4 Roads Ltd

Engagement Management Professional (Public Cloud)

This solution enables public sector organisations achieve their customer engagement and digital transformation goals. Key aspects include a customer portal, case management, knowledge management, enterprise search, analytics, end-to-end process automation, CRM and social/email support. Delivered as a cost-effective public cloud solution, each tenant's data/services are securely maintained and individually configured.

Features

• Customer portal to enable self-service opportunities
• Case management with workflow to enable automation
• Knowledge management and Enterprise Search
• Process management to help deliver efficient services
• Reporting and customer insights to inform decision making
• Forms to enable smarter data collection
• Integrations including REST-based APIs
• Customer Relationship Management (CRM) functions
• Live agent-assisted chat with support for AI assistance
• Social messaging integrations to be where the customer is

Benefits

• Digitally enable processes (including automated integration)
• Channel shift services to responsive digital / self-serve channels
• Understand what's working well, what isn't and why.
• Reduce/eliminate waste (e.g. remove "middle office")
• Deliver personalised services to customers
• Optimise point of contact resolution
• Deliver efficient employee / partner processes through a unified portal
• Enable processes to support GDPR compliance
• Allow for social media listening and transaction intake
• Provide web chat capability

£21 a person a month

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at betty.elverson@4-roads.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

668347347553357

Contact

Betty Elverson
+44 7932609645
betty.elverson@4-roads.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: The 4 Roads service wraps around Verint's EM Professional to provide additional services such as solutions development, customisation and integrations as part of the service rather than a separate procurement.
• Cloud deployment model: Hybrid cloud
• Service constraints: There are no constraints beyond the standard system requirements for the solutions.
• System requirements: Supported browser (any modern version)

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Tickets are responded to on a priority basis, ranging from Level 1 Urgent to Level 3 Not Urgent, as per the Service Level Agreement (SLA). SLAs are agreed with clients based on business and operational needs. Our standard response times range from 4 hours to 2 days. Out of office hours, our response times are as agreed with the client per their needs. High-security tickets will be answered 24/7.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 A
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 A
• Web chat accessibility testing: None.
• Onsite support: Yes, at extra cost
• Support levels: Custom support packages depending on the agreed SLA. We can provide a support desk service and service monitoring, application maintenance, patching, knowledge base and error/bug logging, SLA reporting. Pricing can be arranged based on support hours or a fixed support contract depending on the level of customisation and support required. Development is charged separately. An Account Manager is provided with all support levels.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Onboarding services are included within the pricing for the services provided (refer to the pricing document). This is for commissioning: additional work to assist you in configuring required processes and integrations can then be performed either by the client or Verint through additional services at the SFIA rates. A video tutorial is available at no additional charge with the service as a primer for the configuration of processes on the service. A range of additional training courses are available, if required, for business and technical users at the SFIA rates provided. Comprehensive product documentation and product videos are available. Users can also access the Verint Online Community to receive advice, guidance and process collateral from Verint and their worldwide customer base.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
  • Other
• Other documentation formats:
  • Video
  • Example Screenshots
• End-of-contract data extraction: Following a formal and authenticated request for the data, a full extract of user data will be provided within 10 days of service termination (or earlier by special arrangement).
• End-of-contract process: At the agreed termination date, all access to the service will be removed. Unless previously agreed, this date will also trigger the extract and transfer of user data, assuming this is required. The costs of this data extraction and the subsequent purging of that data (from both production and backup environments) will be dependent on data volumes and will be scoped and reasonably charged for at the SFIA rates appropriate.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: A responsive design and the use of HTML5 features within the Forms module allows usage on a variety of mobile and desktop devices, with context specific rendering according to the device type used (e.g. phone number fields, dates, location, etc).
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: Yes
• What users can and can't do using the API: The solution provides an extensive capability to access configured processes within the Process Management component using SOAP/REST APIs which in turn can drive a comprehensive range of CRM/Case management activities throughout the service. This capability allows for full interoperability of the service with legacy applications and data sources, subject to secure access (via SSL support).
• API documentation: Yes
• API documentation formats: HTML
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: The service allows clients to configure case, process, workflow, forms and knowledge search components through supported configuration interfaces. This includes the configuration of integrations to client or cloud third party systems using modern web service techniques (e.g. REST). These configurations can be performed by business-level staff for simpler aspects and IT-level staff for more complex configurations and integrations.

Scaling

• Independence of resources: The solution is provided on the Amazon Web Service which allows for elastic scaling of resources to scale with demand automatically.

Analytics

• Service usage metrics: Yes
• Metrics types: We provide a 99.5% uptime availability level which is monitored and used to measure service quality.
• Reporting types: Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Verint

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: In addition to the end of contract process described above, a range of data is available for download (e.g. form XML, search results export as CSV/PDF/Excel etc).
• Data export formats:
  • CSV
  • Other
• Other data export formats: XML
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • Process Management data ingestion (rules based)
  • Ad hoc data import (file upload widget)

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Availability of the service is 99.5%, assured by contractual commitment.
• Approach to resilience: Provided through a combination of load balancing, duplication of servers, virtual servers and other techniques.
• Outage reporting: Outages will be notified via our Customer Community: users can subscribe to this to receive proactive notifications.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
• Other user authentication: "Users" access the system via username or passwords, optionally over a VPN. For citizens/customers accessing processes associated with the service, a range of authentication capabilities are available including Identity Federation (e.g. Gov.UK Verify) using SAML and/or OAUTH. 2 factor authentication can be supported through additional customisation. The system is open and flexible to allow support for other forms of authentication (e.g. 2-factor or Public key) if required - additional services would be required.
• Access restrictions in management interfaces and support channels: Through username and password to configuration and support interfaces.
• Access restriction testing frequency: At least once a year
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Verint manage the risks that have a potential to impact Verint’s SaaS solutions through:; Formal information security programs; Pre-employment screening ; programs; Regular participation in standards audits to validate certifications and compliance; Systems monitoring and log reviews; Routine preventative maintenance; Threat detection and mitigation systems; Adherence to rigid processes and procedures; Regular reviews and vulnerability testing of the SaaS solutions; Implementation of industry best practices; Incorporation of security in our software designs; Resilient and redundant systems design; Broad legal protections secured through partner contracts. Active ISO risks are centrally tracked and assigned an owner, who is responsible for addressing them and reporting on the status until the risk has been mitigated. An identified risk is never reviewed in isolation from other mitigating controls. Once all controls are taken into account, a full picture of the actual risk is defined and used for determining the corrective actions.; ; Verint's hosting partner for this public cloud offering (Amazon) are also 27001 compliant. ; ; Verint and its hosting partner continuously monitor for new vulnerabilities or changes that may expose its SaaS solutions to new risks. If identified, risks are addressed according to the aforementioned mechanisms and process.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: A change configuration board is maintained and consulted for all service changes to the public cloud solution.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Verint monitor all relevant vendor and security alert mailing lists for updates on operating system and supporting application vulnerabilities. Each alert is categorised according to a defined schema and advice on how to best handle each vulnerability is supplied to production teams. The three categories of vulnerabilities are: Irrelevant - not patched; Relevant noncritical - patched as part of the normal patching cycle; Critical - Verint initiates the Critical Vulnerability Process which may result in the vulnerability being patched immediately, depending on operational impact and apparent risk of server compromise. This category of vulnerabilities are typically patched inside 48 hours
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Verint maintains Intrusion Detection Systems at its network borders, and runs daily network scans to detect anomalous server network configurations. Information from these systems is combined with a centralised log repository that allows Verint system administrators to analyse the data as a whole and detect correlations and patterns within the data.; ; If an anomaly is detected and confirmed as a security incident, the Security Incident Response Plan is followed, which includes notification of impacted customers and full remediation of the issue.
• Incident management type: Supplier-defined controls
• Incident management approach: When the Security Incident Response Plan is initiated, the following activities occur: 1) The Customer Response Team consults the Security Incident Identification Guide; 2) Once the impact of the incident has been identified, impacted customers are notified; 3) A response plan to remediate the issue is written; 4) The Lead System Administrator and Support Manager oversee actions from the plan to make sure they are carried out; 5) An incident closure report is written, that documents all of the actions taken and their result; 6) The reports are supplied to impacted customers; 7) The incident is closed.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Covid-19 recovery

  Covid-19 recovery

  Rebuilding the economy by providing additional revenue streams for businesses

Pricing

• Price: £21 a person a month
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Access to a demonstration level version of the service on a special request basis. Access will be limited to an agreed number of users for a mutually agreed period.
• Link to free trial: Not publically provided.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at betty.elverson@4-roads.com. Tell them what format you need. It will help if you say what assistive technology you use.