Recordsure

Digital Interview Recording

A Digital Interview Recording solution compliant with the PACE Act as a Secure Digital Network solution. High quality, secure recording with capabilities for automated transcription and sophisticated speech analytics. Integrated with Recordsure’s document analytics and AI provides a multi-media capability, incorporating documents alongside audio recordings.

Features

• High quality, secure audio recording of face-to-face and remote interviews
• PACE compliant when used in conjunction with Recordsure Advanced Microphones
• Patented audio fragmentation and encryption system for upload of recordings
• Secure Digital Network operation as defined by PACE codes E&F
• Digital form for questionnaire completion during interviews
• Ability to create and edit digital questionnaires for interviews
• Easy to search web-based portal for record access and review
• Optional automated transcription, customised for greater accuracy
• Optional post-conversation speech analytics to identify themes and process risks
• Conforms to BS 10008 for Legal Admissibility of Electronic Information

Benefits

• 100% of interviews captured and stored, creating reliable, authoritative records
• Removes the need for legacy PACE CD/tape recorders
• Faster and more efficient interview setup and completion
• Removes need for manual write-up and storage, generating cost savings
• All interviews quickly and easily accessible for review and download
• Easy to search, irrefutable audit trail for all calls/conversations
• Accurate, customised transcription that can match human performance
• Identification of process risks and trends via sophisticated speech analytics
• Trusted by the Home Office for interview recording

£1.95 a unit

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@recordsure.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

171034250312335

Contact

Victoria Mansbridge
+442037727230
sales@recordsure.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: It can work alongside existing call recording solutions.
• Cloud deployment model: Public cloud
• Service constraints: None
• System requirements:
  • There are no dependencies on system infrastructure.
  • Google Chrome or Microsoft Edge internet browsers

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: This would be defined during initial project scoping exercise.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Support levels and applicable SLAs are determined during initial project scoping exercise. Most support and maintenance is included within our costs.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Training can be provided either on-site or online depending on client preference. We also provide user manuals and supporting documentation.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Various options are available depending on client requirements - this will be confirmed during initial scoping exercise.
• End-of-contract process: Data extraction may incur additional cost depending on client requirements.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Chrome
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Recording and capturing citizen information in forms whilst interviewing is possible across both mobile and desktop, whereas the review and analysis of conversations can only take place on desktop
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: Yes
• What users can and can't do using the API: All functionality and data accessible via the product user interface is also available via the API
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: Customisations can be requested

Scaling

• Independence of resources: We provide a dedicated instance.

Analytics

• Service usage metrics: Yes
• Metrics types: Average resolution time; Occupancy; Average first response time; First contact resolution
• Reporting types: Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
  • Other
• Other data at rest protection approach: Client Network Isolation, Security groups, Client Specific Encryption Keys. ISO-27001 controls.
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Data is streamed directly from the end-user system to the cloud application in real-time. No data export is required.
• Data export formats: Other
• Other data export formats: Data is streamed directly to the system in Real-time
• Data import formats: Other
• Other data import formats: Audio is directly streamed to the system

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: Other
• Other protection within supplier network: All data at rest is encrypted using Microsoft Azure standards (e.g. TDE and service-managed keys for SQL databases, AI Search and Entra Directories and AES-256 for Blob storage).; Data in transit is encrypted using TLS1.2 or higher.

Availability and resilience

• Guaranteed availability: All SLAs will be confirmed during initial project scoping sessions
• Approach to resilience: We use third party Cloud hosting in the form on AWS, and Microsoft Azure.
• Outage reporting: Email alerts

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Multi-factor authentication; IAM users, groups, and roles for daily account access; CloudTrail to monitor all activity
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 06/01/2021
• What the ISO/IEC 27001 doesn’t cover: To confirm, we fully comply with the SOA and have no exceptions. For clarity, the following is covered by our ISO 27001 certification: The Information Security Management System in relation to the design, development and operation of technology and business services for the capture, storage, analysis and retrieval of audio and other media records related to communications in financial services and other sectors.
• ISO 28000:2007 certification: No
• CSA STAR certification: Yes
• CSA STAR accreditation date: 13/05/2022
• CSA STAR certification level: Level 1: CSA STAR Self-Assessment
• What the CSA STAR doesn’t cover: The full SAAS is covered
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Information Security Policy; Access Control Policy; Acceptable Use & Social Media Policy; Backup and Recovery Policy; Bring Your Own Device Policy; Change Control Procedure; Continual Improvement Review Procedure; Data Protection Statement; Network Policy; Password Policy; Programme Management Policy; AWS KMS Encryption Key Management Procedure; Software Development Lifecycle (SDLC) Procedure; Supplier Management Policy; System Decommissioning Policy; Risk Assessment; Infrastructure Policy; Infrastructure Hardening Policy; Information Security a Quick Guide; Starter, Leaver, Mover Process; What To Do In The Event Of A Crisis; Guide to legislation relevant to Information Security Policy; Data Breach Management Procedure; ; The information Security Policy is owned by the Chief Security Officer (CSO). Policy adherence is managed by the Information Security Team, through training, internal audits and a robust events and Incident risk analysis process.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Standard Changes (very low risk) do not need to be approved by the ; Change Advisory Board (CAB).; ; Normal change must always go to the CAB for approval.; ; Emergence Changes follow a fast track CAB assessment process.; ; Information Security Requirements must be considered and implemented for each change in software, hardware, configuration or physical security.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Threats are assessed through regular audits, automatic detection tools, and change management security considerations.; ; Threats are regularly assessed and updated.; sources include NCSC and NIST.; ; Low severity patches and updates are introduced to the current development cycle for the next release.; ; Medium severity patches and updates are applied as soon as they become available, and have been tested against the current build.; ; Critical security patches are given the highest priority for pre-production testing, and scheduled to be released into production as soon as possible, under an emergency change.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: HAProxy Enterprise WAF & API Gateway, Web Application Firewall Mod Security, Amazon GuardDuty, AWS CloudTrail, AWS Shield. ; ; All alerts go to the Security team, where they are rapidly risk triaged, and prioritised for treatment.; ; Where the severity of a reported event or incident is considered to be Major, the situation may need to be escalated to The Crisis Management Team. The CMT once activated will own the crisis until resolution is reached.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: We have pre-defined processes for common events (all, e.g. Phishing) can be reported to Security via Email, or Realtime messaging channels. ; ; Incidents should be reported immediately to security via email, Realtime messaging channels, or by reporting it to any senior member of staff up to and including the CEO.; ; Redacted summaries of recent incidents can be requested, or provided to customers on a scheduled basis.; ; Incidents that seriously impact a customers services will be reported immediately.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  We have been assessed by EcoVardis (a highly trust business sustainability ratings firm) and our actions and commitment to the environment earned us a silver medal.; In addition, we are a member of the SME Climate Hub, committed to:; Halve our greenhouse gas emissions before 2030; Achieve net zero emissions before 2050

  Covid-19 recovery

  We seamlessly move to remote working prior to the first lock-down, without any interruption to our services. We made limited use of the furlough scheme where strictly necessary. Our business is now in a growth phase as we introduce new use cases.

  Tackling economic inequality

  We have been assessed by EcoVardis (a highly trust business sustainability ratings firm) and our activity and commitment to fair labour practices and wages, as well as human rights and ethics has earned us a silver medal.

  Equal opportunity

  We have been assessed by EcoVardis (a highly trust business sustainability ratings firm) and our activity and commitment to fair labour practices including equal opportunities and human rights and ethics has earned us a silver medal.

  Wellbeing

  We have been assessed by EcoVardis (a highly trust business sustainability ratings firm) and our activity and commitment to labour and human rights, ethics has earned us a silver medal.; In addition we provide all staff with free access to the well-being app: Headspace.; We a;so support user wellbeing: By providing irrefutable audit trails, our solution removes the stress of investigations.

Pricing

• Price: £1.95 a unit
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@recordsure.com. Tell them what format you need. It will help if you say what assistive technology you use.