illion Digital Tech Solutions Ltd

Automated Communications & Payments

We build fully managed automated communication solutions for business to consumer organisations to improve customer engagement and lower cost to serve. illion digital tech solutions utilises SMS, email, Web, Interactive Voice Messaging, Interactive Voice Response & payment gateway technologies as alternatives to call centre agents and letters.


  • Managed SMS Services
  • Interactive Voice Response
  • Interactive Voice Messaging
  • Debit and Credit Card Payment Gateway
  • Income and expenditure capture
  • SMS Payments
  • Managed Two way SMS services
  • Voice of the customer services
  • Web payments
  • Debit & Credit Card Tokenisation


  • Fully managed service minimising client effort
  • Improved customer engagement
  • Reduced operating costs for customer communications
  • Reduced inbound calls to call centre
  • Increased self service transactions
  • More payments faster
  • Reduce the cost of collecting outstanding accounts
  • Improved customer satisfaction
  • Faster message delivery
  • Reduced PCI DSS Scope


£0.021 per instance

  • Education pricing available
  • Free trial available

Service documents

G-Cloud 11


illion Digital Tech Solutions Ltd

Catherine Martin


Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to The services can work stand alone or in conjustion with your internal CRM and / or payments servies.
Cloud deployment model Private cloud
Service constraints Due to the nature of the service maintenance does take place, notification will be provded in advance.
System requirements PCI DSS Compliance Certificate

User support

User support
Email or online ticketing support Email or online ticketing
Support response times 1 - Critical | 30 minutes response time | Initial response by phone with hourly updates being sent via email until resolution.

2 - Major | 60 minutes response time | Initial response by email with updates as appropriate

3 - Minor | 12 hours response time | Via email/Incident reporting system

4 - Enquiry | 24 hours response time | Via email/Incident reporting system
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support No
Support levels Illion DTS support team support and maintain the automated sections of the illion DTS Service 24 x 7 x 365.

The other components we support are;

Operative – Manual Process | Manual download and decrypt process Connecting to the government gateway
Download and decrypt files as appropriate,Upload files into automated processes and deleting the files once upload is confirmed.
This service is supported 09:00 – 17:00 Mon to Fri

Operative – Manual Process | Manual encrypt and upload process
Download from automated process and encrypt files as appropriate
Connecting to the government gateway
Upload files into government gateway and deleting the files once upload is confirmed
This service is supported 09:00 – 17:00 Mon to Fri
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started The main function of the Account Management team is to provide seamless communication, action, and organisation between the customer, users and illion DTS. Your Account Manager will be responsible for agreeing a project plan to onboard users with the required training both remotely and also onsite. Ongoing training will be available for all users to ensure they are comfortable with the service.
Ultimately the responsibility for your service levels, training, documentation and solution improvements reside with your Account Manager.
Your Account Manager is the dedicated day-to-day lead contact for the customer relationships.
On a day to day basis your Account Management team is supported by Project Management, Global Support and Technical Development teams.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction Illion DTS will strive to make sure that the partnership with the customer will be a lasting one. However, in the event of you wishing to transition services to another provider we would manage this in a professional manner within the commercial arrangements agreed. If required, we would use our Account and Project Management teams to liaise with you and the prospective provider to ensure a smooth handover.

Data is kept in line with GDPR rules and regulations, data extracts would be discussed and agreed in line with GDPR at that point.

Daily and weekly exports can be provided to the customer on an ongoing basis if required.

Data will be sent securely with the method agreed.
End-of-contract process Illion DTS will strive to make sure that the partnership with the customer will be a lasting one. However, in the event of you wishing to transition services to another provider we would manage this in a professional manner within the commercial arrangements agreed. A meeting would be arranging to formalise and agree an offboarding approach and project plan alike.

If required, we would use our Account and Project Management teams to liaise with you and the prospective provider to ensure a smooth handover.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Firefox
  • Chrome
  • Opera
Application to install Yes
Compatible operating systems Other
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Mobiles are just to provide a consumer with a digital, frictionless journey for either payments or communications.
Service interface No
Customisation available Yes
Description of customisation Illion DTS have a range of products and services available to their customers, Illion DTS recognise that not one size fits all and each solution is customised in line with the company vision and strategy.

Your illion DTS Account Manager will work closely with all relevant stakeholder to discuss and advise on the right solution for that particular business group.

The below products and services can be customised as required;

SMS Communications
Pay by SMS
Pay by Webpay
Voice of the customer
Interactive Voice Messaging
Interactive Voice Response

Your illion DTS Account Manager will engage a illion DTS Project Manager to confirm the requirements and produce the relevant documentation to be signed off for customisation to take place.


Independence of resources Operational demand is monitored and managed by the Support teams, most campaigns have steady throughput, so we are able to plan, provision and manage capacity to meet most workloads. We generally aim to maintain total demand within 30-60% of total capacity. Where a Customer anticipates an unusual or significant sized campaign they should discuss their requirements with our Account Managers to ensure we can provision for, or manage, their campaign appropriately.


Service usage metrics Yes
Metrics types We can provide metrics to measure activities and performance.
Metrics and reporting can be providing on each service we provide, exports can be agreed and customised in line with company goals and KPI's.

Metrics can be delivered daily, weekly and monthly. Your illion DTS Account Manager can provide a business reviews covering metrics and performance.
Reporting types
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance None

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach Export data will be agreed and sent via the appropiate secure methof ( SFTP)
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks Private network or public sector network
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Availability and resilience
Guaranteed availability The Hosted Services and other Services provided by illion DTS shall be available and accessible by the customer at all times with an availability and uptime level of 99.5%.
Maintenance of the hosting equipment, facility, Software or other aspects of the Hosted Services that may require interruption of the Hosted Services (Maintenance Events) shall not be performed during Normal Business Hours. illion DTS may interrupt the Services to perform emergency maintenance during the daily window of 10.00 pm to 2.00 am UK time. In addition, illion DTS may interrupt the Hosted Services outside Normal Business Hours for unscheduled maintenance, provided that it has given the Client at least three days' advance notice.
Approach to resilience Services are set up and designed to maintain the highest level of security, protection and resilience. This covers the below areas;
Physical location and legal jurisdiction,
Data centre security,
Data at rest protection,
Data Sanitisation,
Equipment disposal and
Physical resilience and availability

Further and more detailed information is available upon request.
Outage reporting Illion DTS provide the following severity levels when determining the extent of the problem, these are reported via phone or email depending on the severity.

Critical | Failure of the hosted service | Initial response - 30 Mins via phone then hourly updates sent via phone or email until resolved.

Major | Failure, degradation or the non-compliance of any of the illion DTS UK Ltd services(whether wholly or partly) | Initial response - 60 Mins via email with updated as appropriate.

Minor | Problem with one or more components of the Hosted Services and/or other Service(s) that has no immediate business impact and regular business remains operational | Initial response - 12 hours - Via email / incident reporting system

Enquiry | Support Enquiries – Not business critical in nature | Initial response - 24 hours via email / incident reporting system

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
  • Other
Other user authentication All users, including privileged and service accounts;
Must be uniquely identifiable
Naming convention must be followed
Must be authenticated on each occasion that access is granted to a system
Are responsible for the activities performed by his/her User ID.
Compromised or misused IDs must be reported immediately by the ID owner to the individual’s supervisor or helpdesk.
A numerical passphrase (or personal identification number) is not to be used as the sole method of authenticating a user.
Access restrictions in management interfaces and support channels Illion DTS solutions are hosted in a secure data centre with strict regulations on physical access to the hosting facilities. Each platform is protected by high – IOS Cisco routers on a segregated subnet from the corporate network and internet with stringent firewall and access control policy. Access to the platforms internally is restricted using windows authentication and platforms are only accessible to authorised staff members within relevant roles to carry out the necessary monitoring and administrative tasks.
illion DTS Log request with business justification and manager sign off for System access. As per PCI DSS requirement 7.1
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification Yes
Who accredited the PCI DSS certification Cianaa Technology
PCI DSS accreditation date 18/12/2019
What the PCI DSS doesn’t cover Illion DTS's data management is compliant with the most stringent industry practices, with annual Level 1 Certification undertaken by an independent auditor for the Payment Card Industry Data Security Standard (v 3.2).

The PCI Security Standards Council, established in 2004 by major credit card brands, offers robust and comprehensive standards and supporting materials to enhance payment card data security. These materials include a framework of specifications, tools, measurements and support resources to help organizations ensure the safe handling of cardholder information at every step. The keystone is the PCI Data Security Standard (PCI DSS), which provides an actionable framework for developing a robust payment card data security process - including prevention, detection and appropriate reaction to security incidents.
Other security certifications Yes
Any other security certifications Cyber Essentials

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards Other
Other security governance standards Illion DTS data management is compliant with the most stringent industry practices, with annual Level 1 Certification undertaken by an independent auditor for the Payment Card Industry Data Security Standard (v 3.2). illion DTS has held this level of certification since 2011.
Information security policies and processes Illion DTS maintain an Information Security policy, based on PCI DSS & ISO 27001 standards. It is designed to meet the varying needs of illion DTS and illion DTS’s clients. illion DTS realise that information security is essential when seeking to maintain illion DTS's competitive edge, legal compliance and corporate image.

illion DTS’s Information Security Policy is available upon request.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach All changes to Production and Staging Environments are submitted for a Review process before deployment. This process ensures that changes have been Code reviewed (Secure coding practices), Protection of Personal Information has been reviewed, Testing has been reviewed and Passed, All Documentation relating to change has been updated, Deployment Steps have been validated, and Rollback produces are in place.

The illion DTS Change Control Document is available on request.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach Illion DTS performs an annual risk assessment in compliance with PCI DSS 12.2. This includes threat identification, vulnerability identification, existing controls, risk assessment, and risk rating (taking into account likelihood of threats, asset value, ease of exploitation). The risk assessment identifies critical assets - our latest assessment includes approximately 100 asset types categorized into areas; Information, People, Process, Systems: Network, Systems: Hardware, Systems: Software, Systems: Applications, Systems: Services.
As per PCI-DSS requirements. External scans are run quarterly.
Internal Pen testing and application testing is run annual at the moment.
Monthly patching process in place, Critical patches applied within 7 days.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Illion DTS adhere to PCI DSS requirements for our protective monitoring processes. Further and detailed documentation is available upon request.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Illion DTS has a Security Incident Response plan with defined roles and responsibilities with an annual drill as per PCI DSS requirements.
DTS has a Personal Data Breach Response plan with defined roles and responsibilities.
The Personal Data Breach plan overlaps with the Security Incident plan and does not have a separate drill.
Suspected incidents or internal investigations are logged in Zendesk tickets.
No live incidents have occurred.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No


Price £0.021 per instance
Discount for educational organisations Yes
Free trial available Yes
Description of free trial Illion DTS will facilitate a trial /proof of concept where a new service is planned. The trial will be designed against agreed objectives /KPI’s, measured to establish the success of the trial through comparative data or controls. Trial services are priced as Business as Usual solutions in the pricing document.

Service documents

pdf document: Pricing document pdf document: Service definition document pdf document: Terms and conditions pdf document: Modern Slavery statement
Service documents
Return to top ↑