Texthelp Ltd

Browsealoud for Public Access Computers (PAC)

Public libraries bring great value to their communities - offering access to online services and resources through public access technology. BrowseAloud PAC is software which adds speech, reading, and translation to websites on these computers facilitating access and participation for people with Dyslexia, Low Literacy, and mild visual impairments.

Features

• Text-to-Speech: improves comprehension and understanding
• Spoken & Written Translation: translates webpages and speaks translations aloud
• Text Magnification: allows users to access even the smallest text
• MP3 Generation: text can be saved and listened to later
• Screen Mask: blocks distractions on screen allowing users to focus
• Webpage Simplifier: removes clutter from screen, such as adverts

Benefits

• Expand your website’s appeal to a wider audience
• Help more people browse, buy and access your services online
• Comply with legal obligations for website accessibility
• Give confidence to site visitors who lack digital skills
• Extend your website’s appeal to non-native speakers in other languages
• Demonstrate greater social responsibility
• Make content easily accessible

£4,995.00 to £29,995 a licence a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Framework

G-Cloud 12

Service ID

283464584941101

Contact

Louise McQuillan
02894428105
l.mcquillan@texthelp.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: No
• System requirements:
  • PC: Chrome (latest release)
  • Mac: Chrome (latest release)
  • Chromebook: Latest release

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Our KPI is to respond in 24 hours, excluding weekends
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: No
• Support levels: We offer free Technical Support via phone or email for all our products. There is no difference in our support for different products. We do not offer technical account managers or support engineers.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Once onboard, customers are provided with a Browsealoud PAC installation instructions:; Customers are also assigned an account manager whose responsibility it is to ensure the Browsealoud PAC integration runs smoothly and the customer receives all the necessary support and training throughout their integration and subscription period. Account managers can also provide a short online webinar to take the customer through the features and benefits of Browsealoud PAC.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: On request Texthelp will return or destroy all customer data.
• End-of-contract process: The price stated in the contract is the final price for the term of the contract. No other charges apply.

Using the service

• Web browser interface: Yes
• Supported browsers: Chrome
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: No
• API: No
• Customisation available: No

Scaling

• Independence of resources: Speech services are load balanced, and spread across multiple geographic locations. Servers scale up to meet demand, CDN with scalable file storage is used for static content.

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest: Physical access control, complying with another standard
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: There is no user data to export from the products. Capita's billing and contact info can be deleted on request after termination of the contract.
• Data export formats: Other
• Other data export formats: There is no data to export.
• Data import formats: Other
• Other data import formats: Not applicable.

Data-in-transit protection

• Data protection between buyer and supplier networks: Other
• Other protection between networks: All server communications are encrypted
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: 99.99% uptime in any calendar month. Credits are applied to customer accounts where this target is not met.
• Approach to resilience: A Secure Development Policy enforces security to be designed into the product. Vulnerability scanning is performed on all files. Services are hosted by Google, Amazon AWS and Sugar CRM all of which guarantee uptime. Other information may be available on request.
• Outage reporting: Monitors and Scheduled automated tests running twice per day. Automatic notifications are sent by both monitors and automated tests if results are not as expected.

Identity and authentication

• User authentication needed: No
• Access restrictions in management interfaces and support channels: Access Control Policy
• Access restriction testing frequency: At least once a year
• Management access authentication: 2-factor authentication

Audit information for users

• Access to user activity audit information: No audit information available
• Access to supplier activity audit information: No audit information available
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: British Standards Institute (BSI)
• ISO/IEC 27001 accreditation date: 09/08/2018
• What the ISO/IEC 27001 doesn’t cover: There are no exclusions contained within our statement of applicability. As above, the company has been certified, by BSI, to ISO 27001. The certification is not product specific but covers the security posture of Texthelp Ltd & Texthelp Inc that are both in the scope of the certification. Texthelp PTY is not currently in scope but employees there are required to comply with the same policies.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Texthelp has a number of security policies satisfying the requirements of ISO 27001. Information Security Policy, Access Control Policy, Acceptable Use Policy, Mobile and Teleworking Policy, Secure Development Policy, Infrastructure Hardening Policy, Network Security Policy, Business Continuity and Disaster Recovery Plans.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Texthelp operates an Agile methodology. At the beginning of each agile sprint any security implications of changes we plan are considered and suitable mitigating actions are taken. Any changes that may impact the confidentiality, integrity or availability of Texthelp’s data or of the personal data of interested parties held by Texthelp must be thoroughly planned, preferably in isolation, prior to the changes being made. Risk assessment as defined in the company's Quality/ISMS Manual shall be carried out when changes are planned. Risks will be identified and recorded in The Risk Register and a treatment plan will be defined and implemented.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Texthelp's approach involves ensuring we identify, assess, and remediate information technology (IT) vulnerabilities, weaknesses, or exposures in IT resources or processes that may lead to a security or business risk. Our policy identifies Texthelp’s vulnerability management practice which includes the roles and responsibility of staff, the vulnerability management process and procedures followed, and risk assessment and prioritisation of vulnerabilities. Security vulnerability scanning technologies Whitesource and Tenable are used to assess our services and to identify potential threats.; ; How quickly the company deploys patches depends on the threat to a particular service. Any threats will be evaluated, prioritised and actioned accordingly.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: The quality assurance department manage a suite of in-house automated tests that monitor the integrity of the company's services on a twice daily schedule. A test fail resulting from evidence of a breach will result in the service automatically being taken offline immediately. For any test fail senior project management staff are automatically notified by email so immediate action can be taken where necessary. 24/7 cover is provided for this.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: ‘Notification List' of customers that are to be notified is created. Identification of the Data Entity that was compromised.; The corresponding Products that use this Data Entity are identified, and for each product that is impacted:; A List of customers, Technical Contacts and Data Security Contacts at those accounts will be added to the Notification List.; Data Security Incident Response document is created.; Customers on the Notification List are made aware of:; Extent of incident; If personal data was accessed; Steps taken to mitigate the impact and to prevent recurrence.; Downtime/Security Event logged using guidance in the Information Security Policy.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Pricing

• Price: £4,995.00 to £29,995 a licence a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF