SimplyDo

Service scope

Software add-on or extension: No
Cloud deployment model: Public cloud
Service constraints: SimplyDo requires no additional software to be installed on the system, since it can be accessed directly using a web-browser. The user's device will need a working Internet connection to access the service.
System requirements: The user must have a working Internet connection

Web-browser and/or iOS/Android mobile device and/or Teams app

User support

Email or online ticketing support: Email or online ticketing
Support response times: Email Support: 8:30 A.M. to 5:30 P.M. Monday to Friday excluding public holidays. Also, a Service-Level Agreement (SLA) is agreed prior to any contract.
User can manage status and priority of support tickets: No
Phone support: Yes
Phone support availability: 9 to 5 (UK time), Monday to Friday
Web chat support: Web chat
Web chat support availability: 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard: None or don’t know
How the web chat support is accessible: Our web chat is compatible with browser and OS accessibility tools (such as screen readers and zoom capabilities). Inputs have the capability to allow voice entry using the browser's voice recognition function.
Web chat accessibility testing: Testing has been conducted to ensure that our web chat is compatible with browser and OS accessibility tools (such as screen readers and zoom capabilities) and that browser voice recognition functions allow voice entry.
Onsite support: Onsite support
Support levels: Simply Do Ideas provides access to two senior members of staff (at director level) for every public sector enterprise contract. These work together to oversee full account management and product support from start to finish. This provides a consistent point of contact throughout the length of the contract. Any support provided is at no additional cost ensuring there are no hidden costs.
Support available to third parties: Yes

Onboarding and offboarding

Getting started: To help users get started, we offer a mixture of:
- Onsite training (where available)
- Online training over a number of sessions to cover the innovation journey
- Online help documentation
- Online live-chat support.

A dedicated senior-level account manager will be available and a direct point of contact throughout the onboarding process, as well as on an ongoing basis.

The account managers are experienced in the innovation journey, and are will-equipped to help get your first set of innovation challenges off the ground. We'll make sure you are provisioned with all the tools and processes needed to manage your ideas and data as they arrive, and to build comprehensive engagement campaigns to help drive user adoption and interest across your organisation.
Service documentation: Yes
Documentation formats: HTML
End-of-contract data extraction: Administrators have several means of extracting their data. Automated tools allow for export of data in CSV format. In many cases we recommend reaching out to us so that we can ensure the data can be provided in a suitable and useful format. In addition, we offer integrations with services, such as Power BI and Office 365, which allow for direct exports of your organisational data.

In addition, we offer integrations with services, such as Power BI and Office 365, which allow for direct exports of your organisational data.
End-of-contract process: At the end-of-contract, there is an option to export all customer data in an appropriate format. Otherwise, data will be deleted in line with required timeframe under the General Data Protection Regulation 2018.

There are no additional costs for end-of-contract operational or technical support.

Using the service

Web browser interface: Yes
Supported browsers: Microsoft Edge

Firefox

Chrome

Safari

Opera
Application to install: No
Designed for use on mobile devices: Yes
Differences between the mobile and desktop service: Simply Do offers its same web service responsively over desktop and mobile devices. In addition, our native mobile app for iOS and Android (and Teams) can be used to carry out many of the tasks available through the web app; such as to create and submit ideas to challenges, interact with other users (e.g. commenting, voting, and reacting to content), and to discover new content.
Service interface: Yes
User support accessibility: WCAG 2.1 A
Description of service interface: SimplyDo offers a number of administrative capabilities from its service interface, including setup of security, settings, UI and branding, and other features. It is also available via a web browser.
Accessibility standards: None or don’t know
Description of accessibility: SimplyDo leverages accessible and semantic component libraries based on browser technologies that enable integration with accessibility software and hardware (such as screen-zoom and screen readers). Customers can specify colour schemes that can provide the required contrast and visibility, and control text, language tone, imagery and other content and media to ensure appropriateness to their audiences. Fonts are presented to enable zoom and enlargement as required.
Accessibility testing: SimplyDo exceeds W3C web accessibility guidance throughout the design of the solution and we use automated testing and linting tools to ensure that our web pages conform well to accessibility standards (such as appropriate tag attributes, tag closures, accessible attributes - ARIA labels and alternative text, etc.)
API: Yes
What users can and can't do using the API: The SimplyDo API can optionally be used to embed SimplyDo functionality in existing systems, or to extend or integrate SimplyDo into other services. All SimplyDo functions are available through our API.

To use the API, a user can:

1.Generate an API key from their account settings and
2.Make requests to our RESTful API endpoint over HTTPS.
API documentation: No
API sandbox or test environment: Yes
Customisation available: Yes
Description of customisation: SimplyDo offers a flexible customisation tool, allowing administrators to:
- Set a logo for all users, which is displayed in the navbar
- Set a primary colour for all primary actions (e.g. buttons and links)
- Set a secondary colour for all secondary actions (e.g. secondary buttons and backgrounds)
- Add custom links to be shown to all users in the navbar
- Add welcome text to the welcome pages, and announcements on the homepage
- Choose the default language for new users
- Set-up customised and automated announcements to be sent to users as they interact with the service
- Customise login and registration flows
- Customise on-boarding flows and screens
- Set up email communications with customisable content

Furthermore, all challenges and groups can be customised using banner images, and our rich-text inputs allow for building highly-tailored environments for users.

Scaling

Independence of resources: SimplyDo is based on modern technology that enables us to confidently guarantee up-time and availability of our service.

For most of our services we make use of account-based request throttling where necessary, and the architecture is designed to be hugely elastic in being able to service many concurrent users and also to cope with large and unexpected traffic spikes.

For auxiliary services, we ensure they are load balanced according to industry standards and that our clusters are able to automatically scale up and down as required in order to meet demand.

Analytics

Service usage metrics: Yes
Metrics types: SimplyDo provides a number of metrics to help users understand engagement and their data. For example:
- User growth
- Ideas created over time (and segmented)
- Challenge and idea views
- Sentiment analyses
- Topic-modelling analyses
- Engagement funnels to measure against campaigns
- Polls and pulse survey feature for capturing quick insights from your staff

Such data can be scoped at the organisational level, as well as on a per-challenge basis.

Furthermore, SimplyDo's dashboards feature enables users to create custom dashboards formed from editable segments. Custom PDF reports can be generated and downloaded on-demand.
Reporting types: API access

Real-time dashboards

Regular reports

Reports on request

Resellers

Supplier type: Not a reseller

Staff security

Staff security clearance: Other security clearance
Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations: Yes
Data storage and processing locations: United Kingdom
User control over data storage and processing locations: No
Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency: At least once a year
Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest: Physical access control, complying with CSA CCM v3.0

Physical access control, complying with SSAE-16 / ISAE 3402

Other
Other data at rest protection approach: In addition to the security and encryption features of our cloud provider, SimplyDo ensures that all drives and storage media used to house data use encrypted volumes. Furthermore, all backups are also encrypted to industry standards.
Data sanitisation process: Yes
Data sanitisation type: Deleted data can’t be directly accessed
Equipment disposal approach: A third-party destruction service

Data importing and exporting

Data export approach: Depending on the type of data required this can be accomplished through;
- Controls within the platform to download user lists as CSV or JSON
- Connecting the platform to an external service (such as Power BI or Excel or OneDrive) in order to synchronise data
- Exporting ideas as PDFs
- Exporting idea, challenge, and poll reports as CSV or PDF
- For custom requirements, we recommend reaching out to us so we can ensure data can be formatted in an appropriate fashion.
Data export formats: CSV

Other
Other data export formats: JSON

PDF

Excel
Data import formats: CSV

Data-in-transit protection

Data protection between buyer and supplier networks: TLS (version 1.2 or above)
Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability: A Service-Level Agreement (SLA) of 99.5% of Resource Availability is targeted across any contract period. The full details of the SLA are included in the G-Cloud Call-Off Contract (e.g. service management responses based on severity level).

The full details of the SLA are included in the G-Cloud Call-Off Contract (e.g. service management responses based on severity level).
Approach to resilience: SimplyDo makes use of modern, highly-scalable, and highly-available serverless technology to ensure backend-service resilience. Our front-end clients are formed from separately-served static assets - access to which does not interfere with our backend-service resilience. As such we are able to provide service to a large number of concurrent users and are resilient to large traffic spikes.

Access to services is protected using industry-grade authentication and authorisation mechanisms, and users can provide user-based access privilege following their own security requirements.

Our own staff are provisioned access through a principle of least privilege, enabling them to conduct their work but without the ability to carry out sensitive or destructive action.
Outage reporting: Any outages are reported directly to our contacts within the organisation via email.

Identity and authentication

User authentication needed: Yes
User authentication: 2-factor authentication

Identity federation with existing provider (for example Google Apps)

Username or password
Access restrictions in management interfaces and support channels: SimplyDo offers a powerful and flexible permission management model, allowing administrators to assign access to users such that they can perform the duties required, but not access data or functions outside of their area of concern.

We have guidance available that recommends such administrators adopt the principle of least privilege when assigning permissions, and that there is a minimum number of administrator users in place. Furthermore, IP/VPN-restricted access is supported.
Access restriction testing frequency: At least every 6 months
Management access authentication: 2-factor authentication

Identity federation with existing provider (for example Google Apps)

Username or password

Audit information for users

Access to user activity audit information: Users have access to real-time audit information
How long user audit data is stored for: At least 12 months
Access to supplier activity audit information: Users have access to real-time audit information
How long supplier audit data is stored for: At least 12 months
How long system logs are stored for: At least 12 months

Standards and certifications

ISO/IEC 27001 certification: Yes
Who accredited the ISO/IEC 27001: The British Assessment Bureau
ISO/IEC 27001 accreditation date: 22/09/2022
What the ISO/IEC 27001 doesn’t cover: Our ISO/IEC 27001 certification covers all aspects of our Information Security Management System.
ISO 28000:2007 certification: No
CSA STAR certification: No
PCI certification: No
Cyber essentials: Yes
Cyber essentials plus: Yes
Other security certifications: No

Security governance

Named board-level person responsible for service security: Yes
Security governance certified: Yes
Security governance standards: ISO/IEC 27001

Other
Other security governance standards: - Cyber Essentials
- Cyber Essentials Plus
Information security policies and processes: SimplyDo maintains a Data Protection and Privacy Policy Pack, which outlines a number of policies that govern security and data processes. Whilst these policies are for internal use, such policies can also be made available upon request, if necessary.

Example policies in our DPPPP:
- Information Security Policy
- Data Handling Policy
- Confidential Waste Policy
- Individuals' Rights Policy
- Remote Work Policy
- Systems Policy

Operational security

Configuration and change management standard: Supplier-defined controls
Configuration and change management approach: At SimplyDo we have strong processes in place to ensure the integrity of software as it is developed, tested, quality-assured, reviewed, and finally released. Access controls allow only those staff that require access to particular codebases and systems to write or approve changes to them - allowing us to ensure the security of our systems as changes are introduced.

We make use of staging environments to provide access to the wider team internally for further QA and review before rolling-out updates for live users.

Code quality assured through automated lint-checking, augmented by unit and integration testing.
Vulnerability management type: Supplier-defined controls
Vulnerability management approach: At SimplyDo we put a lot of resource and expertise into ensuring our systems are safe and secure. As part of this process we continually evaluate (and have automated monitoring in place) for our software and dependencies, and our cloud provider, and also continuously monitor the software community for discussion around threats that may be relevant.

We work on the principle of continuous delivery with patches being deployed very quickly where necessary.

We ensure that all critical system packages and software are updated within two weeks of release.

Automated dependency audits ensure secure supply chain risks are managed.
Protective monitoring type: Supplier-defined controls
Protective monitoring approach: We make use of a number of automated tools, centralised logging services, and business processes to identify potential compromises, and have policies in place dedicated to such eventualities.

Depending on the nature of the potential compromise, we determine a need to contact any relevant, affected people, which will be done within one day. Such a communication will include details and an action plan and any remedial action taken so far.

In any case, the incident is logged and actioned internally. If urgent software updates are required then these are aimed to be patched within 1-2 hours, where necessary.
Incident management type: Supplier-defined controls
Incident management approach: SimplyDo maintains a number of processes for managing our approach to incidents, which include automatic responses for common events that might occur, as well as a documented approach for handling less common or unknown incidents.

Where necessary, incident reports are prepared and sent to relevant affected parties in accordance with data protection regulations.

Users can report incidents via email or using our live-chat feature.

We have strict and robust non-conformance processes which govern response and process regarding incidents affecting our software and platforms.

Secure development

Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks: No

Social Value

Tackling economic inequality
Wellbeing

Tackling economic inequality

SimplyDo supports enterprise-level organisations in reducing the time, cost and risk of identifying, qualifying, and engaging new suppliers minimising the impact of supply chain disruption using our state-of-the-art digital platform.

Challenge-led innovation is used to engage audiences of employees, start-ups, SMEs, and other large public and private sector organisations to deliver better, faster, supply chain improvement. SimplyDo supports innovation and collaboration, creating a diverse supply chain to increase supply chain resilience and capacity.

Wellbeing

SimplyDo engages employees in delivering an organisation’s mission. Our challenge-led approach puts collaborative problem solving at the heart of the continuous improvement journey. This leads to increased employee involvement in innovation while enhancing organisational connections, empowering employees along with an increased sense of purpose and wellbeing.

SimplyDo brings people together to solve transformational challenges. Our people-powered innovation platform unlocks access to diverse ideas right through to implementation. This enables the co-production of solutions with employees, suppliers, academia and service users.

Pricing

Price: £15,350 to £38,375 a licence a year
Discount for educational organisations: No
Free trial available: No

Features

Benefits

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Pricing

Service documents

Cookies on Digital Marketplace

SimplyDo

Features

Benefits

Pricing

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Social Value

Pricing

Service documents