Content Formula

LiveTiles Reach Employee Intranet App

LiveTiles Reach is an engaging app to help organisations stay connected with their employees whether they are on the road, in the field or in the office. The app is easy-to-use, quick to deploy and makes it a breeze for communicators to keep on top of employee comms.

Features

• Publish news, events, videos, policies and pages
• Target users with the content you want them to see
• Allow users to subscribe to content that interests them
• Social features: likes, shares, bookmarks & comments
• User friendly publishing interface
• Send notifications and emergency alerts
• Available across mobile app, desktop browser, Teams, SharePoint and more...
• Works with or without Office 365
• Optional chat tool (similar to Whatsapp)
• Employee directory (connects with AD, if required)

Benefits

• Engage your audience with personalised news and content
• Build culture and connect people
• Reach frontline workers and desktop workers
• Two-way communications and social for maximum engagement
• Plan, organise and schedule your content and pages
• Distribute editor roles throughout your organisation
• Track your communications with onboard analytics
• Super easy to use and intuitive

£8,697 a unit a year

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at dhawtrey@contentformula.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

761152694489681

Contact

Dan Hawtrey
020 4534 3460
dhawtrey@contentformula.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Reach integrates with your SharePoint intranet and with Teams but if you don't have Office 365 you can use Reach as a standalone mobile app and make it available through browsers.
• Cloud deployment model:
  • Public cloud
  • Hybrid cloud
• Service constraints: None
• System requirements:
  • The mobile app requires Android or iOS
  • The browser versions works with all major desktop browsers
  • The Teams and SharePoint integration requires Office 365

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Within 2 hours for P1 requests - system down; Within 4 hours for P2 requests - major impact; Within 12 hours for P3 requests - minor impact; Within 48 hours for P4 requests - trivial impact
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Support is provided by Content Formula as reseller. Support is charged separately. Our support provides a helpdesk in case there are any issues with the system and it is not working as expected. If helpdesk engineer is unable to resolve the issue we have two further levels of escalation up to a senior engineer. Customer can also purchase a bucket of hours to cover ad-hoc consulting if required.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We provide remote training over Teams or Zoom.; We also provide online getting started guides and videos on our website.; We have also designed the tool to be highly intuitive so users can start using the tool using only tool tips built inside the tool.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • Other
• Other documentation formats: Video
• End-of-contract data extraction: A service is available to extract content when the service ends.
• End-of-contract process: If a customer wants to cease receiving the service they can provide notice and the service will come to an end.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The mobile and desktop experiences are identical in feature sets for end users who consume news and content and engage in social activities (likes, comments, etc.). Content editors and admins will find it easier to post and manage their content on desktop.
• Service interface: Yes
• User support accessibility: WCAG 2.1 A
• Description of service interface: The service interface is designed for admins of the system and provides the following features:; - Ability to change branding; - Ability to approve new user requests; - Ability to manage groups and permissions; - Ability to add or remove admin users; - Ability to connect to one or more Active Directories
• Accessibility standards: WCAG 2.1 A
• Accessibility testing: This information is available on request from LiveTiles.
• API: Yes
• What users can and can't do using the API: The Reach API is powerful and fully featured. Most features and functionalities available on the application are available through the API.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: It's possible to customise Reach in a number of different ways:; -The API allows developers to create custom applications e.g. using SharePoint, PowerApps and Azure.; -Reach is also modular and so allows for the creation of custom modules.

Scaling

• Independence of resources: The application automatically scales at times of high demand.

Analytics

• Service usage metrics: Yes
• Metrics types: Reach contains on-board analytics reports which show how many people are using the tool, the news and pages they have read etc.
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: LiveTiles

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Other
• Other data at rest protection approach: Currently, Microsoft managed encryption keys are used. (BYOK is not applied); ; Federal Information Processing Standard (FIPS) Publication 140-2; https://docs.microsoft.com/en-us/azure/security/fundamentals/encryption-atrest#:~:text=Azure%20Storage%20encryption%20for%20data,encryption%20with%20your%20own%20keys.
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: This would be an extra service
• Data export formats: Other
• Other data export formats: SQL database
• Data import formats: Other
• Other data import formats: SQL database

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: There is no service guarantee
• Approach to resilience: Available on request
• Outage reporting: We report significant outages by email.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
• Other user authentication: It is important to understand that our solution is relying on the customers Azure Active Directory authenthication. At the end it is the customer that defines the strength of the authentication process, when using our solution. E.g. customer decides to apply 2FA
• Access restrictions in management interfaces and support channels: Admin access is restricted through permission model. Authentication is as per standard user authentication. Therefore, if 2FA s enabled in your Office 365 then it will also apply here.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Other
• Description of management access authentication: It is important to understand that our solution is relying on the customers Azure Active Directory authenthication. At the end it is the customer that defines the strength of the authentication process, when using our solution.

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Best Practice Certification Pty Ltd
• ISO/IEC 27001 accreditation date: 18/3/2021
• What the ISO/IEC 27001 doesn’t cover: The scope is: Providing Cloud Products on the LiveTiles Platform in Accordance with Statement of Applicability version 2; The schedule of locations is: Level 14, 77 King Street, Sydney, NSW 2000, Australia. (Operating Office) Malzgasse 7a, 4052, Basel, Switzerland. Zwicky-Platz 3, 8304, Wallisellen, Zurich, Switzerland. 24 Davey St, Level 4, Hobart, TAS 7000, Australia
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: We have a number of information security policies in place which include:; Data sanitisation policy; Encryption policy; Password policy; Joiners and leavers process; Security vetting policy; Business continuity and disaster recovery policy; Risk management policy; Information classification policy; Internet and email conditions of use policy; Back procedures; USB drive policy; Data disposal policy; Remote access policy; Incident response policy; Software patching policy (incl. antivirus); Information storage and transfer policy; PC audit procedure; Annual cyber security training

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: A Change is defined as "the addition, modification or removal of any authorized, planned, or ; supported service or service component that could have an effect on IT services”.; ; Changes classification: ; Standard, Normal, Emergency; ; Each change must be made in the following way; 1. Change may be proposed by Information Asset Owners; 2. Change must be reviewed and authorised by a Change Authority member.; 3. Change Authority Member who authorises the changes is responsible for checking that ; the change has been implemented in accordance with the requirement; 4. Change Authority Member verifies system stability; 5. Information Security Officer informed of changes
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Our product is relying on Microsoft Azure PaaS services, where the vulnerability management is mainly part of the provided services. Microsoft does comply with several standards and follows best available procedures
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Our product is relying on Microsoft Azure PaaS services, where the vulnerability management is mainly part of the provided services. Microsoft does comply with several standards and assures protective monitoring on the PaaS service site.; Additionally, LiveTiles is actively monitoring the solution for events and blocked attacks (e.g. Web Application Firewall) and is tracking and archiving corresponding logs
• Incident management type: Supplier-defined controls
• Incident management approach: Every event is reviewed by the Incident Response Team; ; Events are classified into impact categories:; ; Event (no investigation required) – e.g. lost/stolen device, employees submitting a phishing email, where ; current security procedures (disabling access, remote wipe etc.) mitigate the risk; ; Incident (investigation required) – potential information security risk may be unknown and further assessment is required.; ; Incident (data breach) – we believe there is a data breach which enacts the Data Breach Response and Notification Procedure; ; Incidents are responded to by ISO and Incident Response Team. Post-incident remediation actions are recorded and implemented to reduce the risk of further incidents.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Fighting climate change

  Fighting climate change

  Reach is powered by Microsoft Azure which runs on data centres owned and managed by Microsoft. Microsoft has committed to becoming carbon negative by 2030, achieving zero waste production and positive water usage, and offsetting all greenhouse gas emissions produced since our founding by 2050. The company is investing in renewable energy, promoting sustainability in the supply chain, and reducing product carbon footprint. Clean energy access is made inclusive and equitable, benefiting society.

Pricing

• Price: £8,697 a unit a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Organisations can have a fully functioning version of the service for as long as they like but limited to 20 users.
• Link to free trial: https://www.contentformula.com/contact

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at dhawtrey@contentformula.com. Tell them what format you need. It will help if you say what assistive technology you use.