OPSMATIX SYSTEMS LIMITED

Omnichannel Communications Automation with AI

We use AI to interpret unstructured communications (e.g. email, chat, text, voice), and provide the intent, context, case management, and transaction updates and automated responses required for resolution. We eliminate up to 100% of human effort in a single process – to cut costs, increase staff productivity, improve client service.

Features

• AI (ML, NLP) processes unstructured data - emails, chat.
• User Interface available.
• Case management - can integrate with client's own.
• Workflow - can fit in with client's own.
• SaaS offering includes solution and AI model management.
• Management Information in real time to view SLA performance.
• Stringent Infosec Governance and other standards,EU GDPR 2016/679 compliant.
• Cloud basis allows work from home.
• AWS cloud architecture totally scaleable.
• SaaS solution co-exists with existing infrastructure.

Benefits

• Unstructured communications triaged - less manual effort.
• Custs costs and frees staff for value added services.
• Determines cases from content of input, automates processing.
• Responses can be automated - no manual intervention.
• Other systems updated automatically - no rekeying.
• Updates cases with details from other systems - no rekeying.
• MI monitors performance for SLAs, etc. in real time.
• Allows escalation of cases.
• Multilingual support.
• Volumes can grow without hiring more staff.

£50,000 a licence a year

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at caroline.tonkin@opsmatix.io. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

831418326413129

Contact

Caroline Tonkin
07900-287361
caroline.tonkin@opsmatix.io

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: Planned maintenance of our SaaS offering is communicated to clients as per the contract.
• System requirements: N/A

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Accordingly to the SLA in the contract
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: No
• Support levels: Support costs are included in the price of our SaaS offering. Clients contact our Service Desk where our Service Desk representative will log and triage the issue for resolution according to the SLA in the contract.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Typically, our clients' project staff will train their staff.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: All data within the SaaS offering is sent to Opsmatix to process, then is returned to the client - therefore the data is already available to the customers in their own datastore(s).
• End-of-contract process: We will offload any data requested as requested by the client. General terms as to the end-of-contract process can be agreed with the client according to the client's needs.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Responsive UI; Some views will be structured differently or provide details on multiple views where dictated by screen real-estate
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: The interface is configured to the client use case but is generally a variation on case management and so allows viewing and maintaining cases / tasks including management dashboard and reporting views.
• Accessibility standards: None or don’t know
• Description of accessibility: Features depend on the business use case configuration and are agreed with the client during analysis.
• Accessibility testing: None on the current interface as we are in the process of rewriting it. Future interface will be tested for accessibility to required standards.; ; This will also be subject to client requirement as well.
• API: Yes
• What users can and can't do using the API: This is configured for the specific client use case and agreed during analysis phase.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
  • ODF
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: This is defined as part of the client use case during analysis.

Scaling

• Independence of resources: We run on an elastic cloud platform (AWS).; The platform has been extensively tested at scale.

Analytics

• Service usage metrics: Yes
• Metrics types: Metrics provided will depend on what is agreed with the client.but will typically include information relating to volumes of emails and cases processed, numbers of users and their activity, types of products processed, performance,.etc..
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Other
• Other data at rest protection approach: DARE is enabled using AES 256.; ; Access Controls defined based on need to know and least privilege principles ; ; Access control monitoring in place along with regular quarterly internal audit.
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: This is configured as part of the client use case analysis but generally all data views can be extracted as csv or other text format as appropriate.
• Data export formats:
  • CSV
  • ODF
• Data import formats:
  • CSV
  • ODF
  • Other
• Other data import formats:
  • Microsoft Office Documents
  • PDF
  • Image (of types or written data)
  • Audio (of speech)

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: This is agreed as part of the client engagement.
• Approach to resilience: Available on request.
• Outage reporting: Email alerts and other mechanism agreed with client as part of engagement.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
• Access restrictions in management interfaces and support channels: Role Based Access Control implemented.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: No audit information available
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: We are working to ISO/IEC 27001 by 1st Quarter of 2022.
• Information security policies and processes: All documents meets ISO/IEC 27001:2013 requirements.; Annual Policies review.; Mandatory Annual policies acceptance by all employees or after a major change.; Risk Management framework mapped to ISO 27001, PCI DSS 4.0 and NIST CSF 1.1; Incident Management Framework mapped to NIST standards.; Secured SSDLC mapped to PCI SSF V 1.1 .; Threat Modelling mapped to Mitre - ATT&CK v11 and STRIDE Frameworks

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: ITIL V 4.0 mapping.; Change control process includes both Technical and Business process changes.; In summary flow looks like this – Change Submission ->Peer Review->Infosec approval ->CAB Approval->Notifications ->Implementation & Testing ->Documentation update ->Change status update with Evidence.; Asset (Tangible or Intangible ) Register and Hardening monitoring toolsets are in place to track asset lifecycle stages.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Weekly external Vulnerability scan; Weekly internal Vulnerability scan ( fully authenticated); End of week Vulnerability scans assessments. ; Real time Mitre attack monitoring. ; Deployment of patches - Critical ( within 5 working days), high ( within 10 working days ), Medium ( within 75 working days), Low ( within 90 days ) and informational (within 180 days ) . Severity is internally done by taking public disclosure into consideration.; We get threats information from tools installed in our technical stack along with third party registration which provides us continuous update on threats, vulnerabilities and risks.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Real time Information security and operational monitoring toolsets in place.; Potential compromise situation will be dealt under "PL04-Information Security Incident Response plan-Opsmatix" policy.; Security SLA's are - P1 (Response time - within 15 minutes , Mitigating controls -within hours ) , P2 (Response time - within 30 minutes , Mitigating controls -within 4 hours ), P3 (Response time - within 120 minutes , Mitigating controls -within 24 hours ), P4 (Response time - within 240 minutes , Mitigating controls -within 72 hours )
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Runbooks for common events gets updated on regular basis. Current runbooks covers ransomware , Data breach, Phishing, Virus outbreak, Ddos, Elevation of privilege and unauthorised access.; Users report incidents using MS Teams, Emails , Phone .; Incident reports are written following"Template-Information Security Incident Evaluation- Opsmatix"; Incident Management stages - Prepare->Detect->Analyse->Contain,Eradicate & Recover.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  Our cloud-based solution has a positive impact on the environment as it facilitates home working - thus meaning carbon emissions are reduced as there is no need for staff to travel to work - decoupling economic growth from environmental degradation.
• Covid-19 recovery:

  Covid-19 recovery

  During and post Covid-19, there have been spikes in communications, and backlogs of cases organisations need to handle Our solutions automates manual processes, allowing organisations to better manage spikes in communications and cases to be processed. This means that the organisation can manage its workload and serve its clients and users better.
• Tackling economic inequality:

  Tackling economic inequality

  Our solution is cloud-based, meaning staff can work from home. This makes it far more possible for staff to work according to their life needs, and allows for the employment and leveling up of those who might find it hard to travel to wok in an office - such as people with childcare and other family responsibilities, those who need to work part time for personal reasons, the disabled, etc.. It also allows organisations to engage staff in remote rural locations who otherwise would not be able to find gainful employment otherwise.
• Equal opportunity:

  Equal opportunity

  Our solution is cloud-based, meaning staff can work from home. This makes it far more possible for staff to work according to their life needs, and allows for the employment and leveling up of those who might find it hard to travel to wok in an office - such as people with childcare and other family responsibilities, those who need to work part time for personal reasons, the disabled, etc.. It also allows organisations to engage staff in remote rural locations who otherwise would not be able to find gainful employment otherwise. The management information available in our solution allows for decisions to be made on staff can be made based on their measured output, rather than personal perception.
• Wellbeing:

  Wellbeing

  Our solution automates processes requiring manual interventions and rekeying of data, leaving staff free to provided value added services. This provides for far less tedious repetitive manual activity to be performed by the staff member, and more decision- making, resulting in higher employee engagement and satisfaction.

Pricing

• Price: £50,000 a licence a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at caroline.tonkin@opsmatix.io. Tell them what format you need. It will help if you say what assistive technology you use.