Lateral

Debt Recovery Software

A proven debt recovery system for automating and tracking business processes. Includes ability to have custom fields and manual or automated work flows with text, email, and letter templates. It also includes a financial system for managing fees, commissions...

Features

• Multiple Case Types
• Intelligent Workflows
• Bulk Processing
• Powerful Reporting
• Document Management
• User Permissions
• Email, Letter, Texting integrated
• Automated workflows
• Ability to create forms and new data types
• Custom Fields and Tags

Benefits

• Manage Cases more efficiently by streamlining your business process
• Less clicks and scrolling - optimised user experience
• Less time to train staff - easy to learn
• Companion app available along with field service management
• integrates with 3rd-party systems easily

£45 to £155 a user a month

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Framework

G-Cloud 12

Service ID

556304157356699

Contact

Ian McManus
01242 312100
ian@getlateral.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: No
• System requirements: Must have access to a modern browser (post 2009)

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Our SLA agreement says we will respond within 2 hours during UK business hours M-F 8am - 5pm and within 24 hours on the weekends
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: We provide 24/7 ticket and email support and offer the following terms in our SLA (service level agreement).; ; Critical - Target response time: 4 hours, Target resolution time: 8 hours; ; Serious: Target response time: 8 hours, Target Resolution time: 24 hours; ; Moderate: Target response time, 12 hours, Target Resolution Time, 48 hours; ; Minor: Target response time, 24 hours, Target Resolution time, 72 hours
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We provide a two day onsite training included in our implementation fee, as well as user documentation manual, and a help desk that has pre-populated questions such as 'How do I...?".
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Our customers can have a copy of all their data through reports or database backups as they prefer.
• End-of-contract process: We allow users to access any reports or get data backups of any relevant data at no additional cost. We like to make it easy to come on board and easy to exit if our customers wish to do so.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: We offer both a responsive mobile experiences (accessing the website) and mobile companion apps for different workflows depending on the services the client is interested in.
• Service interface: No
• API: Yes
• What users can and can't do using the API: Our Restful API allows users to create their own functionality and interfaces as well as update any data in the system. There are no limitations to the data that clients can modify or access using our API as we now use the API for internal admin area tools as well as external use.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: At the core of our service is a workflow engine so the entire workflow can be customised. In addition custom fields, custom interface (users can drag and drop widgets for various pages including the dashboard). In addition, users given the permissions to do so, can change the theme (colors and logo), the menus, the user roles, any questions on a form, exit codes for a task or stage in the workflow. There is a report generator so reports can be customized. ; ; Because our service has been used across industries we boast one of the most configurable and flexible software systems on the market.

Scaling

• Independence of resources: We have a horizontally scaling architecture - each of our clients has their own database and sometimes their own private cloud servers as well. All background processes such as letter batching get executed on a separate node to ensure that users don't experience any slow down during they system executing a high demand of processes. We also use a data warehouse for complex reports so that complicated reports don't slow down the system.

Analytics

• Service usage metrics: Yes
• Metrics types: By request, we log any usage of our service and can provide reports on this.
• Reporting types:
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Physical access control, complying with CSA CCM v3.0
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: All reports (over 100 come built in) come with the ability to export to CSV file for easy importing into other systems or Microsoft Excel. How to export data is included in our training. We also provide automated solutions for exporting data for our customers that wish to have a daily on-site back up of the database for example.
• Data export formats:
  • CSV
  • ODF
• Data import formats:
  • CSV
  • ODF

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: We have a 99.99% guaranteed up-time of the service. As our service normally has a monthly service fee, our customers are refunded if we don't meet guaranteed levels of availability for that month. We also have the following included in our standard SLA: ; ; Critical - Target response time: 2 hours, Target resolution time: 4 hours; ; Serious: Target response time: 8 hours, Target Resolution time: 24 hours; ; Moderate: Target response time, 12 hours, Target Resolution Time, 48 hours; ; Minor: Target response time, 24 hours, Target Resolution time, 72 hours
• Approach to resilience: We use third party datacentres such as Pulsant in the UK - (used by the ministry of Justice). We can also use Rackspace Uk, or another datacentre that passes our screening tests.
• Outage reporting: We use an external - uptime robot to check our systems which will email us of an outage.

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: We restrict user access through a proven RBAC system (role based access control). Only allowed roles (and the users in those roles) have access to management interfaces and support channels.
• Access restriction testing frequency: At least once a year
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Certified Quality Systems Ltd
• ISO/IEC 27001 accreditation date: 27/1/2017
• What the ISO/IEC 27001 doesn’t cover: We have other policies in place to cover the new GDPR regulations.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: We follow quarterly internal audits to comply with both ISO 27001 and GDPR. We review security risks at least annually, and whenever something changes, for example a supplier of cloud service changes. We minimize the people in the company that have access to the live servers and live data, and have not had a security issue since inception (over 8 years ago)

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: We execute code reviews before pushing any code to the live system, ensuring we are not adding any security vulnerabilities to the system. In addition, all changes are tracked through 'git' ensuring the ability to roll-back to previous versions and see all history of any file throughout the system. We also use continuous integration / continuous delivery. That means that the entire application is monitored constantly (every day) performing roughly 15,000 automated tests that are there to ensure all requirements are fulfilled through an evolving / improving codebase.; We periodically perform analysis to address more sophisticated code base review processes.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We keep ourselves up to date through fast communication channels (including relevant social media and website announcements) regarding imminent threats or potential patches.; ; If there is evidence that a vulnerability is being exploited and could have an effect on our system, we deploy a patch immediately. If there is no evidence that a vulnerability is being actively exploited, we deploy a patch with the following time scales: ‘Critical’ patches should be deployed within hours ‘Important’ patches should be deployed within 2 weeks of a patch becoming available ‘Other’ patches deployed within 8 weeks of a patch becoming available.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We identify potential breaches through monitoring applications such as newrelic or monit (which monitor the resources consumption on our nodes) and other monitoring tools. Should the reports be out of the ordinary we proceed in a rapid assessment of affected system logs. This can trigger an immediate halt to all activities on a detected/affected node after contacting all parties involved. This is done to avoid an escalation of a threat until further information is available. We respond within 1 to 2 hours from finding an incident.
• Incident management type: Supplier-defined controls
• Incident management approach: We have pre-defined procedures covered through our ISO 27001 manual that state the most common accident types and procedure for how to handle events including escalation and staff involvement. ; ; Users are free to report incidents mainly through emails or phone calls. When the incident is resolved we perform a post-mortem report within 72 hours for internal purposes and share the report with any affected clients. This report would include the reasons, the handling of the incident and what will be put in place to prevent it from happening again.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Pricing

• Price: £45 to £155 a user a month
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: For certain customers that meet our criteria, we often build a proof of concept that we provide use of for 2 weeks. This does not include integrations, but would include configuration work to make the system relevant for the potential customer to see how it would fit with their business.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF