Temple Interactive Media

Interactive Voice Response IVR

Automated telephone call handling and IVR (Interactive Voice Response). Our systems are used for credit card payments, voicemail, voting and information services. Voice interface using telephone keypad or Speech Recognition to connect to databases and APIs. Call centre overflow and routing.

Features

• Secure Voice interface to access database and web API services
• Telephone keypad (DTMF) and Speech Recognition
• Process 2000 landline and 10000 VOIP simultaneous calls
• Secure web interface to manage Real Time Reporting and payments
• Secure web interface for remote access setup and monitoring
• 24 / 7 365 day support
• UK based in High Security Tier 4 Hosting Centre
• All hardware and servers owned and operated by Temple
• Dynamic IVR Menu software

Benefits

• Low cost access to high inbound capacity voice services
• Remotely manage secure voice services
• Automatically handle 2000 landline calls at the same time
• Easily edit services such as voice messages and menus
• Allow voice only access to database information
• Allow voice credit card payments
• Reduce call centre and line rental costs
• Automatically handle 10,000 VOIP calls at the same time
• Automatically update IVR menus in real time according to demand

£0.02 a transaction

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at timhayes@timedia.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

873661736442919

Contact

Tim Hayes
07963212476
timhayes@timedia.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: The service is limited use on Temple Interactive Media private cloud IVR servers
• System requirements:
  • Service only runs on Temple Interactive Media IVR
  • Service design uses VoiceXML

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Within 24 hours
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: We offer two levels of support:- 1. General service support included at no additional charge Issues that may be disruptive, but do not require immediate response aim to be resolved the next working day. 2. Telecoms issues, calls / messages not being handled, engaged tones or service failure aim to resolve in 4 hours Live support Critical issues during a live TV broadcast. Ongoing real-time response and support Ongoing real-time response and support Ongoing real-time response and support. Cost from £500 per hour including network support engineers.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We provide onsite training, online training and user documentation. We provide a development server environments allowing users to develop and test services before deploying to the live production environment. We provide full development of services therefore we can assist with questions and queries as to the design of services. We support the VoiceXML 2.0 services standard allowing users to build their own IVR services. We can also provide voice over artists for message prompts and menus. We offer full testing services from multiple phone networks including VOIP.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Users can download their data at any time during the contract and for up to 2 years after the contract ends
• End-of-contract process: At the end of the contract the services will be disabled and data will be retained in line with EU GDPR. The are no termination fees or additional charges to store data on our systems in line with EU GDPR and Data Protection rules. Data will be at all times available to download during the contract and for up to two years following the termination of the contract.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: We have a mobile first web management interface. The mobile and desktop offer the same user functionality.
• Service interface: Yes
• User support accessibility: WCAG 2.1 A
• Description of service interface: We have a service dashboard which allows users to manage call messages, call routing and access reporting on call statistics. Users can amend time of day messages, menu messages and download user voice mails.
• Accessibility standards: WCAG 2.1 AAA
• Accessibility testing: Our systems can be operated via a telephone interface. The telephone interface allows persons of limited or no sight to make changes to the service.
• API: No
• Customisation available: Yes
• Description of customisation: Users can upload their own VoiceXML call plans and voice files; ; Users can customise their service via the web management interface; ; Access to the system is defined according to our privileges matrix therefore users will need to have completed appropriate training before they can customise the service

Scaling

• Independence of resources: Our platform is used to provide shared high availability services to TV Broadcasters including the BBC. Our systems regularly operate under high load conditions and we have developed policies and procedures to manage high load events. Where users expect a particularly high response we have a Mass Event policy and we work with the networks to minimize any adverse effects. We can provide dedicated line capacity and dedicated IVR servers if required.

Analytics

• Service usage metrics: Yes
• Metrics types: We provide metrics on number of lines used, call duration, maximum number of lines used, time of day usage, payments attempted, payments accepted, total payments, average payments all in real time.; Full caller CLI recording including unique ID, Caller ID, DNIS, DTMF entry, call start, call end, call duration can be downloaded.; Full payment informaton including unique ID, amount and reference can also be accessed. Access to payment card details is restricted according to PCI DSS.
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: In-house
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Users can download their data at any time via the web interface
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • Voice data - wav files
  • Call plans - VoiceXML
• Data import formats: Other
• Other data import formats:
  • Call plans VoiceXML
  • Voice files - wav files

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: We provide 99.9% availability in our SLA based on monthly billing period excluded planned outages Where we fail to provide the agreed level we offer credits on line rental equivalent to the time when the service failed to meet the availability standard.
• Approach to resilience: Due to security requirements this information available only on request.
• Outage reporting: A public dashboard and email alerts.; ; Any unplanned outages will be subject to an incident report in accordance with our Incident Management Policy Document available upon request

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
• Access restrictions in management interfaces and support channels: Access to the management systems is defined in our Information Security Policy in accordance with our privileges matrix. Access levels are defined on a need to know basis using role based access control. Access is limited according to role. Unrestricted access will only be granted to staff and persons with the prior approval of senior staff in exceptional circumstances. Exceptional circumstances include PCI Audits or Criminal Investigations. No other unrestricted access is permitted or will be granted. Access will be terminated according to the Information Security Policy on movers and leavers
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • CSA CCM version 3.0
  • Other
• Other security governance standards: PCI DSS
• Information security policies and processes: We have an information security policy which clearly outlines who is responsible for each action and how incidents can and should be escalated in the organization. All staff members are fully trained and kept up to date with security policies and are award that failure to comply is considered a serious disciplinary offence which may result in immediate dismissal. Our policies include Data Protection, Acceptable Use, Asset Control, Audit, Change Control, Access,Inventory Cryptographic Controls, Incident,Logical Access,Malicious Software, Operational, Password, Penetration Testing, Firewall,Physical Security, Privileges, Risk, Security Management, Security Patch, Software Development, Staff Selection, Systems, User Privilege,Linux Configuration, Security Management, Linux Hardening. Copies of these documents are available on request.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: We have configuration documents for our servers including Linux Hardening and Linux Server Configuration documents. We have Change Management Control Procedures document which outlines how changes are made to our systems. We can provide details of both documents on request. In summary our Change Management requires an impact assessment, prohibits changes that impact security, testing of any change before deployment and back-out procedures.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: We have a Malicious Software Vulnerability Management policy document that details the use of anti-virus software and detecting and removing malicious software. We have remote access logging to record and generate logs. We use reputable outside sources not just the software vendor including new security alerts internally from rkhunter reports and externally via https://www.uscert.gov/ncas/alerts and http://www.centos.org
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: We have a Security Management Matrix that defines the roles and responsibilities of staff in the monitoring of our systems to identify potential compromises. This includes monitoring and analyzing security alerts and distributing information to appropriate information security and business unit management personnel, creating and distributing security incident response and escalation procedures. When a potential compromise is identified we have an Incident Response Plan that classifies the incident from 1 to 4 and outlines the correct procedure. The speed of response will depend on classification e.g. threat to life will warrant immediate response
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: We have an incident response plan with pre-defined processes. The incident will be categorized into the highest applicable level of one of the following categories: 1. Category one - A threat to public safety or life. 2. Category two - A threat to sensitive data –including Credit Card or Financial Information 3. Category three - A threat to computer systems 4. Category four - A disruption of services The person who discovers the incident will call the Temple head office The incident report will be distributed to all affected stakeholders and external agencies (e.g. Police)

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Equal opportunity

  Equal opportunity

  Temple Interactive Media is committed to encouraging equality, diversity and inclusion among our workforce, and eliminating unlawful discrimination.; The aim is for our workforce to be truly representative of all sections of society and our customers, and for each employee to feel respected and able to give their best. ; The organisation - in providing goods and/or services and/or facilities - is also committed against unlawful discrimination of customers or the public.

Pricing

• Price: £0.02 a transaction
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at timhayes@timedia.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.