Technical FAQ's

These FAQs are provided for general information only and do not form part of Upshot Terms & Conditions. Upshot Systems CIC accepts no liability whatsoever for your reliance on anything contained within the FAQs.

1. What database technology/software does the application use?

Upshot is built upon the Django framework with an Nginx webserver front-end and a PostgreSQL database back-end.

2. What programming language is the application developed in?

Upshot is a custom-built application made using the Django Framework www.djangoproject.com, an open source framework described as “The Web framework for perfectionists with deadlines”. Django is based upon the programming language Python www.python.org.

3. How is Upshot hosted?

Upshot is a hosted/cloud application. This is because we want to reduce the need for organisations to invest in infrastructure to support it. It also means that it means that we can make Upshot accessible anywhere, for anyone.

The application iscurrently hosted on a dedicated server by Hosting UK, an iomart subsidiary, in their Maidenhead data centre

Costs are covered as part of the overall cost of the application. There are no additional hosting costs, unless an organisation wishes to host the application themselves or wants us to host it on a VM dedicated to them.

4. What is the hosting SLA agreement?

Upshot is hosted by Hosting UK, whose hosting agreement is available at https://hostinguk.net/services-sla.

5. Is the platform hosted on virtual or physical servers? How many servers is the application hosted on?

As detailed above, the application is currently hosted on a dedicated physical server with Hosting UK. We are able to easily scale up the provisioning as and when required. Costs for hosting with this infrastructure are included in the costs for the application.

6. Are the Data Centres accredited to PCI DSS, ISO27001, and SAS70 standards?

Yes. Hosting UK is part of the Iomart Group and all ISO certs are held with the auditor at:

https://www.alcumus.com/en-gb/certification/customer-area/certificate-checker/

Certificate ID: 7235

Our technical partner Torchbox are ISO27001 certified. You can find a link to their Statement of Applicability here.

7. What cyber security measures are in place at Upshot?

Upshot is Cyber Essentials Plus certified. The core team is UK Disclosure and Barring Service (DBS) checked and the full team has undergone Cyber Security training. 

We also have a number of data policies that govern the way we manage our and our client’s data. We are happy to share these on request. 

8. Is all communication in transit encrypted?

All communication with the application is encrypted over HTTPS and implements HSTS so that unencrypted requests (HTTP) are not possible. DevOps management of the application and data transfer is over SSH. The application’s SSL configuration has an A+ rating from SSL Labs: https://www.ssllabs.com/ssltest/analyze.html?d=app.upshot.org.uk.

9. What are the backup and restore (both data and application) procedures?

User-generated content - the database, files uploaded to the media library and branding - are backed up daily - a number of times in the case of the database - to a backup area of the server. Every night, the full server filesystem is synchronised to a separate backup server at the hosting provider.

This allows for restoration of individual user-generated files, rollback of the whole database to an earlier snapshot, or the complete restoration of the application on a different server, with an equivalent setup, in the event of a server failure. The application code is stored in a version control system on a separate hosted service.

10. Does the system have any scheduled downtime and are users notified of this in advance when possible?

We may, on occasion, need to schedule brief periods of maintenance when we consider this to be essential to the ongoing reliability and development of our application. When this occurs we will make reasonable efforts to ensure that this occurs during quiet periods and the duration of the downtime is kept to a minimum.

Upshot also has a dedicated status page that users can choose to subscribe to allowing them to be notified of any downtime or planned maintenance.

  1. What are the hardware and software specifications for the client PCs that will access the application?

As Upshot is a web-based application, an installation is not needed. Upshot is fully functional via a range of browsers. We recommend that any modern, standards-compliant browser is used, such as the latest versions of Chrome, Edge, Firefox or Safari. We do not provide active support for any versions of Internet Explorer as Microsoft are retiring this browser on June 15th 2022. Browser support is reviewed every six months based on usage and security.

12. Are there any recommended PC requirements for using Upshot or for running reports and exporting data?

Upshot allows the user to export data into Microsoft Excel and Microsoft Word or compatible applications. Other than these two applications and any modern, standards-compliant browser there are no other PC requirements to get full usage out of Upshot as an application. 

13. Is the application available for a mobile/tablet platform?

Yes. Firstly, there is a mobile-optimised version of Upshot that is available through a web browser for use across mobile platforms. 

In addition, there is the Upshot Mobile App.

The Upshot Mobile App is a progressive web app (PWA) primarily designed to help users enter and review data in a faster and easier way. The app gives users the ability to:

    • Manage and submit registers
    • Add new attendees or review the information on attendees such as medical conditions, emergency contact and consent to media
    • View and complete survey responses

The Upshot Mobile App can be used both online and offline. More around offline usage here.

The use of the app mentioned above comes as part of the Upshot licence and is provided directly by the application, not through an additional third party.

14. What testing has been carried out? 

• Usability testing

We have undertaken usability testing with several end-users and testing feedback has been incorporated into the application. Every new feature is tested in the same way and our ethos programme of continuous improvement means that usability testing is integral to our development of the system.

• Unit testing

Upshot is accompanied by a suite of unit tests covering the code of the application, both to test new functionality and to perform regression testing of existing functionality. Although primarily for testing the robustness of the application, it is also an aid in long-term performance testing.

Penetration testing

Upshot undergoes an annual penetration test to check for security vulnerabilities of the system. The last test was carried out in April 2024 by an external provider and found no critical or high-risk vulnerabilities. A summary of the results and actions can be viewed here.

15. How many people are on the Upshot development team?

Ten. One of the strengths of Upshot has been the excellent partnership that Upshot Systems CIC has developed - since 2009 - with Torchbox, who design, built, enhance and maintain Upshot. Three senior developers at Torchbox make up the core development team for Upshot. In addition, there are two developers who work on particular parts of the system, together with a designer and CSS/front-end developer. Further to this, there is a Project Manager, Technical Director and Systems Administrator who work on the application.

Torchbox is an ethical development agency, established in 2000 and has 52 staff. The company specialise in producing web-based systems for clients who are primarily but not exclusively charities, NGOs and public sector organisations. Clients include: Oxfam UK, the Joseph Rowntree Foundation, the King’s Fund, the University of Oxford, Asthma UK, Breakthrough Breast Cancer, Greenpeace UK, ActionAid International, World Wildlife Fund UK, Coeliac UK, the Nuffield Trust and the Chartered Society of Physiotherapy.

16. Are all standard updates covered under the licence agreement?

Yes. NB ‘Standard updates’ refers to any changes or developments to the system to maintain or improve system functionality or performance. The licence fee covers any standard updates.

17. How long does it take to carry out upgrades and is there any downtime?

Upshot is a web-based application and system upgrades are in effect immediately once deployed to the live system. Generally, there is no user downtime when the system is updated. On the very rare occasions that there is downtime, user organisations are notified in advance and we will always endeavour to ensure that this occurs during off-peak times.

18. What management and support service is provided?

Upshot Systems CIC will provide telephone and email support to all users. All support issues have an escalation process and, if required, can be passed to a Torchbox Technical Consultant.

All problems will be logged and a resolution provided either by email or telephone. When a support call is logged, a priority will be assigned to each request for support to reflect the criticality of the item.

• Telephone

• Emails: We aim to respond to emails within 4 working hours

We can also provide desktop sharing support via Microsoft Teams, Zoom or similar, which allows the support technician to view to problem first-hand as well as interact with the user’s system. 

19. What are the standard hours of support? 

Support services are provided during business hours, Monday to Friday, 9am – 5pm UK time.

20. What is the Intellectual Property Rights ownership model? 

• All intellectual property rights for the bespoke code used in Upshot belong to Upshot Systems CIC.

• Copyright of Torchbox code remains with Torchbox.

• Torchbox have granted an irrevocable, non-exclusive, worldwide & perpetual, licence to use this code.

• Copyright in third party code remains the property of the licensors of that code.

• Customer organisations own all service-related data and are entitled to retrieve this data. 

21. Does Upshot have Two-Factor Authentication (2FA)?

Yes, two-factor authentication can be activated by an individual user for use when logging into their Upshot account. For more details around this process please click here.

22. Does Upshot have any existing APIs / Integrations?

Upshot has a number of internal APIs, and we are currently looking into integrating with other systems.

There is an API endpoint that supplies Session (instance and attendance) data feed that can be pushed into other tools.

Upshot also has an integration with a booking system in Eventbrite, which allows users to import session and register data of those individuals that have booked onto an organisation's session via Eventbrite into Upshot.

More about these existing tools can be found here.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us