HTK Limited

Data-driven citizen engagement platform

HTK Horizon is a secure cloud platform for automated digital engagement with citizens, staff and other stakeholders through personalised web forms, email, SMS, mobile apps, social media and interactive voice response (IVR). Use-cases include marketing and customer service automation, business continuity messaging and critical communications for major incident management.

Features

• Highly flexible CRM and customer data platform (CDP)
• Customer segmentation using business rules and maps
• Real-time event processing for triggered communication
• Multi-channel messaging through email, SMS & WhatsApp
• Interactive Voice Response (IVR) including speech recognition
• Mobile responsive web forms and surveys with inbuilt personalisation
• Integration with IoT networks and the Common Alerting Protocol
• Data analytics and dashboards through Google Looker
• Machine learning models and data science tools
• Extensive API for systems integration

Benefits

• Simple, scalable pricing model with no large fixed licence fee
• Supports shared-use, through role-based access permissions
• Create data-driven 'customer journeys' across digital touch-points
• Works with your existing websites and mobile applications
• Accelerate the uptake and adoption of digital services

£500 a licence a month

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@htk.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

372416280078888

Contact

Marlon Bowser
+44 (0) 870 600 2311
sales@htk.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: The service is subject to a planned maintenance schedule, mainly for service updates. In general this schedule has zero to minimal impact on live service availability.
• System requirements:
  • Access to the Internet via a suitable broadband connection
  • A supported web browser

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Target response time is 2 hours.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: No
• Support levels: Standard:; Monday to Friday, 9am to 5pm. ; Excludes UK bank holidays. ; ; Enhanced:; Monday to Friday, 8am to 6pm. ; Saturday, Sunday and UK bank holidays, 8am to 6pm.; ; Mission Critical:; 24 x 7 x 365.; ; Standard - minimum £500 / month.; Enhanced - minimum £2,000 / month.; Mission Critical - minimum £5,000 / month.; ; We provide technical support and a dedicated account manager for larger contracts.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: HTK typically proposes an initial call or face-to-face meeting with all relevant stakeholders to discuss the requirements in more detail, and to understand your goals for the proposed solution. From this discussion we would expect to gain agreement regarding ‘what success looks like’, together with an understanding of how it will be measured. Our approach is geared to help ensure a solid financial return on your investment.; Depending on your requirements and the scale of the delivery, we’ll document a plan containing key tasks and milestones, to help ensure that delivery can be tracked and achieved in line with your expectations.; ; HTK provides unlimited, free-of-charge access to an online knowledge-base containing detailed step-by-step instructions on how to use and get the most benefit from Horizon. This online resource is available to all, and can be accessed from within Horizon to obtain context-sensitive information related to the current task at hand.; HTK also provides on-site training for individuals (e.g. ‘train the trainer’ sessions) or for groups of end-users. Requirements for on-site training will typically be established within the delivery plan. In all cases, training material will be prepared to suit the course delegates and the needs of your particular project.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Upon request (made within 30 days after the effective date of termination of a purchased services subscription) HTK will make your data available to you for download in comma separated value (.csv) format along with any attachments in their native format.
• End-of-contract process: Upon request (made within 30 days after the effective date of termination of a purchased services subscription) HTK will make your data available to you for download in comma separated value (.csv) format along with any attachments in their native format. There is no charge for this service. If there is a need to securely terminate connections to customer systems or other third party systems that have been used to deliver the contracted service then a process and timeline will be agreed with the customer. Depending on the complexity of the termination process this may result in additional costs. There may also be cost implications if there any requirements for early termination of third party licence agreements established specifically for the support of the service.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Services are accessed via an online user Interface
• Accessibility standards: None or don’t know
• Description of accessibility: Users can access all the service features via the user interface. User access to certain features of the service can be controlled through a combination of product licences and role-based user permissions.
• Accessibility testing: None
• API: Yes
• What users can and can't do using the API: Horizon services are exposed through two APIs, known as the Portal API and the Admin API.; ; The Portal API runs in the context of a single end-customer (a Horizon Contact) and is designed to be called by websites and mobile app implementations, while the Admin API provides methods that can affect multiple Horizon Contacts and is generally used for systems integration.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: No

Scaling

• Independence of resources: The service architecture has been designed to auto-scale to accommodate the volume of transactions [messages] being processed.

Analytics

• Service usage metrics: Yes
• Metrics types: User activity monitoring.; Message sending volumes.; Message sending and delivery status.; Customer interaction reports.; Campaign reporting.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Users can export their data through data download features built into the service User Interface.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Service Availability 99.9% to 100% (Monthly Service Outage Up to 45 minutes):; Service credit Month 1 - 0%.; Service credit Month 2 - 0%.; Service credit Month 3 - 0%.; ; Service Availability 95% to 99.9% (Monthly service outage 45 minutes to 36.5 hours):; Service credit Month 1 -10%.; Service credit Month 2 - 25%.; Service credit Month 3 - 50%.; ; Service Availability 90% to 94.99% (Monthly service outage 36.5 hours to 73 hours):; Service credit Month 1 - 25%.; Service credit Month 2 - 50%.; Service credit Month 3 - 75%.; ; Service Availability 75% to 89.99% (Monthly service outage 73 hours to 182.5 hours):; Service credit Month 1 - 50%.; Service credit Month 2 - 75%.; Service credit Month 3 - 100%.; ; Service Availability 74.99% or below (Monthly service outage More than 182.5 hours):; Service credit Month 1 - 100%; Service credit Month 2 - 100%; Service credit Month 3 - 100%
• Approach to resilience: Available on request
• Outage reporting: A service status page will be displayed on the service link [URL]. Customers will be informed by email, SMS and telephone alerts as defined by their SLA.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: All access to key management systems and support systems has to authorised by senior management. Access requirements are regularly reviewed by the HTK Operational Management team.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 23/11/2021
• What the ISO/IEC 27001 doesn’t cover: None
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: HTK has documented security policies that adhere to the requirements of ISO27001 and are available to all employees via an internal Google drive system. All employees are briefed on the security requirements of their role and are required to complete a security assessment at least once a year. All policies and procedures are reviewed and audited with the assistance of an external organisation once a month.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All service components developed to support the service are subject to a series of release review from design through, development, QA and into live deployment. All release reviews are documented. The possible introduction of security vulnerabilities is assessed at the design stage and is a specific item on the agenda for each release review.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: HTK has comprehensive service monitoring and alerting in place to detect any possible security breaches. The performance of these systems is reviewed on a weekly basis by the HTK Operational Management Team. Patches are normally deployed within a matter of hours of the vulnerability being detected or reported. The HTK team constantly monitors relevant industry and supplier noticeboards for reports as well as social media channels where appropriate.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: All key operational service components are monitored and have alerting set up to report any possible attacks. Responses to potential compromise depends on the perceived level of risk. If the risk is high then an incident report will be raised on the internal communication system and key personnel and senior management will discuss the actions required to address the potential compromise. If the issue is high risk then an immediate plan of action will be created and implemented.
• Incident management type: Supplier-defined controls
• Incident management approach: HTK has a documented process for the reporting and management of incidents. Users [internal or customer] can raise an incident report via the HTK Help Desk. As with potential security threats the incident will also be reported via a dedicated internal communications channel. If an incident has had an impact on a customer service then an incident report will be created and emailed to those customers impacted by the incident.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  It is HTK’s objective to carry out all measures reasonably practicable to meet, exceed or develop all necessary or desirable requirements and to continually improve environmental performance, with a target of net-zero carbon emissions by 2027.
• Equal opportunity:

  Equal opportunity

  HTK is an Equal Opportunities employer and is committed to staff development.
• Wellbeing:

  Wellbeing

  HTK operates a flexible working policy and provides all employees with access to private medical insurance, for them and their families.

Pricing

• Price: £500 a licence a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@htk.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.