Communication-STEM Ltd

Contact Centre as a Service for Healthcare

Provides flexibility to deploy new or enhance an existing hardware estate moving telephony intelligence into the cloud, reducing your exposure to cost and risk through continuing to operate site-based systems through the cloud. Offers more flexible contact arrangements for patients and employees, offering in-built business continuity and improved customer interaction.

Features

• Inbound & outbound call management
• Support new or existing numbers (via porting)
• Desk phone, softphone or mobile device
• Network Queuing with messaging, break out & call back
• Multiple layers of call routing e.g. primary, secondary, tertiary, overflow
• Call Recording - secure processing, storage and access
• Wallboards & reporting - including QR8
• Instant Messaging, Video & SMS
• Conference Service & Broadcast

Benefits

• Retain existing hardware investment - adopt an overlay approach
• Replace and become hardware / site independent
• In-built continuity and if needed, disaster recovery
• Secure capture, storage and authorised access to processed data
• Work base, home, mobile working with no operational change
• Centralised accounting - freedom to work remotely using existing infrastructure
• Securely take patient calls on any phone at any time
• Collaborate with geographically spread locations
• HSCN connectivity for access to processed & secured data

£10 to £45 a licence a month

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at andrea.le.velle@c-stem.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

155086591044114

Contact

Andrea le Velle
0345 241 0000
andrea.le.velle@c-stem.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Private cloud
  • Hybrid cloud
• Service constraints: It is hardware agnostic
• System requirements:
  • PC, web browser enabled device or IP / desk phone
  • High speed internet access
  • Transferable number ranges
  • Softphone is Windows only

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: M-F 9 to 5:30 Priority 1 response within 30 minutes and resolution within 1 hour Priority 2 response within 30 minutes and resolution within 2 hours Priority 3 response within 60 minutes and resolution within 4 hours Priority 4 response within 90 minutes and resolution within 8 hours Out-of-hours Priority 1 response within 30 minutes and resolution within 1 hour Priority 2 response within 60 minutes and resolution within 2 hours Priority 3 response beginning next working day and resolution within 4 hours Priority 4 response beginning next working day and resolution within 8 hours
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Normal business hours support to all customers included within service charges. Out-of-hours support available at an additional charge (supported by SLA). Account Management and Service Management available dependent on scope of service contract.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Remote training, user guides, video training sessions and on site training sessions.
• Service documentation: Yes
• Documentation formats:
  • PDF
  • Other
• Other documentation formats: Training video material
• End-of-contract data extraction: Processed data is available via encrypted / removable media, or, via SFTP to designated customer device(s).
• End-of-contract process: Transfer of processed data, decommissioning of user credentials, deactivation of call plans and user accounts, deletion of processed data once safe receipt confirmed.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: Yes
• Compatible operating systems: Windows
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Desktop service is browser based and requires no application download. Mobile users can access via their browser (no download required), or, utilise a Mobile App (which requires FOC download). Softphone users require download and is only available for Windows.
• Service interface: No
• User support accessibility: None or don’t know
• API: No
• Customisation available: Yes
• Description of customisation: Messaging, call routing, call queuing, call delivery plans, service credentials and access rights can all be customised.

Scaling

• Independence of resources: Multiple network locations supporting interconnects with multiple carriers. Rigorous capacity planning and real-time replication.

Analytics

• Service usage metrics: Yes
• Metrics types: Full range of reports via Management Information System (MIS) access - both preformatted and bespoke.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Babble Cloud

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: For special category data customers can export over HSCN. Management Information System (MIS) access (username, password & PIN controlled) available for download of consolidated daily / weekly data.
• Data export formats:
  • CSV
  • Other
• Other data export formats: MP3
• Data import formats: Other
• Other data import formats: Excel

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: System Availability 99.999%, Network Quality 99.90%, Web Availability 99.90%.
• Approach to resilience: System architecture available upon request.
• Outage reporting: Email, voice and SMS.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: Established on a per user basis. Authorised Contact List - agreed with every customer determines who is authorised for access and at what level.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users receive audit information on a regular basis
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users receive audit information on a regular basis
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 23/11/2018
• What the ISO/IEC 27001 doesn’t cover: Hosting locations managed by Third Parties and operated to CNI standards.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: Data Security & Protection Assessment (annual)

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Security & Governance Review Team (management team representation) reviews information security performance, policies and procedures on a monthly basis. Policies, processes and procedures are audited by BSI as part of the ISO27001 certification process - annual audit with 3-year recertification cycle. Policies, processes and procedures are subject to internal audit in preparation for annual BSI certification audits.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All change requests are created, reviewed and approved / rejected on Salesforce, with an audit trail for checking once approved changes have been completed. Change requests are assessed for risk, impact and feasibility.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Regular vulnerability & penetration testing is carried out. All system and user device software updates/patches are applied immediately they become available. Registration with the ICO provides a source of advice and new alerts/guidance relating to information security
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Alerts / notifications from system monitoring (service and user related). Internal event log monitoring internal system access. Incident Management process defines the process for isolating, reporting, investigating, reinstatement or operational service and the resolution of any recommendations / mandatory actions.
• Incident management type: Supplier-defined controls
• Incident management approach: Incident Management Policy - audited by BSO as part of ISO27001 certification. All incidents raised on Salesforce and tracked through to closure. Incident Log maintained and reviewed at Security & Governance Review Team.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: Yes
• Connected networks: Health and Social Care Network (HSCN)

Social Value

• Social Value:

  Social Value

  Fighting climate change

  Fighting climate change

  Climate change presents an existential threat to businesses in all sectors and geographies. Stakeholders are progressively demanding that businesses respond to the risks associated with climate change and responsive strategic planning should be embedded into business plans and decision-making processes. Response is also increasingly becoming a legal obligation. Babble takes these threats and obligations seriously is is committed to mitigating the effects of our own business operations on the climate. This is outlines in Babble's Climate Change Migration and Adaptation Policy which includes:- a) How Babble plans to play its part in mitigating the effects of climate change through addressing our own emissions and the emissions of our value chain b) How Babble will go about assessing the physical, transitional and and financial risks assassinated with climate change insofar as they relate to our own operations and value chain c) How Babble plans to mitigate and adapt its business operations in response to these risks, in order to be ready for the challenges that climate change presents.

Pricing

• Price: £10 to £45 a licence a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at andrea.le.velle@c-stem.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.