Temple Interactive Media

Interactive Voice Response

Automated telephone call handling. Our systems are used for Customer Relationship Management (CRM), virtual call centre, credit card payments, voicemail, voting and information services. Voice interface using telephone keypad or Speech Recognition to connect to databases and APIs. Call centre overflow and routing. VoiceXML support for design and service management.


  • Secure Voice interface to access database and web API services
  • Real time PCI DSS credit card payment processing
  • Telephone keypad (DTMF) and Speech Recognition
  • Process 2000 landline and 10000 VOIP simultaneous calls
  • Secure web interface to manage Real Time Reporting and payments
  • Secure web interface for remote access setup and monitoring
  • 24 / 7 365 day support
  • UK based in High Security Tier 4 Hosting Centre
  • Fully audited by Deloitte and BBC
  • All hardware and servers owned and operated


  • Low cost access to high inbound capacity voice services
  • Remotely manage secure voice services
  • Automatically handle 2000 landline calls at the same time
  • Easily edit services such as voice messages and menus
  • Reduce PCI DSS compliance costs
  • Allow voice only access to database information
  • Allow voice credit card payments
  • Reduce call centre and line rental costs
  • Automatically handle 10,000 VOIP calls at the same time


£0.10 per transaction

Service documents

G-Cloud 10


Temple Interactive Media

Tim Hayes



Service scope

Service scope
Service constraints No
System requirements
  • Remote payment APIs must be PCI DSS compliant
  • Merchant account for payment

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Response levels are determined by SLA chosen for a particular service. Normal response times are 1 to 3 hours in UK working hours.
24 / 365 Out-of-hours response is available at additional charge
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Yes, at extra cost
Support levels We offer two levels of support:-
1. General service support included at no additional charge

Issues that may be disruptive, but do not require immediate response aim to be resolved the next working day.

2. Telecoms issues, calls / messages not being handled, engaged tones or service failure aim to resolve in 4 hours

Live support

Critical issues during a live TV broadcast. Ongoing real-time response and support Ongoing real-time response and support Ongoing real-time response and support. Cost from £500 per hour including network support engineers.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started We provide onsite training, online training and user documentation.

We provide a development server environments allowing users to develop and test services before deploying to the live production environment.

We provide full development of services therefore we can assist with questions and queries as to the design of services. We support the VoiceXML 2.0 services standard allowing users to build their own IVR services.

We can also provide voice over artists for message prompts and menus.

We offer full testing services from multiple phone networks including VOIP.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction Users can download their data at any time during the contract.
End-of-contract process At the end of the contract the services will be disabled and data will be retained in line with EU GDPR.

The are no termination fees or additional charges to store data on our systems in line with EU GDPR and Data Protection rules.

Data will be at all times available to download during the contract and for up to two years following the termination of the contract.

Using the service

Using the service
Web browser interface Yes
Using the web interface Users can:-

1. Setup services including chose type of service, voice messages and set time of day options. We support VoiceXML and provide a development server to test services.

2. Manage services change voice messages and menus through web interface.

3. Monitor services and payments. Download voice messages and reports.


1. Users cannot access payment modules so cannot access Merchant ID
2. Phone number allocation will be issued manually on request to support
Web interface accessibility standard WCAG 2.0 A
Web interface accessibility testing Our systems have been designed to be fully managed using a telephone
Command line interface No


Scaling available Yes
Scaling type Automatic
Independence of resources Our platform is used to provide shared high availability services to TV Broadcasters including the BBC. Our systems regularly operate under high load conditions whilst maintaining secure sand boxing between applications. We have developed policies and procedures to manage high load events. Where users expect a particularly high response we have a Mass Event policy and we work with the networks to minimize any adverse effects. Where required we can maintain dedicated minimum capacity for each service.
Usage notifications Yes
Usage reporting Email


Infrastructure or application metrics Yes
Metrics types
  • Network
  • Number of active instances
Reporting types Real-time dashboards


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations Yes
Datacentre security standards Managed by a third party
Penetration testing frequency At least every 6 months
Penetration testing approach In-house
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
  • Hardware containing data is completely destroyed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery
Backup and recovery Yes
What’s backed up
  • Files
  • Services
  • Databases
  • VoiceXML Data
  • Call Data
  • Payment summary
Backup controls Backups occur in real time to multiple servers in remote locations.

There is no user interaction required.
Datacentre setup Multiple datacentres with disaster recovery
Scheduling backups Supplier controls the whole backup schedule
Backup recovery Users can recover backups themselves, for example through a web interface

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability We provide 99.9% availability in our SLA based on monthly billing period excluded planned outages
Where we fail to provide the agreed level we offer credits on line rental equivalent to the time when the service failed to meet the availability standard.
Approach to resilience Due to security requirements this information available only on request.
Outage reporting A public dashboard and email alerts

Identity and authentication

Identity and authentication
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
Access restrictions in management interfaces and support channels Access to the management systems is defined in our Information Security Policy in accordance with our privileges matrix. Access levels are defined on a need to know basis using role based access control.
Access is limited according to role. Unrestricted access will only be granted to staff and persons with the prior approval of senior staff in exceptional circumstances. Exceptional circumstances include PCI Audits or Criminal Investigations. No other unrestricted access is permitted or will be granted.
Access will be terminated according to the Information Security Policy on movers and leavers
Access restriction testing frequency At least every 6 months
Management access authentication 2-factor authentication
Devices users manage the service through Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification Yes
Who accredited the PCI DSS certification Self Certified
PCI DSS accreditation date 1/9/2017
What the PCI DSS doesn’t cover Card issuer controllers
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards
  • CSA CCM version 3.0
  • Other
Other security governance standards PCI DSS
Information security policies and processes We have an information security policy which clearly outlines who is responsible for each action and how incidents can and should be escalated in the organization. All staff members are fully trained and kept up to date with security policies and are award that failure to comply is considered a serious disciplinary offence which may result in immediate dismissal. Our policies include Data Protection, Acceptable Use, Asset Control, Audit, Change Control, Access,Inventory Cryptographic Controls, Incident,Logical Access,Malicious Software, Operational, Password, Penetration Testing, Firewall,Physical Security, Privileges, Risk, Security Management, Security Patch, Software Development, Staff Selection, Systems, User Privilege,Linux Configuration, Security Management, Linux Hardening.
Copies of these documents are available on request.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach We have configuration documents for our servers including Linux Hardening and Linux Server Configuration documents. We have Change Management Control Procedures document which outlines how changes are made to our systems. We can provide details of both documents on request. In summary our Change Management requires an impact assessment, prohibits changes that impact security, testing of any change before deployment and back-out procedures.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach We have a Malicious Software Vulnerability Management policy document that details the use of anti-virus software and detecting and removing malicious software.
We have remote access logging to record and generate logs.
We use reputable outside sources not just the software vendor including new security alerts internally from rkhunter reports and externally via https://www.uscert.gov/ncas/alerts and http://www.centos.org
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach We have a Security Management Matrix that defines the roles and responsibilities of staff in the monitoring of our systems to identify potential compromises. This includes monitoring and analyzing security alerts and distributing information to appropriate information security and business unit management personnel, creating and distributing security incident response and escalation procedures.
When a potential compromise is identified we have an Incident Response Plan that classifies the incident from 1 to 4 and outlines the correct procedure. The speed of response will depend on classification e.g. threat to life will warrant immediate response
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach We have an incident response plan with pre-defined processes. The incident will be categorized into the highest applicable level of
one of the following categories:

1. Category one - A threat to public safety or life.
2. Category two - A threat to sensitive data –including Credit Card or Financial Information
3. Category three - A threat to computer systems
4. Category four - A disruption of services

The person who discovers the incident will call the Temple head office

The incident report will be distributed to all affected stakeholders and external agencies (e.g. Police)

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart No

Energy efficiency

Energy efficiency
Energy-efficient datacentres Yes


Price £0.10 per transaction
Discount for educational organisations No
Free trial available No


Pricing document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑