SPROUT SOCIAL UK LTD

Sprout Social

Sprout Social is a social media management and optimization platform for brands and agencies of all sizes. Our platform gives you a single hub for social media publishing, analytics and engagement across all of your social profiles.

Features

• Social media publishing
• Social media reporting
• Community management
• Customer care
• Reputation management
• Social media monitoring
• Social media listening
• Employee advocacy
• Competitive benchmarking

Benefits

• Publish content across multiple social channels
• Easily submit content for approval
• Tag content to measure campaigns across channels
• Quickly respond to messages
• Report on success of social media efforts

£99.00 to £279.00 a user a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at emea-enterprise@sproutsocial.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

910343934292257

Contact

Cillian O'Grady
+353 76 6805949
emea-enterprise@sproutsocial.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: Sprout Social is hosted in AWS US regions.
• System requirements: SaaS Based Web App

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Sprout provides 24/7 email support and 24/5 chat and phone support from 6:30pm CT Sunday - 6:30pm CT Friday weekly, excluding Sprout holidays. First half of 2020, our median first response time for email is 3.8 hours and our median wait time for chat is 1.3 minutes. Optionally customers can purchase upgraded service level agreement,includes a 2-hour email response time from our team; ; 2019:; Median resolution time: 101.6 hours; Median first reply time: 6.7 hours; Median chat wait time: 1.9 minutes; 2020 ; Median resolution time: 61.9 hours; Median first reply time: 3.8 hours; Median chat wait time: 1.3 minutes
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: The web chat controls' name, role, state, and value are exposed to assistive technology.
• Onsite support: No
• Support levels: Access to customer support is included with your license to Sprout Social. Customers also are provided a customer success manager to help them with ongoing day-to-day support. ; ; Should technical issues arise we will escalate those to our support team and we will evaluate the need to prioritize those tickets based on our incident severity guidelines. On average only 4% of total tickets are escalated to Engineering with 96% of the total volume being resolved by our Level 1 and Level 2 Support Teams.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Sprout offers a comprehensive service model to meet the needs of our enterprise clients. This includes, but is not limited to, an assigned implementation team, a dedicated relationship manager for training and on-going support, and priority access to our customer support team.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Sprout Social offers our customers the ability to extract their data via self-service. Our customers have the ability to export reports, messages in the Inbox, and listening queries at any time within the platform.
• End-of-contract process: Sprout Social retains the Personal Data and/or Personal Information for up to thirteen (13) months after the termination of any Agreement for the purposes of future account reactivation. Any confidentiality obligations and use restrictions in the Agreement will continue to apply to such Personal Data and/or Personal Information for the duration of retention. Notwithstanding the foregoing, upon request by Customer at the termination of the Agreement, Sprout Social shall delete or return to Customer the Personal Data and/or Personal Information in Sprout Social's possession, except to the extent such data may be required to be retained by Sprout Social under applicable laws. This is included in the price of the contract. Further exit assistance is NOT included in the price of the contract.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Sprout's mobile applications on iOS and Android allow users to access publishing, engagement, and reporting tools on-the-go.
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: With the Sprout Analytics API, you can extend the functionality of Sprout’s analytics tools so you can integrate your owned social data with your analytics and business intelligence tools outside of Sprout. You can use the Analytics API to fulfill all of your most unique reporting needs and integrate social data into your broader tools and analytics processes. | ; ; Customers must configure an API Access Token in the Sprout app to utilize the API. | ; ; Included API data:; *Data from various Sprout reports related to Twitter, Facebook, Instagram, and LinkedIn; *Owned profile metadata, authentication status, and profile-level analytics; *Published post metadata, contents, tags, author, and post-level analytics | ; ; Not included in the API:; *Paid/ad account data; *Competitor data; *Customer care data; *Listening data; *BI Connectors; *Account/profile management; *Inbox, engagement, or publishing API
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• API sandbox or test environment: No
• Customisation available: No

Scaling

• Independence of resources: Sprout Social uses AWS services to automatically scale capacity upon demand.

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: Other locations
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
  • Other
• Other data at rest protection approach: All customer data-at-rest is encrypted with AES-256. All employee laptops are encrypted using OS-standard full disk encryption technologies.
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Sprout Social does not support the full export of data (i.e. flat pull) stored within the Sprout Social application. The customer does, however, have the ability to export reports, messages in the Inbox, and listening queries (going back 90 days) on a self-service basis within the application.
• Data export formats:
  • CSV
  • Other
• Other data export formats: PDF
• Data import formats: Other
• Other data import formats: Sprout does not support inbound data uploads

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: If you request an SLA, we may guarantee up to 99.5% uptime. Service credits may be available for lower than 99.5% cumulative availability.
• Approach to resilience: Systems are designed for resiliency, durability, and availability within AWS. Sprout Social takes daily backups of data stores across multiple locations. Server and infrastructure configuration is stored in version control, as is our software code. In the event of a disaster, systems will be restored from these sources.; ; Sprout Social’s architecture leverages automated DR technologies provided by Amazon Web Services (AWS):; ; An AWS Elastic Load Balancer (ELB) sits on the Internet edge, servicing traffic from customers. This ELB is itself Highly Available, per AWS’s service guarantees.; ; The ELB automatically distributes incoming application traffic across multiple Amazon EC2 instances hosted from multiple Availability Zones (AZs), all regularly evaluated for health.; ; These EC2 instances are evaluated for health every 30 seconds. If a node or AZ are not healthy, they will be automatically removed from the ELB until they are deemed healthy. Sprout EC2 instances are stateless, meaning the loss of an instance will have no effect on any customer.; ; Each AZ is an isolated hosting location - effectively a logically independent data center.
• Outage reporting: Sprout Social maintains a status page at https://sproutsocialstatus.com and outages or service degradations, including issues with third-party platforms, are noted on that page. Users can also sign up on that page to be alerted via SMS or email of new issues that have been posted.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Sprout Social provides configurable levels of administrative access based on in-app permissions that can be set up by the account owner. These varying levels of access control what users see and have access to.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: Yes
• CSA STAR accreditation date: 25/03/2022
• CSA STAR certification level: Level 1: CSA STAR Self-Assessment
• What the CSA STAR doesn’t cover: N/A
• PCI certification: Yes
• Who accredited the PCI DSS certification: SecureTrust
• PCI DSS accreditation date: 28/07/2021
• What the PCI DSS doesn’t cover: N/A
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: SOC 2 Type 2

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: Sprout Social’s security governance is closely aligned to NIST. Sprout Social maintains a SOC 2 Type 2 certification which audits our information security policies and processes against industry-leading standards.
• Information security policies and processes: Sprout Social has a formal information security program in place with defined policies and processes. As a requirement for maintaining our SOC 2 compliance, our reporting structure includes semi-annual information security and privacy training for all employees and formal acknowledgement of applicable policies.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Sprout Social has a formal change management policy for code deployment. This policy outlines our software development lifecycle (SDLC) as Sprout Social follows AGILE development methodologies. Teams must use industry-recognized SDLC best practices and our policy includes the following 6 phases:; - Planning; - Development; - Code Reviews; - Testing; -Deployment; - Monitoring; ; Patches to service components are applied automatically by our configuration management systems. Software that is either "unmanaged" (such as application libraries) or explicitly excluded is patched manually. All patches are applied to test/staging systems first before being applied in production.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Sprout has a formal Vulnerability Management Program in place that includes input from several tools and platforms. Internally, Sprout utilizes a range of vulnerability scanning tools including Rapid7, OpenVAS, Nikto, and SSL Labs. Scanning runs against systems that are exposed to the Internet. All identified vulnerabilities are verified by our internal security team, added to the appropriate workstreams, tracked against our internal SLAs (are defined by the potential impact or criticality of the underlying asset) These vulnerabilities are resolved by our development or infrastructure teams, they are re-verified by Sprouts internal security team to verify the issue has been resolved.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: System and service health is monitored by Nagios with checks written for all major parts of the systems and application. External availability monitoring is provided by Pingdom. System and application monitoring data (errors) are also reported remotely to New Relic with alerting enabled for abnormal conditions, including underflow of data.; ; Sprout Social utilizes host-based intrusion detection systems (IDS) on our servers which report to a cloud-based console. The IDS logs are monitored by the security team, who are on-call 24/7. At Sprout Social offices, we utilize next-gen firewalls at our perimeter that contain IDS functionality.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Incident response is carried out primarily by the security team with input from other stakeholders as appropriate for the scenario. The additional stakeholders may include senior management, internal communications, legal, client relationship management staff, and technical staff as needed. Incidents are tracked through JIRA tickets and classified per Sprout Social's Incident Response Policy based on the impact to the business. Incidents are closed when the security team has determined that all incident activity has ceased, a final report has been published to senior management, and all incident artifacts are properly archived.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  Sprout is committed to purchasing energy-efficient equipment. More than 90% of the electronics Sprout purchases are Energy Star Certified.; ; All of Sprout’s US locations are Energy Star Certified buildings. Our Seattle location is a LEED Platinum-rated building and our Dublin location adheres to WeWork’s best-in-class environmental practices.; ; We’ve adopted a Supplier Code of Conduct which gives preference to suppliers that share our commitment to environmentally sustainable practices.; ; As of July 2021, more than 50% of our supply chain is with organizations that are carbon neutral or have pledged to be carbon neutral by 2050.
• Tackling economic inequality:

  Tackling economic inequality

  Team Sprout gives back through our year-round volunteer initiative, Sprout Serves. Since officially launching in fall 2019, team members across every Sprout location have rallied to reach out to nonprofits of their choosing, volunteer their time and make an impact on the communities they care so much about.; ; Speaking of communities we care about, in 2021, we donated $200k to ten charities selected by our coworkers during our annual Philanthropy Week and $500K to nonprofits that service BIPOC communities in the US, and maintain relationships with other nonprofits around the globe that serve our priority identity groups—Underrepresented Genders in Tech, LGBTQIA+, etc.; ; In addition to donating, we work to foster deep relationships with these orgs and build trust with their communities through volunteer opportunities, education sessions, sponsored events and more. In 2021, we launched a $100,000 scholarship fund with the United Negro College Fund (UNCF). We will be awarding a total of eight scholarships, and recipients will be able to apply for a full-time role at Sprout through our Associate Software Engineering program.
• Equal opportunity:

  Equal opportunity

  For Sprout, diversifying the industry starts within our own organization. As a software company with thousands of global customers from around the world, we aim to build a team that reflects the diversity of the people we serve while rising above the inequity in our society. That’s why recruitment is one of our core DEI objectives.; ; Our ongoing commitment has been to cultivate a diverse pipeline that focuses on our priority identity groups: BIPOC, LGBTQIA+, women and underrepresented genders in tech. This year and next, we plan to evolve and solidify our workforce goals with a focus on increasing racial and ethnic diversity in our US team and in leadership roles, as well as global representation of women in leadership roles. We will reassess these focus areas each year based on our progress with representation, recruitment and retention, and will actively mitigate any inequity within our systems and processes.; ; Additional efforts aim to reach further than our own company. We partner with orgs like re:work (BIPOC tech sales), The Last Mile (tech training for incarcerated folks) and Black Girls Code (tech education for women of color) to provide funds and Sprout services. We also support Howard University’s first Center for Digital Business by providing funds to cover facilities costs and partnering with HubSpot to help build the curriculum.
• Wellbeing:

  Wellbeing

  Sprout assesses employee engagement through our annual engagement survey, The Sprout Progress Survey, administered via the Culture Amp survey platform. Sprout’s engagement levels consistently rank within the top 25th percentile of Culture Amp’s Public Listed benchmark, which is made up of approximately 350 organizations listed on stock exchanges globally with up to 100,000 employees.; ; Our Human Rights Policy has more information on our commitment to human rights. https://sproutsocial.com/human-rights-policy/

Pricing

• Price: £99.00 to £279.00 a user a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: We offer a free, 30-day trial of our service, which includes functionality available in the paid product.
• Link to free trial: https://sproutsocial.com/pricing/

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at emea-enterprise@sproutsocial.com. Tell them what format you need. It will help if you say what assistive technology you use.