ECKOH UK LIMITED

Self-Service

A self-service platform for your customers to serve themselves, increasing their satisfaction, speeding up resolution and reducing calls into your contact centre. Customers can engage across IVR, chat, web or mobile, shifting seamlessly between channels. Visual IVR combines voice and data for handling more complex transactions.

Features

  • Enables customers to serve themselves
  • Enable customer interactions any place, anytime, anywhere
  • Reduce AHT
  • Flexibility; allowing to add solutions when you need them
  • Track customer journey through channels
  • Provide visual information to the customer
  • Works with contact channels such as live agent, chat etc
  • Allow IVRs or agents to send complex information

Benefits

  • Always open – 24x7x365 without the cost of live agents.
  • Saves agent time and money
  • A greater customer experience
  • Increase CSAT
  • Give consumers choice of channel
  • Faster, more efficient, in control, any time customer experience
  • Handle peaks of enquiries
  • Reduce waiting times
  • Improve agent efficiency
  • Extends the capabilities of traditional IVR solutions

Pricing

£0.05 to £0.35 per unit per minute

Service documents

G-Cloud 10

746991912114101

ECKOH UK LIMITED

Ross Sampson

01172 141 452

ross.sampson@eckoh.com

Service scope

Service scope
Software add-on or extension Yes
What software services is the service an extension to All of our Services in G-Cloud can be used together to improve the customer contact journey. Services that can be used together and extended are:

Natural Language IVR
Route Network IVR
IVR Pay Automated Payments
Self-Service Applications
Identification and Verification
CallGuard PCI-DSS agent payments
Cloud deployment model Private cloud
Service constraints NA
System requirements All calls need to be routed through the platform

User support

User support
Email or online ticketing support Email or online ticketing
Support response times We provide a 24/7 support desk for all clients and have standard processes in place for reporting any faults or issues with a service. Error Severity - Initial Response Goal -Target Fix Time
Serious (24/7 support) - 1 Hour - 4 Hours
Service Affecting - 8 Business Hours- 8 Business Hours
Minor - 48 Business Hours - 3 Months
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Onsite support
Support levels We do not provide a tiered support structure . All support is 24x7x365 and provided as standard within the cost of the service. We provide a technical account manager within the cost of the service.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started When users start using our service we will provide telephony end points for the buyer to route phone calls to. In addition to this we will ask the caller to complete a questionnaire to enable service setup.

The whole process will be outlined in a 'getting started' document. Users of the service will be provided with training material, and administrators can be trained online or on site.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction We will provide the buyer with an extract of management information collected during the course of the contract.
End-of-contract process Configuration data for the service can be provided at this point.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service All web-based self-service applications such as Visual IVR are designed to be responsive and work on both desktop and mobile devices providing full functionality.
Accessibility standards None or don’t know
Description of accessibility All accessibility features that are supported as standard within modern browsers are supported.
Accessibility testing No specific testing has been carried out.
API No
Customisation available Yes
Description of customisation Self-services applications are made up of pre-defined building blocks such as name and address capture, location capture, bank detail capture, defined logic (yes/no), date and time capture, and so on. 
These building blocks can be configured to work together, or as stand-alone applications and the business requirements dictate the level of configuration necessary for any service. Configuration points may include specific integration to business systems, prompting for users for the user journey, use of specific branding / voices / personas, data export, etc. 
In addition, where the application includes IVR, configuration will include telephony elements such as end-point destinations for calls to be transferred to.
The following elements can be made user configurable:
·         Syndications
·         Prompts for IVR
·         Customisable switches such as those to change the customer journey in emergency situations
·         Date and time switches, i.e. to change the customer journey for bank holidays 
All other configuration and changes must be made by us, this is especially true where self-serve application use speech recognition, are in scope for PCI DSS, or capture other sensitive data.

Scaling

Scaling
Independence of resources We manage our platforms and infrastructure using a range of KPI and OPI measurements including average and peak utilization across all components. Trend analyses and sales pipeline are used to ensure that sufficient capacity is maintained for BAU operations and exceptions. Our infrastructure is deployed in a scale up and scale out design allowing for additional capacity to be added without redesign.

Analytics

Analytics
Service usage metrics Yes
Metrics types For CallGuard Eckoh provides:
Total calls (Both inbound and outbound which can be split out)
Total minutes
Ang. duration
Attempted payments
Successful payments
Failed payments
Amount
Confirmations (email, sms)
Reporting types
  • Regular reports
  • Reports on request

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest Physical access control, complying with another standard
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Data export is carried out by us. We will provide access to an sFTP server for users to access exported data.
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection between networks We can also support https for data transit over public internet where this is required.
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability Our platform is built from highly resilient components and is spread across two geographically separate sites each providing resilient solutions for communications and power. As such the platform provides an availability figure of 99.9% availability per year.
Approach to resilience This information is available upon request.
Outage reporting If for any reason we experience an outage that affects the covered application it will be reported to the customer as soon as the agreed severity has been reached. The platform has built-in mechanisms for alerting both us and the client for any service affecting issue. Alerts can be issued via SNMP or email. Severe service affecting issues are managed by our support team. An internal outage report is created and this will be passed on by your Account Manager to an agreed customer contact list via an email and or phone.

Identity and authentication

Identity and authentication
User authentication needed No
Access restrictions in management interfaces and support channels Where required we use secure login, certificates and IP whitelisting to ensure access is restricted. All access is logged and auditable.
Access restriction testing frequency At least once a year
Management access authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for Between 6 months and 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for Between 6 months and 12 months
How long system logs are stored for Between 6 months and 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 The British Assessment Bureau
ISO/IEC 27001 accreditation date 23/09/2016
What the ISO/IEC 27001 doesn’t cover Nothing
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification Yes
Who accredited the PCI DSS certification Verizon
PCI DSS accreditation date 15/09/2017
What the PCI DSS doesn’t cover Our entire operation and all services supplied are covered by our PCI DSS certification.
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards Eckoh are PCI DSS Level 1
Information security policies and processes Security of information is pivotal to the successful operation of our business. We will protect these information assets and will do this in ways that are appropriate and cost effective. This will enable us to fulfil our responsibilities and to ensure that a high quality service can continue to be delivered to our clients, their customers and our staff. By maintaining this philosophy and practice we will retain our reputation as the leading provider of hosted self-service solutions in the UK. Responsibilities for information security management are shared between the following: • Board of Directors •Group Strategy Board • UK and US Performance Management Group • Security Group • Patching and Vulnerability Group • UK and US Data Protection & Security Working Groups Membership of these groups will be maintained by the Data Protection Officer and a committee structure.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Our continued compliance with PCI requires the following: A procedure for maintaining platform hardware assets A procedure for maintaining corporate hardware (PC and laptop) asset information. A procedure for maintaining licensed software asset information. Our Change Management Process is integral to this process. The IT Director is responsible for maintaining the PCI asset register. This covers hardware and software that is in scope for PCI compliance, including in-house developed payment services, and merchant account codes. PCI asset information related to in-house payment services is captured on Request for Change forms.
Vulnerability management type Supplier-defined controls
Vulnerability management approach We have a document that defines the standard procedure and timescale for managing security patches within the company. This includes definitions of: • the composition and role of our Patch and Vulnerability Group (PVG) • the role of senior management • the process of identifying identify newly discovered security vulnerabilities • a formal patch management life cycle process. This procedure applies to the management of security patches for our Windows and Linux platforms and to our network devices. Where applicable, the application of patches to our-hosted infrastructure is subject to agreed client change management and approval processes.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Monitoring computer systems and tracking user activity is a critical factor in protecting information security. Without effective monitoring, determining the source of security incidents would prove extremely difficult, and in such circumstances we would not be able to comply with other policies, industry standards or legal requirements. An incident is defined as an unplanned interruption to an IT or client service or reduction in quality of any service. The purpose of this policy is to define our principles and approach to incident management, resolution and longer term remedial action to minimise adverse impacts on business operations.
Incident management type Supplier-defined controls
Incident management approach We have a well defined policy that covers both network and information security incident management. Network incidents are those that reduce the quality or availability of IT services. Information security incidents are those which pose a threat to our information. Users can report incidents by email or phone. We follow a standard process for managing incidents from identification through impact assessment, reporting, fixing and testing to full resolution and RCA. RCA's are provided to clients via email within 5 working of incident closure.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £0.05 to £0.35 per unit per minute
Discount for educational organisations No
Free trial available No

Service documents

pdf document: Pricing document pdf document: Terms and conditions
Service documents
Return to top ↑