Temple Interactive Media

Interactive Voice Response

Automated telephone call handling and IVR (Interactive Voice Response). Our systems are used for credit card payments, voicemail, voting and information services. Voice interface using telephone keypad or Speech Recognition to connect to databases and APIs. Call centre overflow and routing.


  • Secure Voice interface to access database and web API services
  • Real time PCI DSS credit card payment processing
  • Telephone keypad (DTMF) and Speech Recognition
  • Process 2000 landline and 10000 VOIP simultaneous calls
  • Secure web interface to manage Real Time Reporting and payments
  • Secure web interface for remote access setup and monitoring
  • 24 / 7 365 day support
  • UK based in High Security Tier 4 Hosting Centre
  • Fully audited by Deloitte and BBC
  • All hardware and servers owned and operated by Temple


  • Low cost access to high inbound capacity voice services
  • Remotely manage secure voice services
  • Automatically handle 2000 landline calls at the same time
  • Easily edit services such as voice messages and menus
  • Reduce PCI DSS compliance costs
  • Allow voice only access to database information
  • Allow voice credit card payments
  • Reduce call centre and line rental costs
  • Automatically handle 10,000 VOIP calls at the same time


£0.10 per transaction

Service documents


G-Cloud 11

Service ID

9 6 6 6 1 9 2 8 2 6 3 4 6 0 6


Temple Interactive Media

Tim Hayes



Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints The service is limited use on Temple Interactive Media private cloud IVR servers
System requirements
  • Service only runs on Temple Interactive Media IVR
  • Service design uses VoiceXML
  • Payment and Merchant data requires pre-authorization

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Within 24 hours
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels We offer two levels of support:- 1. General service support included at no additional charge Issues that may be disruptive, but do not require immediate response aim to be resolved the next working day. 2. Telecoms issues, calls / messages not being handled, engaged tones or service failure aim to resolve in 4 hours Live support Critical issues during a live TV broadcast. Ongoing real-time response and support Ongoing real-time response and support Ongoing real-time response and support. Cost from £500 per hour including network support engineers.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started We provide onsite training, online training and user documentation. We provide a development server environments allowing users to develop and test services before deploying to the live production environment. We provide full development of services therefore we can assist with questions and queries as to the design of services. We support the VoiceXML 2.0 services standard allowing users to build their own IVR services. We can also provide voice over artists for message prompts and menus. We offer full testing services from multiple phone networks including VOIP.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction Users can download their data at any time during the contract and for up to 2 years after the contract ends
End-of-contract process At the end of the contract the services will be disabled and data will be retained in line with EU GDPR. The are no termination fees or additional charges to store data on our systems in line with EU GDPR and Data Protection rules. Data will be at all times available to download during the contract and for up to two years following the termination of the contract.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service We have a mobile first web management interface. The mobile and desktop offer the same user functionality.
Service interface Yes
Description of service interface We have a service dashboard which allows users to manage call messages, call routing and access reporting on call statistics. Users can amend time of day messages, menu messages and download user voice mails.
Accessibility standards WCAG 2.1 AAA
Accessibility testing Our systems can be operated via a telephone interface. The telephone interface allows persons of limited or no sight to make changes to the service.
Customisation available Yes
Description of customisation Users can upload their own VoiceXML call plans and voice files

Users can customise their service via the web management interface

Access to the system is defined according to our privileges matrix therefore users will need to have completed appropriate training before they can customise the service


Independence of resources Our platform is used to provide shared high availability services to TV Broadcasters including the BBC. Our systems regularly operate under high load conditions and we have developed policies and procedures to manage high load events. Where users expect a particularly high response we have a Mass Event policy and we work with the networks to minimize any adverse effects. We can provide dedicated line capacity and dedicated IVR servers if required.


Service usage metrics Yes
Metrics types We provide metrics on number of lines used, call duration, maximum number of lines used, time of day usage, payments attempted, payments accepted, total payments, average payments all in real time.
Full caller CLI recording including unique ID, Caller ID, DNIS, DTMF entry, call start, call end, call duration can be downloaded.
Full payment informaton including unique ID, amount and reference can also be accessed. Access to payment card details is restricted according to PCI DSS.
Reporting types Real-time dashboards


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least every 6 months
Penetration testing approach In-house
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Users can download their data at any time via the web interface
Data export formats
  • CSV
  • Other
Other data export formats
  • Voice data - wav files
  • Call plans - VoiceXML
Data import formats Other
Other data import formats
  • Call plans VoiceXML
  • Voice files - wav files

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability We provide 99.9% availability in our SLA based on monthly billing period excluded planned outages Where we fail to provide the agreed level we offer credits on line rental equivalent to the time when the service failed to meet the availability standard.
Approach to resilience Due to security requirements this information available only on request.
Outage reporting A public dashboard and email alerts.

Any unplanned outages will be subject to an incident report in accordance with our Incident Management Policy Document available upon request

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
Access restrictions in management interfaces and support channels Access to the management systems is defined in our Information Security Policy in accordance with our privileges matrix. Access levels are defined on a need to know basis using role based access control. Access is limited according to role. Unrestricted access will only be granted to staff and persons with the prior approval of senior staff in exceptional circumstances. Exceptional circumstances include PCI Audits or Criminal Investigations. No other unrestricted access is permitted or will be granted. Access will be terminated according to the Information Security Policy on movers and leavers
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification Yes
Who accredited the PCI DSS certification Self Assessed
PCI DSS accreditation date 01/09/2017
What the PCI DSS doesn’t cover Payment card issuer requirements
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards
  • CSA CCM version 3.0
  • Other
Other security governance standards PCI DSS
Information security policies and processes We have an information security policy which clearly outlines who is responsible for each action and how incidents can and should be escalated in the organization. All staff members are fully trained and kept up to date with security policies and are award that failure to comply is considered a serious disciplinary offence which may result in immediate dismissal. Our policies include Data Protection, Acceptable Use, Asset Control, Audit, Change Control, Access,Inventory Cryptographic Controls, Incident,Logical Access,Malicious Software, Operational, Password, Penetration Testing, Firewall,Physical Security, Privileges, Risk, Security Management, Security Patch, Software Development, Staff Selection, Systems, User Privilege,Linux Configuration, Security Management, Linux Hardening. Copies of these documents are available on request.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach We have configuration documents for our servers including Linux Hardening and Linux Server Configuration documents. We have Change Management Control Procedures document which outlines how changes are made to our systems. We can provide details of both documents on request. In summary our Change Management requires an impact assessment, prohibits changes that impact security, testing of any change before deployment and back-out procedures.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach We have a Malicious Software Vulnerability Management policy document that details the use of anti-virus software and detecting and removing malicious software. We have remote access logging to record and generate logs. We use reputable outside sources not just the software vendor including new security alerts internally from rkhunter reports and externally via https://www.uscert.gov/ncas/alerts and http://www.centos.org
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach We have a Security Management Matrix that defines the roles and responsibilities of staff in the monitoring of our systems to identify potential compromises. This includes monitoring and analyzing security alerts and distributing information to appropriate information security and business unit management personnel, creating and distributing security incident response and escalation procedures. When a potential compromise is identified we have an Incident Response Plan that classifies the incident from 1 to 4 and outlines the correct procedure. The speed of response will depend on classification e.g. threat to life will warrant immediate response
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach We have an incident response plan with pre-defined processes. The incident will be categorized into the highest applicable level of one of the following categories: 1. Category one - A threat to public safety or life. 2. Category two - A threat to sensitive data –including Credit Card or Financial Information 3. Category three - A threat to computer systems 4. Category four - A disruption of services The person who discovers the incident will call the Temple head office The incident report will be distributed to all affected stakeholders and external agencies (e.g. Police)

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No


Price £0.10 per transaction
Discount for educational organisations No
Free trial available No

Service documents

Return to top ↑