazon Web Services (AWS) infrastructure and leverage their high availability infrastructure. Our application is hosted with an auto recovery instance for the application server, ensuring that in in any hardware failure, the instance is capable of recovering automatically and instantly without manual intervention. Data in stored within a mySQL database on AWS RDS. Amazon RDS has multiple features that enhance reliability for critical production databases, including automated backups, DB snapshots, automatic host replacement, and Multi-AZ deployments. Within each AWS region AWS provides availability zones (AZs) with a choice of 2 or more zones. Each AZ is a fully isolated partition of the AWS infrastructure with data centres that have redundant power, networking and connectivity, which are independently powered and cooled and have their own network and security architectures. AZs are insulated from the failures of other zones in the group. Replicating our database across multiple AZs, significantly reduces the chance of total outage or failure.; ; Application and database recovery is automatic with transactional integrity, near zero data loss and no manual intervention required.; ; Our Disaster Recovery Plan is tested annually or when there is a major change in our environment, either to our infrastructure or application.
• Outage reporting: Service status is communicated via our customer portal, email alerts and SMS alerts.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
• Other user authentication: Authentication is required for clients. Authentication for the public/citizens is optional.
• Access restrictions in management interfaces and support channels: Access restricted by user permissions and role base permissions.
• Access restriction testing frequency: At least every 6 months
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: Reviewed 19/01/2021
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Granicus has many security policies and processes that support both ISO 27001:2013, the NCC Cloud Security Principles and FedRAMP (based on NIST 800-53r4), covering everything from physical security to system communications to vendor security. Processes are created for each NIST 800-53 control family and are documented on an internal wiki site.; ; All employees are required to sign an Acceptable Use Policy that spells out the requirements. Failure to follow the security policies/processes can result in disciplinary action from Human Resources, up to and including termination.; ; Please contact us for specific details.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: We use the latest versions of web application frameworks such as Ruby on Rails and React JS, supporting advanced security practices. We have a strong SDLC process in place incorporating code management tools (Github), versioning and change management processes.; ; We have robust automated testing, build process, and application monitoring in place to ensure high-quality and successful deployments of regular updates and new feature/functionality.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: A quarterly comprehensive Vulnerability Assessment and Penetration Testing (VAPT) of EngagementHQ is carried out by an independent CREST-certified security tester.; ; Our VAPT checks for OWASP top ten and other common vulnerabilities such as:; o Injection – SQL, Command, CSS, Textile; o Session management; o Cross Site Scripting; o Insecure Direct object reference; o Security Misconfiguration; o Sensitive Data disclosure; o Privilege escalation/Access Control; o Cross-Site Request Forgery – CSRF; o Components with known vulnerabilities; o Redirects and Forwards; o File Uploads
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Granicus utilises both network and host-based intrusion detection systems that send logs to a centralised location for proper correlation.; ; If a compromise is suspected, the incident response team is mobilised to investigate and confirm/deny the actual breach. If a breach is confirmed, the customer support team reaches out to all impacted customers immediately and provides updates every 20 minutes until the issue is contained (the same process is used for any incident). A root cause analysis (RCA) is then provided after the remediation, generally within 48 hours.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Incident management is performed in accordance with Granicus’s ISO27001 accredited incident management process which identifies the flow from incident detection to remediation, including many high-level processes.; ; Customers can report incidents to support. This kicks off the process, which includes automatically generating a ticket and beginning the triage process.; ; Internally, a detected incident is reported to customer support so that the team can communicate to any impacted customers. Updates are sent every 20 minutes for severity 1 issues.; ; For impactful incidents, after it is remediated, a root cause analysis (RCA) is provided to impacted customers, generally within 48 hours.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  Climate change discussions necessitate flexibility to promote meaningful dialogue. EHQ is the only unified platform providing 8 comprehensive engagement tools in three environments, within which tools can be blended to work for your particular audience and topics to broaden engagement and reach. (e.g. ‘Forums’ and ‘Ideas’ output can be used to subsequently develop Stories, launch Q&A sessions, or drive polls and surveys). Dialogue order and timing can be clearly displayed in the consultation timeline.; ; Many of our global clients have successfully used EHQ to engage on climate topics. ; ; One UK council mounted a video highlighting the climate change issue and how local action could make a difference. They provided information sources, asked residents for ideas on what the Council could do and invited questions to the cabinet. Another city council collects ideas on improving air quality online before a citizens’ assembly. ; ; A Canadian city packed their site with information resources and events leading to their longer term climate action plan release. The community utilise ‘QandA’ to ask questions, many of those submitted actually ideas querying what the city can do or urging that people need to do something themselves.; ; A US city government ask residents to sign up to a Climate Emergency Taskforce to share how individuals can make a difference. Another council has dedicated their site to getting the community ‘climate ready’.; ; An Australian shire council ran a remarkably constructive and positive open discussion forum on aspects of their carbon reduction plan. Another location received great feedback ideas from the community when asked how to reduce emissions.; ; A NZ regional council engaged its community around the changing tides, coastal erosion and rising sea levels but focused directly on practical aspects of managing changes coastal areas are going to experience.
• Covid-19 recovery:

  Covid-19 recovery

  COVID-19 has had an important impact on community engagement. Many individuals felt isolated, no longer having the opportunity to conduct meaningful face-to-face dialogues with officials. Government agencies experienced a similar challenge, since formal engagement and consultation approaches depended heavily on in-person interactions with participants, coupled with surveys and postal delivery of consultation reference information such as town plans. Lockdown conditions effectively stalled everyone’s ability to conduct critical consultation activities that were properly representative of their residents’ and constituents’ needs.; ; Communities quickly used existing EHQ sites or set up new sites to discuss and develop strategies, to manage and support community, business and individuals cope with the pandemic, as well to resume consultation activities in a safe, hybrid environment. ; ; As agencies begin to move to the Government’s ‘Living with COVID’ plan, there will still be a need to support COVID-related revised working environments or residents impacted by COVID. EHQ discussion and survey functionality can help to identify local requirements and challenges for such training/re-training initiatives as apprenticeship or work placement programmes for young adults.; ; Through survey, moderated discussion and formal consultation, councils can springboard initiatives to analyse local employment, business and supply chain requirements and then develop strategies to sustain and grow the economy. The resulting efficient, two-way communication between local business, council and citizens can include as a key focus specific needs of post-COVID participants. ; ; The pandemic has been a significant event in the world’s history; each community must find ways in which to discuss, record, acknowledge and celebrate local significant events and achievements. Many councils are beginning to use EHQ’s stories and forums features to capture COVID experiences through written, audio and video accounts. For example, COVID volunteer communities could be set up to share volunteering stories and opportunities, while inspiring and engaging potential future interest.
• Tackling economic inequality:

  Tackling economic inequality

  Government agencies could facilitate efficient, multi-way communication among local business, suppliers, citizens and themselves through EHQ tools for survey, mapping, moderated discussion and formal consultation. They can springboard initiatives with local businesses to identify high growth sectors; determine local gaps in demand; analyse supply chain requirements and develop strategies to encourage consistent inclusion of existing local businesses in supply chains or sponsor new business development to address gaps in the economy. ; ; Support for and promotion of local employment opportunities can be provided via EHQ. Councils can for example provide EHQ Q&A and forums for local employers’ information, targeting, if required, particular industry sectors, locations or other focus; schedule joint “open house” or discussion sessions with organisations such as the Chamber of Commerce; promote opportunities via news feeds; supply “Did you know?” type resources; provide forms to register interest or make enquiries.; ; EHQ discussion and other tools can also help gain intelligence regarding local requirements, opportunities and challenges for such training initiatives as apprenticeship or work placement programmes. Specific demographic information (e.g. for young adults or adults who lost employment due to the pandemic) will help match training to current skills gap. ; ; Complementary newsfeed notifications would both promote and inform on the progress of these endeavours.
• Equal opportunity:

  Equal opportunity

  Many socially-disadvantaged or at-risk residents can find it difficult to take part in community consultation and engagement activities; government agency staff may be struggle to identify and reach these individuals so that their views and needs are consistently included to achieve representative participation.; ; EHQ is the only unified platform providing 8 comprehensive engagement tools in three environments, within which tools can be blended to work for a particular audience and topics to broaden engagement and reach. The tools are accessibility compliant and offer a range of approaches to participation, ranging from traditional surveys to forum, stories and ideas, plus the ability to contribute in written, audio, video and graphical image formats. Sites are compatible with all modern Web browsers and popular accessibility booster tools.; ; Using EHQ to consult the community, agencies can conduct hybrid engagements to suit the availability and access requirements of a wide range of citizen participants. By mounting consultation projects to first identify gaps in service provision, ideas for new service requirements and areas of need in the community and ensuring that the right participants take part, agencies can form a roadmap for improvement. The platform can subsequently springboard subsequent consultations and involve the community in forming strategies for employment, training and care/support initiatives. ; ; The Australian Government’s consultation about the need for a national disability insurance scheme gathered rich personal stories online to drive profound public policy change. Moderated forums provided spaces for stakeholders to discuss technical legislative and policy questions. The guestbook was used to gather about 300 moving personal stories. Both forums and guestbook were supported by a range of hosted media including documentation, FAQs, video and images. The compelling outputs helped to drive the policy debate that eventually lead to the Disability Care legislation.
• Wellbeing:

  Wellbeing

  Our customers can employ EHQ’s range of comprehensive engagement tools to explore community requirements, assess the current local situation or even evaluate proposed council plans for improvements or change. The forums, ideas and stories features, coupled with polls and surveys, can help collect meaningful insights from residents in a safe environment. ; ; For example, consultations about walking, hiking and biking trails or leisure facilities lead to informed planning and design influenced by those who will use and benefit from the spaces under consideration. Similarly, a council could conduct engagement exercises to investigate the need for physical or mental health resources to support residents impacted by the pandemic.; ; EHQ can be also used effectively to develop and support user communities around specific healthy living or wellbeing themes. Early years and childcare topics, for instance, could springboard EHQ discussions, story sharing and idea exchanges with local parents to support their journeys with growing families. If this engagement were dovetailed with focused govDelivery newsletter educational content, participants could both engage and learn with others in similar situations. The council sponsoring the user communities could also gain useful insights about the group’s attitudes or needs through quick polls or surveys, which could later generate specifically-focused consultations.

Pricing

• Price: £6,000.00 a unit a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Limited trial subject to scoping

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at uksalesteam@granicus.com. Tell them what format you need. It will help if you say what assistive technology you use.