Civica UK Limited

Civica Chatbot Frequently Asked Questions (FAQ) Service (Standard)

Rapid deployment of Microsoft QnA Maker making complex frequently asked questions (FAQ) documentation readily accessible for up to 100 concurrent Chatbot users over web, social and voice channels. Includes advice to curate content sources and use of conversational AI to maximise value from Microsoft Bot Framework and Azure App Services.

Features

• Based upon Microsoft QnA Maker Cognitive Service
• Scaled for up to 100 concurrent users
• Microsoft Azure Bot Framework adaptations
• Text Recognition with Microsoft Artificial Intelligence, Cognitive Services
• Good practices to load initial FAQ content effectively
• Experience configuring reporting capabilities to extract usage statistics
• Expertise and advice to refine content
• Enhanced, accessible WebChat window with configurable branding feature
• NuGet package deployment of WebChat client
• Civica’s Conversation Experience Module suggestions to refine and enhance content

Benefits

• Automates the answering of mundane, repetitive enquiries
• Reduces cost to serve by freeing-up employees for other tasks
• Quickly connects users to consistent information
• Improves customer experience
• Increases digital engagement, driving channel shift
• Accessible 24 x 7, across multiple channels
• Skills transfer of frequently asked questions (FAQ) curation, promoting self-sufficiency
• Reduced time to develop and improve effectiveness of Q&A pairs

£1,000 a licence a month

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at g-cloud@civica.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

329766571870817

Contact

Civica UK Limited
+44 (0) 3333 214 914
g-cloud@civica.co.uk

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: The service can be integrated into existing website and mobile apps.
• Cloud deployment model: Public cloud
• Service constraints: None.
• System requirements: Microsoft Azure license

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Civica offers four levels of support ranging from core working hours (9am to 5pm Monday to Friday excluding English public holidays) to full 24x7 support. Our Silver service response times depend on the severity of the incident and are as follows: ; a) Severity Level 1 (Critical) - 1 hour to respond, 1 day to resolve.; b) Severity Level 2 (Severe) - 1 hour to respond, 3 days to resolve.; c) Severity Level 3 (Disruptive) - 2 hours to respond, reasonable 5 days to resolve.; d) Severity Level 4 (Minor) - 2 hours to respond, reasonable efforts to resolve.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Civica offers four levels of support with the following support hours: ; 1) Platinum: Full 24*7 support service suitable for the most business critical applications.; 2) Gold: On-call 24*7 support service appropriate for public facing applications that are utilised 24*7.; 3) Silver: 8am to 5:30pm Monday to Friday, excluding public holidays. This extended hours model is targeted at customers requiring cover for a flexible working day.; 4) Bronze: 9am to 5pm Monday to Friday excluding public holidays.; The Civica Digital Service Desk is contactable from 8am to 6pm on UK working days. ; The Service Desk responds to questions depending on the Severity Level of the call as follows:; a) Severity Level 1 (Critical) - the reported problem causes a halt to the client’s core business processes and no workaround is available. ; b) Severity Level 2 (Major) - the reported problem causes degradation of the client’s core business processes and no reasonable work-around exists. ; c) Severity Level 3 (Intermediate) - the reported problem impacts the client’s operational environment, but does not affect core business processes. A work-around is available. ; d) Severity Level 4 (Minor) - a non-critical problem is causing some disruption, but with little or no impact on the client operation.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: See Service Definition Document.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: All question and answer pairs can be extracted under the standard Microsoft toolset. Civica will clear down any usage data.
• End-of-contract process: The service will be shut down and all question and answer pairs will be extracted and provided to the client.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: NA
• Service interface: No
• API: No
• Customisation available: Yes
• Description of customisation: Users can upload and refine question and answers pairs for the Chatbot.

Scaling

• Independence of resources: This is managed by MS Azure tools.

Analytics

• Service usage metrics: Yes
• Metrics types: Civica will provide guidance on how to use standard QnA Maker reporting facilities.
• Reporting types: Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Physical access control, complying with another standard
• Data sanitisation process: No
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: This is achieved via the standard Microsoft client software (MS QnA Maker Portal Tool).
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: Private network or public sector network
• Data protection within supplier network: Other
• Other protection within supplier network: Please contact Civica for details.

Availability and resilience

• Guaranteed availability: Please see MS Azure Public Cloud SLA.
• Approach to resilience: Please see standard MS Azure Public Cloud details.
• Outage reporting: Please see standard MS Azure Public Cloud details.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Only authorised support staff will have access to the system. Civica support staff do not access customer data as a matter of course. Only in rare cases of support or maintenance, after explicit permission granted by the customer, will support staff log in to customers applications or look at customer data. All case access (even when read only) through the application is audited. All direct database access by support staff must be authorised by a support manager. Access privileges are revoked when such access is no longer relevant.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: No audit information available
• Access to supplier activity audit information: No audit information available
• How long system logs are stored for: Less than 1 month

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: The Audit People
• ISO/IEC 27001 accreditation date: 20/10/2019
• What the ISO/IEC 27001 doesn’t cover: Please contact Civica for details.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Civica has a fully audited and tested Information Security Management System which underpins our ISO27001:2013 certificate. The policies and procedures have been independently audited and practices are audited by external auditors. New staff are inducted into the ISMS when they start; other staff are regularly reminded about their responsibilities and managers are required to ensure that their staff adhere to the policies. Staff are advised when policies are updated. The senior management of the company owns the ISMS and the Information Security Management Representative delivers day-to-day management of the system. All staff are reminded that they are individually responsible for security. The data security theme is delivered through staff / team meetings, training sessions, shared documents and via email. Continuous improvement in the delivery of security is encouraged. Risk assessments are regularly carried out and the competency of the delivery of the ISMS is measured though internal auditing and management review.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: All significant, non-routine changes to Organisational information processing facilities (hardware and software) are subject to change control. A procedure (from our ISMS) ensures that segregation of duties in in place for the requesting, authorizing and implementation of a change. All changes should be applied first to a test platform, and a "recover position" is defined for each change. Changes are tracked and documented within the company. At all times the security of our infrastructure and customer data are at the forefront of any consideration of a change request and our Information Security Manager is responsible for the process.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: We have a qualitative approach to risk management. This covers (a) the categorisation of assets across six major headings including information assets (and these include client data), software assets (these include application software) and physical assets (these include networks); (b) the identification of assets within each category at a level appropriate to risk assessment; and (c) the assessment of possible threats to and vulnerabilities of each asset and its likelihood and impact on the business either directly or indirectly. The risk assessment is carried out at least annually and is reviewed when changes are processed through the Change Control process.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Daily checklists are in place to monitor malicious activities like failed login attempts, attempts to access the system from an unknown IP etc. We also have automatic monitoring tools in place to warn of issues.; The Information Security Manager gets advice from qualified technical staff and the Top Management, as necessary, to analyse and understand any incidents and to identify appropriate actions to contain it and to implement contingency plans. A request will then be made to take appropriate actions to recover from the incident, and to implement contingency plans.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: There is a specific procedure for responding to security event in our ISMS. We are committed to sharing information about any such breaches; most of our customers specify their requirements for notification times to be detailed in contractual arrangements. Our starting point is to alert the customer as soon as is possible after such a breach has been confirmed.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Pricing

• Price: £1,000 a licence a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at g-cloud@civica.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.