Cirrus - Contact Centre Sandbox
Provides Cirrus users with an entirely segregated instance within the CCaaS platform. This allows customers to innovate in a safe environment while your business operates without interruption.
If you have the requirement for a unique set-up, complete customised configurations, workflows and business rules.
Features
- Sandbox allows you to create replicas of your production environment.
- Test before you roll out.
- Unique set-up, completely customised.
Benefits
- Safe environment while your business operates without interruption.
- Build, test and train, making the big changes feel seamless.
- Big rollouts are done with your mind at ease.
Pricing
£500.00 an instance a month
Service documents
Request an accessible format
Framework
G-Cloud 13
Service ID
4 0 0 4 5 2 1 3 7 1 0 1 8 8 1
Contact
Cirrus
Sales
Telephone: 0333 103 3440
Email: sales@cirrusresponse.com
Service scope
- Software add-on or extension
- Yes
- What software services is the service an extension to
- Extends to the wider Cirrus CCaaS portfolio
- Cloud deployment model
- Public cloud
- Service constraints
- No
- System requirements
-
- Business-grade internet connection
- Internet browser
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
-
Cirrus services are supported 24 hours a day, 365 days a year for all service faults. For day to day support there are 3 levels of support customers can opt for:
• Fully Managed Service - 24/7
• Fully Managed Service – Business Hours
• 2nd Line Support – Business Hours.
Pricing is provided under the Cirrus Support Services for G-Cloud 13 Service Listing. You will be assigned a Service Delivery Manager, details of this can be found within the Service Definition document accompanying this listing. - User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- WCAG 2.1 AA or EN 301 549
- Phone support
- Yes
- Phone support availability
- 24 hours, 7 days a week
- Web chat support
- Web chat
- Web chat support availability
- 24 hours, 7 days a week
- Web chat support accessibility standard
- WCAG 2.1 AA or EN 301 549
- Web chat accessibility testing
- Our web chat support service is under continual development to insure inclusivity and accessibility for all Contact Centre staff. We are committed to WCAG accreditation and are currently in the Auditing process with an external WCAG verifier against version 2.1 guidelines to AA standard.
- Onsite support
- Yes, at extra cost
- Support levels
-
Cirrus services are supported 24 hours a day, 365 days a year for all service faults. For day to day support there are 3 levels of support customers can opt for:
• Fully Managed Service - 24/7
• Fully Managed Service – Business Hours
• 2nd Line Support – Business Hours.
Pricing is provided under the Cirrus Support Services for G-Cloud 13 Service Listing. You will be assigned a Service Delivery Manager, details of this can be found within the Service Definition document accompanying this listing. - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- We consider the PRINCE 2 based project management approach used by our Project Delivery team as instrumental to the success of our deployments. We follow a standardised 7 step approach to ensure that the transition from your incumbent solution to your new Contact Centre solution goes seamlessly. Our customers are assigned a Project Manager who will be responsible for ensuring that the end to end implementation of your solution is delivered efficiently and accurately. Our approach to service delivery ensures that Contact Centre staff are equipped and capable to deal not only with the service in its current iteration, but to be able to effectively plan, develop and refine their own processes and workflow directly with the platform's administrative portals.
- Service documentation
- Yes
- Documentation formats
- End-of-contract data extraction
- The customer will need to extract any customer generated statistics and data from the platform, all data not already transferred over to the customer will be transferred VIA SFTP to a nominated location. There is a per GB cost for the transfer, please refer to your pricing calculator for the transfer costs, Cirrus will confirm the file size once notice has been received. All remaining customer data will be destroyed will be following a 28 day data extraction period.
- End-of-contract process
- Cirrus provides a simple and quick exit process for customers. Additional costs are related to data extraction, if there are any remaining recordings on the Cirrus platform. Customers can give notice in accordance with the terms in the contract.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Application to install
- Yes
- Compatible operating systems
- Windows
- Designed for use on mobile devices
- No
- Service interface
- Yes
- User support accessibility
- WCAG 2.1 AA or EN 301 549
- Description of service interface
- The service is available entirely through a web-browser – regardless of user role (agent, supervisor, administrator) – and can be accessed anywhere with an appropriate internet connection. Our browser-based administration portal allows those with the appropriate permissions to make changes to the service in real-time from any internet-enabled location. We have ensured that a wealth of detail is provided directly within the service's browser-based interface, enabling quick and easy reference for adminstrative tasks, regardless of complexity.
- Accessibility standards
- WCAG 2.1 AA or EN 301 549
- Accessibility testing
- The proposed Contact Centre platform is under continual development to insure inclusivity and accessibility for all Contact Centre staff. We are committed to WCAG accreditation and are currently in the Auditing process with an external WCAG verifier against version 2.1 guidelines to AA standard.
- API
- Yes
- What users can and can't do using the API
-
Cirrus provides RESTful APIs based on open API standards, allowing for a wide range of operations to control and manage the platform. Cirrus also allows users to configure remote API calls within the platform, allowing customers to pull information on demand from other third party systems. Variable data can be stored and manipulated within the platform allowing customers to implement complex business process.
API access and security can be configured via the Cirrus portal. - API documentation
- Yes
- API documentation formats
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
-
Each Agent widget can be customised both functionally and aesthetically, with a multitude of configuration options available for each individual widget instance utilising nothing more than the inherent capabilities of a modern desktop browser; vital when supporting users with special assistive needs such as those with visual impairments.
The Advisor and Supervisor interfaces are completely customisable, and a bespoke configuration is created for each customer, which can be different right down to each individual if needed, but typically is tailored to each service team.
Scaling
- Independence of resources
- Our network has been designed to provide multi-tenanted elasticity in relation to both computational and storage-based expansion across our entire customer network. Our triple-datacentre voice architecture enables load-balancing across all active application clusters in a way that supports exponential scale in demand.
Analytics
- Service usage metrics
- No
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Conforms to BS7858:2019
- Government security clearance
- Up to Security Clearance (SC)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- No
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least every 6 months
- Penetration testing approach
- Another external penetration testing organisation
- Protecting data at rest
-
- Physical access control, complying with SSAE-16 / ISAE 3402
- Other
- Other data at rest protection approach
- All customer data is encrypted at rest using AES-128 and AES-256 technologies
- Data sanitisation process
- Yes
- Data sanitisation type
- Deleted data can’t be directly accessed
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
- Data is available via online portal download
- Data export formats
-
- CSV
- Other
- Other data export formats
-
- HTML
- WAV
- MP3
- REST-based API
- Data import formats
-
- CSV
- Other
- Other data import formats
-
- WAV
- REST-based API
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- TLS (version 1.2 or above)
- Other
- Other protection between networks
- All customer data is encrypted at rest and in transit using AES-128 and AES-256 technologies.
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- Other
- Other protection within supplier network
- Data is transited between data centres via private backbone links.
Availability and resilience
- Guaranteed availability
- The solution provides a 99.999% uptime guarantee – underpinned by technology that utilises 3 different sites that work simultaneously delivering a 60-second Recovery Time Objective (RTO) and Recovery Point Objective (RPO) promise.
- Approach to resilience
-
Voice data is replicated to each of these sites every 100ms meaning that all 3 sites continuously work as part of a single cloud system. This is unlike other “cloud” providers which typically utilise a single live data centre with a “standby” data centre that must be brought online in the event of a fault. Every element of the voice service is truly “Active / Active / Active” – meaning that there is no single point of failure throughout our whole network; and every network component has at least two other mirrors on the other sites.
The application, platform and underlying core networks are monitored 24x7 by our dedicated Network Operations Centre (NOC). This means there is no need for customers to monitor the application core, which is hosted across the wider data centre architecture and monitored around-the-clock as part of our managed service. - Outage reporting
- Dashboards, Email, SMS and Voice IVR alerts where the circumstance require.
Identity and authentication
- User authentication needed
- Yes
- User authentication
- Username or password
- Access restrictions in management interfaces and support channels
- Multiple levels of access control can be supported utilising a roles-based approach. Access can be configured on an individual basis or across a wider sub-set of agents, teams or departments. In this way, distinct segregation of data can be handled on the platform across reporting visibility, channel availability (e.g. "voice only" access or "voice, email and messaging"), status codes (break / busy) and administrative / management functions.
- Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- Username or password
- Other
- Description of management access authentication
- Managers log in to our web-based UI with a simple username and password, providing inherent capability for Managers to work outside of the office as a remote working solution. All adminstrative changes are fully audited in the platform including user status changes, IP addresses, browser versions and general configuration amendments. These changes are captured as part of a comprehensive system audit log. Every button click in the service web portal is tracked and logged within our comprehensive audit log. There is a full audit trail of every change made, with the ability to revert at the click of a button.
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- Users have access to real-time audit information
- How long supplier audit data is stored for
- User-defined
- How long system logs are stored for
- User-defined
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- QMS International Ltd
- ISO/IEC 27001 accreditation date
- 17/02/2022
- What the ISO/IEC 27001 doesn’t cover
- N/A
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- Yes
- Who accredited the PCI DSS certification
- BCH Bristol
- PCI DSS accreditation date
- 01/12/2021
- What the PCI DSS doesn’t cover
- N/A
- Cyber essentials
- Yes
- Cyber essentials plus
- Yes
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
-
We are ISO 27001 accredited and we have information security policies and processes in place across the organisation. Our reporting structure is as follows:
1. The Directors have approved all processes and policies
2. Overall responsibility for Information Security rests with the ISMS Manager
3. All employees or agents acting on the Company’s behalf have a duty to safeguard assets, including locations, hardware, software, systems or information, in their care and to report any suspected breach in security without delay, direct to the Operations Director and/or the ISMS Manager.
Operational security
- Configuration and change management standard
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Configuration and change management approach
- The configuration management processes are part of the overall Service Asset and Configuration Management process. Our Configuration Items (CIs) include hardware, software, buildings, people and formal documentation and the relevant information is managed throughout the lifecycle. The processes for doing this are clearly documented, for example Change Control processes.
- Vulnerability management type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Vulnerability management approach
-
• External vulnerability scans (frequency)
Quarterly
• Internal vulnerability scans
Yes
• External Penetration Test (frequency)
Annual Penetration testing is conducted on the network perimeter and infrastructure, and websites used to host, process or transmit client Data as part of the Cyber Essentials Plus certification
• Internal Penetration Test
Yes
Our database is monitored and reviewed to determine required security related patches.
We use an industry accredited Anti-Virus, updates are minimum once daily. - Protective monitoring type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Protective monitoring approach
- The service is monitored 24 hours a day using Zabbix, Grafana and bespoke software which collects various statistics from servers, applications, and devices. Any potential compromises are immediately alerted via email and SMS to the security team. Response time and rates are specific to the nature of the potential compromise, for example, a user failing authentication 3 times in under 5 minutes would be treated differently to a user failing authentication 50 times in under 60 seconds.
- Incident management type
- Supplier-defined controls
- Incident management approach
- Cirrus has standard incident management procedures in place to ensure that we are able to restore a service as quickly as possible and to minimise adverse impact on business operations. Customers are able to raise an incident or service request by telephone or email. Queries to Cirrus Support are logged as cases within our support system and categorised according to Priority. Customers receive incident reports via email.
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Public sector networks
- Connection to public sector networks
- Yes
- Connected networks
- NHS Network (N3)
Social Value
- Fighting climate change
-
Fighting climate change
We consider ourselves to be very fortunate at Cirrus, which is why we’ve made it a core part of our culture to embrace Corporate Social Responsibility from our inception, to ensure we do business ethically and play our part in the community. In 2020, Cirrus won the CSR award at the Comms National Awards. This award recognises organisations that embrace CSR in a highly positive manner and has develop successful programmes to make the organisation socially accountable to itself, its stakeholders, its customers and the general public. We take our responsibility to the environment seriously and are accredited by ISO 14001. This is an internationally agreed standard that sets out the requirements for an environmental management system. It helps organisations improve their environmental performance through more efficient use of resources and reduction of waste. Click here to read our sustainability policy. - Tackling economic inequality
-
Tackling economic inequality
We support the apprenticeship scheme. We currently have one Apprentice who we are supporting, and have had more in the past who we have retained and have progressed internally via promotions, after they completed the scheme. - Equal opportunity
-
Equal opportunity
We have a very high ratio of female to males (40/60) employed at Cirrus.
We also have a Hiring Policy which supports Equal Opportunity recruitment decisions:
It is the Policy of the Company that all employment decisions are based on principles of Equal Employment Opportunity. Accordingly, the Company does not discriminate on the basis of race, colour, creed, gender, national origin, disability, age, veteran status, citizenship, marital status or sexual orientation. The Company maintains a professional business environment that is free from harassment of verbal or physical nature.
This Policy applies to all applicants and employees and includes all personnel actions such
as:
1. Compensation
2. Benefits
3. Transfers
4. Training
5. Promotion
6. Employment termination. - Wellbeing
-
Wellbeing
We provide many initiatives to support our staff’s wellbeing:
• Unlimited Time Off – we also track employee’s holidays monthly to make sure they are taking enough time off
• Home Working Risk Assessments to make sure staff are working safely at home
• A wellbeing module on Perkbox (which all staff are automatically enrolled on). This includes exercise, meditation and wellbeing classes, to name a few.
• Staff dogs are welcome in the office, we regularly have 2 visit us!
• Volunteering (Make a Difference) days and charity initiatives which staff are encouraged to participate in, and are celebrated for doing so.
• Courses were provided to all staff with an external provider to support their wellbeing:
o Coping with COVID-19: April 2020
o Work-life balance and Resilience: March 2021
o Adjusting to change: November 2021
Pricing
- Price
- £500.00 an instance a month
- Discount for educational organisations
- No
- Free trial available
- No