Cirrus Speech Analytics License powered by Nexidia

Our individual user license allows your organisation to only provision access for those who require the Cirrus Speech Analytics functionality powered by Nexidia, meaning you only pay for what you need.


  • All interactions
  • Recent browsing activity
  • Recent chat activity
  • Transaction history
  • Social activity
  • Visual Map of every call
  • Automated theme category, (discovery)
  • Fast time to insight with visualisation
  • Patented phonetic search for accuracy, with sub second processing
  • Location and device


  • First contact resolution, by understanding repeat call drivers
  • Reduce average handling time, with root cause detail for calls
  • Improve customer satisfaction with more detail that's more consumable
  • Provide more self-serve by understanding departure from web / IVR
  • Increase sales by pinpointing best and worst selling behaviours
  • Reduce customer churn by knowing why customers cancel
  • Improve business processes through customer interactions highlighting the improvements needed
  • Focused quality monitoring, finding calls that really make a difference


£22 per user per month

Service documents

G-Cloud 10




0333 103 3440

Service scope

Service scope
Software add-on or extension Yes
What software services is the service an extension to Cirrus Speech Analytics powered by Nexidia
Cloud deployment model Private cloud
Service constraints No.
System requirements
  • Business grade internet connection
  • Internet browser

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Support response times

Our standard business hours are 8:30am to 5:30pm, Monday to Friday (excluding bank holidays). Requests can be submitted via phone or email, as outlined in the Cirrus Ticket Logging section of the Service Definition document accompanying this listing. The team will endeavour to answer the call within 3 rings (9 seconds), and our email service level is 95% of emails responded to within 3 hours during business hours. All calls are recorded for training and monitoring purposes. Cirrus services are supported 24 hours a day, 365 days a year for all service faults.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.0 AAA
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support Web chat
Web chat support availability 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard WCAG 2.0 AAA
Web chat accessibility testing Cirrus has a number of existing customers with users who require assistive technology.
Onsite support Yes, at extra cost
Support levels Cirrus services are supported 24 hours a day, 365 days a year for all service faults. For day to day support there are 3 levels of support customers can opt for; • Fully Managed Service - 24/7 • Fully Managed Service – Business Hours • 2nd Line Support – Business Hours. Pricing is provided under the Cirrus Support Services for G Cloud 9 Service Listing. You will be assigned a Service Delivery Manager, details of this can be found within the Service Definition document accompanying this listing.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started We provide a fully managed implementation service designed to migrate customers from legacy solutions to Cirrus. We have a unique training and knowledge transfer process, '30, 60, 90'. You can find more details in our Service Definition document accompanying this listing.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction The customer will need to extract any customer generated statistics from the platform, which will be in CSV format.
End-of-contract process Cirrus provides a simple and quick exit process for customers. Additional costs are related to data extraction, if there are any remaining call recordings on the Cirrus platform.
Customers can give notice in accordance with the terms in the contract.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Chrome
Application to install Yes
Compatible operating systems
  • MacOS
  • Windows
Designed for use on mobile devices No
Accessibility standards None or don’t know
Description of accessibility The Nexidia platform has been configured based on extensive user interface planning and implementation. Full user guides are provided, and on line support is also available. The Nexidia speech analytics solution complies with the Disability Discrimination Act.
Accessibility testing Cirrus has a number of existing customers with users who require assistive technology.
Customisation available Yes
Description of customisation Standard installations include the option to include some customer specific configurations. Customisation at the individual user level is minimal with preferences set from a defined list


Independence of resources Capacity is managed and customers are prevented from consuming an onerous amount of resource


Service usage metrics Yes
Metrics types •For example, SLA's
•Resolution times
•Case outcome
•Cases logged
Reporting types
  • Regular reports
  • Reports on request


Supplier type Reseller providing extra features and support
Organisation whose services are being resold Nexidia

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • Other locations
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach In-house destruction process

Data importing and exporting

Data importing and exporting
Data export approach Data is available via online portal download.
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • IPsec or TLS VPN gateway
  • Other
Other protection between networks AES-256 encryption is implemented for data in transit and at rest in the Nexidia PCI hosted environment using the Vormetric encryption solution (
Data protection within supplier network
  • IPsec or TLS VPN gateway
  • Other
Other protection within supplier network The Nexidia solution uses encryption throughout the data life cycle. The extractor can use secure network protocols such as SSH, SFTP, or IPSEC for moving files from the recorder to the Interaction Analytics application servers. User access is setup over site-to-site VPN. Also each customer has a dedicated environment and network segment.

Availability and resilience

Availability and resilience
Guaranteed availability We have a service level agreement in place and a service credit regime in the event that we do mot meet or surpass or uptime metrics. You can find details of this in the Service Definition document accompanying this listing.
Approach to resilience Available on request.
Outage reporting Dashboards, Email, SMS and Voice IVR alerts where the circumstance require.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels Nexidia administers roles based access for all services.
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users receive audit information on a regular basis
How long supplier audit data is stored for At least 12 months
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 23/08/2016
ISO/IEC 27001 accreditation date QMS International Ltd
What the ISO/IEC 27001 doesn’t cover Cirrus has implemented the following in relation to ISO27001:
1. Understanding business information security requirements and the need to establish policy and objectives for information security
2. Implementing and operating controls in the context of managing the Company’s overall business risk
3. Monitoring and reviewing the performance and effectiveness of the ISMS
4. Continual improvement based on objective measures
5. Communicate throughout the Company the importance of meeting all relevant statutory and regulatory requirements specifically related to its business activities
6. Ensuring that adequate resources are determined and provided to monitor and maintain the ISMS.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification Yes
Who accredited the PCI DSS certification 7Safe
PCI DSS accreditation date 14/09/2016
What the PCI DSS doesn’t cover The following high-level controls are specified by the PCI DSS; responsibility is shown for each control within the Cirrus platform (Cirrus or Customer) 1. Install and maintain a firewall configuration to protect cardholder data. Responsibility: Cirrus 2. Do not use vendor-supplied defaults for system passwords and other security parameters. Responsibility: Cirrus 3. Protect stored cardholder data. Responsibility: Cirrus (note: Cirrus does not store cardholder data within its platform) 4. Encrypt transmission of cardholder data across open, public networks. Responsibility: Cirrus 5. Protect all systems against malware and regularly update antivirus software or programs. Responsibility: Cirrus 6. Develop and maintain secure systems and applications. Responsibility: Customer and Cirrus Note: If the customer has developed their own software applications which are part of their PCI scope then it is their responsibility. 7. Restrict access to cardholder data by business need to know. Responsibility: Cirrus 8. Identify and authenticate access to system components. Responsibility: Cirrus 9. Restrict physical access to cardholder data. Responsibility: Cirrus 10. Track and monitor all access to network resources and cardholder data. Responsibility: Cirrus 11. Regularly test security systems and processes. Responsibility: Cirrus 12. Maintain a policy that addresses Information Security for all personnel. Responsibility: Cirrus and Customer.
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes We are ISO 27001 accredited and we have information security policies and processes in place across the organisation. Our reporting structure is as follows; 1. The Directors have approved all processes and policies 2. Overall responsibility for Information Security rests with the ISMS Manager 3. 5. All employees or agents acting on the Company’s behalf have a duty to safeguard assets, including locations, hardware, software, systems or information, in their care and to report any suspected breach in security without delay, direct to the Operations Director and/or the ISMS Manager.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach To ensure the most secure environment and best practices, Nexidia has implemented a formal Change Management Process. This process is applied to all aspects of the technology and business which have the potential for significant systems or Customer impacts.
Vulnerability management type Supplier-defined controls
Vulnerability management approach The technology group within Nexidia has assigned the responsibility for monitoring and recommending actions in support of proactive identification of potential security and performance vulnerabilities. Nexidia performs monthly internal and external vulnerability scans using industry standard tools. All vulnerabilities that are discovered are evaluated based on the risk rating of the output results and the impact to the environment. The risk rating is based on industry standard rating system:  Critical  High  Medium  Low  Informational The vulnerabilities are investigated by the Information Security staff and assigned to the appropriate team to assist with remediation.
Protective monitoring type Supplier-defined controls
Protective monitoring approach The service is monitored 24 hours a day. Any potential compromises are immediately alerted via email and SMS to the security team. Response time and rates are specific to the nature of the potential compromise, for example, a user failing authentication 3 times in under 5 minutes would be treated differently to a user failing authentication 50 times in under 60 seconds.
Incident management type Supplier-defined controls
Incident management approach Cirrus has standard incident management procedures in place to ensure that we are able to restore a service as quickly as possible and to minimise adverse impact on business operations. Customers are able to raise an incident or service request by telephone or email. Queries to Cirrus Support are logged as cases within our support system and categorised according to Priority. Customers receive incident reports via email.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No


Price £22 per user per month
Discount for educational organisations No
Free trial available No

Service documents

pdf document: Pricing document pdf document: Service definition document pdf document: Terms and conditions
Service documents
Return to top ↑