Civica UK Limited

Civica Chatbot Frequently Asked Questions (FAQ) Service (Standard)

Rapid deployment of Microsoft QnA Maker making complex frequently asked questions (FAQ) documentation readily accessible for up to 100 concurrent Chatbot users over web, social and voice channels. Includes advice to curate content sources and use of conversational AI to maximise value from Microsoft Bot Framework and Azure App Services.


  • Based upon Microsoft QnA Maker Cognitive Service
  • Scaled for up to 100 concurrent users
  • Microsoft Azure Bot Framework adaptations
  • Text Recognition with Microsoft Artificial Intelligence, Cognitive Services
  • Good practices to load initial FAQ content effectively
  • Experience configuring reporting capabilities to extract usage statistics
  • Expertise and advice to refine content
  • Enhanced, accessible WebChat window with configurable branding feature
  • NuGet package deployment of WebChat client
  • Civica’s Conversation Experience Module suggestions to refine and enhance content


  • Automates the answering of mundane, repetitive enquiries
  • Reduces cost to serve by freeing-up employees for other tasks
  • Quickly connects users to consistent information
  • Improves customer experience
  • Increases digital engagement, driving channel shift
  • Accessible 24 x 7, across multiple channels
  • Skills transfer of frequently asked questions (FAQ) curation, promoting self-sufficiency
  • Reduced time to develop and improve effectiveness of Q&A pairs


£1,000 a licence a month

Service documents


G-Cloud 12

Service ID

3 2 9 7 6 6 5 7 1 8 7 0 8 1 7


Civica UK Limited Civica UK Limited
Telephone: 01132441404

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
The service can be integrated into existing website and mobile apps.
Cloud deployment model
Public cloud
Service constraints
System requirements
Microsoft Azure license

User support

Email or online ticketing support
Email or online ticketing
Support response times
Civica offers four levels of support ranging from core working hours (9am to 5pm Monday to Friday excluding English public holidays) to full 24x7 support. Our Silver service response times depend on the severity of the incident and are as follows:
a) Severity Level 1 (Critical) - 1 hour to respond, 1 day to resolve.
b) Severity Level 2 (Severe) - 1 hour to respond, 3 days to resolve.
c) Severity Level 3 (Disruptive) - 2 hours to respond, reasonable 5 days to resolve.
d) Severity Level 4 (Minor) - 2 hours to respond, reasonable efforts to resolve.
User can manage status and priority of support tickets
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Yes, at extra cost
Support levels
Civica offers four levels of support with the following support hours:
1) Platinum: Full 24*7 support service suitable for the most business critical applications.
2) Gold: On-call 24*7 support service appropriate for public facing applications that are utilised 24*7.
3) Silver: 8am to 5:30pm Monday to Friday, excluding public holidays. This extended hours model is targeted at customers requiring cover for a flexible working day.
4) Bronze: 9am to 5pm Monday to Friday excluding public holidays.
The Civica Digital Service Desk is contactable from 8am to 6pm on UK working days.
The Service Desk responds to questions depending on the Severity Level of the call as follows:
a) Severity Level 1 (Critical) - the reported problem causes a halt to the client’s core business processes and no workaround is available.
b) Severity Level 2 (Major) - the reported problem causes degradation of the client’s core business processes and no reasonable work-around exists.
c) Severity Level 3 (Intermediate) - the reported problem impacts the client’s operational environment, but does not affect core business processes. A work-around is available.
d) Severity Level 4 (Minor) - a non-critical problem is causing some disruption, but with little or no impact on the client operation.
Support available to third parties

Onboarding and offboarding

Getting started
See Service Definition Document.
Service documentation
Documentation formats
End-of-contract data extraction
All question and answer pairs can be extracted under the standard Microsoft toolset. Civica will clear down any usage data.
End-of-contract process
The service will be shut down and all question and answer pairs will be extracted and provided to the client.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
Service interface
Customisation available
Description of customisation
Users can upload and refine question and answers pairs for the Chatbot.


Independence of resources
This is managed by MS Azure tools.


Service usage metrics
Metrics types
Civica will provide guidance on how to use standard QnA Maker reporting facilities.
Reporting types
Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Physical access control, complying with another standard
Data sanitisation process
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
This is achieved via the standard Microsoft client software (MS QnA Maker Portal Tool).
Data export formats
Data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
Private network or public sector network
Data protection within supplier network
Other protection within supplier network
Please contact Civica for details.

Availability and resilience

Guaranteed availability
Please see MS Azure Public Cloud SLA.
Approach to resilience
Please see standard MS Azure Public Cloud details.
Outage reporting
Please see standard MS Azure Public Cloud details.

Identity and authentication

User authentication needed
User authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
Only authorised support staff will have access to the system. Civica support staff do not access customer data as a matter of course. Only in rare cases of support or maintenance, after explicit permission granted by the customer, will support staff log in to customers applications or look at customer data. All case access (even when read only) through the application is audited. All direct database access by support staff must be authorised by a support manager. Access privileges are revoked when such access is no longer relevant.
Access restriction testing frequency
At least once a year
Management access authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Access to user activity audit information
No audit information available
Access to supplier activity audit information
No audit information available
How long system logs are stored for
Less than 1 month

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
The Audit People
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
Please contact Civica for details.
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes
Civica has a fully audited and tested Information Security Management System which underpins our ISO27001:2013 certificate. The policies and procedures have been independently audited and practices are audited by external auditors. New staff are inducted into the ISMS when they start; other staff are regularly reminded about their responsibilities and managers are required to ensure that their staff adhere to the policies. Staff are advised when policies are updated. The senior management of the company owns the ISMS and the Information Security Management Representative delivers day-to-day management of the system. All staff are reminded that they are individually responsible for security. The data security theme is delivered through staff / team meetings, training sessions, shared documents and via email. Continuous improvement in the delivery of security is encouraged. Risk assessments are regularly carried out and the competency of the delivery of the ISMS is measured though internal auditing and management review.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
All significant, non-routine changes to Organisational information processing facilities (hardware and software) are subject to change control. A procedure (from our ISMS) ensures that segregation of duties in in place for the requesting, authorizing and implementation of a change. All changes should be applied first to a test platform, and a "recover position" is defined for each change. Changes are tracked and documented within the company. At all times the security of our infrastructure and customer data are at the forefront of any consideration of a change request and our Information Security Manager is responsible for the process.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
We have a qualitative approach to risk management. This covers (a) the categorisation of assets across six major headings including information assets (and these include client data), software assets (these include application software) and physical assets (these include networks); (b) the identification of assets within each category at a level appropriate to risk assessment; and (c) the assessment of possible threats to and vulnerabilities of each asset and its likelihood and impact on the business either directly or indirectly. The risk assessment is carried out at least annually and is reviewed when changes are processed through the Change Control process.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Daily checklists are in place to monitor malicious activities like failed login attempts, attempts to access the system from an unknown IP etc. We also have automatic monitoring tools in place to warn of issues.
The Information Security Manager gets advice from qualified technical staff and the Top Management, as necessary, to analyse and understand any incidents and to identify appropriate actions to contain it and to implement contingency plans. A request will then be made to take appropriate actions to recover from the incident, and to implement contingency plans.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
There is a specific procedure for responding to security event in our ISMS. We are committed to sharing information about any such breaches; most of our customers specify their requirements for notification times to be detailed in contractual arrangements. Our starting point is to alert the customer as soon as is possible after such a breach has been confirmed.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks


£1,000 a licence a month
Discount for educational organisations
Free trial available

Service documents