SOPRANO DESIGN (UK) LIMITED

Soprano Connect: SMS Appointment Reminders

SMS Appointment Reminders. Soprano Connect is a web-based, cloud-hosted CPaaS platform for secure mobile messaging to enable 2-way SMS, RCS, WhatsApp email & voice customer engagements. Secure by design with data hosted in UK, ISO 27001, Cyber Essential Plus and NHS DSP Toolkit.

Features

• Secure web portal supporting multichannel 2 -way messaging
• Multichannel support SMS, RCS, WhatsApp, Email-2-SMS and Voice communications.
• Secure developer APIs SMS, RCS, WhatsApp, Email-2-SMS and Voice communications.
• API Integration connected with 1000+ other software platforms
• 2-Way messaging for marketing, alerts, reminders, emergency communications, surveys
• Personalised bulk messaging SMS, RCS, WhatsApp, Email-2-SMS and Voice communications
• Inbound keyword routing & automated replies
• Trusted messaging routes and global connectivity
• Real-time reporting
• High Availability Disaster Recovery (HADR) architecture and optimised service delivery

Benefits

• Fast and effective mobile communication with your service users
• Mass messaging: contact your customers on their preferred communication channel
• User friendly platform: extend customer engagement by allowing two-way interactions
• Global network
• Business continuity: secure, accessible service on a global network
• Service optimisation with low/no-code integration
• Messaging regulation compliance: data processing and consent management
• Security: user management access control, hierarchical admin settings, 2-factor authentication
• Minimise potential threats with secure messaging and full message auditing
• High-performance data transfer and real-time data replication

£0.02 to £0.03 a unit

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@sopranodesign.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

603643368497908

Contact

David Tranter
07375409011
gcloud@sopranodesign.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
• Service constraints: Multi-tenant SaaS architecture.; Support for international messaging has some country-specific limitations.; The delivery of messages via our services is dependent on third party carriers and may be impacted by technical and network coverage issues that are outside our control (e.g. due to a handset being out of range or switched off).
• System requirements:
  • Internet connection
  • Web browser for portal access

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: All requests are automatically acknowledged with ticket reference within 5 minutes (24x7x365).; Average time to respond within 60 minutes. Replies to client's queries are given within one business day.; Critical and Major issues are replied within 30 min - clients should additionally call in case of Critical and Major incidents.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: No
• Support levels: Level 1: Customer service team is the main contact point for the customer. The team replies to questions, provisioning requests, initiates investigations and escalates to L2 when needed;; Level 2: Operations team investigates and solves issues such as bugs or break fixes, or escalates to L3;; Level 3: Development team develops patches for bugs to be applied by L2 team.; ; Customer Service availability Mon - Fri 08:00 - 17:00 - on UK business days. ; - All email communication requests (sent to ticketing system) average time to respond within 60 minutes. ; - Hotline phone service replied within 45 seconds. ; ; For Critical and Major incidents only : 24x7x365 availability services; - Emergency phone service replied within 45 seconds. ; - On Call Duty Manager available within 1 hour.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Full on-boarding support provided, including: ; - Requirements definition ; - Account and user on-boarding ; - API integration support ; - Support team onboarding call to customer is offered; - On-line training via webinars ; - Special training provided if required (additional services) ; - Full on-line help portal
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Messaging data can be extracted via reporting suite
• End-of-contract process: The service will continue to roll on a monthly basis at the end of the minimum term agreement.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Access via standard supported browsers from any device.
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: Multiple low/no-code APIs available, including HTTPS, SMPP, SMTP, SFTP/FTPS, Connect API (RESTful, both real-time and batch mode); ; Send/receive messages; ; Specific APIs for:; - Creation and management of lists, groups and contacts; - Emergency alerting; - Two factor authentication (2FA); ; Below is brief description:; HTTPS API to send/receive messages via URL; SMPP API to send/receive messages from an SMP app.; SMTP API to send SMS messages based on an email.; Connect API is a REST-ful API to process messages in both real-time and SFTP batch mode; A single API that supports 4 channels – SMS, RCS, WhatsApp and Email ; Voice API is an efficient way of sending voice messages through file attachments, text-to-speech functionality or by invoking action-based objects.; SFTP/FTPS API enables customers to retrieve Lists that are placed on SFTP/FTP/FTPS servers.; Authenticator API to send SMS messages to enable 2FA.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • PDF
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: SMS Sender ID - names (alpha tags), virtual mobile numbers and short codes supported; ; WhatsApp and RCS official business accounts with company branding; ; Platform supports: ; - Account Hierarchy; - User roles/permissions; - Cost centre allocation; - Portal look and feel can be customised

Scaling

• Independence of resources: Soprano Connect is a highly scalable solution. The capacity exceeds current and short-term forecast message volumes. We maintain a robust review process to ensure that our infrastructure has sufficient capacity. The threshold for initiating additional capability is typically when 60% of available capacity is being utilised. This ensures that the solution can deal with spikes in volume and that additional capacity is in place well in advance of anticipated volume increases.

Analytics

• Service usage metrics: Yes
• Metrics types: Soprano Connect includes a reporting suite that enables users to view customisable reports on the portal, as well as export and schedule reports. There are three main types of report:; ; 1. Summary reports – a summary of the number of messages sent and received on a per user, cost centre or sub-company basis.; ; 2. Message reports – full details of the messages sent and received during the specified time period. Report content is customisable. ; ; 3. Performance reports – information on the number of messages and the latency of the solution.; ; 4. Account report - account specific reports for auditing.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Messaging data can be exported manually from the Soprano Connect web portal, or this can be automated via SFTP.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Target availability 99.9%
• Approach to resilience: Soprano Connect is based on a High Availability Disaster Recovery (HADR) architecture. It is deployed in two secure UK data centres, with intra-site redundancy in the primary data centre and full geographical resilience provided by the secondary (DR) site. All data is replicated in real-time on the primary site and near real-time to the secondary site.
• Outage reporting: Soprano Connect has a public status page that gives real-time information on the status of the solution. Users are able to sign up to receive email alerts from the status page.; This page is also used to notify users regarding planned and emergency maintenance activities.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: Soprano Connect supports role-based access, with further access control being provided by licences. Users are only able to access the features that are associated with their given role and assigned licences.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users receive audit information on a regular basis
• How long user audit data is stored for: Less than 1 month
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Between 1 month and 6 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI Group - Certification number IS721583
• ISO/IEC 27001 accreditation date: 11 July 2020
• What the ISO/IEC 27001 doesn’t cover: Support by Soprano outside UK and Australia.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Soprano has all policies and controls in place as necessary for ISO 27001 certification.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Soprano has a formal change management process, with any changes to the production system controlled by Production Change Request (PCR). All PCRs are tracked, risk assessed and authorised before deployment. After deployment, all changes are verified by our Quality Assurance (QA) team.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: All web-facing systems or services are subject to penetration testing and vulnerability scans on a regular basis and following major changes, with all code changes being peer reviewed and assessed against OWASP top 10 vulnerabilities.; ; All critical security vulnerabilities found in security testing must be fixed before deployment.; ; All security vulnerabilities found in “in life” security testing must be fixed in accordance with the following timescales:; ; • Critical – 24 hours; • High – 1 month; • Moderate – 4 months; • Low – 1 year
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Our hosting partner conforms to ISAE 3402 Type II Service Organisation Control
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: We have 24x7x365 telephone support for critical and major incidents, in addition to our standard telephone and email support. We provide updates on incidents via Soprano Connect's status page throughout an incident until resolution.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  Soprano's CPaaS platforms send over 10 billion+ SMS messages per year, these digital messages are reducing the number of trees that need to be felled for paper-based messages, trees are the ultimate carbon capture and storage machines. Like great carbon sinks, woods and forests absorb atmospheric carbon and lock it up for centuries. They do this through photosynthesis.
• Covid-19 recovery:

  Covid-19 recovery

  COVID 19 has changed the world and SMS messaging has played a massive part in ensuring people have been informed of changes that were implemented due to covid, ensuring that we are informed of our vaccination appointments in order to help protect our health, ensure that patients don't miss virtual appointments, informed PCR test result,; these little messages that are delivered in a 160 character SMS have been instrumental in aiding COVID 19 recovery.
• Wellbeing:

  Wellbeing

  SMS has always played a part in ensuring the well-being of people, by informing them of appointment reminders so they don't miss appointments or to inform the of test results, in normal times Soprano's CPaaS platforms are used to send over 5 million+ SMS messages per day to NHS staff and patients, during the pandemic these reach peaks of 20 million+ per day to keep patients informed, in a constant time of change these message help their mental wellbeing as they felt they were getting information that could save their lives.

Pricing

• Price: £0.02 to £0.03 a unit
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@sopranodesign.com. Tell them what format you need. It will help if you say what assistive technology you use.