Conversational IVR, SMS, Chatbot and Virtual Assistant Hosting solution

A high quality, IVR, SMS, Chatbot and Virtual Assistant hosting environment, with applications that can automate common customer service tasks like identification, balance playback, order status etc using natural language understanding (NLU) and using speech recognition in a modern, conversational system design.


  • Fully hosted cloud solution
  • Business intelligence dashboard
  • Standalone service or connect via PSTN or SIP telephony
  • Easy integration via web services of a flat file
  • Admin configuration console
  • Supports IVR, SMS, Chatbot & Virtual Assistant


  • Reduce contact centre costs
  • Guide procurement decisions to maximise return on investment
  • Modern, conversational design delivers excellent caller experience
  • Simple integration allows rapid implementation


£500 to £1200 per person per day

Service documents

G-Cloud 10



Kevin Furlow



Service scope

Service scope
Service constraints No
System requirements System are developed using VoxGen's Speech Wizard framework

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Automatic response to support queries. Response time varies depending upon the severity and categorisation of the call.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support No
Support levels Issues get categorised differently based on severity. Categorisations are either P1, P2, P3 or P4 and response time varies based on categorisation. If it is a P1 issue, which is the most serious and affecting the entire organisation the response is around 10-20 minutes
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started Training sessions provided along with documentation
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction Data can either be requested to be returned to the user or can request the data is destroyed at the end of the contract.
End-of-contract process At the end of the contract the service can be easily switched to an alternative supplier if necessary. Support will be provided within the scope of the engagement but if additional project management is required to transfer information this may incur an extra charge at the daily rate of the individual

Using the service

Using the service
Web browser interface Yes
Using the web interface Designated users may access summary service reporting information via a web interface.

Designated users may make certain minor non administrative changes to the services we provide such as updating audio recordings.
Web interface accessibility standard None or don’t know
How the web interface is accessible Access to published interfaces is only available via local network access or from designated IP addresses and restricted to individual user accounts.
Web interface accessibility testing None
Command line interface No


Scaling available Yes
Scaling type Manual
Independence of resources Will be determined by the contract/price with the customer which will provide up to a certain number of ports
Usage notifications Yes
Usage reporting Email


Infrastructure or application metrics Yes
Metrics types Other
Other metrics
  • Call volumes
  • Port usage
  • Product popularity
Reporting types Regular reports


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance None

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations European Economic Area (EEA)
User control over data storage and processing locations No
Datacentre security standards Managed by a third party
Penetration testing frequency Less than once a year
Penetration testing approach In-house
Protecting data at rest Physical access control, complying with another standard
Data sanitisation process Yes
Data sanitisation type Hardware containing data is completely destroyed
Equipment disposal approach A third-party destruction service

Backup and recovery

Backup and recovery
Backup and recovery Yes
What’s backed up Full system backups
Backup controls Access restricted to systems administrators. Backups are encrypted where required. No media is stored offsite
Datacentre setup Multiple datacentres with disaster recovery
Scheduling backups Supplier controls the whole backup schedule
Backup recovery Users contact the support team

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks Private network or public sector network
Data protection within supplier network
  • IPsec or TLS VPN gateway
  • Other
Other protection within supplier network Sensitive data encrypted in transit over local network segments and within applications

Perimeter firewalls. Network segregation. Network access controls, HIDS,

Availability and resilience

Availability and resilience
Guaranteed availability Uptime guarantee of at least 99.99% otherwise service credits are available. Up to 10% credit if uptime below 99%. Users are refunded as a credit against future invoices
Approach to resilience Available on request
Outage reporting E-mail alerts

Identity and authentication

Identity and authentication
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels Role based access controls
Access to system requires a documented business need
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password
Devices users manage the service through Dedicated device on a segregated network (providers own provision)

Audit information for users

Audit information for users
Access to user activity audit information Users receive audit information on a regular basis
How long user audit data is stored for User-defined
Access to supplier activity audit information You control when users can access audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 LRQA
ISO/IEC 27001 accreditation date 01/03/2017
What the ISO/IEC 27001 doesn’t cover Encompasses all electronic services
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes ISO27001, HIPAA

Policies enforced by ISO27001 and external audits are made regularly to ensure compliance. Operations conform to ITIL approaches to managing IT systems. IT security manager reports all issues directly to CEO and in addition produces a report directly for the audit committee.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Change management is administered by the Change Advisory Board, all changes are assessed for impact, tested in a non production environment for both expected operations and security impact before authorisation for any changes to production systems are granted. Configuration management tools are employed to ensure only authorised changes are made and those changes are consistent across the estate.
Changes are assessed for security impact using a combination of vendor supplied information and vulnerability scanning tools.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Operate a vulnerability management programme. Threats assessed by subscribing to vendor updates and active security scanning and testing. Critical updates applied within 30 days or less.
Protective monitoring type Supplier-defined controls
Protective monitoring approach We use a combination of tools including HIDS, NIDS, FIM, malware detection, systems are monitored 24x7x365 by the operations team
Incident management type Supplier-defined controls
Incident management approach We have pre-defined processes for some events as required by the information security standards we are required to operate within for certain systems, by customers and suppliers.
Incident management and reporting processes are defined within our ISO 27001 policies and procedures. Our incident management processes include escalation procedures, data capture and retention criteria, incident logging requirements, ticketing and notification requirements, SLA determined requirements, incident review processes and resolution documentation. The processes and procedures are defined on a per customer basis.
Users report incidents by email using an incident report form or by telephoning the operations team

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart Yes
Who implements virtualisation Third-party
Third-party virtualisation provider Amazon Web Services
How shared infrastructure is kept separate Network segregation, network access controls, application level segregation

Energy efficiency

Energy efficiency
Energy-efficient datacentres Yes


Price £500 to £1200 per person per day
Discount for educational organisations No
Free trial available No


Pricing document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑