Reach-Data Ltd

2 Factor Authentication SMS

We provide an enterprise grade, fully resilient and secure SMS API and gateway for use with 2 Factor Authentication. We are ISO 27001 accredited with a suitably scoped ISMS covering all Public Sector services.

Features

  • Industry standard API's for direct integration
  • Carrier grade infrastructure
  • Tier 1 direct UK routing
  • Completely cloud based
  • High performance
  • Secure (SSL) connectivity
  • ISO 27001:2013 Accredited (UKAS)
  • 2-way SMS
  • Real-time reporting
  • Global coverage

Benefits

  • Cloud based and accessible from multiple platforms
  • Full traceability with integral delivery reports
  • Optimised for access from mobile devices
  • Connections to multiple networks ensuring no single point of failure
  • UK based data centre's
  • Flexible and transparent pricing
  • Simple onboarding and offboarding process
  • 24/7 Service and support
  • Dedicated account manager

Pricing

£0.016 per unit

  • Free trial available

Service documents

Framework

G-Cloud 11

Service ID

2 7 0 9 1 5 0 4 9 3 4 8 3 6 1

Contact

Reach-Data Ltd

Andrew Cook

01923 618065

public.tenders@reach-interactive.com

Service scope

Software add-on or extension
No
Cloud deployment model
Private cloud
Service constraints
No
System requirements
  • Internet access
  • PC, Mac or mobile device to access the platform
  • Modern web browser with HTML5 support

User support

Email or online ticketing support
Email or online ticketing
Support response times
Monday to Friday

Office Hours: 09:00 – 18:00
1 hour

Evening: 18:00 – 22:00
1 - 2 hours.

Night: 22:00 – 09:00
Email accounts will be monitored on a "Best Endeavour" basis directed to the observance of critical issues.

Weekends and English Bank Holidays

Daytime: 10:00 – 16:00
2 hours

Evening, Night: 16:00 – 00:00 and 00:00 – 10:00
Email accounts will be monitored on a "Best Endeavour" basis directed to the observance of critical issues.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), 7 days a week
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Monday to Friday

Office Hours: 09:00 – 18:00
All issues will be routed to the appropriate staff immediately with an initial response within 1 hour.

Evening: 18:00 – 22:00
All issues will be routed to the appropriate staff with an initial response within 1 - 2 hours.

Night: 22:00 – 09:00
Email accounts will be monitored on a "Best Endeavour" basis directed to the observance of critical issues affecting more than one or all clients.

Weekends and English Bank Holidays

Daytime: 10:00 – 16:00
All issues will be routed to the appropriate staff with initial response within 2 hours.

Evening, Night: 16:00 – 00:00 and 00:00 – 10:00
Email accounts will be monitored on a "Best Endeavour" basis directed to the observance of critical issues affecting more than one or all clients.

There are no additional costs associated with the above support levels.

A dedicated account manager is also available as an escalation point if issues are encountered.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
We provide online training as well as user documentation of our platform and services. Onsite training is also available and can be discussed during the onboarding process.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
All data can be extracted through our online platform within the reporting section. This includes a record of all messages sent throughout the life of the contract and is available in CSV format.
End-of-contract process
There are no additional costs associated with the extraction of data at the end of the contract. The users account is deactivated after they have extracted the data and they stop using the service.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
All features of the platform are available to use on both mobile and desktop browsers.
Service interface
Yes
Description of service interface
We have an online, web based platform which supports the API service and provides real-time MI. It is also used to manage the service enabling provisioning of sub-accounts and additional users.
Accessibility standards
WCAG 2.1 A
Accessibility testing
The platform has been tested using the following accessibility applications:

JAWS, Dragon, Supernova, Zoomtext
API
Yes
What users can and can't do using the API
Access to the API is provided as soon as a user signs up for an account on our platform. The API is used to submit messages directly through our gateway without any limitations.
API documentation
Yes
API documentation formats
HTML
API sandbox or test environment
Yes
Customisation available
No

Scaling

Independence of resources
All services are mirrored between UK data centres with automatic fail over and load balancing. The automatic load balancing ensures that 1 user / client does not impact another.

Analytics

Service usage metrics
No

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
All data can be exported in CSV format though our online, web platform within the Reporting page.
Data export formats
CSV
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
All our operational servers are dual processor blade servers running in a controlled environment with redundant power supplies.

Service Uptime
Main Site
99.96% uptime with provision of full service since January 2009

Backup Site
99.92% uptime with provision of full service since January 2009

Combined Provision (no overlap)
100%

As standard, we don't give service credits in the event that service levels are not met. This can be discussed as part of the onboarding / contract negotiations.
Approach to resilience
We operate a multi-layer approach using multiple UK data centres to ensure no single point of failure. In the event of a failure at one of our sites, we automatically switch to another site, ensuring no interruption to our services.

We also maintain connections to all UK mobile network operators. In the event of a critical network failure, messages are routed through an alternative operator to ensure services are not interrupted. A fully documented Disaster Recovery Plan details backup and contingency processes.
Outage reporting
We notify clients by email in the event of an outage.

Identity and authentication

User authentication needed
Yes
User authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
Access restrictions in management interfaces and support channels
All access is controlled by username / password controls. We specify a minimum criteria for password length and complexity.
Access restriction testing frequency
At least once a year
Management access authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
Between 1 month and 6 months
Access to supplier activity audit information
No audit information available
How long system logs are stored for
Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
Certification International (UKAS)
ISO/IEC 27001 accreditation date
18/04/2013
What the ISO/IEC 27001 doesn’t cover
All services are covered.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
We follow the following information security policies / procedures in line with our ISO 27001 certification:

Information Security Policy.
Business Information Policy.
Access Control Policy.
Teleworking Policy.
Clear Desk Policy.
Back Up & Redundancy Policy.
Supplier Security Policy.
Secure System Engineering Principles Policy.
Information Security Management.
Asset & Information Management.
Human Resources.
Physical Security.
Communications & Operations.
Access Control.
Systems & Processing.
Incident Management.
Business Continuity Management.
Compliance & Conformance.

We ensure policies are followed through our internal auditing processes and any issues / non-compliance are reported to the MD / Information Security Manager.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
All changes to system hardware, software or other applications must be authorised (MD)
All version updates should be risk assessed and tested if deemed necessary by ISM/MD
Any over-ride of this “Change Management” procedure must be authorised (MD)
All changes must be first risk assessed and tested before full implementation
All testing must be carried out in a separate and controlled environment
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
All services are tested in a separate dedicated UAT environment before being pushed into the live environment. All applications / systems for message processing are designed and built in house. We deploy patches in a timely manner after testing the deployment in our UAT environment.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
All systems are proactively monitored, including access logs and firewall logs to identify any potential breaches in security.
Incident management type
Supplier-defined controls
Incident management approach
The Information Security Manager must be PROMPTLY informed of the (potential) incident
The Incident must be PROMPTLY reported to the Information Security Manager in writing
The Incident must be LOGGED by the Information Security Manager
The Incident must be ANALYSED by The Information Security Manager
The MD and the ISM must ensure there is learning and appropriate action
Details of all Incident records must be maintained (incl. dates, times, parties involved etc.)
The ISMS ensures that all Incidents are brought to the attention of the MD.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Pricing

Price
£0.016 per unit
Discount for educational organisations
No
Free trial available
Yes
Description of free trial
Full functionality is provided, along with a limited number of free SMS credits. There is no time limit.

Service documents

Return to top ↑