Sorriso Technologies Ltd

Sorriso Smart Suite

Sorriso Technologies delivers transactional B2C & B2B digital self-service:

-Statement, Bill, Payment, and Account Management
-Omni Channel Digital Experience: Online, mobile, email, chat, text
-GDPR Compliant
-Cloud-based or on premise
-Rapid, product-based deployment
-Easy integration to existing digital platform
-Eliminate paper, reduce call centre volumes, improve DSO

Features

  • Smart Bill: online/mobile responsive statements and bills
  • Smart Pay: online/mobile responsive PCI-DSS payments
  • Smart View: online/mobile responsive PDF document repository
  • Smart Bill for Business: complex bills, cost centre management, reporting
  • Sorriso Interactive Video: interactive, data-driven self service videos

Benefits

  • Eliminate cost of paper and postage
  • Reduce accounts receivable, accelerate payment
  • Reduce cost of call centre
  • Reduce cost of IT operations
  • Flexible and agile for change
  • Easily integrates within existing and legacy digital environments

Pricing

£1500 to £200000 per licence per quarter

  • Education pricing available

Service documents

G-Cloud 10

875637899667453

Sorriso Technologies Ltd

Glenn Stetson

44 3300 010457

glenn@sorrisotech.com

Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to Sorriso Smart Suite is a suite of capabilities that can be used as a fully integrated platform or as individual stand-alone services.
Cloud deployment model Private cloud
Service constraints None.
System requirements None as this will be a cloud-based service.

User support

User support
Email or online ticketing support Email or online ticketing
Support response times For Severity 1 issues, response will be within an hour 24X7. Lesser severity items are given up to 4 hours for a response during normal business days,
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 9 to 5 (UK time), 7 days a week
Web chat support Yes, at an extra cost
Web chat support availability 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard WCAG 2.0 A
Web chat accessibility testing Standard QA testing.
Onsite support Yes, at extra cost
Support levels Support Levels:
Gold - 24X7 support
Silver- Normal business hours, 5 days per week.
Support is included as part of our subscription pricing. Customers will have a dedicated account manager assigned to them.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started We provide onsite and online application training for new customers. Furthermore, we provide standard and customer-specific user documentation.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
  • Other
Other documentation formats
  • Power Point
  • Word
End-of-contract data extraction The database will be exported to the customer.
End-of-contract process Assuming that the customer stays with the standard product, our subscription pricing is all inclusive:

-set up of service
-implementation/data mapping
-launch support
-production support

. It is paid in advance quarterly.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Our software modules are mobile responsive.
Accessibility standards WCAG 2.0 A
Accessibility testing None at the moment but we have this on our roadmap with a future release.
API Yes
What users can and can't do using the API We have a full set up documented APIs that are accessible through our SDK. We can provide documentation on this.
API documentation Yes
API documentation formats Other
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Our standard application can be customized. This is done through our Solution Development Kit where custom use cases and integration points can be written, The changes can be implemented by Software Developers who have received our product training.

Scaling

Scaling
Independence of resources We size the cloud service to process data according to projected growth so there never is conflict or latency.

Analytics

Analytics
Service usage metrics Yes
Metrics types We integrate with Google analytics which provides you with a variety of application usage insights.
Reporting types Real-time dashboards

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations European Economic Area (EEA)
User control over data storage and processing locations Yes
Datacentre security standards Managed by a third party
Penetration testing frequency At least every 6 months
Penetration testing approach In-house
Protecting data at rest
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach The data export can be done a number of ways. Many customers download it through the application themselves into .CSV or XML files.
Data export formats
  • CSV
  • Other
Other data export formats XML
Data import formats
  • CSV
  • Other
Other data import formats XML

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks Private network or public sector network
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability Severity I:
(i) for Gold Support Level (ii) for Silver Support Level
(i) Within 1-2 hours, 7x24
(ii) Within 1-2 hours, Normal Business Hours
1 day
Severity II:
4 hours within Normal Business Hours
2 business days
Severity III:
6 hours within Normal Business Hours
3 business days
Severity IV:
8 hours within Normal Business Hours
4 business days unless strictly cosmetic, in which case up to 180 days

Penalties for not meeting SLAs will are negotiated on a case by case basis.
Approach to resilience Our data centre partner is Amazon AWS; their resiliency planning is well known and documented.
Outage reporting Our service never has outages, however if we did, email alerts could be triggered as well as a call from the account manager.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication 2-factor authentication
Access restrictions in management interfaces and support channels All management and support channels are restricted to authorized user profiles and protected by a Secure Access Markup Language (SAML) Identity Manager. All communications to these applications is via HTTPS using the TLS 1.2 protocol. If clients share a fixed IP address directly or via Network Address Translation, access can be configured and further restricted to just the authorized addresses.
Access restriction testing frequency At least every 6 months
Management access authentication 2-factor authentication

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for Between 6 months and 12 months
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification Yes
CSA STAR accreditation date 01/06/2018
CSA STAR certification level Level 1: CSA STAR Self-Assessment
What the CSA STAR doesn’t cover We will be accredited to Level I.
PCI certification Yes
Who accredited the PCI DSS certification PCI PA-DSS certification has been granted to software products.
PCI DSS accreditation date 31/03/2018
What the PCI DSS doesn’t cover We are fully covered.
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards
  • CSA CCM version 3.0
  • Other
Other security governance standards PCI-DSS
Information security policies and processes As part of our PCI-DSS certification process, we have appointed a Data Protection and a PCI and GPDR security administrator. These people have created internal training, processes and policies which are well documented.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach All changes are reviewed and tested by our security administrators; every release of software is penetration tested in-house.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach We monitor systems and subscribe to security bulletins from NIST and other organisations in order to maintain awareness of threats to the commercial software we use.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach All systems have extensive logging that are reviewed daily. Any potential compromise is treated as a Severity 1 Level issue and addressed immediately.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach We utilize industry leading case management tools to effectively track each case. Our customer support organization has an amazing customer satisfaction rating that is earned every day by providing fast, effective solutions and well defined processes.

Users can report incidents to their unique support contact via email, or our support page, SMS or phone 24x7. Incidents can be tracked via our support pages and regular updates from your Account Manager.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £1500 to £200000 per licence per quarter
Discount for educational organisations Yes
Free trial available No

Documents

Documents
Pricing document View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑