STOUR MARINE LIMITED

Secure SMS Delivery

Send and receive text messages with guaranteed security and reliable message delivery for sensitive communications.

Features

• HTTP(s) APIs
• SMPP v3.4
• TLS/IPSec connectivity for secure delivery
• Cloud-based SMS Gateway
• Direct UK Mobile Network Connections
• Two-way communication with long numbers
• Highly reliable and resilient architecture

Benefits

• Easy deployment and scalability
• Supports industry-standard protocols
• Streamlines communication processes
• Minimizes downtime, maximizes communication uptime
• Optimized for critical communications
• Guaranteed message delivery and quality
• Seamless integration with existing systems

£0.02 to £0.07 a unit a second

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at leo.bartle@stourmarine.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

305346040084175

Contact

Leo Bartle
07537100000
leo.bartle@stourmarine.co.uk

Service scope

• Service constraints: Stour Marine offers both live support (over phone, Skype or Google Meet) as well as e-mail support for all aspects of the service provided. Stour Marine staff is continuously available during business hours (9am to 5pm) Monday to Friday, with on-call support for emergencies outside business hours. A single dedicated contact telephone number and e-mail address is provided.
• System requirements:
  • Messaging platform capable of HTTP(s)/SMPP v3.4
  • Programming knowledge if using API/SMPP integrations.
  • Systems to process data from delivery reports
  • Long number provisioning if utilizing two-way features.
  • Internal security policies for handling sensitive communications.
  • Internet connection with sufficient bandwidth for API usage.
  • Firewall rules allowing outbound API/SMPP traffic and IPSec

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Severity Level / Reaction / Response / Remedy; Emergency / 1 hour / 5 hours / 8 hours; High / Next Working Day / 2 Working Days / 6 Working Days; Medium / Next Working Day / 5 Working Days / 60 Working Days; Low / Next Working Day / 10 Working Days / 120 Working Days; Query N/A
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: No
• Support levels: Silver-Level Support Package: Availability: 9-5 support during working hours and weekdays. Services: Basic troubleshooting, software updates, and standard maintenance. Gold-Level Support Package: Availability: Extended hours support, such as 7-7 on weekdays and limited weekend support to provide faster response to faults. Resolution times unchanged Services: Includes all low-level services plus faster response times, optional additional hardware redundancy, and preventive maintenance. Platinum-Level Support Package: Availability: 24/7 support including holidays. Services: All services from medium-level support, plus the fastest response times, dedicated support personnel optional, and priority in fault resolution. All Emergency support service requests from Customer to Stour Marine shall always be done by telephone. E-mail based issue handling system should be used for sending supplementary information. All accounts will have a Technical Account Manager assigned by default.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Comprehensive User Documentation: provided at start of on-boarding.; Dedicated Onboarding Specialist: Assign new clients a point of contact to provide personalized guidance during the initial configuration and testing phase.; Live Chat/Phone Support: Provide easily accessible support channels to address questions and resolve issues quickly.; Tailored Training (If Applicable): For enterprise clients with complex infrastructure, consider offering customized training sessions (onsite or online) for a fee.; ; This combination of self-service resources, proactive support, and flexible training options will cater to different learning styles and technical expertise, ensuring a smooth and successful adoption of our Secure SMS Delivery service.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Define data rights: Include clear terms in the contract about data ownership, extraction formats, and any fees involved.; Proactive Notice: Provide clients with 30-60 days notice before contract termination and reminders about data extraction.; Call Detail Records (CDRs): Caller/callee numbers, timestamps, duration, cost.; Support Assistance (optional): Offer data extraction as a service for complex scenarios (may have associated costs).; Data Retention: Data is stored for at least 3 years after the contract ends.; Secure Transfer: Use encrypted methods for sensitive data.
• End-of-contract process: Service Termination:; ; Secure SMS Delivery access will cease at the agreed-upon end date.; Data Extraction: Users have a specified window (e.g., 30 days) to extract their data (call records, voicemails, configuration). Methods will be clearly outlined in the contract.; Final Billing: Any outstanding charges based on usage or additional services will be settled.; Option to Renew: If applicable, the client will be presented with the option to renew the contract under new terms.; ; Included in Contract Price:; ; Core Secure SMS Delivery: Base service with included features like SMS Gateway Access: The core service of sending and receiving SMS.; Standard Features: Basic API/SMPP v3.4 access, delivery reports, enhanced security through SMS as well as SS7 firewalls.; Technical Support: Support within agreed-upon hours and channels.; ; Additional Costs:; ; Extra Features: Advanced features (e.g. detailed analytics) may be offered as tiered add-ons.; Premium Support: 24/7 support, onsite assistance, or expedited response times might have additional fees.; Setup/Configuration: Complex setup or customization may incur one-time or ongoing charges.

Using the service

• Web browser interface: No
• API: Yes
• What users can and can't do using the API: Send and receive SMS as well as DLRs.
• API automation tools: Other
• Other API automation tools: Standard HTTP APIs
• API documentation: Yes
• API documentation formats: PDF
• Command line interface: No

Scaling

• Scaling available: Yes
• Scaling type: Automatic
• Independence of resources: Scalable Infrastructure: Our cloud-based system expands to handle demand surges, preventing slowdowns. Resource Isolation: Your traffic and data are securely separated, ensuring other users don't impact your experience. Traffic Prioritization: Voice calls always get top priority on our network, guaranteeing clear communication. Redundancy: Multiple data centers and automatic failover mechanisms ensure your service is always available. Monitoring: We proactively track usage to identify and address potential issues before they affect you.
• Usage notifications: Yes
• Usage reporting: Email

Analytics

• Infrastructure or application metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • Call Detail Records (CDRs) - metadata about calls.
  • User configuration settings and preferences.
  • System logs for troubleshooting and auditing.
  • Billing and invoicing data.
  • Custom routing rules and access lists.
  • Security settings and compliance-related records.
  • Analytics and reporting data.
• Backup controls: This is a Managed Service. Should clients need local backups, Stour Marine can support with the setup for additional fees.
• Datacentre setup: Multiple datacentres with disaster recovery
• Scheduling backups: Supplier controls the whole backup schedule
• Backup recovery: Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: The platform solution should be available for use 24/7, 366 days per year. The platform solution should be available >99.99% of the time, in any given week. Service credits if not achieved.
• Approach to resilience: Geographic redundancy - within UK preferable, or otherwise as Stour Marine deems best
• Outage reporting: Email alerts

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google apps)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: Here's how we implement strict access controls for management interfaces and support channels: **Role-Based Access Control (RBAC):** We implement strict RBAC aligned with SOC2/ISO27001, ensuring users only access data necessary for their role, in keeping with GDPR's minimization principle. **Two-Factor Authentication (2FA):** Mandatory for privileged access, providing a crucial layer of security (SOC2/ISO27001). **Secure Remote Access:** VPNs are used for remote management, creating encrypted tunnels and enhancing security (SOC2/ISO27001). **Password Policies:** Complex passwords, regular changes, and secure storage are enforced (SOC2/ISO27001). **Auditing and Logging:** Access attempts and actions are logged for traceability and accountability per SOC2/ISO27001 and GDPR requirements.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
• Devices users manage the service through: Dedicated device over multiple services or networks

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: Between 6 months and 12 months
• Access to supplier activity audit information: No audit information available
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: We are currently are 90% readiness for an audit to obtain SOC2 and ISO 27001 certifications
• Information security policies and processes: We are following the SOC2 and ISO 27001 certification processes.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Configuration Management Database (CMDB): We maintain a CMDB to track Configuration Items (CIs) throughout their lifecycle, including relationships and dependencies. Change Requests: All changes undergo a structured process including Request for Change (RFC), approval by a Change Advisory Board (CAB), and risk/impact assessments. Security Focus: Each change is evaluated for potential security implications. Vulnerability scanning and penetration testing occur within our testing environments. Release and Deployment: Changes are packaged, tested in a staging environment, and deployed with a documented rollback plan.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Our vulnerability management process aligns with SOC2/ISO27001 principles: Risk Assessment: We continuously identify potential threats through vulnerability scans, penetration testing, and threat intelligence feeds. Prioritization: We prioritize vulnerabilities based on severity and risk to our services. Patching: We have a defined timeline for deploying critical patches, balancing urgency with rigorous testing in a staging environment. Threat Intelligence: We subscribe to reputable threat feeds, vendor advisories, and security communities to stay updated on emerging vulnerabilities. Monitoring: We actively monitor systems for signs of intrusion or compromise.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Our protective monitoring processes focus on early detection and swift response: Log Collection & Analysis: We centralize logs from network devices, firewalls, and endpoints, using tools for analysis and anomaly detection. Alerting: We configure real-time alerts for suspicious activity patterns or security events. Incident Response: We have a defined incident response plan with clear roles, escalation procedures, and communication protocols. Timeliness: Initial response times are outlined in our Service Level Agreements (SLAs), prioritizing critical incidents for immediate containment and investigation.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Here's a breakdown of our incident management process, aligned with ITIL best practices: Incident Logging: Users report incidents via a designated service desk with multiple channels (phone, email). Categorization & Prioritization: Incidents are classified based on impact and urgency, triggering appropriate response procedures. Escalation: Complex incidents follow pre-defined escalation paths to ensure timely resolution. Pre-defined Processes: We have standardized responses for common incident types, streamlining resolution and reducing downtime. Incident Reporting: We provide regular updates to impacted users and generate post-incident reports for analysis and improvement.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Supplier
• Virtualisation technologies used: Red Hat Virtualisation
• How shared infrastructure is kept separate: Software is used to create smaller, isolated environments for each use case within the larger physical infrastructure.

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: AWS managed

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Paperless Communication: SMS replaces the need for printed notifications, saving paper and reducing waste.; Enabling Remote Work: Reliable SMS facilitates remote work setups or hybrid models, leading to reduced commuting and associated emissions.; Optimization Potential: Buyers can utilize our service for route optimization notifications (delivery services), further reducing environmental impact.; Sustainability Commitment: We'll disclose efforts to improve our own energy efficiency and are open to exploring partnerships with clients on green initiatives.

  Covid-19 recovery

  Essential Communication:; Reliable SMS keeps public sectors (healthcare, essential services) connected during disruptions when in-person contact is limited.; Contact Tracing Support: Potential use case for SMS-based contact tracing if a scalable and secure implementation is designed with public health authorities.; Business Communication: Supports business continuity for SMBs through contactless customer updates or appointment reminders.

  Tackling economic inequality

  Accessible Pricing:; Our model avoids large upfront hardware costs, making it accessible to small businesses and non-profits.; Underserved Areas: SMS can bridge communication gaps in areas with limited internet access, promoting economic participation.; Skills Development: We will partner with local educational institutions for internships or workshops related to SMS-based solutions.

  Equal opportunity

  Wide Accessibility: SMS reaches a wide range of individuals, including those with limited internet access or smartphones. This ensures critical information can be disseminated broadly.; Language Support: Investigate supporting multi-language SMS to bridge communication gaps in diverse communities.; Data Privacy: Our security-first design, with potential for client-side encryption, helps prevent data misuse that could lead to discrimination.; Partnership Focus: Seek collaborations with organizations that promote digital inclusion and access to technology for marginalized groups.

  Wellbeing

  Mental Health Resources:; Potential partnerships with crisis hotlines or mental health services to leverage reliable SMS for support and outreach.; Emergency Alerts: Ensure rapid and reliable delivery of emergency or public safety notifications, promoting community wellbeing.; Appointment Reminders: Use in healthcare settings to reduce missed appointments, improving healthcare access and outcomes.; Reduced Stress: Automated SMS for billing or service updates can save time and reduce stress for both businesses and individuals.

Pricing

• Price: £0.02 to £0.07 a unit a second
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Subject to commercials being accepted, a testing of the service is started. Based on the acceptance criteria being passed, the account is then moved into production.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at leo.bartle@stourmarine.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.