Digital Engagement Platform: Chatbot/Virtual Assistant, Live Chat & Messaging copy

Nuance’s Digital Engagement Platform is a market-leading Chatbot/Virtual Assistant, Live Chat/Messaging and Hybrid solution that integrates our conversational technology for web, mobile web, mobile
app, synchronous & asynchronous messaging and the Internet of Things, combining the best in self & assisted-service, delivering an integrated end-to-end digital engagement solution.


  • Highly intelligent VA understands complex inquiries and provides personalised responses
  • Most proven solution in the Enterprise market, leveraging advanced AI
  • Intuitive, automated and consistent customer experience across all digital channels
  • Advanced business rules: customers always served with the right experience
  • Sophisticated tooling for rapid optimisation, enabling more complex task handling
  • Seamless integration supports Live Chat/call routing to right agent group
  • Learning loop: Agent supports VA when it's handling unfamiliar requests
  • Synchronous and asynchronous messaging to meet every customer's needs
  • Open and expandable platform enabling third party integration
  • VA investments extend across channels, reducing total cost of ownership


  • Government: 33% call deflection
  • Government: 54% increase in call containment
  • Government: 25% increase in agent availability
  • Government: 90% decrease in agent escalation
  • Government: 42% decrease in Average Handling Time
  • Telecommunications: 25% reduction in online support costs
  • Financial: 75% First Contact Resolution
  • Utilities & Retail: 35% increase in self-service usage
  • Healthcare: 77% First Contact Resolution
  • Travel: 35% increase in self-service usage


£850000 per instance per year

Service documents


G-Cloud 11

Service ID

8 6 6 3 6 5 7 6 4 2 4 6 4 9 2



Carl Chandler-Mullins


Service scope

Service scope
Software add-on or extension No
Cloud deployment model Hybrid cloud
Service constraints Nuance Digital Engagement Platform complies with PCI-DSS 3.2 security standards. Any browser that doesn't comply with PCI DSS 3.2 security standards will not be able to communicate with the platform.

There are no hardware limitations.
System requirements Web access: Browsers compatible with PCI DSS standards for communications

User support

User support
Email or online ticketing support Email or online ticketing
Support response times SLAs based on incident severity (P1-P4). Nuance also discusses specific SLA expectations with customers during contracting.

Priority 1
Emergency: Software not working, Client unable to access/use functionality. Likely significant impact to Client's business without remedy.
-Response: Within 1 Hour
-Resolution (workaround): Within 4 hours
-Resolution (permanent) Within 1 Week

Priority 2
'Some' impact to Client's business
-Response: Within 4 Hours
-Resolution (workaround): Within 48 hours
-Resolution (permanent): Within 2 Weeks

Priority 3
Not critical/no data loss/Client can circumvent temporarily
-Response: Within 1 Day
-Resolution (workaround): Within 10 days
-Resolution (permanent): 30 days or next upgrade

Priority 4
-Minor problem/documentation error
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.1 AA or EN 301 549
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Yes, at extra cost
Support levels Nuance provides 24x7 hosted services monitoring and notifications, together with online and phone support. Our default availability is 99.9%, with issue severity levels and response times as defined in the provided contract templates. An escalation process will be provided or agreed at time of contract. We provide a Technical Account Manager to oversee the service.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Nuance has a well-defined deployment process, starting with kick-off meetings and on-site planning meetings to define detailed requirements for configuration in order to deliver the required business results. We provide full project management services throughout the deployment phase as well as optional on-site training.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction Data can be exported in open standards from the service toolset.
End-of-contract process Support with exporting data from the toolset is included. Any additional end of contract process can be included under the Time & Materials terms.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The mobile service can utilise speech recognition & speech generation, in addition to text. There is parity on all other mobile and desktop features.
Service interface Yes
Description of service interface The customer's browser loads the customer interface as a DIV layer on the website, dependent on targeting rules. Agents and Supervisors access the Agent Desktop via a compliant browser. Administrators can also access tooling via a compliant browser.
Accessibility standards WCAG 2.1 AA or EN 301 549
Accessibility testing Nuance seeks to make all its customer-facing content accessible to the public. In today’s world, there is an ever-increasing number of ways to access content across the many combinations of browsers, native applications, operating systems, device types, and screen readers. While Nuance works towards making its content accessible across any content delivery combination, our highest priority is to ensure there is always at least one fully accessible means for users with disabilities to access the content supported by Nuance Chat.

Nuance currently provides accessibility support for the following environments:

Desktop Devices
- Windows:
- Operating System: Microsoft Windows 10
- Browser: Internet Explorer 11
- Screen Reader: JAWS
- Mac
- Operating System: Apple Mac OS X
- Browser: Safari
- Screen Reader: VoiceOver

Mobile Devices:
- Apple iOS
- Device Type: Phone / Tablet
- Operating System: iOS (latest version)
- Browser: Safari
- Native iOS application
- Screen Reader: VoiceOver
- Google Android
- Device Type: Phone / Tablet
- Operating System: Android (latest version)
- Browser: Chrome
- Native Android Application
What users can and can't do using the API Users can access the following APIs:
- Agent Engagement API
- Agent Status API
- Customer Engagement API
- Invitation API
- Reporting API
- Data Collection API

We can also create bespoke API integrations, as required by the customer.

APIs provide programmatic access to the Digital Engagement Platform but are optional capabilities not required for the basic service to operate. Access and support will be provided by Nuance Professional Services. There are no limitations on how users can set up and make changes through the API.
API documentation Yes
API documentation formats PDF
API sandbox or test environment Yes
Customisation available Yes
Description of customisation All aspects of the service are customisable in response to the specific deployment requirements and optimised throughout the life of the service. Nuance provides a comprehensive set of graphical tools to allow Administrators to independently manage the service.


Independence of resources Platform components scale horizontally. Weekly scalability test is performed in a dedicated staging environment. Baseline is established for different key indicators of performance metrics while performing testing.

3 Platform tiers:

Comprised of tags & customer interface and executed in customer browsers. System resource requirements are spread across millions of individual systems, scaling is not an issue. These components communicate with components within the Real-Time tier.

Include stateless and stateful components and comprise of multiple "lightweight" servers. This enables "horizontal scaling" to support any practical possible volume.

Data Warehouse
Hadoop-based system. Scales by adding "lightweight" servers when needed.


Service usage metrics Yes
Metrics types Nuance provides a full set of over 100 service metrics, from high-level KPIs down to individual conversational metrics.

For example, the key KPI for the Virtual Assistant/Chatbot is First Contact Resolution (FCR) which includes deflected and channelled conversations, and also measures attempted FCR, which also includes escalated and abandoned conversations.

For Chat/Messaging, the key KPIs are Average Handling Time (AHT) and concurrency.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency Less than once a year
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest Other
Other data at rest protection approach Nuance uses different techniques and control measures to ensure the continued protection of client data at rest.

1. We use encryption (AES 256)
2. We have the ability to mask sensitive and PII data
3. We align ourselves to the access control related Annex's noted in ISO27001:2013
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach Data export is provided in the service toolset that is available to the Administrators. For reporting data, Nuance can also provide a daily batch process that can be used in external analytics tools.
Data export formats
  • CSV
  • Other
Other data export formats
  • UTD
  • JSON
Data import formats
  • CSV
  • Other
Other data import formats
  • UTD
  • JSON

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability Nuance provides a guaranteed level of availability of 99.9%.
Approach to resilience Documentation available upon request.
Outage reporting Nuance monitors hosted services 24 x 7 and outages will be notified by email to designated recipients.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Other
Other user authentication Users don't need to authenticate unless it is part of the solution design. Administrators do need to authenticate using username and password.
Access restrictions in management interfaces and support channels Administrators gain access using username and password. Different access levels can be set up depending on each Administrator's function, e.g. access to reporting and analytics only, versus publishing rights for platform content updates.
Access restriction testing frequency At least every 6 months
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification Yes
Who accredited the PCI DSS certification Attestation Of Compliance awarded following assessment by Intersec Worldwide.
PCI DSS accreditation date 08/01/2018
What the PCI DSS doesn’t cover Not covered in the PCI assessment or Attestation of Compliance.

1. Hosting Provider

2. Managed Services
a. System Security Services
b. IT Support
c. Physical Security
d. Terminal Management System

3. Payment Processing
a. POS/card present
b. MOTO/Call Centre
c. ATM
d. Other processing
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes Our Global Security Framework incorporates the following policy set:

1. Information Security Policy
2. Organisation of Information Security
3. Asset Management
4. Human Resource Security
5. Physical and Environmental Security
6. Access Control
7. Information Security Incident Management
8. Business Continuity Management

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach The service change/release management is a Dev Ops methodology where code is written and committed to version control and is built, deployed, tested and migrated through QA/Staging to Production.

The Pre-Release flow
1. Client requirement
2. QA/code review
3. Development
4. Integrated into release candidate
5. Release candidate: Manual and automated testing (including security testing)
6. Release candidate certified for release

The Production Release
1. QA notified of certified build
2. Build created/approved
3. Code deployed to a standby cluster
4. QA validates the build
5. Production change GO/NO GO
6. Release confirmed
7. Code deployed/release validation performed
8.Change complete
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach The Nuance information security team is responsible for the vulnerability management process. Perimeter scans and internal (trusted) scans for Nuance production infrastructure are undertaken periodically using industry-recognised toolsets. We use the CVSS score and PCI DSS guidance on vulnerabilities as a guide to determine the vulnerability severity and how that vulnerability rating applies regarding the environment. Once these have been defined we adopt the following remediations timescales.

1. Critical issues are addressed within 7 days
2. High-rated issues are addressed within 30 days
3. Medium-rated issues are addressed within 90 days
4. Low-rated issues are addressed within 120 days
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach We adopt a multi-layer security approach, using industry best practice standards and toolsets for network and service security. The communications infrastructure is protected by DMZs, Firewalls and IDS/IPS. All network components are monitored via our SIEM and Network Operations Centre (NOC) on a 24/7 basis.

All servers and network components are hardened to prevent unauthorised access. Firewall ports are reviewed and any unused ports are disabled. We segregate our VLANS with strict access control lists. System logs such as VPN and Firewall logs are reviewed periodically.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Nuance users must report privacy or security incidents by contacting an internal service desk. They can also contact the Security Operations Centre.

Nuance provides mandatory security incident training via an in-house training system to all its employees.

Nuance also provides FAQs to personnel who work in Information Security or support roles, describing incident-related use cases that need to be escalated to the Legal department.

Technical, system/service incidents or outages can be reported internally to the Networks Operations Centre.

All personnel directly involved in the incident are responsible for documenting and reporting all incidents within a relevant internal ticketing system.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No


Price £850000 per instance per year
Discount for educational organisations No
Free trial available No

Service documents

Return to top ↑