BTS Holdings plc

Cloud Call Logging

Call reporting services for landlines and mobile devices. Supporting all types of telephony.


  • Customised reports delivered by email or Web Portal
  • Proactive reporting of potential fraud and faults


  • Provide reports to your requirements run by experts
  • Quickly access adhoc report information


£0.16 to £0.30 per device per month

  • Education pricing available

Service documents

G-Cloud 10


BTS Holdings plc

Jon Kendall


Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to Directory solutions providing staff details
Cloud deployment model Private cloud
Service constraints Data needs to be accessed from customer network, as such requiring a VPN connection or similar
System requirements
  • Access to customer call data for processing
  • Access to up to date corporate structure where used

User support

User support
Email or online ticketing support Email or online ticketing
Support response times 4 hour response time
Mon-Fri 08:30 to 17:30 only
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Onsite support
Support levels Standard support is provided Mon-Fri 08:30 to 17:30. Custom support levels are available in addition to this at extra cost
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started BTS provide onsite training and consultancy where required as part of the service. Full documentation is also provided for the service.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction Customers can request any final reports on their data prior to the end of the contract.
End-of-contract process At the end of the contract all customer data is deleted from the Cloud

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
Application to install No
Designed for use on mobile devices No
Accessibility standards None or don’t know
Description of accessibility Accessed via Web Portal
Accessibility testing None
Customisation available Yes
Description of customisation The service is fully customisable and this is completed by working closely with the designated Service Consultant from BTS.


Independence of resources BTS manage the data centre to ensure all clients have sufficient resources.


Service usage metrics Yes
Metrics types Monthly information:
Number of regular reports provided
Number of ad-hoc reports provided
Any period of data loss (interruption to data collection)
Reporting types Regular reports


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Supplier-defined controls
Penetration testing frequency Less than once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest Physical access control, complying with another standard
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Export of data is either completed via the Web Portal or by email request to the Service Team
Data export formats
  • CSV
  • Other
Other data export formats XLS
Data import formats
  • CSV
  • Other
Other data import formats XLS

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability If the Contractor fails to commence collection of call data, necessary for the provision of the Managed Service, by the agreed Commencement Date of Data Collection set out in the Service Level Agreement, or such revised date as may be agreed, and the Customer shall have suffered a loss, the Customer shall be entitled to receive a Credit to be offset against the Managed Service Charge for the immediately following period by way of liquidated damages.
This Credit shall be based on the aggregate sum payable for the Managed Service for the period covered by the Customer’s Purchase Order or the first 12 months of the Contract, whichever is shorter, and it shall be set at ½% of this figure for each full week between the Commencement Date or revised Commencement Date and the actual Commencement Date, but the amount of such Credit shall not in any case exceed 10% of this figure and such Credit shall be in full satisfaction of the Contractor's liability for the said failure. The Contractor and Customer agree that such sum is a genuine pre-estimate of the Customer’s loss arising from such delay.
Approach to resilience Resiliency is generally defined as part of the contract and hardware and equipment provisioned accordingly to deliver the level of resilience the customer specifies.
Outage reporting Customers are informed of any outages by email.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels Users are created within the system and their information access is defined as part of this process
Access restriction testing frequency Never
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information No audit information available
Access to supplier activity audit information No audit information available
How long system logs are stored for Less than 1 month

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach Our Information Security Policy has been developed following the guidelines of ISO 27001 (formerly ISO 17799), 'Information Technology - Code of Practice for Information Security Management'.
Information security policies and processes Our Information Security Policy has been developed following the guidelines of ISO 27001 (formerly ISO 17799), 'Information Technology - Code of Practice for Information Security Management'. All staff receive training on this policy which is monitored and reported against as part of our ISO 9001 accredited QMS.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach BTS uses a system of change management based on Prince 2 to document and review the risks of all changes including their security implications.
Vulnerability management type Supplier-defined controls
Vulnerability management approach All our services are reviewed for potential treats and weaknesses both during design and throughout operational life.

Where a potential threat is identified, patches are applied as soon as reasonably practical.

We monitor alerts from National Cyber Security Centre and receive notification from both Microsoft and Symantec.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Where necessary we monitor user activity and access to ensure users can be made accountable for their actions and to detect unauthorised activity and access that is either suspicious or is in violation of security policy requirements.
Incident management type Supplier-defined controls
Incident management approach All security incidents must be reported immediately to Line Manager and the Resources Director who will:
• Acknowledge receipt of incident report
• Place incident on BTS Issues List for review at Management Review Meeting
• Copy incident report to relevant 3rd Party organisations
• Conduct initial investigation of reported incident
• Review relevant security procedures to prevent recurrences
• Initiate any disciplinary procedures that may be required
• Report back to individual reporting the incident, Management Review Meeting and any other interested parties informing them of outcome of the investigations and any procedural changes that are to be implemented

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks Yes
Connected networks New NHS Network (N3)


Price £0.16 to £0.30 per device per month
Discount for educational organisations Yes
Free trial available No


Pricing document View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑