Cirrus SMS Codes provide a means for customers to provide a number to receive SMS messages for customer service and / or sales.
Long codes are numbers of equal length to standard UK mobile phone numbers. Short codes are 6 digit numbers that are more convenient for consumers to use.
- Short codes provide memorable five digit number to send replies
- Long and short codes provides choice of cost options
- Dedicated short codes will forward all responses to you
- You receive responses containing your keywords to your shared codes
- Elastic capacity, send and receive as many messages as required
- Provide an easy way for customers to contact you
- Empower customers to contact you day or night
- Capture customers’ mobile numbers to enhance future communication
- Improve service , offer SMS during contact centre busy times
- Offer customers more choice of channels
- Provide convenience of text-based communication for customers
- SMS Short codes are valid globally, consistency for international customers
- Short codes provide customers with a memorable contact number
- Provision short codes in seconds on our platform
- Increase contact centre efficiency by diverting contact from phones
£100 to £1800 per instance per month
0333 103 3440
|Email or online ticketing support||Email or online ticketing|
|Support response times||
Our standard business hours are 8:30am to 5:30pm, Monday to Friday (excluding bank holidays). Requests can be submitted via phone or email, as outlined in the Cirrus Ticket Logging section of the Service Definition document accompanying this listing. The team will endeavour to answer the call within 3 rings (9 seconds), and our email service level is 95% of emails responded to within 3 hours during business hours. All calls are recorded for training and monitoring purposes.
Cirrus services are supported 24 hours a day, 365 days a year for all service faults.
|User can manage status and priority of support tickets||Yes|
|Online ticketing support accessibility||WCAG 2.0 AAA|
|Phone support availability||24 hours, 7 days a week|
|Web chat support||Web chat|
|Web chat support availability||9 to 5 (UK time), 7 days a week|
|Web chat support accessibility standard||WCAG 2.0 AAA|
|Web chat accessibility testing||Cirrus has a number of existing customers with users who require assistive technology.|
|Onsite support||Yes, at extra cost|
Cirrus services are supported 24 hours a day, 365 days a year for all service faults.
For day to day support there are 3 levels of support customers can opt for;
• Fully Managed Service - 24/7
• Fully Managed Service – Business Hours
• 2nd Line Support – Business Hours.
Pricing is provided under the Cirrus Support Services for G Cloud 9 Service Listing.
You will be assigned a Service Delivery Manager, details of this can be found within the Service Definition document accompanying this listing.
|Support available to third parties||Yes|
Onboarding and offboarding
|Getting started||We provide a fully managed implementation service designed to migrate customers from legacy solutions to Cirrus. We have a unique training and knowledge transfer process, '30, 60, 90'. You can find more details in our Service Definition document accompanying this listing.|
|End-of-contract data extraction||
The customer will need to extract any customer generated statistics and data from the platform, all data not already transferred over to the customer will be transferred VIA SFTP to a nominated location. There is a per GB cost for the transfer, please refer to your pricing calculator for the transfer costs, Cirrus will confirm the file size once notice has been received.
All remaining customer data will be destroyed following a 28 day data extraction period.
Cirrus provides a simple and quick exit process for customers. Additional costs are related to data extraction, if there is any remaining data on the Cirrus platform.
Customers can give notice in accordance with the terms in the contract.
Using the service
|Web browser interface||Yes|
|Using the web interface||Full self-service management portal, allowing users to set up and control their services in real time.|
|Web interface accessibility standard||WCAG 2.0 AAA|
|Web interface accessibility testing||Cirrus has a number of existing customers with users who require assistive technology.|
|Command line interface||No|
|Independence of resources||Capacity is managed and customers are prevented from consuming an onerous amount of resource|
|Infrastructure or application metrics||Yes|
|Other metrics||Full event and web logs|
|Supplier type||Not a reseller|
|Staff security clearance||Conforms to BS7858:2012|
|Government security clearance||Up to Security Clearance (SC)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||No|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least every 6 months|
|Penetration testing approach||Another external penetration testing organisation|
|Protecting data at rest||Physical access control, complying with SSAE-16 / ISAE 3402|
|Data sanitisation process||Yes|
|Data sanitisation type||Hardware containing data is completely destroyed|
|Equipment disposal approach||Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001|
Backup and recovery
|Backup and recovery||Yes|
|What’s backed up||All service elements|
|Backup controls||Cirrus controls all back-ups. Data is replicated across our 3 datacentres at speeds of as little as 0.1 seconds.|
|Datacentre setup||Multiple datacentres with disaster recovery|
|Scheduling backups||Supplier controls the whole backup schedule|
|Backup recovery||Users can recover backups themselves, for example through a web interface|
|Data protection between buyer and supplier networks||
|Data protection within supplier network||
|Other protection within supplier network||Data is transited between data centres via private Ethernet backbone links.|
Availability and resilience
|Guaranteed availability||99.999%. We have a service level agreement in place and a service credit regime in the event that we do not meet or surpass or uptime metrics. You can find details of this in the Service Definition document accompanying this listing.|
|Approach to resilience||We have described our cloud architecture and how we set it up to achieve maximum resiliency for all of our customers in the Service Definition document accompanying this listing.|
|Outage reporting||Dashboards, Email, SMS and Voice IVR alerts where the circumstance require.|
Identity and authentication
|User authentication||Username or password|
|Access restrictions in management interfaces and support channels||Cirrus administers roles based access for all of our services.|
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||Username or password|
|Devices users manage the service through||Directly from any device which may also be used for normal business (for example web browsing or viewing external email)|
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||At least 12 months|
|Access to supplier activity audit information||Users have access to real-time audit information|
|How long supplier audit data is stored for||At least 12 months|
|How long system logs are stored for||At least 12 months|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||QMS International Ltd|
|ISO/IEC 27001 accreditation date||23/08/2016|
|What the ISO/IEC 27001 doesn’t cover||
Cirrus has implemented the following in relation to ISO27001:
1. Understanding business information security requirements and the need to establish policy and objectives for information security
2. Implementing and operating controls in the context of managing the Company’s overall business risk
3. Monitoring and reviewing the performance and effectiveness of the ISMS
4. Continual improvement based on objective measures
5. Communicate throughout the Company the importance of meeting all relevant statutory and regulatory requirements specifically related to its business activities
6. Ensuring that adequate resources are determined and provided to monitor and maintain the ISMS.
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Who accredited the PCI DSS certification||7safe|
|PCI DSS accreditation date||13/10/2017|
|What the PCI DSS doesn’t cover||
The following high-level controls are specified by the PCI DSS; responsibility is shown for each control within the Cirrus platform (Cirrus or Customer)
1. Install and maintain a firewall configuration to protect cardholder data. Responsibility: Cirrus
2. Do not use vendor-supplied defaults for system passwords and other security parameters. Responsibility: Cirrus
3. Protect stored cardholder data. Responsibility: Cirrus (note: Cirrus does not store cardholder data within its platform)
4. Encrypt transmission of cardholder data across open, public networks. Responsibility: Cirrus
5. Protect all systems against malware and regularly update antivirus software or programs. Responsibility: Cirrus
6. Develop and maintain secure systems and applications.
Responsibility: Customer and Cirrus
Note: If the customer has developed their own software applications which are part of their PCI scope then it is their responsibility.
7. Restrict access to cardholder data by business need to know. Responsibility: Cirrus
8. Identify and authenticate access to system components. Responsibility: Cirrus
9. Restrict physical access to cardholder data. Responsibility: Cirrus
10. Track and monitor all access to network resources and cardholder data. Responsibility: Cirrus
11. Regularly test security systems and processes. Responsibility: Cirrus
12. Maintain a policy that addresses information security for all personnel. Responsibility: Cirrus and Customer.
|Other security certifications||Yes|
|Any other security certifications||
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||ISO/IEC 27001|
|Information security policies and processes||
We are ISO 27001 accredited and we have information security policies and processes in place across the organisation. Our reporting structure is as follows;
1. The Directors have approved all processes and policies
2. Overall responsibility for Information Security rests with the ISMS Manager
3. 5. All employees or agents acting on the Company’s behalf have a duty to safeguard assets, including locations, hardware, software, systems or information, in their care and to report any suspected breach in security without delay, direct to the Operations Director and/or the ISMS Manager.
|Configuration and change management standard||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Configuration and change management approach||The configuration management processes are part of the overall Service Asset and Configuration Management process. Our Configuration Items (CIs) include hardware, software, people and formal documentation and the relevant information is managed throughout the lifecycle. The processes for doing this are clearly documented, for example Change Control processes.|
|Vulnerability management type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Vulnerability management approach||
The Cirrus network is monitored by Zabbix and PRTG software which collects various statistics from servers, applications, and devices.
• External vulnerability scans (frequency)
• Internal vulnerability scans
• External Penetration Test (frequency)
Quarterly. Penetration testing is conducted on the network perimeter and infrastructure, and websites used to host, process or transmit client Data.
• Internal Penetration Test
Our database is monitored and reviewed to determine required security related patches.
We use an industry accredited Anti-Virus, updates are minimum once daily.
|Protective monitoring type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Protective monitoring approach||The service is monitored 24 hours a day. Any potential compromises are immediately alerted via email and SMS to the security team. Response time and rates are specific to the nature of the potential compromise, for example, a user failing authentication 3 times in under 5 minutes would be treated differently to a user failing authentication 50 times in under 60 seconds.|
|Incident management type||Supplier-defined controls|
|Incident management approach||Cirrus has standard incident management procedures in place to ensure that we are able to restore a service as quickly as possible and to minimise adverse impact on business operations. Customers are able to raise an incident or service request by telephone or email. Queries to Cirrus Support are logged as cases within our support system and categorised according to Priority. Customers receive incident reports via email.|
|Approach to secure software development best practice||Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)|
Separation between users
|Virtualisation technology used to keep applications and users sharing the same infrastructure apart||No|
|Price||£100 to £1800 per instance per month|
|Discount for educational organisations||No|
|Free trial available||No|
|Pricing document||View uploaded document|
|Service definition document||View uploaded document|
|Terms and conditions document||View uploaded document|