illion Digital Tech Solutions Ltd

Automated Communications & Payments

We build fully managed automated communication solutions for business to consumer organisations to improve customer engagement and lower cost to serve. illion digital tech solutions utilises SMS, email, Web, Interactive Voice Messaging, Interactive Voice Response & payment gateway technologies as alternatives to call centre agents and letters.

Features

  • Managed SMS Services
  • Interactive Voice Response
  • Interactive Voice Messaging
  • Debit and Credit Card Payment Gateway
  • Income and expenditure capture
  • SMS Payments
  • Managed Two way SMS services
  • Voice of the customer services
  • Web payments
  • Debit & Credit Card Tokenisation

Benefits

  • Fully managed service minimising client effort
  • Improved customer engagement
  • Reduced operating costs for customer communications
  • Reduced inbound calls to call centre
  • Increased self service transactions
  • More payments faster
  • Reduce the cost of collecting outstanding accounts
  • Improved customer satisfaction
  • Faster message delivery
  • Reduced PCI DSS Scope

Pricing

£0.021 per instance

  • Education pricing available
  • Free trial available

Service documents

Framework

G-Cloud 11

Service ID

3 9 5 8 0 7 0 2 6 0 6 3 9 6 4

Contact

illion Digital Tech Solutions Ltd

Catherine Martin

+442079870101

catherine.martin@talkingtech.com

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
The services can work stand alone or in conjustion with your internal CRM and / or payments servies.
Cloud deployment model
Private cloud
Service constraints
Due to the nature of the service maintenance does take place, notification will be provded in advance.
System requirements
PCI DSS Compliance Certificate

User support

Email or online ticketing support
Email or online ticketing
Support response times
1 - Critical | 30 minutes response time | Initial response by phone with hourly updates being sent via email until resolution.

2 - Major | 60 minutes response time | Initial response by email with updates as appropriate

3 - Minor | 12 hours response time | Via email/Incident reporting system

4 - Enquiry | 24 hours response time | Via email/Incident reporting system
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
No
Onsite support
No
Support levels
Illion DTS support team support and maintain the automated sections of the illion DTS Service 24 x 7 x 365.

The other components we support are;

Operative – Manual Process | Manual download and decrypt process Connecting to the government gateway
Download and decrypt files as appropriate,Upload files into automated processes and deleting the files once upload is confirmed.
This service is supported 09:00 – 17:00 Mon to Fri

Operative – Manual Process | Manual encrypt and upload process
Download from automated process and encrypt files as appropriate
Connecting to the government gateway
Upload files into government gateway and deleting the files once upload is confirmed
This service is supported 09:00 – 17:00 Mon to Fri
Support available to third parties
Yes

Onboarding and offboarding

Getting started
The main function of the Account Management team is to provide seamless communication, action, and organisation between the customer, users and illion DTS. Your Account Manager will be responsible for agreeing a project plan to onboard users with the required training both remotely and also onsite. Ongoing training will be available for all users to ensure they are comfortable with the service.
Ultimately the responsibility for your service levels, training, documentation and solution improvements reside with your Account Manager.
Your Account Manager is the dedicated day-to-day lead contact for the customer relationships.
On a day to day basis your Account Management team is supported by Project Management, Global Support and Technical Development teams.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
Illion DTS will strive to make sure that the partnership with the customer will be a lasting one. However, in the event of you wishing to transition services to another provider we would manage this in a professional manner within the commercial arrangements agreed. If required, we would use our Account and Project Management teams to liaise with you and the prospective provider to ensure a smooth handover.

Data is kept in line with GDPR rules and regulations, data extracts would be discussed and agreed in line with GDPR at that point.

Daily and weekly exports can be provided to the customer on an ongoing basis if required.

Data will be sent securely with the method agreed.
End-of-contract process
Illion DTS will strive to make sure that the partnership with the customer will be a lasting one. However, in the event of you wishing to transition services to another provider we would manage this in a professional manner within the commercial arrangements agreed. A meeting would be arranging to formalise and agree an offboarding approach and project plan alike.

If required, we would use our Account and Project Management teams to liaise with you and the prospective provider to ensure a smooth handover.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Firefox
  • Chrome
  • Opera
Application to install
Yes
Compatible operating systems
Other
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Mobiles are just to provide a consumer with a digital, frictionless journey for either payments or communications.
Service interface
No
API
No
Customisation available
Yes
Description of customisation
Illion DTS have a range of products and services available to their customers, Illion DTS recognise that not one size fits all and each solution is customised in line with the company vision and strategy.

Your illion DTS Account Manager will work closely with all relevant stakeholder to discuss and advise on the right solution for that particular business group.

The below products and services can be customised as required;

SMS Communications
Pay by SMS
Pay by Webpay
Webform
Voice of the customer
Interactive Voice Messaging
Interactive Voice Response

Your illion DTS Account Manager will engage a illion DTS Project Manager to confirm the requirements and produce the relevant documentation to be signed off for customisation to take place.

Scaling

Independence of resources
Operational demand is monitored and managed by the Support teams, most campaigns have steady throughput, so we are able to plan, provision and manage capacity to meet most workloads. We generally aim to maintain total demand within 30-60% of total capacity. Where a Customer anticipates an unusual or significant sized campaign they should discuss their requirements with our Account Managers to ensure we can provision for, or manage, their campaign appropriately.

Analytics

Service usage metrics
Yes
Metrics types
We can provide metrics to measure activities and performance.
Metrics and reporting can be providing on each service we provide, exports can be agreed and customised in line with company goals and KPI's.

Metrics can be delivered daily, weekly and monthly. Your illion DTS Account Manager can provide a business reviews covering metrics and performance.
Reporting types
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
None

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Export data will be agreed and sent via the appropiate secure methof ( SFTP)
Data export formats
CSV
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
Private network or public sector network
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Guaranteed availability
The Hosted Services and other Services provided by illion DTS shall be available and accessible by the customer at all times with an availability and uptime level of 99.5%.
Maintenance of the hosting equipment, facility, Software or other aspects of the Hosted Services that may require interruption of the Hosted Services (Maintenance Events) shall not be performed during Normal Business Hours. illion DTS may interrupt the Services to perform emergency maintenance during the daily window of 10.00 pm to 2.00 am UK time. In addition, illion DTS may interrupt the Hosted Services outside Normal Business Hours for unscheduled maintenance, provided that it has given the Client at least three days' advance notice.
Approach to resilience
Services are set up and designed to maintain the highest level of security, protection and resilience. This covers the below areas;
Physical location and legal jurisdiction,
Data centre security,
Data at rest protection,
Data Sanitisation,
Equipment disposal and
Physical resilience and availability

Further and more detailed information is available upon request.
Outage reporting
Illion DTS provide the following severity levels when determining the extent of the problem, these are reported via phone or email depending on the severity.

Critical | Failure of the hosted service | Initial response - 30 Mins via phone then hourly updates sent via phone or email until resolved.

Major | Failure, degradation or the non-compliance of any of the illion DTS UK Ltd services(whether wholly or partly) | Initial response - 60 Mins via email with updated as appropriate.

Minor | Problem with one or more components of the Hosted Services and/or other Service(s) that has no immediate business impact and regular business remains operational | Initial response - 12 hours - Via email / incident reporting system

Enquiry | Support Enquiries – Not business critical in nature | Initial response - 24 hours via email / incident reporting system

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
  • Other
Other user authentication
All users, including privileged and service accounts;
Must be uniquely identifiable
Naming convention must be followed
Must be authenticated on each occasion that access is granted to a system
Are responsible for the activities performed by his/her User ID.
Compromised or misused IDs must be reported immediately by the ID owner to the individual’s supervisor or helpdesk.
A numerical passphrase (or personal identification number) is not to be used as the sole method of authenticating a user.
Access restrictions in management interfaces and support channels
Illion DTS solutions are hosted in a secure data centre with strict regulations on physical access to the hosting facilities. Each platform is protected by high – IOS Cisco routers on a segregated subnet from the corporate network and internet with stringent firewall and access control policy. Access to the platforms internally is restricted using windows authentication and platforms are only accessible to authorised staff members within relevant roles to carry out the necessary monitoring and administrative tasks.
illion DTS Log request with business justification and manager sign off for System access. As per PCI DSS requirement 7.1
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
Yes
Who accredited the PCI DSS certification
Cianaa Technology
PCI DSS accreditation date
18/12/2019
What the PCI DSS doesn’t cover
Illion DTS's data management is compliant with the most stringent industry practices, with annual Level 1 Certification undertaken by an independent auditor for the Payment Card Industry Data Security Standard (v 3.2).

The PCI Security Standards Council, established in 2004 by major credit card brands, offers robust and comprehensive standards and supporting materials to enhance payment card data security. These materials include a framework of specifications, tools, measurements and support resources to help organizations ensure the safe handling of cardholder information at every step. The keystone is the PCI Data Security Standard (PCI DSS), which provides an actionable framework for developing a robust payment card data security process - including prevention, detection and appropriate reaction to security incidents.
Other security certifications
Yes
Any other security certifications
Cyber Essentials

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
Other
Other security governance standards
Illion DTS data management is compliant with the most stringent industry practices, with annual Level 1 Certification undertaken by an independent auditor for the Payment Card Industry Data Security Standard (v 3.2). illion DTS has held this level of certification since 2011.
Information security policies and processes
Illion DTS maintain an Information Security policy, based on PCI DSS & ISO 27001 standards. It is designed to meet the varying needs of illion DTS and illion DTS’s clients. illion DTS realise that information security is essential when seeking to maintain illion DTS's competitive edge, legal compliance and corporate image.

illion DTS’s Information Security Policy is available upon request.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
All changes to Production and Staging Environments are submitted for a Review process before deployment. This process ensures that changes have been Code reviewed (Secure coding practices), Protection of Personal Information has been reviewed, Testing has been reviewed and Passed, All Documentation relating to change has been updated, Deployment Steps have been validated, and Rollback produces are in place.

The illion DTS Change Control Document is available on request.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Illion DTS performs an annual risk assessment in compliance with PCI DSS 12.2. This includes threat identification, vulnerability identification, existing controls, risk assessment, and risk rating (taking into account likelihood of threats, asset value, ease of exploitation). The risk assessment identifies critical assets - our latest assessment includes approximately 100 asset types categorized into areas; Information, People, Process, Systems: Network, Systems: Hardware, Systems: Software, Systems: Applications, Systems: Services.
As per PCI-DSS requirements. External scans are run quarterly.
Internal Pen testing and application testing is run annual at the moment.
Monthly patching process in place, Critical patches applied within 7 days.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Illion DTS adhere to PCI DSS requirements for our protective monitoring processes. Further and detailed documentation is available upon request.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Illion DTS has a Security Incident Response plan with defined roles and responsibilities with an annual drill as per PCI DSS requirements.
DTS has a Personal Data Breach Response plan with defined roles and responsibilities.
The Personal Data Breach plan overlaps with the Security Incident plan and does not have a separate drill.
Suspected incidents or internal investigations are logged in Zendesk tickets.
No live incidents have occurred.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Pricing

Price
£0.021 per instance
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
Illion DTS will facilitate a trial /proof of concept where a new service is planned. The trial will be designed against agreed objectives /KPI’s, measured to establish the success of the trial through comparative data or controls. Trial services are priced as Business as Usual solutions in the pricing document.

Service documents

Return to top ↑