MRI Software Limited

MRI Customer Central

MRI Customer Central, a purpose-built, SaaS, Customer Relationship Management CRM solution to record your customer contacts and cases. CRM 360 customer dashboard presents key information from complementing MRI solutions, streamlining contact and case management. Identify and manage customer engagement across your unified communications platform, targeting services whilst achieving digital transformation.

Features

• Dashboards enables 360 view of your customers.
• Case Management, you define your own action plan templates.
• Monitor target dates and service level agreements.
• Track contacts and cases, full visibility of all notes.
• Record and instigate customer engagement based on customer interactions.
• Out the box mobile responsive CRM solution, reduced configuration.
• Record contact outcomes, customer satisfaction and engagement.
• Use in call centres, use for surveys or questionnaires.
• Helps comply with housing ombudsman 2 stage complaints
• Seamless links to other MRI housing and property solutions

Benefits

• Prioritise all tasks to ensure efficiency, consistency and compliance.
• Reduces time spent finding information enabling more meaningful contacts.
• Enhanced customer experience as key information is shared.
• Developed in partnership ensuring effective, efficient and compliant services.
• Track actions across cases to ensure targets are achieved.
• Out of the box CRM solution to enable quick adoption.
• Minimal training requirements for implementation and end users.
• Customer validation ensures customers data is kept safe.
• Deliver your service on your estates and customers homes.
• Helps comply with regulatory consumer standards

£0 an instance a year

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@mrisoftware.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

160835864761124

Contact

Claire Brown
020 3861 7100
tenders@mrisoftware.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: The solution only requires an internet connection and a device that supports the latest browsers. Any planned maintenance will be completed (where possible) outside of core office hours and customers will be notified in advance.
• System requirements:
  • Latest internet browsers
  • Internet connection

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Email or online ticketing support Yes Support response times MRI’s Global Client Support group will make every reasonable effort to ensure that submitted cases are assigned the proper level of Severity. Submitted cases will be responded to in the order in which they are received, with consideration given for higher Severity levels. Response Time is the time it takes before a Global Client Support agent makes initial contact with the individual who submitted case. Standard Service: Normal Priority - 6 Hours, Serious Priority - 3 hours, Critical Priority - Live Call Only
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: We include support within our annual fee. Support includes a named Account Manager and a Client Support Helpdesk. The Client Support Helpdesk also serves as the contact for all cloud support requests for trained users. Cases and incidents can be recorded and viewed in the client portal on a 24/7 basis. The Portal provides clients with information on support cases, regardless of whether a call is logged via a phone call or via the portal. We categorize our priority levels as:Normal - An area of core functionality is generating errors but this is not preventing the Client from performing day to day use of the Software. A workaround may be available.Serious - The production system is able to run core processes but other functionality is significantly impaired. Client’s ability to carry out day to day use of the Software is severely impacted. There is no reasonably acceptable workaround.Critical - The production system is significantly impaired with core functionality essentially unavailable. Client’s day to day use of the software is severely impacted. There is no available workaround. Response time targets: Critical Priority-Live call Serious Priority-3 hours Normal Priority-6 hours
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Users and administrators have the flexibility to customise configuration options to suit their needs without the need for development work. Configuration options vary across solutions but commonly include:; Adding or removing users; Modifying user access permissions; Editing menu and field terminology; Defining field rules like mandatory or unique fields; Configuring default screen layouts and sort orders; Creating or editing reports; Establishing or modifying workflows; Adjusting dashboard SLA/KPI metrics
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: We provide a backup of data. However, If clients want the data in a more easily accessible format, they can extract it themselves or purchase Services from us to do that. We enter into a formal decommissioning plan at end of the contract. Data will be retained in the backup for up to 12 months after termination unless otherwise requested. If there are specific arrangements which clients required for offboarding in addition to our standard service we will be happy to discuss this further.
• End-of-contract process: We have an established exit management process in place to retire clients. The aim would be to work closely with the client to enable a smooth and secure transition during exit so the process covers both transactional wind-down and data migration. Note that following termination, the client would as standard have no further access to the solution, or their historical data. Prior to that point, the client will be able to save details of their transactions/data from the system in accordance with the offboarding provisions.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Our solutions are mobile responsive to render differently depending on the device used to login. The only difference between the desktop and mobile service is the screen size (optimised to ensure everything still fits on the screen in the mobile service).
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: The application user interfaces are designed with untrained users in mind and provide a consistent approach to usability for all. We observe all usability standards and design for ease of use. We are committed to providing a website that is accessible to the widest possible audience, regardless of technology or ability. We strive to meet level AA of the latest World Wide Web Consortium (W3C) Web Content Accessibility Guidelines
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: We are committed to providing solutions that are accessible to the widest possible audience and in the past have tested our solution with tools such as Windows Narrator and JAWS screen reader.
• API: Yes
• What users can and can't do using the API: APIs are available to integrate with third party systems (such as Housing Management Systems, Choice based Letting and Housing Registers) . This API will send customer details across to the 3rd party solution with the aim to create a customer on that 3rd party solution. We will work with the 3rd party provider to ensure they can receive our API call and that they have fields for all the data being sent. If a customer would like to use an API they will get in touch with their implementation manager to discuss how they would like to use the API and what system they would like to integrate. Services to deliver the APIs will be chargeable at the daily rates.
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: Users and administrators have the flexibility to customise configuration options to suit their needs without the need for development work. Configuration options vary across solutions but commonly include:; Adding or removing users; Modifying user access permissions; Editing menu and field terminology; Defining field rules like mandatory or unique fields; Configuring default screen layouts and sort orders; Creating or editing reports; Establishing or modifying workflows; Adjusting dashboard SLA/KPI metrics

Scaling

• Independence of resources: As the volume of work grows, We may need additional resources to maintain the performance levels and satisfy SLAs. We use Azures Load Balancer that delivers high availability and network performance. It is a Layer 4 (TCP, UDP) load balancer that distributes incoming traffic among healthy instances of services defined in a load-balanced set.

Analytics

• Service usage metrics: Yes
• Metrics types: The client can build their own custom reports using the reporting tool within the solution, reports can be generated using any fields. Reports include reports to support organisation management, how many cases each officer is handling and how these cases are progressing. Reporting to show how successful the prevention and relief service is being managed within the Local Authority.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: Less than once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest: Other
• Other data at rest protection approach: Our SQL databases are encrypted at rest using transparent data encryption. Physical access control, inline with ISO27001
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: If a customer requires an export of their data they can use the intuitive inbuilt report builder that allows CSV files to be created from any field found within the solution. If a more robust or detailed report is required, this can be requested but will incur a charge depending on the complexity of the report.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • PDF
  • PNG
  • HTML
  • .xls
  • .xlsx
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • .xls
  • .xlsx

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Other
• Other protection between networks: Our SQL databases are encrypted at rest using transparent data encryption. All connections to Azure SQL databases require encryption via SSL/TLS while data is in transit. This is configured by Microsoft via their Azure platform.
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: All developers and testers test against OWASP top 10 security vulnerabilities. In addition to this, automated web application security testing is carried out during the development, release and life cycle of the product. A full network penetration test against all live sites and firewalls is carried out annually, as well as a full web application assessment penetration test during the development and release of the product.

Availability and resilience

• Guaranteed availability: We use commercially reasonable efforts to ensure availability twenty -four (24) hours a day, seven (7) days a week, except for: (a) planned downtime (of which we provide adequate notice and will schedule to the extent practicable during the weekend hours), or (b) any unavailability caused by circumstances beyond our reasonable control, including without limitation, Force Majeure events or internet service provider failures or delays.
• Approach to resilience: Available on request.
• Outage reporting: Our Azure infrastructure ensures the availability of our data and services to a 99.9% uptime SLA and this includes three ready-to-run copies of our Azure infrastructure, two in one location and one in a separate geographical location. Recovery timescale therefore is not applicable as both geographical locations would have to be unavailable for users to notice an outage. Our data exists as multiple redundant copied with the primary set in Dublin. Azure monitoring is delivered by Status Cake uptime alerting which is instantaneous. New Relic error alerting is used for Web Site alerting which is also instantaneous. These layers are in addition to the standard Service alerting in Azure. These services all alert 24/7/365. Any users that are affected by an outage will be emailed in a reasonable time.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: All users have a unique username and password to ensure only authorised users are accessing the solution. Further restrictions can be put in place including an IP whitelist ensuring only approve IP addresses can access the system.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 16/12/2022
• What the ISO/IEC 27001 doesn’t cover: This ISMS is specific to the scope described on the certificate.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: All staff are issued with our security policy when they join and confirm that they understand and will adhere to this. Our security policy is supported by processes and procedures such as our data breach reporting, new starters and leavers procedures. Our software development process incorporate privacy by design with security at the heart of everything that we do. All staff are trained on our security processes when they join and have regular refresher training. Our policies and processes are regularly reviewed by our operations managers and the outputs of these reviews are, in turn, reviewed with senior management. The focus of these reviews are the performance and ongoing applicability of our security quality management system.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Implementation is managed according to a pre-defined process. Change log items are identified early in the implementation process. These are assessed for size and impact to determine if the change will be done, won't be done (notwithstanding the customer may disagree) or might be done as an additional cost item. If the change falls outside (or it is not clear) of the existing DPIA for the software then the change will be assessed by the dedicated Data Compliance Manager. Once agreed changes are built, tested and accepted as would be the case for core functionality.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Regular internal risk assessments, scheduled audit, penetration testing (internal and external) and market best practice bench marking. Subject to QA patch release process, patches are released as soon as available.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Azure monitoring is delivered by Status Cake uptime alerting which is instantaneous. New Relic error alerting is used for Web Site alerting which is also instantaneous. These layers are in addition to the standard Service alerting in Azure. These services all alert 24/7/365.
• Incident management type: Supplier-defined controls
• Incident management approach: Our support Help Desk includes first, second and third line support based and will acknowledge and respond to your incident within one working day. Should our first line support team not be able to resolve your issue at first point of contact, it will be categorised, prioritised and passed to our second or third line support teams.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  MRI is committed to managing environmental risks that are material to our business and to reducing our carbon footprint by enhancing the energy efficiency of our operations and reducing the amount of waste that our company produces. We do this by utilising some of our own solutions with sensors in our own offices to assess our space utilization, energy usage and setting a reduction plan. ; ; As well as improving our own position, we also look at ways to help our clients work towards using services that have less impact on our planet’s scarce resources. A good example is HomeSwapper, our

  Covid-19 recovery

  We have fully embraced hybrid working and have recently formalised our flexible working model and different types of flexibility offered to all employees. We believe flexible working benefits our employees and the business. Our solutions available on this framework are all available remotely allowing our clients employees, users and contractors as applicable to work from any location in accordance with your approved working practices to allow flexibility

  Tackling economic inequality

  Our employees are all contracted and salaried fairly, in line with the Living Wage standards. All of our employees are paid at least the minimum rates as stated under the current Living Wage. We do not employ anyone on zero hours contracts and have a strong commitment to regularly review salaries in line with our appraisal process. We have a number of apprentices in the business who we are supporting to complete degree level qualifications, who all receive above the apprentice minimum wage. We also offer a comprehensive benefits package for all our staff, which includes health and wellbeing support and access to private health care.

  Equal opportunity

  We work hard to ensure our employees have a voice. Our business has various committees in place, such as a Diversity, Equity and Inclusion Committee and Employee Resource Groups, such as Women & Allies and LGBTQIA+, which help us understand how employees feel about working at MRI and help us drive forward inclusive events. We have also very recently launched our first ERG – employee resource group for Women and Allies. As a business with over 250 employees in the UK we are required to produce a Gender Pay Gap report. We very much welcome this initiative and our reports are available publically on our website. This report shows the impact we have on reducing our Gender Pay Gap and also highlights the many initiatives we have underway to further reduce our gap. This includes the development of our Flexible Working and Inclusive Policies initiatives, educating our People, People Managers and Business Leaders and working with external partners to attract a diverse staffbase.

  Wellbeing

  Work hard, play hard. From the day we opened our doors, we set out to build flexible, game-changing solutions that would make people's lives better. We do this by providing our clients with solutions that enable them to provide better places to live, work, and do business. The only way to carry out that mission is to hire the best employees and keep them. We are dedicated to creating a working environment which supports and develops our staff. Some of the benefits that we offer are: Gym reimbursements, Medical assistance, including mental health tools, Flexible working opportunities, including hybrid working Employee engagement is key to MRI's success and we hold quarterly spirit weeks to both connect and enthuse our teams globally. These weeks are themed and where staff are encouraged to learn about different topics or take part in activities that they might not typically have time for. These include fitness sessions, cooking sessions, engagement with families for those working from home or targeting one big event where we can globally feel like we are one team with the same goal. We also carry out bi-annual employee engagement surveys to ensure employees can express their views.

Pricing

• Price: £0 an instance a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@mrisoftware.com. Tell them what format you need. It will help if you say what assistive technology you use.