GOV.UK
VoxGen
Conversational IVR, SMS, Chatbot and Virtual Assistant Hosting solution
A high quality, IVR, SMS, Chatbot and Virtual Assistant hosting environment, with applications that can automate common customer service tasks like identification, balance playback, order status etc using natural language understanding (NLU) and using speech recognition in a modern, conversational system design.
Features
- Fully hosted cloud solution
- Business intelligence dashboard
- Standalone service or connect via PSTN or SIP telephony
- Easy integration via web services of a flat file
- Admin configuration console
- Supports IVR, SMS, Chatbot & Virtual Assistant
Benefits
- Reduce contact centre costs
- Guide procurement decisions to maximise return on investment
- Modern, conversational design delivers excellent caller experience
- Simple integration allows rapid implementation
Pricing
£500 to £1200 per person per day
Service documents
Framework
G-Cloud 10
Service ID
373327661432164
Contact
Service scope
| Service constraints | No |
| System requirements | System are developed using VoxGen's Speech Wizard framework |
User support
| Email or online ticketing support | Email or online ticketing |
| Support response times | Automatic response to support queries. Response time varies depending upon the severity and categorisation of the call. |
| User can manage status and priority of support tickets | No |
| Phone support | Yes |
| Phone support availability | 24 hours, 7 days a week |
| Web chat support | No |
| Onsite support | No |
| Support levels | Issues get categorised differently based on severity. Categorisations are either P1, P2, P3 or P4 and response time varies based on categorisation. If it is a P1 issue, which is the most serious and affecting the entire organisation the response is around 10-20 minutes |
| Support available to third parties | No |
Onboarding and offboarding
| Getting started | Training sessions provided along with documentation |
| Service documentation | Yes |
| Documentation formats |
|
| End-of-contract data extraction | Data can either be requested to be returned to the user or can request the data is destroyed at the end of the contract. |
| End-of-contract process | At the end of the contract the service can be easily switched to an alternative supplier if necessary. Support will be provided within the scope of the engagement but if additional project management is required to transfer information this may incur an extra charge at the daily rate of the individual |
Using the service
| Web browser interface | Yes |
| Using the web interface |
Designated users may access summary service reporting information via a web interface. Designated users may make certain minor non administrative changes to the services we provide such as updating audio recordings. |
| Web interface accessibility standard | None or don’t know |
| How the web interface is accessible | Access to published interfaces is only available via local network access or from designated IP addresses and restricted to individual user accounts. |
| Web interface accessibility testing | None |
| API | No |
| Command line interface | No |
Scaling
| Scaling available | Yes |
| Scaling type | Manual |
| Independence of resources | Will be determined by the contract/price with the customer which will provide up to a certain number of ports |
| Usage notifications | Yes |
| Usage reporting |
Analytics
| Infrastructure or application metrics | Yes |
| Metrics types | Other |
| Other metrics |
|
| Reporting types | Regular reports |
Resellers
| Supplier type | Not a reseller |
Staff security
| Staff security clearance | Other security clearance |
| Government security clearance | None |
Asset protection
| Knowledge of data storage and processing locations | Yes |
| Data storage and processing locations | European Economic Area (EEA) |
| User control over data storage and processing locations | No |
| Datacentre security standards | Managed by a third party |
| Penetration testing frequency | Less than once a year |
| Penetration testing approach | In-house |
| Protecting data at rest | Physical access control, complying with another standard |
| Data sanitisation process | Yes |
| Data sanitisation type | Hardware containing data is completely destroyed |
| Equipment disposal approach | A third-party destruction service |
Backup and recovery
| Backup and recovery | Yes |
| What’s backed up | Full system backups |
| Backup controls | Access restricted to systems administrators. Backups are encrypted where required. No media is stored offsite |
| Datacentre setup | Multiple datacentres with disaster recovery |
| Scheduling backups | Supplier controls the whole backup schedule |
| Backup recovery | Users contact the support team |
Data-in-transit protection
| Data protection between buyer and supplier networks | Private network or public sector network |
| Data protection within supplier network |
|
| Other protection within supplier network |
Sensitive data encrypted in transit over local network segments and within applications Perimeter firewalls. Network segregation. Network access controls, HIDS, |
Availability and resilience
| Guaranteed availability | Uptime guarantee of at least 99.99% otherwise service credits are available. Up to 10% credit if uptime below 99%. Users are refunded as a credit against future invoices |
| Approach to resilience | Available on request |
| Outage reporting | E-mail alerts |
Identity and authentication
| User authentication |
|
| Access restrictions in management interfaces and support channels |
Role based access controls Access to system requires a documented business need |
| Access restriction testing frequency | At least every 6 months |
| Management access authentication |
|
| Devices users manage the service through | Dedicated device on a segregated network (providers own provision) |
Audit information for users
| Access to user activity audit information | Users receive audit information on a regular basis |
| How long user audit data is stored for | User-defined |
| Access to supplier activity audit information | You control when users can access audit information |
| How long supplier audit data is stored for | User-defined |
| How long system logs are stored for | At least 12 months |
Standards and certifications
| ISO/IEC 27001 certification | Yes |
| Who accredited the ISO/IEC 27001 | LRQA |
| ISO/IEC 27001 accreditation date | 01/03/2017 |
| What the ISO/IEC 27001 doesn’t cover | Encompasses all electronic services |
| ISO 28000:2007 certification | No |
| CSA STAR certification | No |
| PCI certification | No |
| Other security certifications | No |
Security governance
| Named board-level person responsible for service security | Yes |
| Security governance certified | Yes |
| Security governance standards | ISO/IEC 27001 |
| Information security policies and processes |
ISO27001, HIPAA Policies enforced by ISO27001 and external audits are made regularly to ensure compliance. Operations conform to ITIL approaches to managing IT systems. IT security manager reports all issues directly to CEO and in addition produces a report directly for the audit committee. |
Operational security
| Configuration and change management standard | Supplier-defined controls |
| Configuration and change management approach |
Change management is administered by the Change Advisory Board, all changes are assessed for impact, tested in a non production environment for both expected operations and security impact before authorisation for any changes to production systems are granted. Configuration management tools are employed to ensure only authorised changes are made and those changes are consistent across the estate. Changes are assessed for security impact using a combination of vendor supplied information and vulnerability scanning tools. |
| Vulnerability management type | Supplier-defined controls |
| Vulnerability management approach | Operate a vulnerability management programme. Threats assessed by subscribing to vendor updates and active security scanning and testing. Critical updates applied within 30 days or less. |
| Protective monitoring type | Supplier-defined controls |
| Protective monitoring approach | We use a combination of tools including HIDS, NIDS, FIM, malware detection, systems are monitored 24x7x365 by the operations team |
| Incident management type | Supplier-defined controls |
| Incident management approach |
We have pre-defined processes for some events as required by the information security standards we are required to operate within for certain systems, by customers and suppliers. Incident management and reporting processes are defined within our ISO 27001 policies and procedures. Our incident management processes include escalation procedures, data capture and retention criteria, incident logging requirements, ticketing and notification requirements, SLA determined requirements, incident review processes and resolution documentation. The processes and procedures are defined on a per customer basis. Users report incidents by email using an incident report form or by telephoning the operations team |
Secure development
| Approach to secure software development best practice | Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0) |
Separation between users
| Virtualisation technology used to keep applications and users sharing the same infrastructure apart | Yes |
| Who implements virtualisation | Third-party |
| Third-party virtualisation provider | Amazon Web Services |
| How shared infrastructure is kept separate | Network segregation, network access controls, application level segregation |
Energy efficiency
| Energy-efficient datacentres | Yes |
Pricing
| Price | £500 to £1200 per person per day |
| Discount for educational organisations | No |
| Free trial available | No |
Documents
| Pricing document | View uploaded document |
| Terms and conditions document | View uploaded document |