Boomerang Triage
Engage customers and stakeholders with a SMS and IVR engagement tool. Utilise a dynamic decision tree ensuring relevance and interest including the ability for data look up, security and identification for such things as surveys, helpdesk, inbound reporting, call-backs and much more. Complementary with Boommail and other Boomerang products.
Features
- Customer activated SMS triage
- Reports generated and sent automatically to specific email address
Benefits
- Reduction of contact centre manning
- Speedy resolutions
- Greater customer satisfaction
Pricing
£0.03 to £0.07 a transaction a minute
- Education pricing available
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 11
Service ID
2 3 3 1 7 4 3 8 7 7 3 4 6 1 6
Contact
Boomerang I-Comms Ltd
Peter Tanner
Telephone: +44 207 224 5555
Email: peter.tanner@boomcomms.com
Service scope
- Software add-on or extension
- Yes, but can also be used as a standalone service
- What software services is the service an extension to
- Boommail
- Cloud deployment model
- Public cloud
- Service constraints
- No constraints
- System requirements
- No specific requirements
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- Within an hour
- User can manage status and priority of support tickets
- No
- Phone support
- Yes
- Phone support availability
- 24 hours, 7 days a week
- Web chat support
- No
- Onsite support
- Onsite support
- Support levels
-
Standard - 9AM - 5PM Monday - Friday or Premium 24/7/365 email or telephone support.
Account manager is available for large accounts. - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- On site training, downloadable brochures and extensive help features inbuilt in User Interface.
- Service documentation
- Yes
- Documentation formats
- End-of-contract data extraction
- The users' data remains their property throughout. At the termination of the contract, data can be extracted by the user in csv file format.
- End-of-contract process
- Included within the price of the contract is a simple turning off of the service.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 7
- Internet Explorer 8
- Internet Explorer 9
- Internet Explorer 10
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari 9+
- Opera
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- No difference
- Service interface
- No
- API
- No
- Customisation available
- Yes
- Description of customisation
- Customisation options are as follows: - On-premises: Host the services within a local environment - Social hours: Control the times between which messages are sent / not sent - Exclusive numbers: Messages are sent from a number range unique to the customer - Message validity: Control the expiry period of an outbound message - Secure data: Choose to overwrite (hash) the message content and communication address for a message transaction - Set specific configurations for each communication channel: 1. Voice - Intro and exit messages, divert number and message 2. Email - From Id, Subject, signatures, logos and HTML customisation 3. SMS - Alpha or numeric originating Ids Service configuration options are either set via the user interface,
Scaling
- Independence of resources
- The hardware supporting the Services is provisioned with resources that are managed by VMware to automatically spread resources across the Cloud as and where required. From the infrastructure perspective, VMware Cloud Design allows the platform to scale without downtime or performance degradation linearly. Cloud instances have been configured to use an auto-scale set of resource limits, within which Boomerang can utilize and grow out as demand is increased.
Analytics
- Service usage metrics
- Yes
- Metrics types
- Transactional message data consisting of date/time sent, transaction Id, communication channel, originating address, destination address, message content delivery status, ticket type, ticket status, number of replies, Reply content. Full listing of all subscriber replies.
- Reporting types
-
- API access
- Real-time dashboards
- Regular reports
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Developed Vetting (DV)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least every 6 months
- Penetration testing approach
- In-house
- Protecting data at rest
- Physical access control, complying with CSA CCM v3.0
- Data sanitisation process
- Yes
- Data sanitisation type
- Explicit overwriting of storage before reallocation
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
- Data can be exported in csv format
- Data export formats
- CSV
- Data import formats
- CSV
Data-in-transit protection
- Data protection between buyer and supplier networks
- TLS (version 1.2 or above)
- Data protection within supplier network
- TLS (version 1.2 or above)
Availability and resilience
- Guaranteed availability
- 99.5%
- Approach to resilience
- The platform has been designed and built to achieve 5x9 service availability. VMware provides full hardware fault tolerance along with multi-site failover in the event of a Data Centre outage or network issue. Failover between data centres can be achieved within minutes to help minimize the impact of a site isolate disaster. In the event of an issue at the application level, we are able to roll back cluster instances in real time via SNAP shot that are maintained via our SAN architecture. Node failure does not impact the production platform as VMware fences the node and ejects this from the running cluster without service impact. Version 5 is currently used with ‘DRS Configuration’ post failover, along with the VMware Fault Tolerance module All Services are replicated between sites, both memory and disk blocks are replicated in real time via VMware & SAN to SAN Replication. As such, when implementing a site failover, both memory and data is captured and replicated, thus removing any transition loss.
- Outage reporting
- Outages are very unlikely to occur as the system has built in resilience from its fail-over composition, but in the exceptionally unlikely event of an outage, cliets are alerted by dashboard or direct email.
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Username or password
- Access restrictions in management interfaces and support channels
- Hierarchical administration allows access at required levels and restricts permissions to users.
- Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- 2-factor authentication
- Username or password
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- Users receive audit information on a regular basis
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- No
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- No
- Security governance approach
- The organisation currently complies with a range of the requirements, policies and controls that maps to ISO 27001:2013. Our practices will also ensure compliance with the information security and privacy elements expressed in the EU General Data Protection Regulations. The following ISO 27001: 2013 focused tools, policies and frameworks are either in place or in the process of being implemented - An information security management system (ISMS) consisting of detailed policy controls in line with ISO27002 - Regular management reviews - Risk management methodology - Regular staff training - Performance evaluation and audits with corrective actions
- Information security policies and processes
- Our policies and controls in line with ISO 27002 to address risks and requirements in the areas of: o Asset management o Access control o Cryptography o Physical and environmental security o Operations security o Communications security o System acquisition, development and maintenance o Supplier selection and management in life, including a robust segmented approach to supplier work based on the information assets the suppliers have access to in line with the risk assessment o Information security incident management (including readiness for EU GDPR) o Information security for business continuity planning and disaster recovery o Other compliance in line with applicable legislation, privacy and protection of personally identifiable information Performance evaluation takes place at regular intervals including reviews of policies, management reviews, audits as well as processes. An Improvement Track is used to manage instances of non-conformance and corrective actions. Additional capability already invested in includes processes and tools for managing specific aspects of EU GDPR such as subject access requests (SAR). In addition, the organisation has invested in capability for undertaking privacy impact assessments (PIA) and working in line with both EU GDPR and ISO 27001:2013 for information security in projects.
Operational security
- Configuration and change management standard
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Configuration and change management approach
- All service assets are recorded, tracked and updated via an inventory. Assets have a designated owner who is responsible for ensuring that assets are classified correctly, up to date and reviewed periodically, to safeguard access and accurate security classification. The asset owner is also responsible for ensuring that assets are securely returned disposed of or de-commissioned. Changes to any assets are recorded. A formal approval process is used for change requests (including risk assessment) and requisite testing is carried out across separate environments (Development, UAT) before release to production. A controlled process is also in place for emergency changes.
- Vulnerability management type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Vulnerability management approach
- External tools are used regularly to check for vulnerabilities across the estate; primarily Vulnerability Management scans and web application scans to verify that the application code is secure to DDS standards. Vulnerabilities are also identified and notified at a cloud and server management level (VMware, Plesk and CPanel). Patches are applied automatically to address specific vulnerabilities. It is also responsibility of the TISO to keep up to date with the latest information regarding technical vulnerabilities.
- Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
- Intrusion detection and intrusion prevention software is used to monitor network traffic to identify any potential compromise (surges in traffic from single sources, irregular traffic etc). Potential compromises are dealt with by isolating the affected environment and inspecting logs to assess the threat. Affected stakeholders are notified and root cause analysis carried out and mitigation plan developed. Real time monitoring takes place with immediate response for suspicious alerts. Abnormal patterns that may not trigger alerts are identified using dashboards or similar reporting tools. Common threats such as brute force attempts, automated FW reconfiguration is in place blocking traffic.
- Incident management type
- Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
- Incident management approach
- Customers, staff and other stakeholders can report incidents through standard channels such as email and telephone. All incidents are recorded, assigned priority level and tracked through to completion, with the lessons learned feeding into other processes such as problem management. A dedicated process is followed for P1 Incidents to ensure stakeholders are pro-actively notified of the event and of the root cause. Our processes are ready for EU GDPR as well to ensure we can report and manage in those formats. We have reporting around incidents, events and weaknesses as well as links into the broader ISMS into the BCP.
Secure development
- Approach to secure software development best practice
- Conforms to a recognised standard, but self-assessed
Public sector networks
- Connection to public sector networks
- Yes
- Connected networks
- Other
- Other public sector networks
- MODNet
Pricing
- Price
- £0.03 to £0.07 a transaction a minute
- Discount for educational organisations
- Yes
- Free trial available
- Yes
- Description of free trial
- The full scope of the product range is available as a free trial, on request.
- Link to free trial
- Www.boomerangmessaging.com/trial