PCI-DSS Compliance Solution
PCI compliance for your voice transactions to protect your business from fraud; no card information is ever revealed by the call recipient. No interruption to the conversation without need to pause, suppress or manipulate recordings. This delivers savings by reducing the number of PCI controls required simplifying auditing and management.
Features
- Real-Time Data Masking: Hides sensitive information during calls automatically.
- Seamless Integration: Compatible with existing systems & no upgrades needed.
- Voice Processing: Maintains natural conversation flow without interruptions.
- Automated Reporting: Automatically generates necessary compliance reports.
- Encryption: Employs strong encryption protocols for data security.
- Scalable : Easily adjusts to increasing call volumes.
- Data Storage: Prevents local storage of sensitive cardholder data.
- 24/7 Monitoring: Offers constant monitoring and technical support.
- Auditing: Includes detailed logging and auditing tools.
- User-Friendly Dashboard: Centralised management and reporting dashboard.
Benefits
- Enhanced Security: Protects against data breaches and fraud.
- Regulatory Compliance: Ensures adherence to strict PCI-DSS requirements.
- Cost Savings: Reduces required PCI controls and associated costs
- Improved Customer Trust: Secures payment information, boosting consumer confidence
- Operational Efficiency: Streamlines operations, maintaining call quality.
- Flexibility: Adapts easily to various business sizes and needs.
- Data Integrity: Maintains data integrity with advanced encryption.
- Minimal Disruption: Minimal impact to existing workflows during implementation.
- Simplified Auditing: Streamlines management and auditing processes.
- Business Continuity: Supports continuous operation during compliance activities.
Pricing
£7.50 a licence a month
- Education pricing available
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
4 1 7 4 2 7 9 2 4 6 3 2 4 7 7
Contact
Silver Lining Convergence Limited
Silver Lining
Telephone: 0345 313 1111
Email: sales@silver-lining.com
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Private cloud
- Service constraints
- N/A
- System requirements
- None, Fully managed solution
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- The SLA is from 30 minutes
- User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- None or don’t know
- Phone support
- Yes
- Phone support availability
- 24 hours, 7 days a week
- Web chat support
- No
- Onsite support
- Onsite support
- Support levels
- We provide comprehensive support services tailored to ensure uninterrupted operations and customer satisfaction. Our support is available 24/7/365, offering unlimited fault resolution to promptly address and rectify any issues that may arise, ensuring minimal disruption to your business operations. Each client benefits from a personalised service as they are assigned a dedicated Technical Account Manager. This manager acts as your primary point of contact, helping to streamline communications and ensure that all your service needs are met efficiently. Additionally, a dedicated solutions manager is assigned to each client to help customise our solutions to fit your specific requirements perfectly, enhancing the overall effectiveness of the deployed solutions. For detailed information on the various support tiers and associated costs, we encourage potential clients to get in touch with us directly.
- Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
-
To ensure users start using our service smoothly, we have developed a comprehensive onboarding process managed by a dedicated project team, led by an experienced PRINCE2-certified project manager. Our approach begins with 'kick-off' and 'discovery' meetings to understand your specific needs and establish a tailored onboarding strategy.
We provide flexible training options including online and in-person sessions, designed to make users proficient in operating our service. These training programmes accommodate all user levels, ensuring everyone from tech-savvy to novice users can effectively utilise our offerings.
In addition to training, we supply detailed user documentation and welcome packs. These resources are crafted to guide users through the service features and functionalities, enabling them to navigate and leverage our service effectively right from the start. The documentation is easily accessible and regularly updated to reflect the latest features and best practices.
Our aim is to facilitate a seamless transition to our services, ensuring that every user can maximise the benefits from day one with confidence and support. - Service documentation
- Yes
- Documentation formats
-
- HTML
- End-of-contract data extraction
- Varies based on solution taken.
- End-of-contract process
- Varies based on solution taken.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Opera
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- None noted. Service works on all platforms. Only difference is amount of real estate utilised.
- Service interface
- Yes
- User support accessibility
- None or don’t know
- Description of service interface
- Our PCI solution uses technology that doesnt store any card data, intercepts and mutes keypad tones to provide companies with a secure way of handling card payments.
- Accessibility standards
- None or don’t know
- Description of accessibility
- N/A
- Accessibility testing
- N/A
- API
- Yes
- What users can and can't do using the API
-
Date/Time
CLI/DDI
Agent/Department/Company Name/Number/Identification
Order/Transaction Number
CRM/PSP Integration
PSP Transaction Number
Accept / Decline Detail - API documentation
- Yes
- API documentation formats
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
- The landing page and any subsequent pages can be specifically customised to the client, team or company utilising the solution.
Scaling
- Independence of resources
- Organisations have private dedicated resource.
Analytics
- Service usage metrics
- Yes
- Metrics types
-
Metrics types
CPU
Disk
HTTP request and response status
Memory
Network
Number of active instances - Reporting types
-
- API access
- Real-time dashboards
- Regular reports
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Conforms to BS7858:2019
- Government security clearance
- Up to Security Clearance (SC)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least every 6 months
- Penetration testing approach
- ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
- Protecting data at rest
-
- Physical access control, complying with CSA CCM v3.0
- Physical access control, complying with SSAE-16 / ISAE 3402
- Physical access control, complying with another standard
- Encryption of all physical media
- Data sanitisation process
- Yes
- Data sanitisation type
-
- Explicit overwriting of storage before reallocation
- Deleted data can’t be directly accessed
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
- N/A no data is stored in within the system.
- Data export formats
- Other
- Other data export formats
- N/a
- Data import formats
- Other
- Other data import formats
- N/A
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- Private network or public sector network
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Bonded fibre optic connections
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
Availability and resilience
- Guaranteed availability
- 100% infrastructure uptime guarantee, up to 99.999% service availability.
- Approach to resilience
-
Our cloud service is designed with a robust multi-layer resilience strategy. The core network utilises the latest technology, connecting to multiple availability zones across multiple data centres across the UK. This setup is fully multihomed and includes multi-location interconnects with internet transit for enhanced reliability.
Strategically positioned outside of Greater London, the availability zones ensure our network exceeds all standard survivability requirements. Our infrastructure allows for distribution across the whole network, with banking-grade availability and data protection. This includes real-time synchronous data centre replication for storage and cross data centre failover, alongside mirroring of compute workloads through VMware’s hyperconverged infrastructure.
To safeguard against data loss, all data is backed up to converged storage nodes equipped with checksumming to prevent corruption. Our rigorous engineering protocols are designed to eliminate human error and maintain high standards of change control. This commitment to operational excellence ensures that our cloud platform remains one of the UK’s most reliable solutions for a comprehensive approach to resilience, no matter the product. Specific details on our data centre setup are available upon request to maintain security and confidentiality. - Outage reporting
- Online Portal, E-mail alerts, Ticket updates, Calls from the support desk.
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Dedicated link (for example VPN)
- Username or password
- Access restrictions in management interfaces and support channels
- Privileged access policies implemented.
- Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Dedicated link (for example VPN)
- Username or password
Audit information for users
- Access to user activity audit information
- Users contact the support team to get audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- User-defined
- How long system logs are stored for
- User-defined
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- BSI
- ISO/IEC 27001 accreditation date
- 09/06/2023
- What the ISO/IEC 27001 doesn’t cover
-
Varies on service taken.
Initial Certification: 03 June 2017
Latest Issue: 09 June 2023
Expiry Date: 03 May 2026 - ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- Yes
- Who accredited the PCI DSS certification
- ProCheckup
- PCI DSS accreditation date
- July 2023
- What the PCI DSS doesn’t cover
- Services outside the PCI Level 1 accredited environment
- Cyber essentials
- Yes
- Cyber essentials plus
- Yes
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
- Strict internal processes as well as ISO27001, PCI level 1 Certified, GDPR best practices, ITIL framework etc.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
- Change management is implemented at varying approval levels with risk assessments and roll back considered. We work to customer change management process as well as our own.
- Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
- Internal policies which are audited by an approved third party. Patches are deployed in line with our patching policy. Threat information is supplied by software vendors and accredited third parties.
- Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
- Varies based on solution taken.
- Incident management type
- Supplier-defined controls
- Incident management approach
- Varies based on solution taken.
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Public sector networks
- Connection to public sector networks
- No
Social Value
- Social Value
-
Social Value
- Fighting climate change
- Tackling economic inequality
- Equal opportunity
- Wellbeing
Fighting climate change
Silver Lining is deeply committed to environmental sustainability, guided by the principle of leaving the world better than we found it. Our efforts, underpinned by ISO 14001 accreditation, focus on minimising our carbon footprint through various initiatives. This includes establishing an effective environmental management system aimed at reducing waste, improving operational efficiency, and lowering toxic emissions. We prioritise recycling internally and among stakeholders, opt for environmentally friendly products, and ensure compliance with or exceeding environmental legislation.
Through accredited programs, we offset greenhouse gas emissions, resulting in significant energy reductions. For instance, from January 2021 to January 2022, our energy consumption decreased from 9,600 kWh to 6,600 kWh, further bolstered by investments in solar panels. Additionally, our vehicle fleet transitioned to 90% electric, with plans to reach 100% by the end of 2024, positively impacting local air quality and reducing our carbon footprint.
Our participation in the SME Climate HUB aligns with our commitment to net-zero emissions and climate change mitigation. Internally, we promote renewable energy use, achieve 80% paperless operations, and utilise energy-efficient office systems. Initiatives like the cycle-to-work scheme, supported by recycled-material bike shelters, and eco-friendly event products, such as biodegradable Silver Lining bags, further our sustainability goals.
Our innovative Cloud PC or Virtual Desktop solution contributes to carbon emission reduction by eliminating traditional desktop computing inefficiencies. Deploying virtual desktops for 1,000 users can save approximately 66.7 tonnes of CO2 annually.
As we progress towards a net-zero future, sustainability remains a core pillar driving every decision and initiative at Silver Lining.Tackling economic inequality
We are deeply committed to workforce diversity and inclusion. By implementing targeted recruitment and inclusive practices, we ensure meaningful opportunities for all, particularly those facing employment barriers. Our onboarding and apprenticeship schemes, with a 90% retention rate and pathways to managerial roles, highlight our dedication to employee development and reflect similar commitments in our supply chain management.
In collaboration with educational institutions, we invest in skill development tailored to high-growth industries, preparing our workforce and supply chain partners for future challenges. These efforts are complemented by targeted training schemes that support educational attainment and skill qualification, empowering individuals to excel in their roles and contribute to our projects meaningfully.
Silver Lining promotes responsible business practices across our stakeholder network, advocating for workforce development and community engagement to create a thriving ecosystem of employment and skills development. Our fair and responsible approach in the supply chain ensures collaborative and productive partnerships.Equal opportunity
At Silver Lining, inclusivity isn't just a buzzword; it's a guiding principle deeply ingrained in every aspect of the company's operations. One of the most tangible manifestations of this commitment is seen in how the company prioritises the representation of disabled individuals within its contract workforce. This isn't merely about meeting quotas or ticking boxes; it's about recognising the immense value that people of all abilities bring to the table and ensuring that everyone has equal opportunities to thrive.
Central to Silver Lining's approach is its investment in specialised training programs designed to cater to the unique needs of disabled individuals. By offering accessible training, the company not only equips these individuals with the skills necessary for success but also sends a powerful message of inclusion and empowerment. Through these programs, Silver Lining doesn't just fulfil contracts; it nurtures personal and professional growth, instilling a sense of confidence and capability in its workforce.
But Silver Lining's commitment to inclusivity extends far beyond the confines of its own operations. The company actively advocates for disabled individuals through inclusive policies, awareness campaigns, and proactive engagement with the broader community such as some of the charities we closely work with. By leveraging its influence and resources, Silver Lining seeks to effect meaningful change, not only within its own walls but also in society at large.
In doing so, Silver Lining contributes to a more equitable and accessible world where individuals of all abilities are valued and given the opportunity to thrive. By championing inclusivity in the workplace and beyond, the company serves as a beacon of hope, inspiring others to join in the pursuit of a more just and inclusive society.Wellbeing
Silver Lining exemplifies how collaboration with users and communities can be integrated into business operations to strengthen community ties and enhance well-being. At its core, the company prioritises the health and well-being of all stakeholders by offering flexible working hours. This policy acknowledges the diverse personal responsibilities and lifestyles of employees, allowing them to adjust their work schedules to fit their needs while maintaining productivity. Such flexibility not only boosts employee satisfaction but also underscores a commitment to work-life balance.
Further fostering a cohesive work culture, Silver Lining invests in regular team-building and social activities. Each department receives a monthly budget for social outings, providing fun opportunities for team members to unwind and connect outside of the work setting. These gatherings not only help reduce work-related stress but also strengthen interpersonal relationships within the company.
Additionally, Silver Lining takes significant steps to support mental health. The company employs trained mental health first aiders, creates well-being-focused areas in the workplace, and organises all-expenses-paid trips to promote relaxation and bonding among staff. These initiatives demonstrate a deep commitment to creating a supportive environment where employees can thrive physically and mentally.
Through these efforts, Silver Lining not only positively influences its employees but also extends its impact to suppliers, customers, and the broader community. By embedding these values in the delivery of its contracts, Silver Lining sets a high standard for corporate responsibility and community integration, encouraging other organisations to adopt similar approaches for the benefit of their communities. This holistic approach significantly contributes to building strong, integrated communities centred around well-being and collective growth.
Pricing
- Price
- £7.50 a licence a month
- Discount for educational organisations
- Yes
- Free trial available
- Yes
- Description of free trial
- Demo accounts on request.