Sprout Social, Inc.

Sprout Social

Sprout Social is a social media management and optimization platform for brands and agencies of all sizes. Our platform gives you a single hub for social media publishing, analytics and engagement across all of your social profiles.

Features

• Social media publishing
• Social media reporting
• Community management
• Customer care
• Reputation management
• Social media monitoring
• Social media listening
• Employee advocacy
• Competitive benchmarking

Benefits

• Publish content across multiple social channels
• Easily submit content for approval
• Tag content to measure campaigns across channels
• Quickly respond to messages
• Report on success of social media efforts

£159.00 a user a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at emea-enterprise@sproutsocial.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

814210267520570

Contact

Hugo Dempsey
+353873413644
emea-enterprise@sproutsocial.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: Sprout Social is hosted in AWS US regions.
• System requirements:
  • Supported Web Browser (Chrome, Safari, Edge, Firefox)
  • Internet Connection

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: The Support team monitors web form submissions and emails 24 hours a day, 7 days a week, as well as chat and phone inquiries 24 hours a day, 5 days a week, Monday to Friday, excluding any holidays. ; ; For customers that purchase Sprout Social’s “Premier Success” enhanced support offerings, Sprout Social Support shall provide a two (2) hour initial response time to email inquiries to our Support team.; ; 2023; Median resolution time: 10.7 hours; Median first reply time: 2 hours; Median chat wait time: 1 minute
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: The web chat controls' name, role, state, and value are exposed to assistive technology.
• Onsite support: No
• Support levels: Access to customer support is included with your license to Sprout Social. Customers also are provided a customer success manager to help them with ongoing day-to-day support. ; ; Should technical issues arise we will escalate those to our support team and we will evaluate the need to prioritize those tickets based on our incident severity guidelines. On average only 4% of total tickets are escalated to Engineering with 96% of the total volume being resolved by our Level 1 and Level 2 Support Teams.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Sprout offers a comprehensive service model to meet the needs of our enterprise clients. This includes, but is not limited to, an assigned implementation team, a dedicated relationship manager for training and on-going support, and priority access to our customer support team.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Sprout Social offers our customers the ability to extract their data via self-service. Our customers have the ability to export reports, messages in the Inbox, and listening queries at any time within the platform.
• End-of-contract process: Sprout Social retains the Personal Data and/or Personal Information for up to thirteen (13) months after the termination of any Agreement for the purposes of future account reactivation. Any confidentiality obligations and use restrictions in the Agreement will continue to apply to such Personal Data and/or Personal Information for the duration of retention. Notwithstanding the foregoing, upon request by Customer at the termination of the Agreement, Sprout Social shall delete or return to Customer the Personal Data and/or Personal Information in Sprout Social's possession, except to the extent such data may be required to be retained by Sprout Social under applicable laws. This is included in the price of the contract. Further exit assistance is NOT included in the price of the contract.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Sprout's mobile applications on iOS and Android allow users to access publishing, engagement, and reporting tools on-the-go.
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: With the Sprout Analytics API, you can extend the functionality of Sprout’s analytics tools so you can integrate your owned social data with your analytics and business intelligence tools outside of Sprout. You can use the Analytics API to fulfill all of your most unique reporting needs and integrate social data into your broader tools and analytics processes. | ; ; Customers must configure an API Access Token in the Sprout app to utilize the API. | ; ; Included API data:; *Data from various Sprout reports related to Twitter, Facebook, Instagram, and LinkedIn; *Owned profile metadata, authentication status, and profile-level analytics; *Published post metadata, contents, tags, author, and post-level analytics | ; ; Not included in the API:; *Paid/ad account data; *Competitor data; *Customer care data; *Listening data; *BI Connectors; *Account/profile management; *Inbox, engagement, or publishing API
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• API sandbox or test environment: No
• Customisation available: No

Scaling

• Independence of resources: Sprout Social uses AWS services to automatically scale capacity upon demand.

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: Other locations
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
  • Other
• Other data at rest protection approach: All customer data-at-rest is encrypted with AES-256. All employee laptops are encrypted using OS-standard full disk encryption technologies.
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Sprout Social does not support the full export of data (i.e. flat pull) stored within the Sprout Social application. The customer does, however, have the ability to export reports, messages in the Inbox, and listening queries (going back 90 days) on a self-service basis within the application.
• Data export formats:
  • CSV
  • Other
• Other data export formats: PDF
• Data import formats: Other
• Other data import formats: Data is imported from the native social networks

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: If you request an SLA, we may guarantee up to 99.5% uptime. Service credits may be available for lower than 99.5% cumulative availability.
• Approach to resilience: Systems are designed for resiliency, durability, and availability within AWS. Sprout Social takes daily backups of data stores across multiple locations. Server and infrastructure configuration is stored in version control, as is our software code. In the event of a disaster, systems will be restored from these sources.; ; Sprout Social’s architecture leverages automated DR technologies provided by Amazon Web Services (AWS):; ; An AWS Elastic Load Balancer (ELB) sits on the Internet edge, servicing traffic from customers. This ELB is itself Highly Available, per AWS’s service guarantees.; ; The ELB automatically distributes incoming application traffic across multiple Amazon EC2 instances hosted from multiple Availability Zones (AZs), all regularly evaluated for health.; ; These EC2 instances are evaluated for health every 30 seconds. If a node or AZ are not healthy, they will be automatically removed from the ELB until they are deemed healthy. Sprout EC2 instances are stateless, meaning the loss of an instance will have no effect on any customer.; ; Each AZ is an isolated hosting location - effectively a logically independent data center.
• Outage reporting: Sprout Social maintains a status page at https://sproutsocialstatus.com and outages or service degradations, including issues with third-party platforms, are noted on that page. Users can also sign up on that page to be alerted via SMS or email of new issues that have been posted.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Sprout Social provides configurable levels of administrative access based on in-app permissions that can be set up by the account owner. These varying levels of access control what users see and have access to.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Moss Adams Certifications LLC
• ISO/IEC 27001 accreditation date: 28/09/2023
• What the ISO/IEC 27001 doesn’t cover: Any products other than the Sprout Social application.; A.11.1.1 through A.11.2.3 - These are covered by AWS as the infrastructure provider.; A.14.2.7 Outsourced development - There is no outsourced development in use.
• ISO 28000:2007 certification: No
• CSA STAR certification: Yes
• CSA STAR accreditation date: 07/06/2023
• CSA STAR certification level: Level 1: CSA STAR Self-Assessment
• What the CSA STAR doesn’t cover: N/A
• PCI certification: Yes
• Who accredited the PCI DSS certification: SecureTrust
• PCI DSS accreditation date: 01/08/2023
• What the PCI DSS doesn’t cover: N/A
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • SOC 2 Type 2
  • ISO 27701

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Sprout Social has a formal information security program in place with defined policies and processes. As a requirement for maintaining our SOC 2 and ISO 27001 compliance, our reporting structure includes semi-annual information security and privacy training for all employees and formal acknowledgement of applicable policies.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Sprout Social has a formal change management policy for code deployment. This policy outlines our software development lifecycle (SDLC) as Sprout Social follows AGILE development methodologies. Teams must use industry-recognized SDLC best practices and our policy includes the following 6 phases:; - Planning; - Development; - Code Reviews; - Testing; -Deployment; - Monitoring; ; Patches to service components are applied automatically by our configuration management systems. Software that is either "unmanaged" (such as application libraries) or explicitly excluded is patched manually. All patches are applied to test/staging systems first before being applied in production.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Sprout Social has a Vulnerability Management Program in place that includes input from several platforms. Internally, Sprout Social utilizes a range of vulnerability scanning tools including Invicti (formerly Netsparker), Nikto, SecurityScorecard, SSL Labs, OpenVAS, ECR, Github Advanced Security, Dependabot, etc. Scanning runs against all systems that are exposed to the Internet. All identified vulnerabilities are verified by our internal security team and tracked against our internal SLAs (which are defined by the potential impact or criticality of the underlying asset). As these vulnerabilities are remediated, they are re-verified by Sprout Social's security team to verify the issue has been resolved.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: System and service health is monitored by Nagios with checks written for all major parts of the systems and application. External availability monitoring is provided by Pingdom. System and application monitoring data (errors) are also reported remotely to Datadog with alerting enabled for abnormal conditions, including the underflow of data.; ; Sprout Social utilizes host-based intrusion detection systems (IDS) on our servers which report to a cloud-based console. The IDS logs are monitored by the security team, who are on-call 24/7. At Sprout Social offices, we utilize next-gen firewalls at our perimeter that contain IDS functionality.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Incident response is carried out primarily by the security team with input from other stakeholders as appropriate for the scenario. The additional stakeholders may include senior management, internal communications, legal, client relationship management staff, and technical staff as needed. Incidents are tracked through JIRA tickets and classified per Sprout Social's Incident Response Policy based on the impact to the business. Incidents are closed when the security team has determined that all incident activity has ceased, a final report has been published to senior management, and all incident artifacts are properly archived.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Covid-19 recovery

  Covid-19 recovery

  As a social media management platform, Sprout Social was instrumental during the COVID-19 pandemic and recovery as many companies and brands found themselves needing to support their employees and clients online, such as through social media.

Pricing

• Price: £159.00 a user a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: We offer a free, 30-day trial of our service, which includes functionality available in the paid product.
• Link to free trial: https://sproutsocial.com/trial/

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at emea-enterprise@sproutsocial.com. Tell them what format you need. It will help if you say what assistive technology you use.