Lateral

CRM IQ - Lateral Technology Customer Relationship Management (CRM)

Lateral Technology's CRMIQ platform enables businesses to automate and streamline the customer relationship management process - through use of our powerful and flexible workflows, it is possible to manage requirements, automate processes, increase efficiencies and improve productivity - driving engagement and returns for stakeholders at every step of the journey.

Features

• Sophisticated, intuitive user interface
• Cloud based
• Office integration, email integration, single sign-on, comprehensive integration API
• Available on the Amazon Web Services (AWS) platform
• Configured to ensure adherence to statutory requirements
• Built-in communications via Live Chat, letters, email, SMS, WhatsApp
• Third Party integration with VoIP PBX and dialler solutions
• Full resource, workflow, and customer process management
• Flexible multiple market & product types
• Intelligent, automated bulk processing of workflow activities

Benefits

• Improve service levels and enhance the customer experience
• Proven platform used across central and local government
• Comprehensive out-of-the box functionality through pre-configured workflows
• Easy-to-use interface helps users navigate the system and process easily
• Configurable solution through in-built forms, workflows and correspondence template design
• Multiple time saving features & in-built efficiencies
• Sophisticated access control model with complete audit trail
• Powerful SLA / KPI monitoring tools
• Powerful reporting including dashboards, automated email delivery and data export
• Extensive administration with super-user features allow detailed management of system

£600 a person a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  ODT

• Service definition document

  PDF

• Terms and conditions

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ian@getlateral.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

708078503947395

Contact

Ian McManus
01242 802352
ian@getlateral.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: The system is guaranteed to be available more than 99.5% of 24/7; any planned downtime will be scheduled to be out of hours when possible, and customers will be alerted in advance. ; ; Our service is fully scalable, and all maintenance is managed specifically to ensure service availability to meet each customers needs.
• System requirements:
  • Any device that supports modern browsers
  • Access to the internet

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We aim to resolve the problem within the timescales given below, depending on complexity of the issue and support volumes: 1) Critical issues - our aim is to address and whenever possible, resolve the problem within two business hours (24-hours a day, 7 days a week (24*7)). 2) Significant issues - our aim is to address and where possible resolve the problem within eight business hours (Mon to Fri 9am to 5.30pm GMT/BST). 3) Minimal issues - our aim is to address and where possible resolve the problem within 24 business hours (Mon to Fri 9am to 5.30pm GMT/BST).
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AAA
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: Web chat enables users to interact with our dedicated support team and log issues.
• Web chat accessibility testing: None.
• Onsite support: Onsite support
• Support levels: We provide 24/7 ticket and email support and offer the following terms in our SLA (service level agreement):; Critical - Target response time: 2 hours, Target resolution time: 8 hours Serious: Target response time: 8 hours, Target resolution time: 24 hours Moderate: Target response time, 12 hours, Target Resolution time, 48 hours Minor: Target response time, 24 hours, Target resolution time, 72 hours; We provide each client with a dedicated Customer Success Manager (with technical capabilities).
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: All implementations start with a project kick off event to formally start the implementation; the scope of the project will be reviewed and a project plan devised. ; ; We provide a consultative implementation which includes 2 days of onsite or remote training, documentation, additional training sessions, sandbox walk through and a help desk that has pre-populated questions such based on keywords that are entered.; ; We offer support for testing, and we train customer staff. After implementation we can assist in any project reviews if required.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: The client can extract data from over 100 pre-built reports or use the report builder. Users can export their data from the web interface as csv, txt, or excel format. Reports can be created the interface itself. Additionally for a small fee (no more than 1 day of work), Lateral can export the data in a required format.
• End-of-contract process: Lateral and customer will agree on the format and timeline for the data removal, and keep the service active until the end of the contract unless an extension is agreed.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Our software has been designed to work fully on mobile devices, as well as desktop systems.
• Service interface: No
• API: Yes
• What users can and can't do using the API: Our flexible and powerful Restful API allows users to create their own functionality and interfaces as well as update any data in the system. ; ; There are no limitations to the data that clients can modify or access using our API as we now use the API for internal admin area tools as well as external use.
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: At the core of our service is a highly customisable workflow engine so the entire workflow can be customised to the clients specific requirements - including automating tasks and communications with the customer. This is frequently why our clients choose us over competitors. We are well-known for our powerful workflow flexibility.; ; The open source customer portal and dashboard can be fully customised. In addition there are custom fields, custom interface (users can drag and drop widgets for various pages, including the dashboard). The menus and the user roles are fully customisable. All reports can be totally customised and provided to ensure any organisational compliance is adhered to. Due to our system being in use across multiple industries we boast one of the most configurable and flexible software systems on the market.

Scaling

• Independence of resources: As a fully-scalable, cloud-based system built on AWS technology, our up-time is 99.5%+.; ; Our service has multiple protections. We have multiple security features installed on our servers including real time threat monitoring, firewalls, and application protection. AWS is able to reroute service and protect against Denial of Service attacks.

Analytics

• Service usage metrics: Yes
• Metrics types: We provide full service metrics, which are all fully auditable on all uptime, usage, background actions, batch actions, imports, and exports. We have over 100 pre-built reports, and users can build their own reports on any data field in the database.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2012
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Users can export their data from the web interface as csv, txt, or excel format. Reports can be created the interface itself. At request, Lateral can assist with extracting any data for a low cost fee covering the hours involved.
• Data export formats:
  • CSV
  • ODF
  • Other
• Other data export formats: Microsoft Excel
• Data import formats:
  • CSV
  • ODF
  • Other
• Other data import formats:
  • Microsoft Excel
  • Drag & drop functionality allows for PDF, Word import also

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: We have a 99.5% guaranteed up-time of the service. As our service normally has a monthly service fee, our customers are refunded if we don't meet guaranteed levels of availability for that month. ; ; We also have the following included in our standard SLA: ; Critical - Target response time: 2 hours, Target resolution time: 4 hours Serious: Target response time: 8 hours, Target resolution time: 24 hours Moderate: Target response time, 12 hours, Target resolution Time, 48 hours ; Minor: Target response time, 24 hours, Target Resolution time, 72 hours
• Approach to resilience: Data available on request.
• Outage reporting: We give email alerts to our customers if there are any outages of the service.

Identity and authentication

• User authentication needed: Yes
• User authentication: 2-factor authentication
• Access restrictions in management interfaces and support channels: We restrict user access through a proven RBAC system (role based access control). Only allowed roles (and the users in those roles) have access to management interfaces and support channels.
• Access restriction testing frequency: At least every 6 months
• Management access authentication: 2-factor authentication

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Certified Quality Systems Ltd
• ISO/IEC 27001 accreditation date: 10/07/2020
• What the ISO/IEC 27001 doesn’t cover: We have other policies in place to cover the new GDPR regulations.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: Self-certified
• PCI DSS accreditation date: 01/01/2021
• What the PCI DSS doesn’t cover: Available on request.
• Other security certifications: Yes
• Any other security certifications: Cyber Essentials

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • CSA CCM version 3.0
  • ISO/IEC 27001
• Information security policies and processes: We follow quarterly internal audits to comply with both ISO 27001 and GDPR. We review security risks at least every 6 months, and whenever something changes, for example a supplier of cloud service changes. ; We have a fully audited and tested Information Security Management System which underpins our ISO27001 certification. The policies and procedures have been independently audited and practices are audited by external auditors. New staff are inducted into the ISMS when they start; other staff are regularly reminded about responsibilities and managers are required to ensure staff adhere to the policies. Staff are advised when policies are updated. We minimise the people in the company that have access to the live servers and live data, and have not had a security issue since inception (over 10 years ago). The senior management of the company owns the ISMS and the Information Security Management Representative delivers day-to-day management of the system. All staff are reminded they are individually responsible for security. The data security theme is delivered through staff meetings, training sessions, shared documents and via email. Risk assessments are carried out and the competency of the delivery of the ISMS is measured though internal auditing and management review.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: We execute code reviews before pushing any code to the live system, ensuring we are not adding any security vulnerabilities to the system. In addition, all changes are tracked through 'git' ensuring the ability to roll-back to previous versions and see all history of any file throughout the system. We also use continuous integration / continuous delivery. That means that the entire application is monitored constantly (every day) performing roughly 15,000 automated tests that are there to ensure all requirements are fulfilled through an evolving / improving codebase. We periodically perform analysis to address more sophisticated code base review processes.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: We have AWS SafeGuard service for real-time vulnerability monitoring. We also have a former GCHQ Head of Cyber as our security consultant who monitors for imminent threats or potential patches required. If there is evidence that a vulnerability is being exploited and could have an effect on our system, we deploy a patch immediately. If there is no evidence that a vulnerability is being actively exploited, we deploy a patch with the following time scales: ‘Critical’ patches deployed within hours, ‘Important’ patches deployed within 2 weeks , ‘Other’ patches deployed within 8 weeks.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: We identify potential breaches through monitoring applications such as newrelic or monit (which monitor the resources consumption on our nodes) and other monitoring tools. Should the reports be out of the ordinary we proceed in a rapid assessment of affected system logs. This can trigger an immediate halt to all activities on a detected/affected node after contacting all parties involved. This is done to avoid an escalation of a threat until further information is available. We respond within 1 to 2 hours from finding an incident.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: We have pre-defined procedures covered through our ISO 27001 certification manual that state the most common accident types and procedure for how to handle events including escalation and staff involvement. Users are free to report incidents mainly through emails or phone calls. When the incident is resolved we perform a post-mortem report within 72 hours for internal purposes and share the report with any affected clients. This report would include the reasons, the handling of the incident and what will be put in place to prevent it from happening again.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Pricing

• Price: £600 a person a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: We can build a proof of concept staging area for potential clients.

Service documents

• Pricing document

  ODT

• Service definition document

  PDF

• Terms and conditions

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ian@getlateral.com. Tell them what format you need. It will help if you say what assistive technology you use.