Netcall Telecom Limited

Netcall Liberty CallMeBack

Netcall CallMeBack™ is a web callback solution that easily and rapidly connects voice calls for customers on the Web with contact centre agents. CallMeBack can be deployed on devices including Webpages, Mobile Applications, Kiosks, and Smart TVs. The solution is easily deployed and requires minimal changes to systems and processes.


  • API implementation using simple HTML code
  • No limit to the number of deployed interfaces
  • Customisable attributes
  • Customer and user service notifications
  • Unique "Agent first" callback procedure
  • Whisper of contextual information to agents before connecting calls
  • Real time Call Board dashboard
  • Comprehensive historical graphical reports
  • Ability to download reporting information
  • Simple to use Administration Interface


  • Full user configuration to implement operational requirements in real-time
  • Widely deployed as SaaS for more than 15 years
  • Audit service performance through full web reporting capabilities
  • Simple charging structure
  • Compliance with Ofcom regulations using Agent-first callback procedure
  • Rapid implementation
  • Simple for your customers to use
  • Easy to modify for different devices or Web pages
  • No changes to agent call handling equipment or processes
  • Contextual information aids agents callback handling


£1.20 per transaction

Service documents

G-Cloud 10


Netcall Telecom Limited

Janice Rock

0330 333 6100

Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to Netcall Liberty Cloud offers a complete suite of customer engagement software, CallMeBack can be used as standalone or as an add-on to following Netcall applications: Liberty ContactCentre, Liberty IVR Liberty, QueueBuster, MATS accelerator and Patient Hub
Cloud deployment model Private cloud
Service constraints The service is subject to planned maintenance which will be notified in advance.
System requirements Web Browser

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Response times are;

Standard Level

- Initial response is 90 minutes
- Priority 1 is 3 contract hours for fix/workaround.
- Priority 2 is 6 contract hours for fix/workaround.
- Priority 3 is 12 contract hours for fix/workaround.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support No
Support levels We will provide a Standard level of support which will be included within the cost. This includes access by telephone or email to the remote support teams during contracted hours.

A technical account manager will be provided.

Comprehensive Support (24/7) can be added and is a 10% uplift of of the minimum monthly licence.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Netcall will provide project management, engineering, and training support for the initial configuration of the Liberty CallMeBack. In addition onsite or online training will be provided to enable the customer to self-manage the service. Documentation regarding implementation and configuration of Liberty CallMeBack will also be provided. This includes Online Help which is provided within the Liberty User Interface.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction All customer data is available in reports accessed through a web interface.

Users will extract data by manually downloading data in a CSV file format.

All CallMeBack reports will enable the ability to download data using a definable date range.
End-of-contract process At the end of the contract Netcall will cease the service which will prevent the receiving and making of calls. All data stored including backups will be securely deleted using industry standard best practise methods.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Firefox
  • Chrome
Application to install No
Designed for use on mobile devices No
Accessibility standards None or don’t know
Description of accessibility CallMeBack forms are built by the user and as such will be subject to the Users accessibility standards.
User administration is via a browser interface and accessibility would be provided by software controlled by the users' PC
Accessibility testing None
Customisation available Yes
Description of customisation Users have full access to customise the CallMeBack service. There is no limit to the number of CallMeBack interfaces and queues that can be defined. Changes are made in real-time and configuration includes: Interface Settings - The definition of each interface - Attributes, Agent Announcements, User and Customer, Routing Rules, and API Settings Queue Settings - The definition of the call back - Queue/Answer Timeouts, Queue Capacity, Phonebook, Timeplan, Retry and Rescheduling Settings, CLI to present, Allowed Numbers, Offline and Online Capacities Customisation is made by users via the Liberty browser based administration interface. Access is controlled by the users’ assigned roles and permissions. Changes are audited including time, date and user stamps. Full training and documentation on the administration interface will be provided.


Independence of resources The user will be provided with sufficient resources to process requests to the CallMeBack service. This is based on Netcall enabling the correct telephony resource to manage the maximum licensed concurrency of the service.


Service usage metrics Yes
Metrics types CallMeBack provides a range of real time and historical graphical reports. This includes:
Callboard - Real time dashboard displaying key usage metrics and enabling call tracking
Historical Reports - Queue Summary, Detailed History, Service Level, Successful Callbacks, Post Call Options, Daily Summary Graph, Call Timings Graph, Queue Capacity Usage Graph

Reports can be filtered to provide the defined details, this includes the data range of the report, the specific callback queue(s), and the report view.

Reports can be viewed graphically, downloaded to csv manually, or automated daily emailed csv extract of the Call History, Detailed History, and SLA data.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Supplier-defined controls
Penetration testing frequency At least every 6 months
Penetration testing approach ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest Physical access control, complying with another standard
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Users can extract data by manually downloading data in a CSV file format. All CallMeBack reports will enable the ability to download data using a definable date range.

If required, the CallMeBack reports can be automatically exported by a scheduled service. This creates the following CallMeBack reports at 02:30 every day:

• Call History
• Detailed History

Users can subscribe to receive these reports by email, assuming they have the correct CallBack report permission created.
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection within supplier network Static data is securely protected behind a series of firewalls/access control lists and 2 factor end user authentication plus anti virus and native monitoring tools.

Availability and resilience

Availability and resilience
Guaranteed availability Netcall’s Service will achieve the below Service Level Availability (SLA). If it does not the Customer’s sole remedy is payment of Service Credits. The SLA = 99.5% in any calendar month. Downtime is a period during which the services are unavailable resulting in all users being unable to use all aspects of the service. Downtime does not include time when the services are unavailable as a result of planned maintenance, or problems with related equipment, services, software or other components not supplied by Netcall as part of the services. Core Hours: 0700 to 1900 hours, Monday to Friday, excluding English Public and Bank holidays. If the Actual Service Level (ASL) achieved falls below the SLA a Service Credit is due calculated as: the total number of hours during the Core Hours in the relevant calendar month minus the total number of hours of Downtime during the Core Hours in the relevant calendar month, divided by the total number of hours in Core Hours in the relevant calendar month, with the resulting fraction expressed as a percentage. If ASL falls below 99.5% the Credit is 10% of the Monthly Fee, which can be claimed by request in writing to Netcall.
Approach to resilience Netcall CallMeBack utilises a high-availability clustered database that is at two geographically diverse sites. Offsite backups are made on a daily basis.
Use of multiple sites and multiple PSTN and Internet connections with multiple vendors helps ensure business continuity.
All Netcall’s Cloud Services are operated across multiple data centres. Backups of Customer data are taken on a daily basis and stored securely and in an encrypted state off site in an alternate data centre.
The hosted environment within each data centre is virtualised on high availability, highly resilient hosts which minimises downtime through individual host component failure.
Full details can be provided on request.
Outage reporting Netcall’s Cloud systems and services are proactively monitored for availability and system health by the event management process. System events and alerts of threshold breaches are detected by Netcall’s system management tools and these alert our Customer Support team of state changes, including service outages in any of Netcall Cloud service offerings. Within 30 minutes of detection, Customer Support are responsible for informing service affecting outages to customers and these are tailored to match the business needs of the customer. The form of the communication can be either email or telephone to the customer’s service desk or preferred service contacts. The alert to the customer contains information on which service has failed, the likely effect it will have on customers IT service along with reference information for follow up. Netcall Customer Support then maintain regular updates to affected customers on the expected service restore time until de-escalation.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels Liberty Cloud applications including CallMeBack uses assigned roles and permissions to control user access. Liberty Cloud applications are accessed via a browser based user interface, on sign on the assigned roles and permissions are applied.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 Alcumus
ISO/IEC 27001 accreditation date 17/11/2017
What the ISO/IEC 27001 doesn’t cover Netcall's ISO 27001 is certified around the protection of the Confidentiality Integrity and Availability (CIA) of data assets for all platforms, products, services and suppliers relating to the processing of data. The governance also extends to the premises where the assets are hosted. The Statement of Applicability is a comprehensive scope that takes almost a week of onsite auditing by an external auditor working closely with the critical teams from Operations (including Info Sec) the business and other stakeholders such as the client , data centre managers etc. The Netcall process owners also include the facilities, legal and finance teams. Therefore ISO27001 will only exclude policies, controls and components that are not explicitly defined within the scope of the Statement of Applicability published for Netcall. The priority will always be to protect the CIA of the client data as per the Netcall solution and product design proposed to and contractually accepted by the client. So the actual likelihood of any risks remaining unmanaged/missed through the comprehensive scope of controls in the SOA is low.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification Yes
Who accredited the PCI DSS certification NCC
PCI DSS accreditation date 11/2017
What the PCI DSS doesn’t cover Comment
Other security certifications Yes
Any other security certifications
  • Information Government Toolkit
  • PA-DSS
  • Cyber Essentials+

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards It is also accredited to the NHS IG Toolkit, Cyber Essentials+, and also PCI /PA DSS compliant.
Information security policies and processes All Information Security Policies and processes are documented and audited into the ISO27001:2013 Info Sec Statement of Applicability. It lists the Netcall controls, policies and work instructions documented and recorded for the standard. They were reviewed as part of the external Audit in June and November 2017 and deemed compliant. The SOA in PDF form can be shared on request. All process owners are internally and externally audit for compliance with the policies set out in the SOA and listed below. • Quality Policy. • Security Guiding Principles. • Information Security Policy. • Clear Desk Policy. • Keyholder Policy. • Access Control Policy. • Information Classification Policy. • Data Protection Policy. • Network Access Control Policy. • Information Exchange Policy. • Password Policy. • Cryptographic Policy. • External Parties Access Control Policy. All the policies are reviewed throughout the year and recorded in the Audit Calendar.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Netcall's Change Management processes are audited under the ISO27001:2013 Info Sec standard. The statement of applicability for the standard can be shared.
No change will be permitted unless it has been approved by the relevant authority at Netcall against the relevant tracker ticket.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Netcall's compliance involves running external and internal vulnerability scans as part of our vulnerability management system to support the vulnerability management and internal patching process. Escalations are through our tracker system as part of the Risk Assessment/Vulnerability Management Process. These scans form evidence used to our InfoSec accreditations. The scanning vulnerabilities are prioritised within the reports, fed into the tracked Risk Assessment and resolution Process, reviewed by Netcalls' Operations and relevant process/risk owner for resolution. Where necessary threat control and corrections/prevention tickets are raised and linked to the original vulnerability to audit the fix and risk.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Netcall manages and controls compromises to the Confidentiality Integrity and Availability of Information Assets through its Incident Management System, Control and ownership is centralised yet overseen with stakeholders. The process is ISO 27001:2013 compliant linking risks to treatments and SLAs. Compromises are monitored, tracked, recorded in a number of ways: being raised by customer/production support calls, via the account managers, after changes, risk reviews, actual security incidents, picked up via IDS/IPS systems or event identification. The owner is the Information Security Manager working with the respective Process Owners and impacted stakeholders to resolve any compromises and apply preventative actions.
Incident management type Supplier-defined controls
Incident management approach Netcall uses native and licensed software to manage risks and is ISO 27001:2013 compliant for Incident Management. It is tracker based linking risks, assessments into corrective and preventative processes. Compromises are recorded after changes, risk reviews, security incidents, event identification or in worst case scenarios invoking the Business Continuity Plan. The owner is the Information Security Manager working with the respective Process Owners and impacted stakeholders to identify, contain and resolve an incident using Tracker to prioritise, tailor and make the risk progress visible to stakeholders.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks Yes
Connected networks New NHS Network (N3)


Price £1.20 per transaction
Discount for educational organisations No
Free trial available No


Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑