EBI.AI

EBI.AI

EBI.AI is a UK AI company with 10+ years experience. We combine AI models, cloud services, databases, integrations, plus telephony and chat to provide comprehensive, secure and trustworthy AI solutions. Results include 533% ROI, 20%+ YoY decrease in call volumes, 67% increase in CSAT and saved £50,000+ <6 months.

Features

• Management of bespoke AI models, integration, storage and network infrastructure
• Bespoke AI assistants
• Bespoke AI telephony solutions
• Bespoke and 3rd party SaaS integrations
• Free live chat
• Bespoke combination of AI models including LLMs
• Traditional database and cloud services - 20+ years experience
• Experienced Local Council provider

Benefits

• Handle thousands of customer enquiries at once with ease
• 22% YoY telephony reduction saving you money
• Reduce your call costs from £6 per call to £0.05p
• Speak to your customers in 130+ languages & dialects
• Improve your CSAT score by 67%
• Your AI assistant will handle up to 90% of enquiries
• Existing integrations such as missed bins & council tax
• 533% proven ROI in <6 months
• Take the pressure of your existing teams & infrastructure
• £50,000+ savings in <6 months

£0 to £1,500 a unit a day

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at abbie@ebi.ai. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

873143899844667

Contact

Abbie Heslop
07379981499
abbie@ebi.ai

Service scope

• Service constraints: No
• System requirements:
  • Internet access
  • Access to a supported modern browser

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We have a 24/7 AI assistant that can answer & log enquiries 24/7. ; ; Response times are as follows: Severity 1 : 4 hours (outage/ service unavailable) Severity 2 : 6 hours (service operational, significant business impact) Severity 3 : Best endeavours (service operational, minor business impact) ; ; Further out of hours support can be agreed at a chargeable rate.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 24 hours, 7 days a week
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: Our AI assistant messenger interface has been built & tested to meet WCAG 2.1 AA standards.
• Onsite support: Yes, at extra cost
• Support levels: Support is provided Monday to Friday between the hours of 8am and 6pm. SLA times are business hours. Platform availability: 99% uptime of the platform in a calendar month. Service credit for non-performance is 10% credit of usage fees in the month following non-performance. Issues can be escalated to the account manager.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: As your are utilising a bespoke solution we will do the vast majority of the onboarding on your behalf. You will have your own Implementation Team ensuring you are onboarded smoothly.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Extracts of data will be available upon end of contract. 90 days of extracts will be maintained in AWS S3 secure cloud storage for the client to download and backup as they wish.
• End-of-contract process: Once notice to terminate a contract has been received, EBI.AI will assist in the migration of data to the client at contract end. There is no additional cost for this service.

Using the service

• Web browser interface: Yes
• Using the web interface: Our platform AI Studio allows users from any Department to view & manage their AI.; ; Highly bespoke solutions may not have interfaces available as standard.
• Web interface accessibility standard: None or don’t know
• How the web interface is accessible: Our service portal aims to meet the WCAG 2.1 AA standard but has yet to be tested by an independent third party. Our messenger widget has passed AA standards.
• Web interface accessibility testing: Our service portal aims to meet the WCAG 2.1 AA standard but has yet to be tested by an independent third party. Our messenger widget has passed AA standards.
• API: Yes
• What users can and can't do using the API: We manage any integrations required however we do have APIs available with documentation if required. We would manage the integration process as part of our service.
• API automation tools: Other
• Other API automation tools: Bitbucket Pipelines
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • PDF
• Command line interface: No

Scaling

• Scaling available: Yes
• Scaling type: Automatic
• Independence of resources: The nature of the AI implementation means that there is capability to be scalable. It is inherently part of our service to be able to assist thousands of users at once.
• Usage notifications: Yes
• Usage reporting: Email

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: AWS (Amazon Web Services), Elastic, Azure, OpenAI, Google Dialogflow

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: A third-party destruction service

Backup and recovery

• Backup and recovery: Yes
• Backup controls: Backups are performed as per industry & solution standards. Bespoke requirements can be discussed if required.
• Datacentre setup: Multiple datacentres with disaster recovery
• Scheduling backups: Supplier controls the whole backup schedule
• Backup recovery: Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Platform availability: 99% uptime of the platform in a calendar month. Service credit for non-performance is 10% credit of usage fees in the month following non-performance.
• Approach to resilience: Our platform design eliminates single points of failure by ensuring that redundancy is built into each layer. All service and data layer components are deployed at at least two independent physical locations and a comprehensive backup strategy provides an RTO of 4 hours and RPO of 1 hour in the event of a complete loss of service.
• Outage reporting: Clients are made aware of service disruption via email.

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: Users are required to authenticate using two factor authentication.; ; Role based authorisation is used to control the features and data that a user can access.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password
• Devices users manage the service through:
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: Cyber Essentials Plus
• Information security policies and processes: A comprehensive set of policies applicable to all employees, contractors and third-party suppliers is in place including security, data protection and GDPR. All parties are required to confirm they have read and understood these policies on an annual basis and following changes.; ; Policies are reviewed on an annual basis, quarterly security audits are carried out to ensure compliance with policies and an annual audit is carried each year by an independent third party.; ; An Information Security Team consisting of senior staff members have responsibility for maintaining adequate records, maintaining and enforcing information security policies and responding to security incidents. The Information Security Team report directly to the Managing Director.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Components of the service are tracked through their lifetime via source control, auditable deployments and configuration changes.; ; All changes are raised as tickets with a clear definition of the purpose, acceptance criteria and proposed design. Changes are assessed for security impact against a predefined criteria and reviewed by a Change Advisory Board.; ; All changes to source code undergo a peer review process by a developer not involved in the changes and must relate to an approved change.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: - Patch management policy with timescales for the application of patches (Critical: As soon as possible, High & Medium: 14 Days, Others: 60 Days); ; - Automated vulnerability scanning; ; - Annual penetration testing; ; - Endpoint protection and active monitoring of security threats; ; - Security impact assessments carried as part of change management; ; Information regarding security threats is obtained through the NIST Vulnerability Database and provider alerts and notices such Microsoft, IBM and Amazon AWS.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: - Active endpoint protection with automatic blocking of malicious access attempts; - Access logging, monitoring and alerting of anomalous activity; - Audit logging, monitoring and alerting of security events; - System resource logging, monitoring and alerting of anomalous load; ; Security incidents are responded to immediately upon reporting and follow the process detailed in our security incident reporting and management procedure. High level process is:; ; - Evaluate scope and severity; - Identify and action emergency remediation; - Issue stakeholder communication; - Identify and action interim remediation; - Complete root cause analysis; - Communicate RCA and next steps
• Incident management type: Supplier-defined controls
• Incident management approach: Incident management is covered in our security incident policy and security incident reporting and management procedure. The policy states that all breaches and queries regarding potential security incidents should be reported to the information security team.; ; The reporting and management procedure details the process and responsibilities of staff members, information security team and company directors.; ; All security incidents are logged on the security incident log as part of the reporting and management process by the information security team first point of contact. Security incident reports are provided by email to our clients.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Third-party
• Third-party virtualisation provider: AWS
• How shared infrastructure is kept separate: Separate subscriptions are used for each client

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: Our data centres are managed and operated by third parties such as AWS. We continually ensure they are making a conscious effort to be as sustainable as possible. We are also willing to pay more for services if there is a 'green' package available.

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery

  Fighting climate change

  We are very aware of our responsibility to have a positive affect on climate change. There are a few steps worth mentioning in our efforts:; 1) All of our employees work remotely which we believe has significantly reduced our carbon footprint. Our office is in a busy part of the city which often results in being stuck in standstill traffic. We work just as effectively remotely and decided there was no need to go back to the office fulltime.; 2) When we do meet up as an organisation we make a conscious effort to travel in the most environmentally way possible; for example car pooling and taking the train instead of flying.; 3) Our data centres are managed and operated by third parties such as AWS. We continually ensure they are making a conscious effort to be as sustainable as possible. We are also willing to pay more for services if there is a 'green' package available.

  Covid-19 recovery

  When Covid-19 hit the UK suddenly in 2020 there was an abundance of change for all organisations in the UK and around the world. Here are a couple of examples we continued to ensure we could help our wider environment:; ; 1) We continued to hire as planned. We hire many local graduates and take on apprenticeships. In the year Covid-19 hit we continued to employee 4 graduates. In a time when many were cancelling their graduate programmes we ensured ours was able to continue to run.; ; 2) We built a Covid-19 package of use cases for our customers. Almost overnight we ensured all of our AI assistants were trained on the most up-to-date Covid enquires. This could be changes to insurance contracts, store opening times or Covid-19 testing centres. We never charged for this service and felt like it was an important service to provide to our customers in this time.; ; 3) We provided extra monitoring and reviewing of conversations. Our conversation review teams monitored the extra usage of the AI assistants whilst customer service teams grappled with their new working from home environments. The AI assistants provided extra customer service and care whilst taking the pressure off customer service teams.

Pricing

• Price: £0 to £1,500 a unit a day
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: AI studio offers a 4-week free trial which gives customers full access to create and manage an AI assistant. Bespoke Cloud Solutions are unlikely to come with a free trial due to their nature.
• Link to free trial: https://ebiai.app/

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at abbie@ebi.ai. Tell them what format you need. It will help if you say what assistive technology you use.