OMILIA NATURAL LANGUAGE SOLUTIONS LTD

Omilia Cloud Platform® (OCP®)

Omilia Cloud Platform (OCP) is a massively scalable, globally reachable, highly-reliable platform, upon which customers can create scalable and reliable omnichannel automation solutions, in a secure and consistent fashion. OCP enables clients worldwide to augment customer communication with human-like Conversational automation services over any channel/location/language, and at any scale.

Features

• Multi-tenant architecture
• Omni-channel platform
• Easy integration through APIs
• Elastic Scalability
• Secure Cloud-to-Cloud or Cloud-to-Enterprise data flow
• Up to 99.99% service availability
• Powerful advanced analytics
• Multi-region
• Privacy by Design

Benefits

• Build next-gen conversational virtual assistants
• Improve caller interactions through natural human-like conversations
• Reduce costs while providing a seamless caller experience
• Achieve fast time-to-market through pre-built content
• Ensure consistent performance during demand spikes
• Transform data into actionable insights with analytics

£0.01 a unit

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at lbuxton@omilia.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

563021514110696

Contact

Lloyd Buxton
+4407734682332
lbuxton@omilia.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
• Service constraints: No constraints
• System requirements:
  • Compatible Web Browsers (Google Chrome recommended)
  • Internet connectivity over specified ports and URIs
  • Audio connectivity to specified network addresses/ports
  • G-Cloud customer APIs reachable from Omilia Cloud network (addresses/ports/URIs)

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: 24/7 support is offered therefore response times are the same during weekdays & weekends.; Based on severity, these are:; Severity 1 -> 0.5 hours; Severity 2 -> 1 hour; Severity 3 -> 8 hours; Severity 4 -> 2 business days
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Omilia Care: L1/L2:; Functions:; ‣ Detailed Problem Determination; ‣ Log collection / analysis; ‣ possible Bypass; ‣ Identification of failing module; ‣ Health Checks/Alerts: monitoring and SOP based processing of the Sev1/Sev2 ones; ‣ Clients facing Incident Management responsibilities: notifications, status updates, availability of RCA reports ; ‣ Escalation to L3 for defect reporting & resolution and incidents service restoration; ; Support Level: L3 (Omilia Platform, Product, Delivery); Functions:; ‣ Investigation of reported defects; ‣ Incident service restoration; ‣ Preparation and implementation of temporary fixes (Bypass); ‣ Scheduling and roll out of permanent fixes (Resolution); ; Technical Account Manager or Cloud Support Engineer can be provided upon request and at additional cost.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Omilia provides user documentation and online training as part of our deployment. Onsite training and custom documentation development can be part of a bespoke project (requires a defined scope of work, additional costs may apply).
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Omilia will extract data from our cloud platform at contract end, upon customer request. Data is provided as a bulk export, using formats relevant to each type of data (wav for Audio, CSV for tabular data, etc...). Specific requirements for data extraction (types of data, format of data, etc...) would be agreed to by Omilia and each customer. All data is encrypted before transmission to our clients. Data exports are only provided to authorized users.
• End-of-contract process: End of contract processes would include removal of data, or export of data, at client's request. The price of the contract includes "best effort" work (as defined by Omilia) to extract common data (as defined by Omilia), to export that data into a standard format (as defined by Omilia), and to remove data that Omilia determines is relevant to the client. Clients with specific requirements are encouraged to generate a bespoke project that fully clarifies all legal obligations to data disclosure, and ensures that all parties reach a mutually agreed outcome regarding each client's data. All data is encrypted before transmission to our clients. Data exports are only provided to authorized users.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Our service offers mobile automated experiences to citizens and customers for the purposes of Voice, Web chat, SMS and data notifications.; Omilia clients, who make moves/adds/changes/deletions to our service are expected to use full desktop environments.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: Users can fully manage the service through the OCP Console.; OCP Console® is a unified entry point for managing all OCP® services. It provides full control of all the services, such as:; - Accessing and using your OCP® services; - Configuring your OCP® services; - Submitting requests to the Support Center.; ; OCP Console® has an easy and intuitive interface and is designed for both advanced and novice users.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: Omilia has tested successfully to WCAG 2.1AΑ
• API: Yes
• What users can and can't do using the API: In general we follow open API practices. We make sure that everything we use is also accessible to our clients. Data are exposed via APIs unless there are security/privacy/compliance risks/considerations.
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
  • Other
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Authorised users can use web interfaces to customise the following:; 1. JSON files; 2. ASR models; 3. NLU models; 4. Machine Learning; 5. Announcement files ; 6. Autocorrect service models; 7. Language selection; 8. miniApps configuration; 9. Voice Biometrics configuration; 10. Orchestrator (Dialog Manager) configuration; 11. Manage telephone numbers; 12. Encryption management

Scaling

• Independence of resources: Omilia develops services using a 'microservice' architecture approach, and hosts those services using common DevOps methods: load balancers, dockerizers, dynamic resource allocation and more. This ensures that any load on the platform is immediately alleviated by additional resources that scale to handle unexpected loads.

Analytics

• Service usage metrics: Yes
• Metrics types: We monitor all our APIs usage, for example requests/second, total number of requests per day, etc.; For each service, we monitor the uptime of each application (e.g. NLU, Speech Recognition, etc.). ; For all services, we monitor a specific number of metrics. For example, for transcription service, we monitor total duration of audios transcribed.; For conversational applications, we monitor all dialog steps, duration of dialogs, successful/failed dialogs, reasons for errors.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Exported data, upon customer request, can be desensitised (de-identified) following a variety of industry strength techniques, including anonymization/pseudonymization/randomisation/redaction/purging/etc. in order to maintain customer data confidentiality and privacy. In the context of GDPR compliance of Omilia solution, end users (Data Subjects) can express their right to be informed about their personal data hosted in the solution, have these data rectified if required and have a copy of these data by following a formalised procedure.; Clients (Data Controllers) can have access to a dedicate interface from which they can export their respective data. ; Exported data do not include any kind of logs.
• Data export formats: Other
• Other data export formats:
  • JSON
  • ZIP
• Data import formats: Other
• Other data import formats:
  • WAV
  • JSON

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Omilia works to meet the Target Service Uptime (TSU), of 99.9% in a specific region--and 99.99% across multiple regions. This is in accordance with the terms set forth in the OCP Service Terms and Conditions. ; Following the end of each calendar month of the applicable Services Period, Omilia measures the OCP Services Availability Level over the immediately preceding month by using the calculation of total minutes in the month less downtime minutes divided by total minutes in the month, and multiplying the result by 100 to reach a percent figure.; Scheduled maintenance shall be excluded from downtime provided that the scheduled maintenance occurs during scheduled maintenance windows, which are communicated by Omilia at least fifteen (15) days in advance.; End User may receive Service Credits (SRs) in the event that the Target Service Uptime for Omilia OCP Services that End User has subscribed to, is below the defined Target Service Uptime. The maximum cumulative credit for each and every OCP Service Subscription in any Month period is not to exceed 10% of the total invoice for the same period.; ; TSU ≥99.9% -> 0% SRs; TSU ≥99.5%-99.8% -> 2% SRs; TSU ≥99.0%-99.4% -> 5% SRs; TSU <99.0% -> 10% SRs
• Approach to resilience: Omilia uses dynamically scalable architecture, hosted as "microservices" in a cloud operations platform, to ensure the continuous availability of our services. Additional details are available upon request.
• Outage reporting: Customers are notified of outages via email. All services are monitored by a dashboard, and are constantly audited for availability.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
  • Other
• Other user authentication: For certain super users (administrators, root access, etc.), there is an option to use SSH public key authentication.; In certain cases, Omilia Cloud Platform can also integrate with existing identity service providers.
• Access restrictions in management interfaces and support channels: Access to management interfaces is restricted based on:; - the source of the connection request (only requests originating from trusted networks are allowed); - the role of the user requesting access (management interfaces' and support channels' access control is based on an RBAC model that ensures that assigned access is the minimal required for each application role and segregation of duties is enforced for critical roles in the application). Access to support channels is based on user role.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Username or password
  • Other
• Description of management access authentication: For administrative/management access, we authenticate users via SSH connections utilising public key certificates.

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: You control when users can access audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: TUV Austria Hellas
• ISO/IEC 27001 accreditation date: 10/06/2021
• What the ISO/IEC 27001 doesn’t cover: ISO27K certification does not extend to the services provided by subservice organizations and have not evaluated whether the controls management assumes have been implemented at subservice organization have been implemented or whether such controls were suitably designed and operating effectively throughout the audit period.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: SecureTrust
• PCI DSS accreditation date: 02/05/2023
• What the PCI DSS doesn’t cover: PCI certification applies only to OCP instances where credit card information is processed.
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • SOC 2 Type II
  • ISO27001

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: PCI-DSS, SOC2 Type II, CyberEssentials
• Information security policies and processes: Omilia has established an Information Security Management System (ISMS) in line with the International Standard for Information Security, ISO/IEC 27001.; This ISMS applies to all systems, people and processes that constitute the organisation’s information systems, including board members, directors, employees, suppliers and other third parties.; In addition, additional controls from the following codes of practice are adopted where appropriate:; ISO/IEC 27017–Code of practice for information security controls based on ISO/IEC 27002 for cloud services; ISO/IEC 27018–Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors; ISO 27001 indicative documentation:; Internet Acceptable Use Policy; Cloud Computing Policy; Mobile Device Policy; Remote Work Policy; Access Control Policy; Cryptographic Policy; Physical Security Policy; Anti-Malware Policy; Backup Policy; Logging and Monitoring Policy; Software Policy; Network Security Policy; Technical Vulnerability Management Policy; Electronic Messaging Policy; Secure Development Policy; Information Security Policy for Supplier Relationships; Availability Management Policy; IP and Copyright Compliance Policy; Records Retention and Protection Policy; Privacy and Personal Data Protection Policy; Clear Desk and Clear Screen Policy; Social Media Policy; HR Security Policy; Acceptable Use Policy; Asset Management Policy; Secure coding guidelines

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Omilia solution is tracked throughout its entire lifecycle for any configuration or other changes required. All requested changes are analysed both for functional and non-functional (inc. security & privacy) requirements and impact. Based on this analysis, decision is taken to either include the requested change in the roadmap or reject it. Following design & implementation of the approved change, exhaustive testing of functional and non-functional requirements takes place in a staging environment (clone of production environment). Upon successfully completion of testing, the change is deployed in production.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Omilia's Vulnerability Management program scope includes (and not limited to): Operating systems , Databases, Web servers/Technologies, Networking/Security devices.; Vulnerability assessments on critical components take place regularly utilising an in-house platform that integrates information about potential threats from various trusted sources.; Each vulnerability has a score associated with, based on the criticality/sensitivity of the asset/information and impact based on standard metrics (CVE). Mitigating activities (incl. patches) are planned according to each vulnerability score and take place within 1 to 6 months based on criticality.; External vulnerability assessments take place on a-monthly-basis, as part of PCI-DSS. Penetration tests take place regularly (annually).
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Omilia solution is proactively monitored in order to detect as early as possible potential compromises utilising an in-house developed log-analytics platform. When a potential compromise is identified, the Security Incident Response procedures are invoked to validate & respond to the compromise.; In the event of a compromise requiring notification under applicable law, Omilia will notify the customer within seventy-two (72) hours.; This notification includes: date that the compromise was identified/confirmed, its impact, mitigation actions, corrective measures and status.
• Incident management type: Supplier-defined controls
• Incident management approach: Omilia solution is proactively monitored in order to detect as early as possible potential compromises utilising an in-house developed log-analytics platform. When a potential compromise is identified, the Security Incident Response procedures are invoked to validate & respond to the compromise.; In the event of a compromise, Omilia will send to the customer a report containing at least the following information: date that the compromise was identified/confirmed, its impact, mitigation actions, corrective measures and status, impact to the end-user.; Customers can report incidents through Help Desk to the NOC.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: Yes
• Connected networks: Public Services Network (PSN)

Social Value

• Social Value:

  Social Value

  Equal opportunity

  Equal opportunity

  OCP service can contribute to equal opportunity in several ways:; - Accessibility: OCP is designed to be accessible to individuals with disabilities, ensuring that everyone, regardless of physical or cognitive abilities, can access and benefit from the services provided.; - Language Support: OCP offering is multilingual, providing support for various languages and dialects. ; - Customization and Personalization: OCP can be tailored to meet the specific needs and preferences of individual users, ensuring that everyone receives a level of service that meets their unique requirements.; - Data Privacy and Security: By prioritizing data privacy and security, Omilia can help ensure that sensitive information is protected and that all users can trust that their data will be handled responsibly. ; - Continuous Improvement: By actively seeking feedback from users and monitoring performance metrics, Omilia can identify and address any potential disparities or areas for improvement in the services provided. This ongoing process of improvement helps to ensure that everyone has equal access to high-quality services over time.; Overall, by prioritizing accessibility, fairness, customization, data privacy, and continuous improvement, Omilia can contribute to equal opportunity by ensuring that all individuals have fair and equitable access to the services they need, regardless of their background or characteristics.

Pricing

• Price: £0.01 a unit
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at lbuxton@omilia.com. Tell them what format you need. It will help if you say what assistive technology you use.