Frequentis AG

Hosted 3020 LifeX: Dispatch and First Contact Solution for Critical Control Rooms

The on- or off premise hosted 3020LifeX solution provides a full web-based call centre solution including ACD, IVR, recording, and integration with Airwave and ESN (when available). Together with a host of other features tailored to safety critical control rooms it provides a reliable solution to base your operations on.

Features

  • Airwave and ESN (when available) integration
  • Call Centre functionality including Queing, ACD, IVR and recording
  • NG112/999 (when available) compliant
  • Fully web based HTML5 client, using USB headsets/footswitches
  • Integration of local telephone lines/Airwave CCI ports/Analog Radio
  • Modern GUI optimised for Mouse & Keyboard or Touch Screen
  • Rapid scalability beyond ordered limits
  • Emergency calls will not get lost due to network issues
  • always up to date with latest LifeX SW versions
  • Comprehensive reporting and dashboards available

Benefits

  • Have your control room everywhere where your network is
  • Use it on any device (PC, laptop,..) in your network
  • Access Airwave, ESN, intercom and Telephony functionality using your browser
  • your choice of on- or off-premise hosting
  • No-worries maintenance and helpdesk arrangements
  • Unmatched service availability; solution designed with reliability, resiliancy and redundancy
  • removes the need for a separate PABX and/or voice-recording-system
  • Removes the need for a separate ACD and/or IVR system

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Community cloud
Service constraints On-premise hosting incurs additional service costs, to be determined during onboarding.
Only certain COTS headset and footswitch models are certified for use with LifeX.
System requirements
  • Certified web browsers: Chrome (>v60), Internet Explorer 11 (>11.0.9600).
  • Client to run Windows OS 8.1 or higher
  • WAN: 300-500kbit/user depending on number of audio devices
  • WAN: additional bandwidth for remoting local telephone/Airwave interfaces
  • WAN: Latency max. 50ms end-to-end
  • WAN: Jitter max. 15ms
  • WAN: Packet Loss max. 0,5%

User support

User support
Email or online ticketing support Yes, at extra cost
Support response times The Helpdesk handles all service requests using the ITSM Tool (IT Service Management Tool) and is reachable via telephone, fax and email 24/7. The helpdesk can be used to report all the categories of incidents and for all other concerns regarding Frequentis responsibilities. Service impacting reports will be responded to within 4 hours, detailing the course of actions to resolve the issue.
Questions regarding usage of the solution will be forwarded to solution experts and generally be answerred within 2 working days by the cloud support engineer.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.1 A
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Yes, at extra cost
Support levels First and Second line support arrangements are dependent on the off- or on-premise cloud hosting platform used to host the LifeX solution and are determined during the onboarding process.
Frequentis provides a third line support alligned with ITEL V3 with extensive incident and problem management, service management and support, business continuity management and software maintenance services. SLAs are determined and agreed during the oboarding process.

The cost of this third line support is included in the monthly user rate.

Within the service department cloud support engineers are provided.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Onboarding is a guided process where Frequentis together with the customer determine the exact needs and set-up tasks to perform. This includes identifying local network requirements, interfaces to connect to, Airwave and -when available- ESN configuration (incl. fleetmapping, Alias definitions etc.), required training, SLA definition and go-live support. These efforts are variable per customer and are charged as per the rate card.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction At the end of the contracted period, the customer will receive an dump in .CSV format from the statistical data accumulated for the service period. Also a dump of the user and role configuration will be provided. These can be used by the customer to document the configuration and usage of the service.
End-of-contract process Included are the dump from the statistical database and configuration. Any other reports result in an additional charge as per rate card.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Chrome
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service USB footswitch, loudspeaker and headsets can be connected to desktop service. Mobile service uses mobile phone as audio device and tablet as user interface.
Accessibility standards WCAG 2.1 A
Accessibility testing The Frequentis LifeX user interface has been designed based on user feedback from our wide range of customers, structured observations and adherence to established GUI guidelines like ISO9241 and ISO11064. Additionally, each iteration of the LifeX user interface is tested in Frequentis' User Experience Laboratory to determine objective usability and subjected perception KPIs. The client uses standard Web technologies with associated accessibility functionality.
API Yes
What users can and can't do using the API The Life Interface is a standardised interface of the 3020 LifeX. It allows a third party client or system to access all functionalities of the 3020 LifeX system. It allows full access to correlating functionality and data as well as to control the 3020 LifeX clients. It is meant for integration with customer specific C&C and/or CRM systems. It is not meant as an API to "set up the service or make changes to it". Note, that integration support is an additional service that can be ordered.
API documentation Yes
API documentation formats HTML
API sandbox or test environment Yes
Customisation available Yes
Description of customisation At the basis of the 3020 LifeX is a role-based layout, routing and access right mechaism. Using the web browser based Configurator, the customer can configure for its orgnisation:
- Users and which roles each user is allowed to select
- Role: Routing rules (including ACD, IVR, escalation etc.)
- Role: Basic Layout (radio, telephony, intercom, Action pads, mapping, external web pages etc.)
- Role: Accessible talk-groups and telephone lines/trunks

Only users given admin rights by the customer's Administrator can make configuration changes.

Note that users have a personal section on the "Action Pad" panel to store personal telephony/Airwave/ESN numbers of favourites.

Scaling

Scaling
Independence of resources The hosting platform will be scaled such, that the maximum number of concurrent users and concurrent communication channels are supported. Under normal circumstances the platform will therefore be "over provisioned". With each new demand additional computing resources will be made available to maintain the guaranteed performance.

Analytics

Analytics
Service usage metrics Yes
Metrics types A Web based operational Dashboard is available providing an overview of the current user activities (Active conversation details, ACD status overview), with summary overviews of contacts per conversation category, currently handled conversations, currently waiting, work shift and overall day performance.

Performance overview (shift and overall day) also provides a graphical indication if a (configurable) KPI has been met or not.

In Addition, several reports can be created using the Management Information System web client.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach In-house
Protecting data at rest Encryption of all physical media
Data sanitisation process No
Equipment disposal approach In-house destruction process

Data importing and exporting

Data importing and exporting
Data export approach We differentiate between statistical usage data and configuration data. Statistical data cen be exported via the Management Information Systems' web interface in several formats (PDF, CSV,XML, XLS). Additionally, a full statistical database dump can be requested for an additional service charge.

An export of the configuration data from MongoDB (roles, users, talkgroups, call routing etc.) can be requested for an additional service charge.
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability The availability depends on the hosting platform and provider chosen by the customer. We provide the flexibility to host our cloud solution off-premise using e.g. a G-Cloud hosting provider fulfilling certain requirements, or on-premise using the customer's private cloud environment. Depending on the hosting platform set-up and network availability the final availability figure will be negotiated with the customer.
Approach to resilience The architecture of LifeX is designed to meet the high-availability and reliability requirements for mission critical environments. The system is a software-based solution, based on Frequentis standard software products. Resilience is achieved om multiple levels.
(1) The base is provided by the high-available hardware components used in the datacentre (servers, network etc.) and -if necessary- radio interfaces gateways.
(2) The high-performing virtualisation infrastructure in the datacentres provides the secondary resilience level. The solution uses virtual servers separating it from the underlying hardware and use the available computing resources in a most efficient way.
(3) The third and major level of the resilience is provided by the sophisticated software architecture of the solution, where all business critical components run in a n+m redundancy concept. This allows us to deploy multiple instances of software components to provide customised software-resilience.
(4) On top of this resilience concept, a possible Geo-redundant deployment provides the fourth level of resilience with improved Business.
Based on these multiple levels of resilience, the proposed solution is designed to keep disruptions and risks of failure on a minimum level. In case of failures of single elements, there is no influence on the overall service availability.
Outage reporting The service provides email alerts to designated recipients on the customer side, providing timely information about systems events impacted their service. Additionally, the customer has access to our ITSM customer access web site. This ITSM Tool allows the ITIL v3 compliant tracing and documentation of all incidents found in the System under Maintenance. The customer can log in to the ITSM Tool at any time and check the status of his incidents, provide further information to an incident and so on. The LifeX clients themselves also provide immediate feedback on position impacting issues.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication 2-factor authentication
Access restrictions in management interfaces and support channels Users authenticate using their specific user credentials (username / password) to get access to the system. Authentication is performed using 2-factor authentication (client side certificate and password).
Users get access to the appropriate facilities using their specific user account and selected role, based on the configuration of each user’s access rights. For instance, only administrators will have access to facilities that relate to any technical configuration, to make sure that no operator etc. can change administrative configurations. Supervisors or Control Room Managers will have access to the appropriate configuration tool sections and additional functionality at the working position.
Access restriction testing frequency At least every 6 months
Management access authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 CIS - Certification & Information Security Services GmbH
ISO/IEC 27001 accreditation date 16.05.2011
What the ISO/IEC 27001 doesn’t cover Not applicable
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes FREQUENTIS develops and produces communication systems for safety-critical applications and for the defence market. FREQUENTIS runs a certified information security management system according ISO 27001:2013 focussed on risk management and continuous improvement. Information security regards in particular Availability, Integrity, Confidentiality and Authenticity.

The System Security Policy Guidelines provides practical work instruction for the implementation. The policy further refers to other accompanied documents that address extensive topics e.g. Incident Response Plan or Software Implementation Guidelines.
The policy is signed by the management. It is implementation independent and comprises the whole Frequentis product portfolio. The policy requirements are enforced through the security process.
The policy addresses the security requirements for system design and implementation within product or project development. Policy content is based on industry well known best practices that applies to Frequentis systems. On top of this, a Security Assessment methodology complements the requirements in cases that the security requirements cannot be fulfilled by the best practices only.
Security process is incorporated in the Frequentis development process. Engineering policy addresses the security requirements for system installation, configuration and integration. Similar to the development process, the requirements are followed and checked in the particular project milestones referring to the delivery process

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach FREQUENTIS Uses the PRODIS tool which is for product managers, technical product managers and development project managers to plan and administrate deliverables. Deliverables are tracked starting with the first announcement until they delivered to the customer including phasing out and service discontinuation. It gives information about the software that has been sold to the customer, when and in which exact version it has been delivered.
Every alteration of the system or its configuration is subject to the change control procedure. As a consequence, every workaround or patch has to pass the impact assessment including evaluation of possible security implications.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Frequentis Computer SECURITY & INCIDENT RESPONSE TEAM (CSIRT) focuses on the identification of emerging security incidents. Common vulnerabilities issued in the security community are collected, assessed and pre-filtered in terms of applicability to Frequentis systems by company-wide communication via security notifications in different notification categories. The category is defined based on the nature of the exploit, the attack vector and involvement of classified data.
Cooperation with customer concerning vulnerability classification and notification shall be agreed in SLA.
CSIRT follows CERT.at, all major hardware/software vendors, online Cyber Awareness Systems (e.g. US-CERT, NVD, CVE) and other online sources (heise.de, The Register, etc.)
Protective monitoring type Supplier-defined controls
Protective monitoring approach Members of the CSIRT monitor the emerging exploits/vulnerabilities and identify the incidents related to Frequentis systems for the achievement of satisfactory security and safety. Monitoring is done on behalf of various sources (see 53).
One of the 4 security categories is assigned to the identified warning and respective reaction (Security Notification of Security Information) is issued to the concerned parties. Project organisations evaluate the notification applicability in their system environment and configurations and provide proper response to the concerned customers. The vulnerability level, the response times and the scope shall be defined in service agreement between Frequentis and the customer.
Incident management type Supplier-defined controls
Incident management approach Incident management process is carried out by the internal CSIRT (see point 53) based on the Incident Response Plan that describes the ongoing incident management activities including security notification and the event triggered activities concerning security event response.
Employees are using the organization’s information systems and services required to note and report any observed or suspected information security weaknesses in systems or services.
Security Warning triggers Security Notifications or Security Information. In case of safety relevance, the internal Hazard Process is triggered. A Security Event triggers the Security Event Response that is documented in the Security Event List.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks Yes
Connected networks Other
Other public sector networks
  • Airwave
  • ESN-DNSP

Pricing

Pricing
Price £380 per user per month
Discount for educational organisations No
Free trial available No

Service documents

pdf document: Pricing document pdf document: Skills Framework for the Information Age rate card pdf document: Service definition document pdf document: Terms and conditions pdf document: Modern Slavery statement
Service documents
Return to top ↑