NETBUILDER DIGITAL LTD

Adobe Experience Platform and Experience Cloud

A collection of best-in-class solutions including AEM, Analytics, Target, Campaign, Audience, Magento, Marketo & Real Time CDP. All integrated on a cloud platform, along with service, support and an open ecosystem so you can deliver amazing customer experiences and a single customer view. We provide consultancy and enablement for all.

Features

• Analytics
• Audience profiles
• Content management
• Campaign management
• Advertising
• Personalisation
• Commerce
• Real time customer data

Benefits

• Keep pace with increasing customer expectations
• Drive business growth
• Manage customer experiences from beginning to end
• Real-time customer insights

£2,500 a licence a month

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at maxwell.ashley@netbuilder.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

774995115612907

Contact

Maxwell Ashley
07481 758650
maxwell.ashley@netbuilder.com

Service scope

• Software add-on or extension: Yes
• What software services is the service an extension to: Adobe Experience Platform (AEP)
• Cloud deployment model:
  • Public cloud
  • Private cloud
• Service constraints: No constraints
• System requirements: No system requirements

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: Adobe will provide prioritised support services for the Managed Services, to be accessed by Customer’s Technical Support Contacts 24 hours a day, 7 days a week (each such request a “Service Request” or an “Incident” or a “Change Request”) according to an agreed set of Response Times for each service request type and priority level.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Yes, at an extra cost
• Web chat support availability: 24 hours, 7 days a week
• Web chat support accessibility standard: WCAG 2.1 AAA
• Web chat accessibility testing: N/A
• Onsite support: Yes, at extra cost
• Support levels: Available on request
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Initiation. In order to best kick start and setup the service, we come on site to meet the team, give an initial overview of the Managed Service and describe the next steps. Discovery. Once the introductions are completed, we run an initial discovery phase in which we review and validate the scope of the service with the business and technical stakeholders, make an inventory of the resources to support, define a service catalogue, lock down the SLA. On-Boarding. Setup the support, networking and monitoring services, put quality controls in place, check integration points, integrate to the customer business process, trial run end-to-end key use cases and live incidents, start preparing initial knowledge base, grant access etc. Transition. Smoothly switch to the new support service and check hands for an official start. Maintenance and Support. Proactively support and maintain your solution as well as regularly report on its performance.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • ODF
  • PDF
• End-of-contract data extraction: Customer data can be copied to a secure repository and source data deleted. There is no additional charge for this service.
• End-of-contract process: A high level exit plan is contained within the Managed Service documentation. The exit plan contains instructions as to whether the service is to be ceased or migrated to another third party.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Mobile interface fully supports touch
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: https://secure.na1.echosign.com/public/docs/restapi/v6;jsessionid=EA855FAAC63EE11207C03877CA6E420A.app-a22
• API documentation: Yes
• API documentation formats: HTML
• API sandbox or test environment: Yes
• Customisation available: No

Scaling

• Independence of resources: Dedicated tenancies are enforced to ensure customer segregation. Therefore one customer service cannot be affected by another customers service.

Analytics

• Service usage metrics: Yes
• Metrics types: Service calls
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Adobe

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: In-house
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Data can be exported in a format of choice
• Data export formats:
  • CSV
  • ODF
• Data import formats:
  • CSV
  • ODF

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: To provide for a very high level of service availability and system fault tolerance, Adobe data is synchronised across all data centers. Each data center is located in a separate Availability Zone (AZ) which has physically distinct, independent infrastructure. In case of an outage, automated processes redirect traffic away from an application server, database, or data center to other active system components. The minimum uptime percentage is 99.9%. Please visit https://www.adobe.com/content/dam/acom/en/legal/terms/enterprise/pdfs/SLE-Sign-2016OCT5.pdf for more details. Adobe status can be found here: https://status.adobe.com/
• Approach to resilience: Adobe data centers are highly resilient, designed to deliver high availability and tolerate system or hardware failures with minimal impact. To help ensure business continuity, Adobe maintains regional disaster recovery plans for Adobe Sign when hosted on AWS infrastructure in the U.S. and EU along with documentation in the form of an annual run book that outlines all the steps required to complete a data center failover.
• Outage reporting: Please see status.adobe.com If there is a need to migrate the operational service from a primary site to a disaster-recovery site, customers will receive several specific notifications including: • Notification of the intent to migrate the services to the disaster-recovery site • Hourly progress updates during the service migration • Notification of completion of the migration to the disaster-recovery site The notifications will also include contact information and availability for client support and customer success representatives. These representatives will answer questions and concerns during the migration as well as after the migration to promote a seamless transition to newly active operations on a different regional site.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Single Sign On (SSO)
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: .
• ISO/IEC 27001 accreditation date: .
• What the ISO/IEC 27001 doesn’t cover: Can be shared under NDA
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: .
• PCI DSS accreditation date: .
• What the PCI DSS doesn’t cover: Can be shared under NDA
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • SOC 2–Type 2 (Security & Availability)
  • ISO 27001:2013, FedRAMP Tailored
  • HIPAA-ready
  • GLBA-Ready
  • FERPA-Ready
  • FDA 21 CFR Part 11 compliant
  • PCI DSS V3.2.1 compliant merchant and service provider
  • EIADS Compliant

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: SOC 2 Type 2, and PCI DSS

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: • Customer requests change to service or solution: affected systems, possible risks, security risks, and expected implementation to qualified brief.; • Service Delivery Manager escalates the request to the engagement team who determines if the change is valid.; • Team plans the change. Details recorded about: the expected outcomes, effort estimates, resource profile, timeline, testing, ways to roll back the change, risks including security risks, dependencies and assumptions.; • Change approval board (CAB) may need to review the plan.; • Team implements the change, documenting procedures and results.; • Service Delivery Manager reviews and closes the implemented change.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Adobe strives to ensure that risk and vulnerability management, incident response, mitigation and resolution process is nimble and accurate. Adobe continuously monitors the threat landscape, shares its knowledge with security experts around the world, and endeavours to swiftly resolve incidents. All Adobe infrastructure providers use several tools to proactively detect , evaluate, and trace network-wide traffic and other potentially threatening anomalies, such as denial-of-service (DoS) attacks.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Adobe uses automated tools to provide real-time/near real-time notification of potentially malicious behaviour or vulnerability exploitation. These tools collect log data generated from security tools, infrastructure, software, and any other applicable source. Adobe uses automated tools to search collected log data, generate security baselines where possible, and report deviations from security baselines, alert on potential malicious behaviour, and evaluate deviations from minimum security standards.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: In the case of service disruption, Adobe operations team will invoke Adobe's incident management process. 24x7x365 on call engineers are brought together via online collaboration tools to triage, solve, and resolve the issue. The incident management process also captures data on the chain of events leading up to the incident resolution, as well as timing and impact information used to assess the impact to service level agreements (SLAs).

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity

  Fighting climate change

  NETbuilder set a public target set up with SBTi (Science Based Targets) and report on EcoVadis and CDP. We also have ISO 14001 confirming our commitment to improving the environment.

  Tackling economic inequality

  NETbuilder recruit, employ and train our permanent technical staff per client engagement, often in regional area’s with limited industry. We assess based on attitude and aptitude of the individual, not education alone, which opens up career opportunities to people moving into Digital At a high level we provide:; • Paid full time training so employees do not need to work outside of training hours to support themselves ; • Accessible training programmes that are designed to be inclusive, and adopting and utilising different styles, approach and media to support a wide audience and learning styles. ; • Objective recruitment processes taking away any potential for unconscious bias. This is managed, tracked and auditable in the SkillsNow platform. ; • Localised recruitment to support with local sustainability creating communities and preserving personal and local infrastructure. ; • All employees empowered to actively contribute in our journey towards achieving net zero. Sustainability principles are being integrated into our corporate culture and governance procedures. ; Uniquely we provide transfer options for our staff to move to customer permanent employment on project handover, or after agreed timelines have been met. This promotes in region investment and increases in skills over time, as well as addressing digital skills gaps in critical technologies, as well as supporting maintenance of legacy applications where necessary. ; ; NETbuilder also provide upskilling and reskilling programmes to support non technical staff cross department/ directorate/ agency transition into CDIO, supporting and aligned to Government Digital and Data Profession Capability Framework . This can be provided as a value add during training of our own staff pre-project deployment, combining customer employees into bootcamps, or as a parallel service and stand-alone initiative.

  Equal opportunity

  NETbuilder recruit, employ and train our permanent technical staff per client engagement, often in regional area’s with limited industry. We assess based on attitude and aptitude of the individual, not education alone, which opens up career opportunities to people moving into Digital At a high level we provide:; • Paid full time training so employees do not need to work outside of training hours to support themselves ; • Accessible training programmes that are designed to be inclusive, and adopting and utilising different styles, approach and media to support a wide audience and learning styles. ; • Objective recruitment processes taking away any potential for unconscious bias. This is managed, tracked and auditable in the SkillsNow platform. ; • Localised recruitment to support with local sustainability creating communities and preserving personal and local infrastructure. ; • All employees empowered to actively contribute in our journey towards achieving net zero. Sustainability principles are being integrated into our corporate culture and governance procedures. ; Uniquely we provide transfer options for our staff to move to customer permanent employment on project handover, or after agreed timelines have been met. This promotes in region investment and increases in skills over time, as well as addressing digital skills gaps in critical technologies, as well as supporting maintenance of legacy applications where necessary. ; ; NETbuilder also provide upskilling and reskilling programmes to support non technical staff cross department/ directorate/ agency transition into CDIO, supporting and aligned to Government Digital and Data Profession Capability Framework . This can be provided as a value add during training of our own staff pre-project deployment, combining customer employees into bootcamps, or as a parallel service and stand-alone initiative.

Pricing

• Price: £2,500 a licence a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at maxwell.ashley@netbuilder.com. Tell them what format you need. It will help if you say what assistive technology you use.