DEVYCE LIMITED

Devyce

Devyce is a smarter cloud-based VoIP service. With mobile and desktop apps, the phone system works from anywhere and allows your staff to work as well at home as in the office. AI-assisted features help improve productivity and record-keeping.

Features

• mobile apps
• real-time analytics
• live call summarisation
• call groups
• custom voicemail
• do-not-disturb and business hours functionality

Benefits

• be contacted at home as easily as at the office
• store call records to the same level as email
• monitor staff performance while avoiding micromanagement
• make and receive calls on multiple devices
• unlimited UK minutes included to avoid bill shock

£25 a user a month

• Free trial available

Service documents

• Pricing document

  ODT

• Service definition document

  ODT

• Terms and conditions

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at nick.browne@devyce.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

475711114212792

Contact

Nick Browne
02080409999
nick.browne@devyce.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: Our mobile apps are designed to work on handsets updated within the last few years, from Android 9 and iOS 15 upwards. This will continue to be incremented over time as older versions go out of support. Our browser apps are designed for Chrome and Safari but should work with Firefox
• System requirements:
  • For iOS - 15 upwards (e.g. iPhone 6S)
  • For Android - 9 upwards (phones from around 2018 onwards)
  • Headset recommended for browser-based softphone

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Our average response time for emails is 3 minutes during working hours. At weekends we aim to reply the same day
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: No
• Support levels: We provide everyone with the same great support. We provide an account manager for all customers with more than one user, who has direct access to our development team.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We routinely provide online training, and can offer this to all users of the system if required - although we don't find it's usually necessary. We have a knowledge base with further documentation as well as some starter videos. The product itself has onboarding steps included, for example as tooltips, so normal users tend to be able to onboard themselves.; ; We would be happy to provide on-site training if needed.
• Service documentation: No
• End-of-contract data extraction: Users can contact us for a CSV of their data, or in any other reasonable format.
• End-of-contract process: We don't have fixed-term contracts. We offer to port-out numbers to any other supplier who is capable of taking them. You can export a CSV of all call data from within our management portal.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Our mobile apps are broadly comparable to our browser-based softphone, although some features may initially be only available on one platform. Our management portal is not designed to work on mobile.
• Service interface: No
• User support accessibility: None or don’t know
• API: No
• Customisation available: No

Scaling

• Independence of resources: Our cloud resources are automatically scaled based on usage, which means that all users experience good service. We apply temporary delays in the case of extreme usage (e.g. multiple calls per user per minute to consecutive numbers in a range) while we investigate to ensure behaviour is legitimate. These limits are unlikely to apply to government use.

Analytics

• Service usage metrics: Yes
• Metrics types: We have a self-service dashboard showing call statistics, broken down optionally by user. Users can export a CSV file with full data for their own analysis.
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
  • Other
• Other data at rest protection approach: Our data is stored in Microsoft Azure data centres, encrypted at rest and physically secured - we understand in accordance with SSAE-16 / ISAE 3402.
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Users can export a CSV of call data from our management portal with no assistance from our support team.; ; We can provide different data on request by extending our API.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: We aim to provide a 99.9% uptime on our service. Due to the nature of the telecoms network, we cannot provide a firm SLA (for example, if one of the major UK telecoms providers fails, calls into our service would be impacted too)
• Approach to resilience: Critical data is stored in multiple locations in the UK. Our core infrastructure is replicated, including with a previous version of the code as a hot standby, in the EU as well as UK.
• Outage reporting: We send emails or in-app messages to our users in the event of any non-trivial outages.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: Our management interface uses RBAC to restrict access (and features) to users with particular management roles. In support channels, we check whether a user is in one of these roles before performing actions that would affect the service. We check whether a user is who they say they are before performing sensitive actions.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Other
• Description of management access authentication: Hardware security keys or passkeys for all priviledged access.

Audit information for users

• Access to user activity audit information: No audit information available
• Access to supplier activity audit information: No audit information available
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: We are currently working towards our ISO 27001 and following that standard as we progress towards certification.
• Information security policies and processes: We restrict access to private data and to our production environment, such that developers cannot access either. We do have a break-glass approach which would require multiple key staff for it to be enacted.; ; Our CTO, who is one of our founders, and with experience in sensitive financial environments, directly oversees the information security aspects of the business, implementing many of them personally.; ; We ensure policies are followed by conducting regular internal assessments. We aim to remember that communications data is in many respects much more sensitive than, for example, financial data and treat it with the upmost confidence.; ; We continue to evolve our processes as we implement ISO 27001.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: We review code both automatically and manually before changes are made. Automatic tools also check for known vulnerabilities in third party libraries. After deployment, we monitor for changes in behaviour.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Automatic tools check our code base automatically for third party vulnerabilities. We assess based on risk as well as impact in our specific use case, and can patch near-immediately if necessary.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We have automated alerting through Slack for abnormalities, with phone calls / SMSes to key technical and board-level contacts in the case of significant deviations. We can respond near-immediately.
• Incident management type: Supplier-defined controls
• Incident management approach: We are working towards ISO 27001 at present. Users can report incidents directly to our support team, who pass them on to our on-call developer for investigation and escalation. Incident reports are provided by email to registered users.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Equal opportunity
  • Wellbeing

  Equal opportunity

  Our product is designed to support hybrid working, making it easy for workers to work remotely. This helps support people back into the workforce who might otherwise be excluded.

  Wellbeing

  Our product is designed to support hybrid working, making it easy for workers to work remotely. By allowing users or managers to turn off calls outside of work hours, we help maintain a healthy work-life balance while keeping staff contactable at work.

Pricing

• Price: £25 a user a month
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: 14 day free trial, extendable for a further 14 days on request. We do limit the number of calls and messages made during a trial until we can verify you. All other features are included.

Service documents

• Pricing document

  ODT

• Service definition document

  ODT

• Terms and conditions

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at nick.browne@devyce.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.