Business Systems (UK) Ltd

smartnumbers Mobile Voice Recording

smartnumbers mobile call recording provides compliant mobile call recording at a fraction of the cost of current mobile call recording suppliers. No matter who owns the device (the organisation, or the staff as part of a BYOD strategy), business calls are recorded and stored centrally, while personal calls remain private.


  • Records all inbound and outbound calls and texts on mobiles
  • Recordings are encrypted and securely stored in the vault
  • Cloud-based mobile call recording solution - no additional hardware required
  • Simple search and replay of mobile call recordings and texts
  • Set your location and redirect business calls to any phone
  • Manage availability and routing with ease
  • Use call-back to make international calls


  • Reduce roaming charges
  • Complies with all UK financial mobile call recording regulations
  • Rapid deployment of mobile call recording; keep existing SIM card
  • Records only business calls, not personal calls
  • Protects the organisation & eliminates risk by recording all calls
  • Quickly locate specific recordings or texts
  • Reduce mobile expense claims administration
  • No need for staff to carry two phones, complete choice
  • Separate business and personal calls, voicemails, texts
  • Mobile call recording provides complete work flexibility


£12 to £50 per user per month

  • Free trial available

Service documents

G-Cloud 10


Business Systems (UK) Ltd

Julie Kerman

0208 326 8326

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints Customers that want to use existing telephone numbers will need to port the numbers. Business Systems will manage this process as part of the on-boarding process.
System requirements Mobile app works with Android and iOS

User support

User support
Email or online ticketing support Email or online ticketing
Support response times 98% of support phone calls answered within 5 seconds by our Customer Service centre. They will log a case and assign the priority of the query or problem. Typically Business Systems provide technical 1st response within 20 minutes for Support related issues. Response times differ outside core business hours due to automated routing of calls. A 24 hour facility is available where cases can be logged 24/7 (calls are routed to Out Of Hours Team; emails are logged and picked up the first business day). Tailored support is also possible e.g. manned 24/7 help desk. Cloud service has 24/7/365 monitoring.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support No
Support levels Business Systems provides five levels of support including:

1. Platinum - Full support, 24 hours a day, 365 days per year with 4 hours response (remote access is a pre requisite).

2. Gold - Full support, 0800-2000 hours a day, 365 days per year with 4 hours response (remote access is a pre requisite)

3. Silver - Standard on-site support (including telephone support), 0800-
2000 Monday-Saturday; Response time of 8 hours UK (typically 4 hours in the City of London)

4. Bronze - Basic on-site support (including telephone support), 0900-1700 Monday-Friday; Response time of 8 hours UK (typically 4 hours in the City of London)

5. Tailored Service Level based on the customer's requirements e.g. custom support hours, on-site support, technical account manager etc.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started To correctly provision and bill new customers, the following Account information is required:
• Account name
• Account reference number
• Account address including post code
• Authorised contact name
• Authorised contact email address
• Authorised contact phone

All new users will receive a "Welcome" email that contains the information needed to commence using the service. Users will have access to a web-based "Help Centre" that covers all aspects of how to use the service. Business Systems also provides a manned service desk during business hours as well as a 24/7 online facility for logging cases. Authorised contacts will also have access to the full Service Description from the Digital Marketplace and will be allocated a Business Systems account manager for the duration of the working relationship.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction There are a number of options available for extraction of data at the end of the contract. This will be discussed with the Business Systems account manager assigned to the contract.
End-of-contract process At least 30 days before the end of the contract the Authorised Contact informs the Support Desk if the Mobile Numbers are to be retained and rolled over to a new version of G-Cloud, ceased or ported to a new Communications Provider (CP). The timescale for porting is 28 working days. If the buyer is moving to a new CP then the new CP is responsible for the process of porting the numbers. The Support Desk will give full assistance in any port or in ceasing the service. There is no charge for porting the service to another communications provider. If large amounts of data need to be extracted there will be a charge as given in the pricing document.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 10
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install Yes
Compatible operating systems
  • Android
  • IOS
Designed for use on mobile devices Yes
Differences between the mobile and desktop service There are separate desktop applications for service administration and for access to compliance recordings.
Accessibility standards None or don’t know
Description of accessibility Accessibility is considered in design, but doesn't necessarily adhere to an industry standard.
Accessibility testing None
What users can and can't do using the API The API provides customers the ability to export their data for on premise storage and analysis. An API role needs to be setup to access the API through the customer service desk.
API documentation Yes
API documentation formats PDF
API sandbox or test environment Yes
Customisation available No


Independence of resources The solution design allows us to scale our application services horizontally by adding additional server instances. Services are monitored for performance and additional application servers are provisioned to ensure the SLA is met for each of the services.


Service usage metrics Yes
Metrics types Cases logged, SLAs, fixed times/closure summaries etc.
This can be tailored to the customer's needs.
Reporting types
  • Regular reports
  • Reports on request


Supplier type Reseller (no extras)
Organisation whose services are being resold Smartnumbers

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations European Economic Area (EEA)
User control over data storage and processing locations No
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest Other
Other data at rest protection approach We protect data at rest with an access control policy that states AES-256 encryption.
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach Customers contact the support desk or their Business Systems account manager. User setup data could be provided as CSV. Calls/SMS provided through a web API.
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability Our service SLA is 99.999% call routing availability.
Approach to resilience There are no single points of failure in the cloud infrastructure. All services are hosted across 3 geographically resilient datacentres within the UK with call recording information being stored in a secure EU datacentre.
Outage reporting Email Alerts are sent to the authorised contacts for each customer.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels Login/Password and VPN link.
Access restriction testing frequency At least once a year
Management access authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications
  • IASME Gold Level on 18th September 2017 (Certificate Number: A15-000413)
  • ISO 9001:2015 on 4th July 2017 (Certificate number: 19000)

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach As the reseller of the solution, Business Systems is ISO 27001 accredited.

Resilent plc is working towards an audited IASME certification by August 2017. The organisation currently self governs on IASME control sets.
Information security policies and processes The cloud infrastructure is subject to IASME control principles ; delivered through a set of internal information security policies and processes. The quality of these policies is managed through the manufacturer's ISO9001 quality managed system. The reporting structure is through the Head of Infrastructure and Security to VP Board Member Head of Operations.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach The solution architecture and source code are version controlled using various version control systems. Changes to the solution undergo a formal peer review for functional and non functional aspects, which include safety and security of the system. Implementation of these changes on to the production platform undergoes a further formal review through the Change Approval Board. Both of the peer reviews are tracked using an auditable change management system.
Vulnerability management type Supplier-defined controls
Vulnerability management approach The manufacturer has deployed the "Tenable - Security Centre" solution within its networks, which updates all potential vulnerabilities on a daily basis. Weekly assessments are run against the estate (both infrastructure and applications) to report any potential threats. These reports can then trigger a defined patching process if required sooner than the scheduled patching process.
Protective monitoring type Supplier-defined controls
Protective monitoring approach A combination of "Checkpoint Next Generation Security applications (inc IDS)" throughout the manufacturer's networks (external and internal facing) is deployed; this internal "Splunk" (application) reports into the 'Network Operations Centre' which monitors and responds to any incidents based on internal SLAs.
Incident management type Supplier-defined controls
Incident management approach Business Systems' incident management procedures operate in line with ISO 27001 accredited governance procedures.

The cloud service provided by the manufacturer is subject to an Incident Process which is based on the ITIL incident management process. All incidents are raised as tickets within the 3rd party support application and tracked and reported by its support desk. This will be managed by Business Systems on behalf of the customer.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No


Price £12 to £50 per user per month
Discount for educational organisations No
Free trial available Yes
Description of free trial A free trial is available for a limited trial period.


Pricing document View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑