Go Vocal

Go Vocal (Previously CitizenLab) - Digital consultation and engagement platform

Go Vocal is the all-in-one platform for community consultation and engagement. Reach your residents and other stakeholders using a wide set of methods, manage their input efficiently, and receive automated insights to better inform decision-making.

Features

• Complete digital public consultation and engagement toolbox
• White label: custom branding on platform and pages
• CRM: User management & mailing
• Analysis: AI supported text analysis & real time data
• Reporting: built in reporting
• Hybrid engagement: Print ready forms & handwriting recognition
• Moderation: manual and automatic content moderation
• Interoperability: APIs and integrations with PowerBI & ESRI
• Multilingual service: manual and automatic translations
• Multilevel access from back end for different levels of users

Benefits

• Centralise engagement and consultation projects in one place
• Keep up to date with public opinion on timely topics
• Leverage resident input to design better informed policies
• Profile users and target them with relevant content & mails
• Manage all resident input in one central place
• Build automated reports with insights for stakeholders
• Save time and resources with AI supported text analysis
• Close the engagement loop with residents & stakeholders
• Access engagement projets on mobile devices
• Scalable engagement platform fit for council-wide use

£12,500 to £36,500.00 a licence a year

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at lora.botev@citizenlab.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

720131980361862

Contact

Lora Botev
+447926764670
lora.botev@citizenlab.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: No known constraints.
• System requirements:
  • Accessible on mobile devices
  • Accessible on the web via browser access
  • Compatible with modern browsers

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We have different response times depending on the urgency of the query. They range from 9h for the highest priority and 5 business days for the lowest priority. The full response time options are outlined in our SLA.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: For the built-in chat we make use of Intercom, a software that builds customer relationships through conversational, messenger-based experiences across the customer journey. We have been on a paid subscription of this solid and excellent support chat functionality for many years.
• Onsite support: Onsite support
• Support levels: Our comprehensive knowledge center (support.govocal.co) answers most of your frequently asked questions and offers useful resources to guide you more broadly. For more detailed questions, we are available via email, the built-in chat functionality on your platform or by phone. ; ; Go Vocal provides technical support via a built-in Support Chat system, telephone and e-mail on weekdays from 8:00 to 18:00 GMT (“Support hours”), with the exception of public holidays in the United Kingdom. ; ; The customer can launch a helpdesk ticket during Support Hours by adding it to the chat system, by calling [+44 79 2676 4670] or by emailing at any time [support@govocal.co]. ; ; In every pricing plan, an account manager (government success manager) is at your disposal. He or she can bring you in immediate contact with the development team or support desk when necessary.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We have developed a thorough on-boarding process to guide you in three phases to the successful launch of your platform and first participation project(s): strategy, preparation and launch. Each phase includes a few workshops to help you and your team get to grips with the platform and boost its adoption rate among your communities. Sessions can be held online or face-to-face. We also provide extensive user documentation such as guides and checklists to help you better scope the objectives of your engagement platform.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
  • Other
• Other documentation formats:
  • Online knowledge base
  • Built-in support guide
  • Case Studies
  • Blog
  • Newsletters
  • In App campaigns
  • Ad Hoc advisory sessions
  • Training sessions
• End-of-contract data extraction: Customers can extract all the data from the platform at any point during the duration of the contract. ; ; Additionally, Go Vocal makes platform data available at no additional cost via a raw database transfer, compatible with the open source PostgreSQL database package.; ; Go Vocal has an exit policy to support clients who wish to cease using the solution.
• End-of-contract process: At the end of the contract, Go Vocal will remove the customer's access to the platform and archive all existing projects. The platform and related data is deleted within 12 months but customers can ask for their own timeline on this. There is no additional cost involved.; ; The customer is given the opportunity to retrieve or request data.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The front end of our solution is built mobile first to cater to mobile users both on phones and tablets. The structure of the front end is therefore optimised for mobile devices.
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: Yes
• What users can and can't do using the API: In addition to the manual export of data, Go Vocal has a well-documented Application Programming Interface (API), so that other applications can exchange data with the software. This API is open so that the data in the platform can be offered in the form of open data. (e.g. for displaying data on a map).; ; The authentication uses the JWT standard and the login data can easily be obtained from Go Vocal. The documentation contains a complete list of possible operations, with examples. The API is constantly being expanded to unlock new functionalities. The documentation is also consistently kept up to date: ; ; 1. Read data; All data from ideas, comments, projects and users are made available for processing by external tools via our documented REST API.; ; 2. Write data; In addition to reading data, the API also offers opportunities to create ideas and approve verifications of citizens. This creates many opportunities for the automated input of content from other systems in the city. One of the possibilities is an integration with the city's agenda software to automatically publish agenda items and reports of the city council or advisory councils on the platform.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: The Go Vocal platform can be customised by each customer to meet their specific needs. The main areas, which customers can personalise are: branding (logos, colours, visuals, etc), languages (the platform is multilingual), topics (to classify resident input), geographic data (map location and zoom levels for instance), registration fields (information requested of users when signing in), webpages (create certain custom pages). Customers also benefit from a modular toolkit that enables them to pick and choose from a toolbox of engagement methods for each specific project.

Scaling

• Independence of resources: The software solution has been built redundantly. The delivery, application and database layers are made up of multiple servers that dynamically distribute the work and can take over from each other. To reduce the risk of multiple servers becoming inaccessible at the same time, they are physically located in different zones of the data center.; ; The application servers apply auto-scaling to deal with peak times. In the event of a high load, the number of servers is expanded fully automatically in order to reduce the global load to a level that offers an optimal user experience and quick response times.

Analytics

• Service usage metrics: Yes
• Metrics types: All the metrics are displayed in four different dashboards. The summary dashboard and the user dashboard are available to all customers. They include data on the usage rate of the platform as well as on the demographics of the users themselves. Standard and Premium customers may also gain access to two deeper data insight features (idea clusters and idea mapping). Both of these are enabled by our in-house built natural language processing (NLP) technology.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest: Physical access control, complying with SSAE-16 / ISAE 3402
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: At any time, all data can be exported by a single click by the client from the back end of their platform. Raw data is available in CSV format. Some data includes additional download formats such as PDF or image files.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • XLSX
  • PDF
  • PNG
  • SVG
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • XLSX
  • PDF

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: The Services shall be available more than 99%, measured monthly, excluding scheduled maintenance. If Customer requests maintenance during these hours, any uptime or downtime calculation will exclude periods affected by such maintenance. Further, any downtime resulting from outages of third party connections or utilities or other reasons beyond Company’s control will also be excluded from any such calculation. Customer’s sole and exclusive remedy, and Company’s entire liability, in connection with Service availability shall be that for each period of downtime lasting longer than one hour, Company will credit Customer 5% of Service fees for each period of 60 or more consecutive minutes of downtime; provided that no more than one such credit will accrue per day. Downtime shall begin to accrue as soon as Customer (with notice to Company) recognises that downtime is taking place. To receive downtime credit, Customer must notify Company in writing within 24hours from the time of downtime, and failure to provide such notice will forfeit the right to receive downtime credit. Such credits may not be redeemed for cash and shall not be cumulative beyond a total of credits for one (1) week of Service Fees in any one (1) calendar month in any event.
• Approach to resilience: This information is available upon request.
• Outage reporting: Service outages are reported over email or by phone.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Administrators and project moderators need to authenticate in order to use the management interfaces and support channels. The application layer has a permission system that specifies access policies for every user role and every read/and write action on every data resource. These policies are automatically tested in every change to the application.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
• Description of management access authentication: Azure Directory

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Between 1 month and 6 months
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 20/09/2022
• What the ISO/IEC 27001 doesn’t cover: The third party software and hosting services of the platform, their software, hardware and their physical locations are out of scope.; Home offices of the employees are out of scope.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Go Vocal is ISO27001 certified. As part of the certification, the company has put in place a number of ISMS policies. These policies operate under a strict change management policy and are reviewed at least once a year. ; ; The policies included are: ; - The Mobile Device, BYOD and Teleworking policy; - Password policy ; - Human resources policy ; - Clean desk and desktop policy; - Disposal and destruction policy ; - Information transfer policy ; - Information classification policy; - Access control for internal systems policy; - Change management policy; - Supplier management policy; - Incident management policy ; - Product password policy; - Cryptography policy; - Backup policy; - Security procedures for product infrastructure policy; - Secure development policy; - Risk management policy

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Change management is performed according to our ISO27001 Change Management policy. An internal database, part of the technical knowledge base, tracks all services and code repositories used by the platform, including their deployment information, API serving and consumption. All applications are containerised and tracked through a centralised container registry. Security concerns are an explicit part of the specification documents of all new features or changes to existing features.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: The application source code is automatically monitored for CVEs using GitHub's vulnerability alerts database in any library dependencies, upgrading them as soon as possible. We release very frequently, about twice per week. Critical issues are released right away. Static code analysis detect known malicious patterns and blocks them from reaching production deployments.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Server and application access is monitored and anomalies trigger notifications to the support team. Platform administrators are in direct contact with our account managers through e-mail, phone and in-platform chat, which are in direct contact with the 2nd line technical team.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Our incident response plan described how to respond to high, medium and low-medium severity incidents, describing the priority and communication actions to take for each category of severity. For issues with critical severity, there's a critical response plan that gets highest priority. Platform administrators are in direct contact with our account managers through e-mail, phone and in-platform chat, which are in direct contact with the 2nd line technical team.; ; All incidents are anonymously archived in an incident log and proves to be a useful "lessons-learned" approach.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Go Vocal's mission is about creating positive social change in communities worldwide. In 2021, we released our Theory of Change to show how we measured impact and evaluated our work and as of 2022, we’re proud to “walk the talk” with our B Corp Certification

  Covid-19 recovery

  Go Vocal's mission is about creating positive social change in communities worldwide. In 2021, we released our Theory of Change to show how we measured impact and evaluated our work and as of 2022, we’re proud to “walk the talk” with our B Corp Certification.

  Tackling economic inequality

  Go Vocal's mission is about creating positive social change in communities worldwide. In 2021, we released our Theory of Change to show how we measured impact and evaluated our work and as of 2022, we’re proud to “walk the talk” with our B Corp Certification.

  Equal opportunity

  Go Vocal's mission is about creating positive social change in communities worldwide. In 2021, we released our Theory of Change to show how we measured impact and evaluated our work and as of 2022, we’re proud to “walk the talk” with our B Corp Certification.

  Wellbeing

  Go Vocal's mission is about creating positive social change in communities worldwide. In 2021, we released our Theory of Change to show how we measured impact and evaluated our work and as of 2022, we’re proud to “walk the talk” with our B Corp Certification.

Pricing

• Price: £12,500 to £36,500.00 a licence a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: We provide a free trial environment. During this time prospects can test out almost all the functionalities in the back office of the platform.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at lora.botev@citizenlab.uk. Tell them what format you need. It will help if you say what assistive technology you use.