Family Links (recently renamed The Centre for Emotional Health) design parenting courses, CPD training sessions and educational resources that empower people to be better parents and understand their own emotional health. Makerble enables the collection of real-time feedback from course participants; giving facilitators the insights to shape sessions being delivered the very next day.
Diversity Study Group (DSG) is the industry leading provider of diversity, equality and inclusion services within the global maritime and shipping sector. Find out how they use Makerble to deploy surveys across shipping companies and enable HR professionals to analyse anonymised results.
Find out why relying solely on anecdotes and gut instincts can be tempting but ultimately insufficient when it comes to measuring your impact.
Find out why nonprofits are moving away from using several standalone systems to manage each part of their service delivery and are instead embracing single platforms that bring all of their beneficiary information together,
Family Links (recently renamed The Centre for Emotional Health) design parenting courses, CPD training sessions and educational resources that empower people to be better parents and understand their own emotional health. Makerble enables the collection of real-time feedback from course participants; giving facilitators the insights to shape sessions being delivered the very next day.
Makerble is committed to safeguarding the privacy and security of healthcare information in accordance with the Health Insurance Portability and Accountability Act (HIPAA). Our platform is designed to meet the stringent requirements of HIPAA, ensuring that Protected Health Information (PHI) is handled with the utmost care.
1. Data Encryption
At Rest: All data stored within the Makerble platform is encrypted using industry-standard encryption protocols (AES), ensuring that data is secure when it is stored on our servers.
In Transit: Data is encrypted during transmission using Secure Socket Layer (SSL) technology, protecting data from unauthorized access during communication between users and our platform.
For more detailed information, you can read our full privacy policy here.
2. Access Controls
User Authentication: Access to data on the Makerble platform is restricted through robust user authentication mechanisms, including two-factor authentication (2FA). This ensures that only authorized individuals can access sensitive data, adding an extra layer of security by requiring a second form of verification in addition to the user's password.
Single Sign-On (SSO) using Authentik: Makerble uses Authentik, a flexible Single Sign-On (SSO) solution, to centralize user authentication. SSO allows users to authenticate once and gain access to multiple systems, streamlining the login process while maintaining high levels of security.
3. Auditing and Monitoring
Activity Logs: Makerble maintains detailed audit logs of all activities, ensuring that any access or modifications to sensitive data are tracked and monitored. However, these logs are retained for a limited period of 2 days, after which the log data is automatically deleted.
Regular Audits: Routine security audits are conducted every six months to assess compliance with HIPAA standards and identify potential vulnerabilities within our systems. These audits are comprehensive, covering a wide range of security aspects such as:
Access Controls: Evaluating the effectiveness of current access management protocols and ensuring only authorized personnel can access sensitive data.
Data Encryption Practices: Verifying that encryption standards meet industry benchmarks for both data at rest and data in transit.
Incident Response Readiness: Review the incident response plan to ensure it remains effective and up-to-date, including mock drills to test response times and actions.
Physical Security Measures: Assessing physical security controls at data centers and office locations to ensure they are aligned with compliance requirements.
4. Incident Response Plan:
At Makerble, we prioritize the swift and effective handling of any potential issues that may arise. Our incident response approach ensures that we can quickly address and resolve any unexpected situations, minimizing disruptions and maintaining the trust of our users.
Monitoring and Early Detection:
We have automated systems in place that allow us to quickly identify and respond to unusual activity. This proactive approach helps us catch potential issues early.
Swift Action:
In the event of a suspected issue, our dedicated team, led by a Cyber Security Engineer, is ready to take immediate steps to address the situation. This includes isolating any affected areas and ensuring that everything is back to normal as quickly as possible.
Clear Communication:
We believe in transparency and will keep all relevant parties informed throughout the process. If necessary, we will promptly notify those affected and provide clear guidance on any steps they need to take.
Recovery and Restoration:
After resolving the issue, we focus on restoring everything to its full functionality. This includes ensuring that all data and services are fully operational and secure.
For more detailed information, please click here.
5. Compliance and Governance
Privacy Officer: Our dedicated Privacy Officer, a cybersecurity engineer, oversees Makerble's HIPAA compliance efforts.
Their responsibilities include:
Ensuring that all policies and procedures related to the handling of Protected Health Information (PHI) are up to date and compliant with HIPAA regulations.
Conduct regular risk assessments to identify potential vulnerabilities and implement corrective measures.
Leading incident response efforts in the event of a data breach, including coordinating with relevant authorities and ensuring proper notification procedures are followed.
Overseeing the training and education of employees regarding HIPAA compliance and data security.
Serving as the primary point of contact for any HIPAA-related inquiries or concerns.
Employee Training: We prioritize ongoing security awareness for all employees to ensure they are well-equipped to protect sensitive data.
Employees undergo comprehensive security awareness training that covers topics such as data protection, phishing awareness, password management, and HIPAA compliance.
Frequency: Training sessions are conducted every 3 months.
6. Data Availability:
Infrastructure Uptime: Our infrastructure providers guarantee a minimum of 99% uptime and maintain N+1 redundancy for power and network services.
Fault Tolerance: We have implemented backup and replication strategies to ensure data availability and resilience in the event of disruptions. Customer data is regularly backed up to protect against data loss.
7. Physical Security:
At Makerble, we leverage Azure’s advanced physical security protocols to protect our infrastructure and your data. Azure data centers are designed with state-of-the-art security measures, including strict access controls, continuous surveillance, and robust environmental safeguards.
For more detailed information about Azure's physical security, you can read about it here.
Additional Security Measures
To further enhance our security posture, Makerble implements:
Firewall Protection: Utilizing Cloudflare and Wazuh to monitor and block potential threats.
Monitoring and Logging: Employing Grafana and Loki for real-time monitoring and logging of system activities.
Secured Access: Using internal VPNs to ensure secure access to our systems.
This comprehensive approach ensures that we are well-positioned to protect sensitive data and maintain the highest standards of security and compliance.
If you have any questions about any of these points, please contact [email protected]
Introduction
The UK Government has set out 14 Cloud Security Principles. As a software-as-a-service company, Makerble is steward of confidential information. This article outlines how we address those principles.
For more information on the Cloud Security Principles, visit: https://www.ncsc.gov.uk/collection/cloud/the-cloud-security-principles
We take data security seriously. We follow industry best practice and have a comprehensive security framework to ensure your data is protected throughout its lifecycle in our cloud environment. This article provides information on the way we address each principle.
1. Data in Transit Protection
The Makerble Platform uses encryption at rest and in transit for all data transfers.
We employ industry-standard protocols TLS/SSL to safeguard data communication between you and our platform, as well as within our internal network.
2 . Asset Protection and Resilience
Data that clients store on The Makerble Platform is securely stored in Microsoft Azure.
As an organisation we use a password management tool (Passbolt) with OpenPGP encryption to securely store credentials and manage them.
Data on The Makerble Platform is stored in Ireland in the Microsoft Azure regional data centre.
Data stored on The Makerble Platform uses AES (Advanced Encryption Standard) encryption to store confidential information. This ensures that sensitive data is protected both in transit and at rest, maintaining the highest level of security.
Data sanitisation and equipment disposal, including data storage devices such as hard drives, SSDs, and RAM, are completely handled by Azure. Azure's certified processes ensure that all data is securely erased and storage media are sanitised or destroyed at the end of their lifecycle.
3. Separation Between Customers
The Makerble Platform implements logical mechanisms to segregate customer data. Within our software architecture, we use isolation mechanisms to prevent unauthorised access to customer data. This involves writing code that ensures each user can only access their own data and cannot inadvertently or maliciously access another user's information.
We perform penetration tests and code reviews every 6 months to ensure the effectiveness of these isolation mechanisms
4. Governance Framework
Makerble has defined security policies, procedures and controls that undergo regular review as part of our security governance framework.
We are applying for Cyber Essentials Plus certification to further demonstrate its security posture and expect to have this in place by 31 December 2024.
5 . Operational Security
Makerble prioritises operational security through a multifaceted approach. We conduct regular penetration testing and use third-party scanning tools such as SYNK and DeepSource to proactively identify vulnerabilities within our systems.
We continuously monitor for software updates from our software providers and apply patches promptly to maintain system integrity.
Across The Makerble Platform we use the Cloudflare Web Application Firewall (WAF) to protect against a wide range of cyber threats.
6. Personnel Security
Employees undergo a comprehensive security awareness programme as part of their onboarding process. We use an internal project management system to introduce them to key security policies and best practices. This is followed by a periodic assessment every 3 months to ensure employees retain their security awareness and ability to follow best practice.
7. Secure Development
The teams working on The Makerble Platform follow secure development practices by adhering to the guidelines outlined in the Ruby on Rails Security Guide. This comprehensive framework helps us build robust and secure applications.
We conduct rigorous code reviews (adhering to OWASP Top 10 Best Practice Standards) to identify and address potential security vulnerabilities before deployment. By integrating security considerations into our development process, we maintain our standards of data protection and system integrity.
8. Supply Chain Security
As an organisation we acknowledge the shared responsibility model inherent in the cloud computing platforms we use such as AWS and Azure. While these providers offer robust infrastructure and security features, we recognise that the overall security of our systems requires collaboration. As such we work with our cloud service providers to implement their recommendations and make the most of their security tools and services.
9. Secure User Management
As an organisation we have identified the specific levels of access to software that each employee requires. This ensures that our employees only have access to the data and permissions that are relevant, based on their role.
We are committed to continually improving our user management capabilities. We are currently implementing Authentik to manage IAM (Identity and Access Management).
10. Identity & Authentication
Across our organisation and in relation to The Makerble Platform, we safeguard client data through the use of robust identity and authentication protocols. For example, access to The Makerble Platform is restricted through a multi-layered approach that includes:
Strong Credentials: Users login using a unique email address and a complex password that meets industry best practices for length and character composition.
Multi-Factor Authentication (MFA) Enabled by Default: To further enhance security, Makerble offers Multi-Factor Authentication (MFA) for all user accounts and organisations. This means every login attempt requires not only a username and password but also a second verification factor, which is a code received via SMS.
In addition to this we enforce strong credentials and Multi-Factor Authentication across the software used by our employees.
11. External Interface Protection
We use a VPN to control access to our systems. The software applications used by our team are restricted so that they can only be accessed securely via the VPN.
For further reading on robust attack protections, please refer to Microsoft's article on discovering and mitigating evolving attacks against AI guardrails.
12. Secure Service Administration
The Makerble Platform runs on Azure which follows enterprise-grade security for administration. Details of compliance are outlined here: https://learn.microsoft.com/en-us/azure/compliance/
Building on the point in Principle 10, every Makerble employee uses MFA and follows our standardised security practices in relation to the software applications they use in their role.
13. Audit Information
As an organisation Makerble prioritises transparency and adheres to your right to audit our data processing practices. Our privacy policy outlines your right to request an audit of our security measures. We will promptly provide all relevant information within our control, subject to legal and confidentiality obligations.
To further enhance security and threat detection across the organisation, we are implementing a Security Information and Event Management (SIEM) system. This builds on the existing security infrastructure we have with Cloudflare.
14. Secure Use of Service
The Makerble Platform is designed with security in mind, incorporating secure defaults wherever possible. We have adopted a Privacy By Design approach which is outlined in more detail here: https://about.makerble.com/privacy-by-design
For more information on our approach to data security, please read: https://about.makerble.com/data-security-privacy-1
To further support our security efforts, we recommend reading Microsoft's comprehensive guide on Security as a Service.
If you have questions about our approach to data security, contact our Data Protection Officer by emailing [email protected]
Microsoft Forms is not a case management tool.
This means that in order to use Microsoft Forms, you have to maintain a separate system to manage your day to day work with clients, beneficiaries and stakeholders
If you want to use surveys to understand your impact, you will have to copy & paste some data between your spreadsheet and Microsoft Forms.
This is inefficient, takes up precious time and is susceptible to human error.
Microsoft Forms is designed to give you a show you the results from a single survey campaign. It is not designed to compare individual people’s survey results over time.
On Makerble, every respondent has a profile
This means that Makerble can automatically detect their pre-programme, mid-programme and post-programme responses to each question and instantly report the improvement over time for each individual beneficiary but also for the cohort as a whole
Microsoft Forms only looks at the answers to survey questions
It does not take into account the operational information you have about your beneficiaries
Because you cannot cross-reference your survey data with your operational data, it means that you miss out on valuable insights.
If you are a therapy nonprofit, your case management system shows the demographic makeup of your clients and the number of sessions they attend. By cross-referencing this with your client’s survey results (which you can do in Makerble), you could see that:
people who attend between 5 & 10 sessions tend to be those that see the biggest improvement
Black girls aged from 14 to 17 tend to underperform versus the average
Everyone who is counselled by Therapist X tends to see a bigger change over time
Those kinds of insights that tell you about the audiences you're under-serving are only possible when you're able to cross-reference survey responses with operational data about how often you see people, who sees them, demographic details about those people, who referred them, etc.
Whilst Microsoft Forms is a powerful surveys tool, it stops at surveys.
Whereas on Makerble you will get the context that helps you understand your survey results
ZOHO Forms is not a case management tool.
This means that in order to use ZOHO Forms, you have to maintain a separate system to manage your day to day work with clients, beneficiaries and stakeholders
If you want to use surveys to understand your impact, you will have to copy & paste some data between your spreadsheet and ZOHO Forms.
This is inefficient, takes up precious time and is susceptible to human error.
ZOHO Forms is designed to give you a show you the results from a single survey campaign. It is not designed to compare individual people’s survey results over time.
On Makerble, every respondent has a profile
This means that Makerble can automatically detect their pre-programme, mid-programme and post-programme responses to each question and instantly report the improvement over time for each individual beneficiary but also for the cohort as a whole
ZOHO Forms only looks at the answers to survey questions
It does not take into account the operational information you have about your beneficiaries
Because you cannot cross-reference your survey data with your operational data, it means that you miss out on valuable insights.
If you are a therapy nonprofit, your case management system shows the demographic makeup of your clients and the number of sessions they attend. By cross-referencing this with your client’s survey results (which you can do in Makerble), you could see that:
people who attend between 5 & 10 sessions tend to be those that see the biggest improvement
Black girls aged from 14 to 17 tend to underperform versus the average
Everyone who is counselled by Therapist X tends to see a bigger change over time
Those kinds of insights that tell you about the audiences you're under-serving are only possible when you're able to cross-reference survey responses with operational data about how often you see people, who sees them, demographic details about those people, who referred them, etc.
Whilst ZOHO Forms is a powerful surveys tool, it stops at surveys.
Whereas on Makerble you will get the context that helps you understand your survey results
Typeform is an online form builder that helps users build and manage forms.
Typeform is not a case management tool.
This means that in order to use Typeform, you have to maintain a separate system to manage your day to day work with clients, beneficiaries and stakeholders
If you want to use surveys to understand your impact, you will have to copy & paste some data between your spreadsheet and Typeform.
This is inefficient, takes up precious time and is susceptible to human error.
Typeform is designed to give you a show you the results from a single survey campaign. It is not designed to compare individual people’s survey results over time.
On Makerble, every respondent has a profile
This means that Makerble can automatically detect their pre-programme, mid-programme and post-programme responses to each question and instantly report the improvement over time for each individual beneficiary but also for the cohort as a whole
Typeform only looks at the answers to survey questions
It does not take into account the operational information you have about your beneficiaries
Because you cannot cross-reference your survey data with your operational data, it means that you miss out on valuable insights.
If you are a therapy nonprofit, your case management system shows the demographic makeup of your clients and the number of sessions they attend. By cross-referencing this with your client’s survey results (which you can do in Makerble), you could see that:
people who attend between 5 & 10 sessions tend to be those that see the biggest improvement
Black girls aged from 14 to 17 tend to underperform versus the average
Everyone who is counselled by Therapist X tends to see a bigger change over time
Those kinds of insights that tell you about the audiences you're under-serving are only possible when you're able to cross-reference survey responses with operational data about how often you see people, who sees them, demographic details about those people, who referred them, etc.
Whilst Typeform is a powerful surveys tool, it stops at surveys.
Whereas on Makerble you will get the context that helps you understand your survey results
Google Forms is part of Google suit which lets you create forms online
Google Forms is not a case management tool.
This means that in order to use Google Forms, you have to maintain a separate system to manage your day to day work with clients, beneficiaries and stakeholders
If you want to use surveys to understand your impact, you will have to copy & paste some data between your spreadsheet and Google Forms.
This is inefficient, takes up precious time and is susceptible to human error.
Google Forms is designed to give you a show you the results from a single survey campaign. It is not designed to compare individual people’s survey results over time.
On Makerble, every respondent has a profile
This means that Makerble can automatically detect their pre-programme, mid-programme and post-programme responses to each question and instantly report the improvement over time for each individual beneficiary but also for the cohort as a whole
Google Forms only looks at the answers to survey questions
It does not take into account the operational information you have about your beneficiaries
Because you cannot cross-reference your survey data with your operational data, it means that you miss out on valuable insights.
If you are a therapy nonprofit, your case management system shows the demographic makeup of your clients and the number of sessions they attend. By cross-referencing this with your client’s survey results (which you can do in Makerble), you could see that:
people who attend between 5 & 10 sessions tend to be those that see the biggest improvement
Black girls aged from 14 to 17 tend to underperform versus the average
Everyone who is counselled by Therapist X tends to see a bigger change over time
Those kinds of insights that tell you about the audiences you're under-serving are only possible when you're able to cross-reference survey responses with operational data about how often you see people, who sees them, demographic details about those people, who referred them, etc.
Whilst Google Forms is a powerful surveys tool, it stops at surveys.
Whereas on Makerble you will get the context that helps you understand your survey results
Measuring the impact of branding involves dissecting its influence across three crucial levels, providing a deeper understanding of its effects on consumer perceptions, behaviors, and business outcomes.
Firstly, there's the realm of how individuals perceive a brand. It's all about brand recall—what sticks in someone's mind when they think about a brand. This before-and-after comparison allows us to gauge how branding changes have altered consumer perceptions, reflecting the effectiveness of the rebranding strategy.
Moving beyond perception, the second level delves into behavioral changes among stakeholders. Internally, it could mean shifts in staff behaviors and company culture. Externally, it's about observing changes in consumer habits or increased engagement from other stakeholders. Benchmarking these behaviors before and after the rebrand provides tangible evidence of the branding's impact on actions and engagements over time.
Lastly, there's the tangible business impact. This involves assessing direct effects on revenue, market expansion, or reaching new customer segments. Although attributing all success solely to branding can be complex, observing increased revenue streams or market penetration post-rebrand indicates the branding's significant business impact.
Understanding the attribution of success in branding impact is essential. While it's challenging to credit all changes solely to branding, utilizing this three-tiered approach allows us to showcase the role of branding in these transformations.
When discussing potential rebranding projects with clients, employing these three levels offers a comprehensive view of the potential impact. By illustrating the cognitive, behavioral, and business alterations brought about by successful branding endeavors, clients can envision the significant changes that a rebrand or brand refresh could bring to their business.
Introducing a functionality that enables users to effortlessly add Perspective Providers on the contact's profile page under the Perspectives From tab and on the Send Surveys to Perspective Providers page by searching for their phone numbers, automatically creating new contacts with accurate details, and facilitating survey distribution through their phone numbers.
