HTK Limited

Data-driven citizen engagement platform

HTK Horizon is a secure cloud platform for automated digital engagement with citizens, staff and other stakeholders through personalised web forms, email, SMS, mobile apps, social media and interactive voice response (IVR). Use-cases include marketing and customer service automation, business continuity messaging and critical communications for major incident management.


  • Highly flexible CRM and customer data platform (CDP)
  • Customer segmentation using business rules and maps
  • Real-time event processing for triggered communication
  • Multi-channel messaging through email, SMS & WhatsApp
  • Interactive Voice Response (IVR) including speech recognition
  • Mobile responsive web forms and surveys with inbuilt personalisation
  • Integration with IoT networks and the Common Alerting Protocol
  • Data analytics and dashboards through Google Looker
  • Machine learning models and data science tools
  • Extensive API for systems integration


  • Simple, scalable pricing model with no large fixed licence fee
  • Supports shared-use, through role-based access permissions
  • Create data-driven 'customer journeys' across digital touch-points
  • Works with your existing websites and mobile applications
  • Accelerate the uptake and adoption of digital services


£500 a licence a month

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 13

Service ID

3 7 2 4 1 6 2 8 0 0 7 8 8 8 8


HTK Limited Marlon Bowser
Telephone: +44 (0) 870 600 2311

Service scope

Software add-on or extension
Cloud deployment model
Public cloud
Service constraints
The service is subject to a planned maintenance schedule, mainly for service updates. In general this schedule has zero to minimal impact on live service availability.
System requirements
  • Access to the Internet via a suitable broadband connection
  • A supported web browser

User support

Email or online ticketing support
Email or online ticketing
Support response times
Target response time is 2 hours.
User can manage status and priority of support tickets
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Support levels
Monday to Friday, 9am to 5pm.
Excludes UK bank holidays.

Monday to Friday, 8am to 6pm.
Saturday, Sunday and UK bank holidays, 8am to 6pm.

Mission Critical:
24 x 7 x 365.

Standard - minimum £500 / month.
Enhanced - minimum £2,000 / month.
Mission Critical - minimum £5,000 / month.

We provide technical support and a dedicated account manager for larger contracts.
Support available to third parties

Onboarding and offboarding

Getting started
HTK typically proposes an initial call or face-to-face meeting with all relevant stakeholders to discuss the requirements in more detail, and to understand your goals for the proposed solution. From this discussion we would expect to gain agreement regarding ‘what success looks like’, together with an understanding of how it will be measured. Our approach is geared to help ensure a solid financial return on your investment.
Depending on your requirements and the scale of the delivery, we’ll document a plan containing key tasks and milestones, to help ensure that delivery can be tracked and achieved in line with your expectations.

HTK provides unlimited, free-of-charge access to an online knowledge-base containing detailed step-by-step instructions on how to use and get the most benefit from Horizon. This online resource is available to all, and can be accessed from within Horizon to obtain context-sensitive information related to the current task at hand.
HTK also provides on-site training for individuals (e.g. ‘train the trainer’ sessions) or for groups of end-users. Requirements for on-site training will typically be established within the delivery plan. In all cases, training material will be prepared to suit the course delegates and the needs of your particular project.
Service documentation
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Upon request (made within 30 days after the effective date of termination of a purchased services subscription) HTK will make your data available to you for download in comma separated value (.csv) format along with any attachments in their native format.
End-of-contract process
Upon request (made within 30 days after the effective date of termination of a purchased services subscription) HTK will make your data available to you for download in comma separated value (.csv) format along with any attachments in their native format. There is no charge for this service. If there is a need to securely terminate connections to customer systems or other third party systems that have been used to deliver the contracted service then a process and timeline will be agreed with the customer. Depending on the complexity of the termination process this may result in additional costs. There may also be cost implications if there any requirements for early termination of third party licence agreements established specifically for the support of the service.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
Application to install
Designed for use on mobile devices
Service interface
User support accessibility
None or don’t know
Description of service interface
Services are accessed via an online user Interface
Accessibility standards
None or don’t know
Description of accessibility
Users can access all the service features via the user interface. User access to certain features of the service can be controlled through a combination of product licences and role-based user permissions.
Accessibility testing
What users can and can't do using the API
Horizon services are exposed through two APIs, known as the Portal API and the Admin API.

The Portal API runs in the context of a single end-customer (a Horizon Contact) and is designed to be called by websites and mobile app implementations, while the Admin API provides methods that can affect multiple Horizon Contacts and is generally used for systems integration.
API documentation
API documentation formats
Open API (also known as Swagger)
API sandbox or test environment
Customisation available


Independence of resources
The service architecture has been designed to auto-scale to accommodate the volume of transactions [messages] being processed.


Service usage metrics
Metrics types
User activity monitoring.
Message sending volumes.
Message sending and delivery status.
Customer interaction reports.
Campaign reporting.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Users can export their data through data download features built into the service User Interface.
Data export formats
Data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
Service Availability 99.9% to 100% (Monthly Service Outage Up to 45 minutes):
Service credit Month 1 - 0%.
Service credit Month 2 - 0%.
Service credit Month 3 - 0%.

Service Availability 95% to 99.9% (Monthly service outage 45 minutes to 36.5 hours):
Service credit Month 1 -10%.
Service credit Month 2 - 25%.
Service credit Month 3 - 50%.

Service Availability 90% to 94.99% (Monthly service outage 36.5 hours to 73 hours):
Service credit Month 1 - 25%.
Service credit Month 2 - 50%.
Service credit Month 3 - 75%.

Service Availability 75% to 89.99% (Monthly service outage 73 hours to 182.5 hours):
Service credit Month 1 - 50%.
Service credit Month 2 - 75%.
Service credit Month 3 - 100%.

Service Availability 74.99% or below (Monthly service outage More than 182.5 hours):
Service credit Month 1 - 100%
Service credit Month 2 - 100%
Service credit Month 3 - 100%
Approach to resilience
Available on request
Outage reporting
A service status page will be displayed on the service link [URL]. Customers will be informed by email, SMS and telephone alerts as defined by their SLA.

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels
All access to key management systems and support systems has to authorised by senior management. Access requirements are regularly reviewed by the HTK Operational Management team.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Cyber essentials
Cyber essentials plus
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes
HTK has documented security policies that adhere to the requirements of ISO27001 and are available to all employees via an internal Google drive system. All employees are briefed on the security requirements of their role and are required to complete a security assessment at least once a year. All policies and procedures are reviewed and audited with the assistance of an external organisation once a month.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
All service components developed to support the service are subject to a series of release review from design through, development, QA and into live deployment. All release reviews are documented. The possible introduction of security vulnerabilities is assessed at the design stage and is a specific item on the agenda for each release review.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
HTK has comprehensive service monitoring and alerting in place to detect any possible security breaches. The performance of these systems is reviewed on a weekly basis by the HTK Operational Management Team. Patches are normally deployed within a matter of hours of the vulnerability being detected or reported. The HTK team constantly monitors relevant industry and supplier noticeboards for reports as well as social media channels where appropriate.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
All key operational service components are monitored and have alerting set up to report any possible attacks. Responses to potential compromise depends on the perceived level of risk. If the risk is high then an incident report will be raised on the internal communication system and key personnel and senior management will discuss the actions required to address the potential compromise. If the issue is high risk then an immediate plan of action will be created and implemented.
Incident management type
Supplier-defined controls
Incident management approach
HTK has a documented process for the reporting and management of incidents. Users [internal or customer] can raise an incident report via the HTK Help Desk. As with potential security threats the incident will also be reported via a dedicated internal communications channel. If an incident has had an impact on a customer service then an incident report will be created and emailed to those customers impacted by the incident.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks

Social Value

Fighting climate change

Fighting climate change

It is HTK’s objective to carry out all measures reasonably practicable to meet, exceed or develop all necessary or desirable requirements and to continually improve environmental performance, with a target of net-zero carbon emissions by 2027.
Equal opportunity

Equal opportunity

HTK is an Equal Opportunities employer and is committed to staff development.


HTK operates a flexible working policy and provides all employees with access to private medical insurance, for them and their families.


£500 a licence a month
Discount for educational organisations
Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.