Lateral

Debt Recovery Software

A proven debt recovery system for automating and tracking business processes. Includes ability to have custom fields and manual or automated work flows with text, email, and letter templates. It also includes a financial system for managing fees, commissions...

Features

  • Multiple Case Types
  • Intelligent Workflows
  • Bulk Processing
  • Powerful Reporting
  • Document Management
  • User Permissions
  • Email, Letter, Texting integrated
  • Automated workflows
  • Ability to create forms and new data types
  • Custom Fields and Tags

Benefits

  • Manage Cases more efficiently by streamlining your business process
  • Less clicks and scrolling - optimised user experience
  • Less time to train staff - easy to learn
  • Companion app available along with field service management
  • integrates with 3rd-party systems easily

Pricing

£45 to £155 a user a month

  • Free trial available

Service documents

Framework

G-Cloud 12

Service ID

5 5 6 3 0 4 1 5 7 3 5 6 6 9 9

Contact

Lateral Ian McManus
Telephone: 01242 312100
Email: ian@getlateral.com

Service scope

Software add-on or extension
No
Cloud deployment model
Private cloud
Service constraints
No
System requirements
Must have access to a modern browser (post 2009)

User support

Email or online ticketing support
Email or online ticketing
Support response times
Our SLA agreement says we will respond within 2 hours during UK business hours M-F 8am - 5pm and within 24 hours on the weekends
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Yes
Phone support availability
9 to 5 (UK time), 7 days a week
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
We provide 24/7 ticket and email support and offer the following terms in our SLA (service level agreement).

Critical - Target response time: 4 hours, Target resolution time: 8 hours

Serious: Target response time: 8 hours, Target Resolution time: 24 hours

Moderate: Target response time, 12 hours, Target Resolution Time, 48 hours

Minor: Target response time, 24 hours, Target Resolution time, 72 hours
Support available to third parties
Yes

Onboarding and offboarding

Getting started
We provide a two day onsite training included in our implementation fee, as well as user documentation manual, and a help desk that has pre-populated questions such as 'How do I...?".
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Our customers can have a copy of all their data through reports or database backups as they prefer.
End-of-contract process
We allow users to access any reports or get data backups of any relevant data at no additional cost. We like to make it easy to come on board and easy to exit if our customers wish to do so.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
We offer both a responsive mobile experiences (accessing the website) and mobile companion apps for different workflows depending on the services the client is interested in.
Service interface
No
API
Yes
What users can and can't do using the API
Our Restful API allows users to create their own functionality and interfaces as well as update any data in the system. There are no limitations to the data that clients can modify or access using our API as we now use the API for internal admin area tools as well as external use.
API documentation
Yes
API documentation formats
  • Open API (also known as Swagger)
  • PDF
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
At the core of our service is a workflow engine so the entire workflow can be customised. In addition custom fields, custom interface (users can drag and drop widgets for various pages including the dashboard). In addition, users given the permissions to do so, can change the theme (colors and logo), the menus, the user roles, any questions on a form, exit codes for a task or stage in the workflow. There is a report generator so reports can be customized.

Because our service has been used across industries we boast one of the most configurable and flexible software systems on the market.

Scaling

Independence of resources
We have a horizontally scaling architecture - each of our clients has their own database and sometimes their own private cloud servers as well. All background processes such as letter batching get executed on a separate node to ensure that users don't experience any slow down during they system executing a high demand of processes. We also use a data warehouse for complex reports so that complicated reports don't slow down the system.

Analytics

Service usage metrics
Yes
Metrics types
By request, we log any usage of our service and can provide reports on this.
Reporting types
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Yes
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Physical access control, complying with CSA CCM v3.0
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
All reports (over 100 come built in) come with the ability to export to CSV file for easy importing into other systems or Microsoft Excel. How to export data is included in our training. We also provide automated solutions for exporting data for our customers that wish to have a daily on-site back up of the database for example.
Data export formats
  • CSV
  • ODF
Data import formats
  • CSV
  • ODF

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Guaranteed availability
We have a 99.99% guaranteed up-time of the service. As our service normally has a monthly service fee, our customers are refunded if we don't meet guaranteed levels of availability for that month. We also have the following included in our standard SLA:

Critical - Target response time: 2 hours, Target resolution time: 4 hours

Serious: Target response time: 8 hours, Target Resolution time: 24 hours

Moderate: Target response time, 12 hours, Target Resolution Time, 48 hours

Minor: Target response time, 24 hours, Target Resolution time, 72 hours
Approach to resilience
We use third party datacentres such as Pulsant in the UK - (used by the ministry of Justice). We can also use Rackspace Uk, or another datacentre that passes our screening tests.
Outage reporting
We use an external - uptime robot to check our systems which will email us of an outage.

Identity and authentication

User authentication needed
Yes
User authentication
Username or password
Access restrictions in management interfaces and support channels
We restrict user access through a proven RBAC system (role based access control). Only allowed roles (and the users in those roles) have access to management interfaces and support channels.
Access restriction testing frequency
At least once a year
Management access authentication
Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
Between 6 months and 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
Certified Quality Systems Ltd
ISO/IEC 27001 accreditation date
27/1/2017
What the ISO/IEC 27001 doesn’t cover
We have other policies in place to cover the new GDPR regulations.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
We follow quarterly internal audits to comply with both ISO 27001 and GDPR. We review security risks at least annually, and whenever something changes, for example a supplier of cloud service changes. We minimize the people in the company that have access to the live servers and live data, and have not had a security issue since inception (over 8 years ago)

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
We execute code reviews before pushing any code to the live system, ensuring we are not adding any security vulnerabilities to the system. In addition, all changes are tracked through 'git' ensuring the ability to roll-back to previous versions and see all history of any file throughout the system. We also use continuous integration / continuous delivery. That means that the entire application is monitored constantly (every day) performing roughly 15,000 automated tests that are there to ensure all requirements are fulfilled through an evolving / improving codebase.
We periodically perform analysis to address more sophisticated code base review processes.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
We keep ourselves up to date through fast communication channels (including relevant social media and website announcements) regarding imminent threats or potential patches.

If there is evidence that a vulnerability is being exploited and could have an effect on our system, we deploy a patch immediately. If there is no evidence that a vulnerability is being actively exploited, we deploy a patch with the following time scales: ‘Critical’ patches should be deployed within hours ‘Important’ patches should be deployed within 2 weeks of a patch becoming available ‘Other’ patches deployed within 8 weeks of a patch becoming available.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
We identify potential breaches through monitoring applications such as newrelic or monit (which monitor the resources consumption on our nodes) and other monitoring tools. Should the reports be out of the ordinary we proceed in a rapid assessment of affected system logs. This can trigger an immediate halt to all activities on a detected/affected node after contacting all parties involved. This is done to avoid an escalation of a threat until further information is available. We respond within 1 to 2 hours from finding an incident.
Incident management type
Supplier-defined controls
Incident management approach
We have pre-defined procedures covered through our ISO 27001 manual that state the most common accident types and procedure for how to handle events including escalation and staff involvement.

Users are free to report incidents mainly through emails or phone calls. When the incident is resolved we perform a post-mortem report within 72 hours for internal purposes and share the report with any affected clients. This report would include the reasons, the handling of the incident and what will be put in place to prevent it from happening again.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Pricing

Price
£45 to £155 a user a month
Discount for educational organisations
No
Free trial available
Yes
Description of free trial
For certain customers that meet our criteria, we often build a proof of concept that we provide use of for 2 weeks. This does not include integrations, but would include configuration work to make the system relevant for the potential customer to see how it would fit with their business.

Service documents