Blue Planet Software Ltd

Automated Telephone Payments (ATP)

ATP is an automated self-service phone payments solution that integrates with HeyCentric and Unit4 Business World ERP solution. and your IVR solution.
It is available to your customers 24 X 7 and does not require an agent to be present.
It's fully PCI compliant.

Features

• Secure and PCI Compliant
• Real time payments
• Auto allocation of payment to ERP system
• integrated into your Income management system
• Speeds up the payment process
• Reduces labour intensive tasks
• Self service with 24 X 7 availability

Benefits

• significantly reduces the PCI compliance scope
• Seamless integration with your ERP or IM system
• Provides instant visibility on payments made as they happen
• Can integrate with multiple PSP's
• Self service 24 X 7 availability
• Supports multiple payment types
• Facilitates efficient use of staff time

£1.25 a transaction a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tom.behan@blueplanet-software.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

191428521396713

Contact

Tom Behan
+353872245768
tom.behan@blueplanet-software.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: ATP integrates with your Income Management system or directly to your ERP system.
• Cloud deployment model: Private cloud
• Service constraints: There are no service constraints.
• System requirements:
  • Access to your Income management solution
  • Access to your ERP solution via VPN

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We respond within the hour on receipt of a support query.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: P1 Response instant, resolution 1 hour.; P2 Response within 1 hours , resolution within next working day.; P3 Response within 4 hours, resolution within 2 working days; P4 5 working days, resolution with next release of software; Price included in the SaaS service price
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We provide a full implementation and integration service. Training not required.; We can also project manage the roll out if so desired.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: There is no data to extract as all payments end up in the users ERP system.; We do not hold data but only access data in the ERP system as required for payment processing.
• End-of-contract process: The price has two elements An implementation fee for setup and deployment and an annual SaaS fee based on transaction volumes and bands.; When the service is no longer required the service is terminated.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: There is no difference between devices used
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: No
• Customisation available: Yes
• Description of customisation: During implementation the following elements can be customised.; The payment types ; Call flow; Voice talent used; Service access numbers; The solution can be configured to integrate with multiple ERP systems

Scaling

• Independence of resources: The service is scaled to the needs of the organisation and expected capacity is provisioned to accommodate expected peak demand periods. ; Early alerts are generated when the system is likely to reach its capacity.; The service load is monitored to ensure sufficient head room exists.

Analytics

• Service usage metrics: Yes
• Metrics types: We can provide analysis the number of call volumes and timelines. ; Calls per day by payment types. ; The number of calls with payments refused and authorised.; Peak demand time forecasting.
• Reporting types:
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Sybernet Ltd

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Physical access control, complying with another standard
• Data sanitisation process: No
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Completed payments are either updated in real time to the ERP system or if that is not possible they are exported as a part of a batch process using a previously agreed file format.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • Xml
  • JSON
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • Xml
  • Json

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: The service has a 99.98% availability
• Approach to resilience: Available on request
• Outage reporting: Email alerts

Identity and authentication

• User authentication needed: No
• Access restrictions in management interfaces and support channels: No system access provided to users.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: KYTE Consultants Ltd
• PCI DSS accreditation date: 04/04/2020
• What the PCI DSS doesn’t cover: Details of the PCI certification are contained in the AOC.
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: PCI DSS Version 3.2.1
• Information security policies and processes: PCI DSS requirement 12

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: PCI DSS requirement 6
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Dictated by requirement 6,10 & 11 of PCI DSS standards
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Requirement 10 of PCI DSS standard
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Governed by requirement 12 of the PCI DSS requirements.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Covid-19 recovery:

  Covid-19 recovery

  The Automated Telephone payments system facilitates remote payments thus removing the citizen from the need to attend in person.

Pricing

• Price: £1.25 a transaction a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tom.behan@blueplanet-software.com. Tell them what format you need. It will help if you say what assistive technology you use.