Circle Interactive

Drupal

Circle Interactive are acknowledged experts in Drupal. We enable organizations to deploy cloud based Drupal systems through expert consultancy, and support, providing high-quality, secure systems that meet your specific requirements. We offer feature development, secure hosting / maintenance, security testing and data migration services.

Features

• Flexible content management system
• Highly configurable, customisable fields, entities and workflow automation
• Content management, service delivery, operations
• Granular security / access control
• Online event management, registration and tracking
• Data Analysis with real time reporting and powerful dashboards
• Easily connect and migrate data from various systems

Benefits

• Fully managed service with expert consultancy and support
• Highly configurable for structures that meet your data reporting requirements
• Track and report on service delivery more efficiently
• Automate tasks to free up staff time
• Gain insights into operations with clear reporting
• Integrate with Open Data sources for improved decision making
• Integrate with other systems through powerful API

£720 to £1,050 a unit a day

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at enquiries@circle-interactive.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

866418935887146

Contact

David Moreton
01179096967
enquiries@circle-interactive.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
• Service constraints: Support is limited to normal UK office hours (Monday - Friday, 9-5). We observe public holidays in England.
• System requirements: Latest version of modern browsers

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Within 1 hour during normal UK office hours (Monday - Friday, 9-5). We observe public holidays in England.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: We provide 3 levels of support:; Level 1 (critical) - response within 2 workign hours and resolution within 8 working hours; Level 2 (serious) - response within 2 working hours and resolution within 16 working hours; Level 3 (non-disruptive) - response within 8 working hours and resolution within 24 working hours; There is no difference in cost and all support is provided through Jira ticketed support desk and assigned to the most appropriate person. In the case of less urgent requests and requests for training or changes, these will be picked up by your account manager and discussed in more depth there.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We provide an onboarding service that covers service design, data migration configuration and training. We'll provide support to users and have a library of resources, guides and documentation available. In cases where the configuration takes the system beyond normal usage, we'll provide bespoke documentation and remote training will be recorded for those who cannot attend a session or new starters in future.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: Your data is your data and you are completely free to take the entire system including all data anywhere you like. Your administrators will always be able to download data through the application UI where there are a range of export features. We can also provide API access or full database access for your administrators or other partners to download any / all data or we can work with you to export the elements you require in any standard format.
• End-of-contract process: Following written confirmation of our contract being terminated, we will appoint a single person to act as the Exit Manager and you should do likewise. ; The Circle exit manager and your exit manager would between them draw up a plan and timetable for the transfer of documentation, winding down of any services and any interim management structure that may be needed to ensure a smooth transition with minimal disruption.; If interim assistance is required during or after the termination of our main services, these would be agreed as part of the plan and timing and cost of these services would form part of the overall exit plan.; Our exit manager would ensure that we would provide full cooperation and effect the transition with minimal disruption. In particular they would liaise with your exit manager and ensure that all documentation is properly listed and that the transfer of all assets takes place including but not limited to:; any custom code base ; access to all code repositories; access to all production servers and test environments; notes and documentation relating to development; support tickets ; backups ; any encryption keys and other cryptographic controls ; domains

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: Yes
• What users can and can't do using the API: Nearly all aspects of the system can be configured and updated using the well documented API. In order to use this, we need to configure the system to allow this type of connection.; Drupal has a well developed API that gives comprehensive access to manage data in the system. It is designed to function predictably with every new release so as to preserve backwards compatibility of the API for several versions of Drupal.
• API documentation: Yes
• API documentation formats: HTML
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Drupal is an extremely powerful platform built with flexibility at its core. It supports high levels of customisation through configuration screens in the application. This includes adding fields and options to entities and even creating new entity types based on existing structures. ; A flexible permission system allows you to determine who can do what within the system so some users may be allowed to use the system without the ability to customise it in any way, while others can be given limited or full administration rights.; There is a wide array of community contributed modules which add additional functionality at no additional ongoing cost and because the application is open source all aspects of it can be further customised through modifying the code base although this will add overheads around maintenance.

Scaling

• Independence of resources: We can provide the application in different environments which can be completely independent virtual machines that some clients prefer or on scalable cloud architecture. In both cases the application and all data are fully separated from other calls on resources and able to expand as needed when usage increases.

Analytics

• Service usage metrics: Yes
• Metrics types: We generate reports of the number of users, contacts, activities and mailings for internal use and share these with you. If there are specific metrics on your use that would be useful, we can probably exract these numbers into the same report.
• Reporting types:
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: There are a range of reporting tools and these allow for the export of any data generated in the report to csv files. It is also possible use the API to construct exports in other formats.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: We guarantee 99.9% uptime and achieve >99.99% uptime across the service as a whole while most instances achieve >99.999% in most months because we are able to plan updates in an orderly way with virtually no downtime. The reason for the lower guarantee is that we need to be able to apply urgent security updates in a very short time frame and this can result in slighty longer downtimes. This will almost always be between 6am and 8:30am.; Where we don't meet our uptime guarantee, we will refund 10% of that month's hosting cost.
• Approach to resilience: We use a range of datacentre providers and their setups vary. More information is available on request.
• Outage reporting: We have monitoring of the service through dashboards and email alerts to our sysadmin team.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: Access to all interfaces is controlled via username/password with TFA which will be according to the buyer's requirements (various options are available such as SMS, authenticator, etc.)
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: British Assessment Bureau
• ISO/IEC 27001 accreditation date: 12/04/2018
• What the ISO/IEC 27001 doesn’t cover: This covers our entire operation.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: We are ISO 27001 accredited and follow policies in accordance with this. Our Information Security Management Team ensure that staff are kept up to date of improvements and adhere to policies and processes through workshops and surveys of knowledge. We report on this quarterly.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Depending on the scale of a change, it will either be classified as routine, significant or emergency. Significant changes will be further classified as minor or major. Significant changes are only approved after further analysis and discussion with a member of the Technical Review Group, and the outcome is documented.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We maintain a risk log and update this with potential threats on a regular basis based on tracking a range of technical sources. Members of our team are actively involved with the application core team and contribute to the release process. Security patches are usually deployed within hours of availability.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We have a range of monitoring at the network and application level which trigger alerts and in some cases automated blocking of users.
• Incident management type: Supplier-defined controls
• Incident management approach: We have a defined incident management process which covers investigation, remediation and learning. Users can report incidents directly through our support desk. When users report issues which we identify as an incident or non-conformity, this is also recorded. All incidents are escalated to a member of the ISMT and are prioritised in our system for urgent action. We then have a periodic review of any recorded incidents and draw learning from them.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Circle is committed to fighting Climate Change and strives to contribute to a sustainable future. We try to minimise our carbon footprint at every opportunity. We recognise that our operations have an effect on the local, regional and global environment and that we have a responsibility to minimise this.; We do this by flexibly working in a virtual business structure, centred around Bristol Council’s Create Centre which has an Energy Service Team and has recently saved 35 tonnes of CO2 per annum.; We try to avoid excess travel and encourage lift sharing and choosing the most environmental way of travelling. We chose low energy appliances where possible.; We choose Data Centres that have a commitment to cleaner, sustainable cloud computing and aim to have efficient UX experience in our designs which leads to less carbon footprint per page visited.; We aim to: use recycled stationary minimising its impact on the earth. We try to avoid printing wherever possible but any waste paper is shredded and recycled. Our food waste and other waste is recycled by Bristol Council.; We re-use products that we need to buy for marketing. We donate unwanted items for re-use by others and try to buy used furniture that is high quality. ; We follow our Equipment Disposal and Reuse policy and where possible we repair.; ; Full details of our Environmental Policy are available on request.

  Covid-19 recovery

  Critical work is being done by our clients that we support to aid in the recovery of communities from the impact Covid19. This includes helping build systems that support operations. ; We continue to support remote and hybrid working to ensure employee safety and wellbeing.; We maintain good Hygiene standards. Our work environment and shared spaces including kitchens are cleaned daily.

  Tackling economic inequality

  We have an Anti-Modern Slavery Policy in place. We aim to source products from suppliers that adhere to fair labour practices and environmental standards and we are proud to be a Living Wage Employer.; We write and contribute code back to the Open Source community and we are a Gold Partner and Contributor to CiviCRM. This enables other Third Sector and Public Sector organisations to gain from the work we have done, building stronger CRM and CMS systems for everyone.; We contribute to Code Sprints and our developers contribute back to the community solving wider technical problems in the public forums and write up solutions that we share back.; We join and host Civi Meet Ups that encourage sharing of good practice with other agencies and third sector organisations.; We re-use code to make systems more affordable.; ; We work on Innovative products that help tackle inequality by making expensive licenced data visualisation products available to the Third Sector that are servicing communities enabling them to target resources and identify need.; We support many organisations that deliver services that have an impact on Social Value including CVS’s. We deliver training Webinars offering resources that are free.; Developing Talent; We develop new talent and work with Students from Universities to train and grow them in a work environment. This creates employment in a sector that has shortages, software developers.; Accessibility; We ensure that our outputs have been built and tested for accessibility.; Our office is accessible to all.

  Equal opportunity

  We are an equal opportunities employer and are committed to promoting equality, diversity and inclusion in all aspects of the business. The Company fully recognises the benefits of a diverse workforce and is committed to the elimination of all forms of treatment that amount to unlawful or unfair discrimination and/or harassment and arises from the ‘protected characteristics’ (as defined by the Equality Act 2010) of individuals who are employees or workers. ; We follow our Equal Opportuinities Policy, we collect information on the composition of our workforce.; We work with UWE to actively encourage equal opportunity in the workforce, including increasing recruitment of women developers.; We ensure learning takes place for all staff offering one day a month of learning time.

  Wellbeing

  We offer opportunities for ongoing professional development and skills training to support career growth and job satisfaction..; ; We offer flexible working arrangements to all our staff and the choice to work from home. We have staff happiness as one of our objectives.; ; All our staff have the opportunity to benefit from two days volunteering at a Charity or orgainsation who is doing good of their choice.; ; We have worked with Mind to deliver Mental Health Wellbeing, as well as Psychologist led sessions on difficult conversations and empathy. ; ; We value being together and spending time with each other in person and remotely. We have our own radio station, chat channels and we enjoy days together as a whole team every month to help us stay connected. We have one to one wellbeing catch ups regularly.; We value the wider communities that we are part of, we offer open door sessions to support Third Sector organisations and other users of CiviCRM in our CiviMeet Ups.

Pricing

• Price: £720 to £1,050 a unit a day
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: There is a public demo site and we can arrange a 30 day free trial at the end of which you have the option to continue with any data entered.
• Link to free trial: https://demo.circle-interactive.co.uk/

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at enquiries@circle-interactive.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.