EBI.AI

Lobster AI Communications

Lobster is a platform for deploying natural language AI assistants to your customers and team. Using Natural Language Processing technology Lobster understands queries and provides resolutions by integrating with business systems including CRM and knowledge bases. Lobster AI assistants are deployed to web, mobile, apps, telephony and smart home devices.

Features

• Multichannel AI assistants: web, mobile, apps, telephony, smart home devices
• Multilingual voice: can listen and reply to over 17 languages
• Technology agnostic: built to use the best NLP technology available
• Annually penetration tested and built using Enterprise grade security practices
• Lobster Reef: agent user interface
• Lobster Messenger: a customisable web UI
• Pre-built reporting dashboard to monitor usage
• Flexible integration framework: integrate with virtually any business system
• Multilingual chat , read and write in over 100 languages
• Live chat: hand over from AI assistant to agent

Benefits

• Answer user queries 24/7/365
• Free up busy customer service agents
• Faster responses for users
• Never sick, late or on holiday
• Can answer thousands of queries simultaneously
• Gives users access to more information than previously possible
• Provides insights into current needs and requirements of users
• Can assist agents to answer resident queries more accurately

£1,000 a licence a month

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Framework

G-Cloud 12

Service ID

750374390844397

Contact

Abbie Heslop
01926 623303
abbie@ebi.ai

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Standalone service but often integrated with the following: ; Livechat/webchat; Contact Centre as a Service (CCaaS) and Unified Communications as a Service (UCaaS) systems
• Cloud deployment model: Public cloud
• Service constraints: N/a
• System requirements:
  • An internet connection
  • Access to a supported modern browser

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Response times are as follows:; Severity 1 : 4 hours (Outage/ Service Unavailable); Severity 2 : 6 hours (Service operational, significant business impact); Severity 3 : Best endeavours (Service operational, minor business impact)
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 A
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Support is provided Monday to Friday between the hours of 8am and 6pm. SLA times are business hours. ; ; Platform availability: 99% uptime of the platform in a calendar month. Service credit for non-performance is 10% credit of usage fees in the month following non-performance. ; ; Issues can be escalated to the account manager through governance monthly, quarterly and annual management meetings.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: EBI.AI deliver a fully managed service. This means, we will create, train, deploy and maintain your AI assistant on the Lobster platform. Typically it is not usually necessary to provide onsite training in order to adopt an AI assistant on Lobster.
• Service documentation: No
• End-of-contract data extraction: Extracts of data will be available upon end of contract. 90 days of extracts will be maintained in S3 for the client to download and backup as they wish.
• End-of-contract process: Once notice to terminate a contract has been received, EBI.AI will assist in the migration of data from Lobster to the client at contract end. There is no additional cost for this service.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: AI assistants on Lobster can be integrated into both mobile and desktop browsers, the client's own apps or portals and messenger applications like Facebook messenger.
• Service interface: Yes
• Description of service interface: A service portal is provided with access to service performance data and configuration for authorised users. Configuration options include the creation and maintenance of content used in Lobster AI Assistants.
• Accessibility standards: None or don’t know
• Description of accessibility: Our service portal aims to meet the WCAG 2.1 AA standard but has yet to be tested by an independent third party.
• Accessibility testing: No testing of assistive technology has been carried out against our service portal.
• API: No
• Customisation available: Yes
• Description of customisation: All of the following items can be customised: ; ; 1) The persona of the AI assistant; 2) The look and feel of the AI assistant; 3) The channels where users can speak and write to the AI assistant; 4) The types of queries that the AI assistant can understand; 5) The answers to user queries; 6) Add custom integrations into business systems to enable the AI assistant to perform actions.; ; Most customisations are configured by the EBI.AI team in consultation with the client during set-up.

Scaling

• Independence of resources: Our platform design eliminates bottlenecks and single points of failure. The service responds to increases and decreases in demand through automatic scaling to ensure that users are not impacted during high volume periods.

Analytics

• Service usage metrics: Yes
• Metrics types: Service usage metrics are provided via dashboards, which includes the total number of conversations handled by the AI assistant, broken down by topic area. In addition those customers who purchase AI supervision also receive monthly reports detailing the total number of conversations the AI assistant has with users, the total number of supported conversations and the total number which were successfully resolved.
• Reporting types:
  • Real-time dashboards
  • Regular reports

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2012
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Data exports are requested by clients through a support request and delivered securely to a location agreed with the client.
• Data export formats: Other
• Other data export formats: Javascript Object Notation (JSON)
• Data import formats: Other

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Platform availability: 99% uptime of the platform in a calendar month. Service credit for non-performance is 10% credit of usage fees in the month following non-performance.
• Approach to resilience: Our platform design eliminates single points of failure by ensuring that redundancy is built into each layer. All service and data layer components are deployed at at least two independent physical locations and a comprehensive backup strategy provides an RTO of 4 hours and RPO of 1 hour in the event of a complete loss of service.
• Outage reporting: Clients are made aware of service disruption via email. Monthly service performance reports are provided to clients detailing our service uptime, outages and root cause analysis details.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: Users are required to authenticate using two factor authentication. ; ; Role based authorisation is used to control the features and data that a user can access.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Other security certifications: Yes
• Any other security certifications: Cyber Essentials Plus

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: Cyber Essentials Plus
• Information security policies and processes: A comprehensive set of policies applicable to all employees, contractors and third-party suppliers is in place including security, data protection and GDPR. All parties are required to confirm they have read and understood these policies on an annual basis and following changes. ; ; Policies are reviewed on an annual basis, quarterly security audits are carried out to ensure compliance with policies and an annual audit is carried each year by an independent third party.; ; An Information Security Team consisting of senior staff members have responsibility for maintaining adequate records, maintaining and enforcing information security policies and responding to security incidents. The Information Security Team report directly to the Managing Director.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Components of the service are tracked through their lifetime via source control, auditable deployments and configuration changes.; ; All changes are raised as tickets with a clear definition of the purpose, acceptance criteria and proposed design. Changes are assessed for security impact against a predefined criteria and reviewed by a Change Advisory Board.; ; All changes to source code undergo a peer review process by a developer not involved in the changes and must relate to an approved change.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: - Patch management policy with timescales for the application of patches (Critical: As soon as possible, High & Medium: 14 Days, Others: 60 Days); - Automated vulnerability scanning; - Annual penetration testing ; - Endpoint protection and active monitoring of security threats; - Security impact assessments carried as part of change management; ; Information regarding security threats is obtained through the NIST Vulnerability Database and provider alerts and notices such Microsoft, IBM and Amazon AWS.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Protective monitoring measures include:; ; - Active endpoint protection with automatic blocking of malicious access attempts; - Access logging, monitoring and alerting of anomalous activity; - Audit logging, monitoring and alerting of security events; - System resource logging, monitoring and alerting of anomalous load; ; Security incidents are responded to immediately upon reporting and follow the process detailed in our security incident reporting and management procedure. High level process is:; ; - Evaluate scope and severity; - Identify and action emergency remediation; - Issue stakeholder communication; - Identify and action interim remediation; - Complete root cause analysis; - Communicate RCA and next steps
• Incident management type: Supplier-defined controls
• Incident management approach: Incident management is covered in our security incident policy and security incident reporting and management procedure. The policy states that all breaches and queries regarding potential security incidents should be reported to the information security team. ; ; The reporting and management procedure details the process and responsibilities of staff members, information security team and company directors.; ; All security incidents are logged on the security incident log as part of the reporting and management process by the information security team first point of contact. Security incident reports are provided by email to our clients.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Pricing

• Price: £1,000 a licence a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF