Commify UK Limited trading as VOODOO and Esendex

SMS for NHS Services

Send SMS to patients and colleagues informing them of key events, delays to appointments, or other urgent information. Reminders through SMS for appointments, gain feedback through SMS surveys.

Features

• Remote Access
• Real-time reporting
• Analytics
• Direct connections to all the UK mobile networks
• WhatsApp Access
• Bulk Messaging
• API Connections
• Data driven process

Benefits

• ISO 27001-2013 and PCI compliant
• Full disaster recovery process to ensure platform resilience
• UK data centres ensuring compliance and security of data
• Compliments Digital Transformation and Channel shift strategies
• Multiple communication channels
• Integration options - API or standalone
• Reduce call centre traffic
• Maximise digital debt collection
• managing appointments and organising staff cover

£0.03 to £0.05 a unit

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at charlotte.houghton@esendex.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

921534991717093

Contact

Charlotte Houghton
01159 895145
charlotte.houghton@esendex.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: None
• System requirements:
  • Web based browser capability
  • IP address whitelisting (Customer firewall and security dependant)

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Standard customer support hours for any issue are 0900 to 1730 Monday to Friday (excluding bank holidays) by contacting the Esendex support team in one of the following ways:; Support will respond to all queries within 4 working hours.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Set-up is completely supported. Esendex Support Teams are available 9 to 5, 5 days a week and we have a 24/7 critical support team available should you require it.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Full account set up and user manuals provided for self-serve systems and development guidance for fully supported systems.
• Service documentation: No
• End-of-contract data extraction: Not applicable as a 2 year data retention policy in place on an individual basis.
• End-of-contract process: From the agreed data retention policy data is automatically deleted after an agreed period. Once the contract expires this process automatically takes at no extra cost.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Although can be viewed on mobile devices, rendering and formatting is optimised to be viewed on a desktop.
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: API connectivity information is open source and freely available from Esendex,; Our SMS API benefits:; • Extremely easy to use, straight-forward and hassle-free integration set up; • All major development environments are supported, such as PHP, Java, C# and more; • Free sample code, documentation and plenty of hints and tips; • Track your SMS with push notifications; • Set an originator on your messages for no extra charge
• API documentation: Yes
• API documentation formats: HTML
• API sandbox or test environment: Yes
• Customisation available: No

Scaling

• Independence of resources: Esendex' messaging platform is hosted on a dedicated server within a secure data facility. Built-in redundancy for each element, including our network connections, ensures that the Company can maintain service even under extreme conditions. The platform and all associated data is continually backed-up to an alternative server infrastructure within secure facilities.

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: In-house
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Each customer has access to their own secure web-based access portal to export all data.
• Data export formats:
  • CSV
  • Other
• Other data export formats: Excel
• Data import formats:
  • CSV
  • Other
• Other data import formats: Excel

Data-in-transit protection

• Data protection between buyer and supplier networks: Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network: Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: The SLA is to process 90% of our messages within 5 seconds and 95% of our messages within 20 seconds.
• Approach to resilience: Esendex has multiple data centre sites which are equipped with identical hardware and connected via a resilient link to allow data replication to take place. In the event of DR (Disaster Recovery) being invoked the Company can switch to using its backup site to maintain service.
• Outage reporting: A public dashboard; an API; email alerts

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: 2 factor authentication upon initial login. Standard username and password and assigned access rights for individual users.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: LRQA
• ISO/IEC 27001 accreditation date: 12/11/2021
• What the ISO/IEC 27001 doesn’t cover: None
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: NCC Services Limited
• PCI DSS accreditation date: 06/12/2021
• What the PCI DSS doesn’t cover: None
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: ISO 27001:2013

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Esendex' ISO 27001 information security policies include; a scope statement, the risk assessment, the information security objectives, the Statement of Applicability and the risk treatment plan.; The management framework documentation underpins procedures that implement specific controls.; These procedures are electronic documents that show how Esendex monitors, reviews and continually improves its IMIS information security objectives.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All system changes (including all hardware and software changes) are tracked through a comprehensive change management process. This process includes a description of the change, justification for the change and a rollback plan.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: The Operations team receives regular industry updates of actual or potential vulnerabilities for all software used in the provision of the service. Patches are prioritised based on severity, assigned to relevant teams and tracked using change management system.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Esendex continually monitors the performance of our platform with technical team available 24/7 to respond to any issues. Any actual or potential compromises are treated as incidents and managed using the incident management process.
• Incident management type: Supplier-defined controls
• Incident management approach: Esendex have a mature incident management system that has been trained out to all employees.; A copy of the customer facing plan can be made available on request

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Fighting climate change

  Fighting climate change

  We believe that we have a responsibility to care for and protect the environment in which we operate. We are fully committed to improving environmental performance across all of our business activities, and will encourage our business partners and members of the wider community to join us in this effort.; ; Key areas of impact; We recognise that our key areas of impact are:; ; Energy; Transport; Waste; ; Action Plan; As a company we will endeavour to:; ; Adopt the highest environmental standards in all areas of operation, meeting and exceeding all relevant legislative requirements.; Review our activities and identify areas where we can reduce our impact.; Minimise waste through careful and efficient use of all materials and energy, and; Purchase sustainable products wherever commercially possible.; Publicise our environmental position.; Train employees in good environmental practice and encourage employee involvement in environmental action.; Request environmental impact information from potential suppliers; Aim to include environmental and ethical considerations in investment and supplier decisions where commercially viable.; Continually assess the environmental impact of all our operations.; ; What we do:; We’ve turned our patio area into an urban garden to help improve air quality of the area and encourage insects and birdlife into the city.; We conform to WEEE standards for disposal of electrical goods, but will donate items where security allows to FrameworkHA.; Our datacentre providers are all committed to environmental sustainability; Our primary Datacenter sources its electricity from zero-carbon sustainable sources; Our office fruit supplier plants a tree in Africa for every basket of fruit we have in partnership with Ripple Africa.; Recycle Paper, cardboard, glass and plastics from within the office.; We recycle batteries; Partake in the Cycle to work scheme; Provide facilities for cyclists at head office (Showers, lockers, secure cycle rack); Season ticket loans to encourage staff to use public transport

Pricing

• Price: £0.03 to £0.05 a unit
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Account and user set up, free SMS credits for trial period.
• Link to free trial: https://www.esendex.co.uk/action/free-trial/

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at charlotte.houghton@esendex.com. Tell them what format you need. It will help if you say what assistive technology you use.