Reach-Data Ltd

Online SMS Service

We provide an online, web based campaign management platform for sending / receiving SMS. It is fully featured and includes data cleansing, dynamic list creation, personalised messages, automatic opt-out management and comprehensive reporting facilities. The service is completely web based and is also optimised for mobile devices.

Features

• Industry standard API's for direct integration
• Carrier grade infrastructure
• Tier 1 direct UK routing
• Completely cloud based
• High performance
• Secure (SSL) connectivity
• ISO 27001:2013 Accredited (UKAS)
• 2-way SMS
• Real-time reporting
• Global coverage

Benefits

• Cloud based and accessible from multiple platforms
• Full traceability with integral delivery reports
• Optimised for access from mobile devices
• Connections to multiple networks ensuring no single point of failure
• UK based data centre's
• Flexible and transparent pricing
• Simple onboarding and offboarding process
• 24/7 Service and support
• Dedicated account manager

£0.02 a unit

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at public.tenders@reach-interactive.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

188694015286793

Contact

Andrew Cook
01923 618065
public.tenders@reach-interactive.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: No
• System requirements:
  • Internet access
  • PC, Mac or mobile device to access the platform
  • Modern web browser with HTML5 support

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Monday to Friday; ; Office Hours: 09:00 – 18:00; 1 hour; ; Evening: 18:00 – 22:00; 1 - 2 hours.; ; Night: 22:00 – 09:00; Email accounts will be monitored on a "Best Endeavour" basis directed to the observance of critical issues.; ; Weekends and English Bank Holidays; ; Daytime: 10:00 – 16:00; 2 hours; ; Evening, Night: 16:00 – 00:00 and 00:00 – 10:00; Email accounts will be monitored on a "Best Endeavour" basis directed to the observance of critical issues.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Monday to Friday; ; Office Hours: 09:00 – 18:00; All issues will be routed to the appropriate staff immediately with an initial response within 1 hour.; ; Evening: 18:00 – 22:00; All issues will be routed to the appropriate staff with an initial response within 1 - 2 hours.; ; Night: 22:00 – 09:00; Email accounts will be monitored on a "Best Endeavour" basis directed to the observance of critical issues affecting more than one or all clients.; ; Weekends and English Bank Holidays; ; Daytime: 10:00 – 16:00; All issues will be routed to the appropriate staff with initial response within 2 hours.; ; Evening, Night: 16:00 – 00:00 and 00:00 – 10:00; Email accounts will be monitored on a "Best Endeavour" basis directed to the observance of critical issues affecting more than one or all clients.; ; There are no additional costs associated with the above support levels.; ; A dedicated account manager is also available as an escalation point if issues are encountered.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We provide online training as well as user documentation of our platform and services. Onsite training is also available and can be discussed during the onboarding process.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: All data can be extracted through our online platform within the reporting section. This includes a record of all messages sent throughout the life of the contract and is available in CSV format.
• End-of-contract process: There are no additional costs associated with the extraction of data at the end of the contract. The users account is deactivated after they have extracted the data and they stop using the service.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: All features of the platform are available to use on both mobile and desktop browsers.
• Service interface: Yes
• User support accessibility: WCAG 2.1 A
• Description of service interface: We have an online, web based platform which supports the API service and provides real-time MI. It is also used to manage the service enabling provisioning of sub-accounts and additional users.
• Accessibility standards: WCAG 2.1 A
• Accessibility testing: The platform has been tested using the following accessibility applications:; ; JAWS, Dragon, Supernova, Zoomtext
• API: Yes
• What users can and can't do using the API: Access to the API is provided as soon as a user signs up for an account on our platform. The API is used to submit messages directly through our gateway without any limitations.
• API documentation: Yes
• API documentation formats: HTML
• API sandbox or test environment: Yes
• Customisation available: No

Scaling

• Independence of resources: All services are mirrored between UK data centres with automatic fail over and load balancing. The automatic load balancing ensures that 1 user / client does not impact another.

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: All data can be exported in CSV format though our online, web platform within the Reporting page.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: All our operational servers are dual processor blade servers running in a controlled environment with redundant power supplies.; ; Service Uptime; Main Site; 99.96% uptime with provision of full service since January 2009; ; Backup Site; 99.92% uptime with provision of full service since January 2009; ; Combined Provision (no overlap); 100%; ; As standard, we don't give service credits in the event that service levels are not met. This can be discussed as part of the onboarding / contract negotiations.
• Approach to resilience: We operate a multi-layer approach using multiple UK data centres to ensure no single point of failure. In the event of a failure at one of our sites, we automatically switch to another site, ensuring no interruption to our services.; ; We also maintain connections to all UK mobile network operators. In the event of a critical network failure, messages are routed through an alternative operator to ensure services are not interrupted. A fully documented Disaster Recovery Plan details backup and contingency processes.
• Outage reporting: We notify clients by email in the event of an outage.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Public key authentication (including by TLS client certificate)
  • Username or password
• Access restrictions in management interfaces and support channels: All access is controlled by username / password controls. We specify a minimum criteria for password length and complexity.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: Between 1 month and 6 months
• Access to supplier activity audit information: No audit information available
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Certification International (UKAS)
• ISO/IEC 27001 accreditation date: 18/04/2013
• What the ISO/IEC 27001 doesn’t cover: All services are covered.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: We follow the following information security policies / procedures in line with our ISO 27001 certification:; ; Information Security Policy.; Business Information Policy.; Access Control Policy.; Teleworking Policy.; Clear Desk Policy.; Back Up & Redundancy Policy.; Supplier Security Policy.; Secure System Engineering Principles Policy.; Information Security Management.; Asset & Information Management.; Human Resources.; Physical Security.; Communications & Operations.; Access Control.; Systems & Processing.; Incident Management.; Business Continuity Management.; Compliance & Conformance.; ; We ensure policies are followed through our internal auditing processes and any issues / non-compliance are reported to the MD / Information Security Manager.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All changes to system hardware, software or other applications must be authorised (MD); All version updates should be risk assessed and tested if deemed necessary by ISM/MD; Any over-ride of this “Change Management” procedure must be authorised (MD); All changes must be first risk assessed and tested before full implementation; All testing must be carried out in a separate and controlled environment
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: All services are tested in a separate dedicated UAT environment before being pushed into the live environment. All applications / systems for message processing are designed and built in house. We deploy patches in a timely manner after testing the deployment in our UAT environment.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: All systems are proactively monitored, including access logs and firewall logs to identify any potential breaches in security.
• Incident management type: Supplier-defined controls
• Incident management approach: The Information Security Manager must be PROMPTLY informed of the (potential) incident; The Incident must be PROMPTLY reported to the Information Security Manager in writing; The Incident must be LOGGED by the Information Security Manager; The Incident must be ANALYSED by The Information Security Manager; The MD and the ISM must ensure there is learning and appropriate action; Details of all Incident records must be maintained (incl. dates, times, parties involved etc.); The ISMS ensures that all Incidents are brought to the attention of the MD.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Fighting climate change

  Fighting climate change

  The data centres we use are selected based on location, reliability, security and also carbon footprint. All of our data centres are either carbon neutral or powered by 100% renewable energy. As part of our commitment to social value, we work with (more:trees) to plant trees on behalf of our customers to further offset our carbon footprint.

Pricing

• Price: £0.02 a unit
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Full functionality is provided, along with a limited number of free SMS credits. There is no time limit.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at public.tenders@reach-interactive.com. Tell them what format you need. It will help if you say what assistive technology you use.