ACF Technologies (UK) Limited

Appointment Booking_Central Government_2022

ACF offer market-leading appointment booking solutions which combine the following components: Omni-channel booking via booking webpage, via phone, in-person, video etc. Automated notifications and reminders, internal easy-to-use web user interface, numerous check-in options, skills /needs matching, multi-language, pre-appointment online data / document collection, calendar synchronisation, room booking, surveying and more.

Features

• Self-serve interfaces (kiosks, tablets, roaming agent)
• Virtual queuing and geo-location
• Printed or digital tickets (SMS, Email)
• Digital signage and CMS
• Video calling (multi-language)
• Web user interface
• Customer routing
• Online forms and surveys
• Video Appointment Solutions
• Reporting and Business Intelligence

Benefits

• Improve overall customer experience
• Reduce wait times
• Increase operational effeciencies
• Connect customers and staff more intelligently
• Channel shift customers towards optimal channels (e.g. phone)
• Reduce abandonment rates due to unhappy experiences
• Automate business processes and notifications to customers
• Increase utilisation of resources (staff, rooms, equipment)
• Forecast customer footfall & demand on staffing
• Quantify and report on all your service statistics

£160 a user a year

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at uksales@acftechnologies.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

943849603236728

Contact

Sales
0333 600 8090
uksales@acftechnologies.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
• Service constraints: N/A
• System requirements:
  • Our software is a Microsoft .NET application
  • Web user interface compatible with all major browsers

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: 1 hour, if not sooner. Naturally our response times will vary depending on the agreed SLAs, the business operational hours, severity level of ticket and other factors important to our customers.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 A
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Onsite support
• Support levels: Level 1: This would need to be agreed with each organsation. ; Levels 2 or 3: A set percentage of the software value, which is included in the SaaS pricing model. ; ; Support team:; - Technical Support Team (Application & Cloud Support); - Technical Account Manager ; - Development Support (Application & Cloud Support); - Technical Director Support (Application & Cloud Specialist)
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Training services included: ; ; - Personalised training plan; - Onsite training ; - Online training (recorded); - User manuals & documentation; - Online Knowledge Base portal for advanced users; - Train the trainer approach
• Service documentation: Yes
• Documentation formats:
  • HTML
  • ODF
  • PDF
  • Other
• Other documentation formats: Online articles via knowledge base
• End-of-contract data extraction: We offer a full database back-up and extraction to ensure you retain full data integrity. We will also offer support to ensure a seamless transition to any future solution.
• End-of-contract process: - Agreement that contract will not continue. ; - Agree process for data extraction. ; - Advice & support for transition agreed.; - Full data deletion process agreed with client. ; ; Full details of this process are included within our Information Security Management System documentation.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: None.
• Service interface: Yes
• User support accessibility: WCAG 2.1 A
• Description of service interface: API & webhooks.
• Accessibility standards: WCAG 2.1 A
• Accessibility testing: Q-Flow complies with both Section 508 standard 1194.22 for Web-Based Intranet and Internet Information and Applications, and WCAG 2.0. This ensures the Q-Flow system is accessible to people with disabilities who are using assistive technologies. The above was designed based off UI testing.
• API: Yes
• What users can and can't do using the API: The Q-Flow API provides developers with an extensive range of Web services for integration purposes. There are two separate API components:; ; - Q-Flow WCF API; - Q-Flow Embedded REST API; ; WCF API:; - This API is a standalone installation of WCF Web services. Both SOAP and REST can be used to access this API.; ; Embedded REST API: ; - This API is a REST API embedded within the Q-Flow Web application. Q-Flow Embedded REST API provides an extensive subset of the functionality offered by Q-Flow; the available operations are documented within its integrated API help. ; ; We naturally offer full training and advice services to ensure our clients get the most from this element of the solution.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: What can be customised: ; - User interfaces - internal & external; - Application layer - behaviours & workflows; - Individual database level; ; How users can customise: ; - All customisation is delivered by our controlled 'Q-App' methodology ; ; Who can customise: ; - Client organisation (controlled via Q-Apps); - ACF Technologies ; ; N.B: Core product code is not customisable by any clients

Scaling

• Independence of resources: Internal users (staff):; - Expected maximum user numbers are agreed at the start of the project; - User numbers are montitored regularly; - Infrastructure is designed with the maximum load in-mind; - Infrastructre is auto-scalable if required; ; External users (customers): ; - Expected maximum demand is forecasted at the start of the project; - Demand on infrastructure is pro-actively monitored ; - Infrastructure is designed with the maximum load in-mind; - Infrastructre is auto-scalable if required

Analytics

• Service usage metrics: Yes
• Metrics types: Users:; - Users numbers are tracked and visible in real-time; - There is an in-application user log for tracking behaviours; ; Reporting: ; - Our solution comes with a full reporting suite containing 80+ reports; - Our database can also be connected to BI reporting tools
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Q-nomy

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: - Database back-ups can be taken for the full database; - Users can also extract reports / data a several places within the application using industry standard download methods (excel, CSV, PDF etc.) ; - Our database can also be connected to BI reporting tools
• Data export formats:
  • CSV
  • ODF
  • Other
• Other data export formats:
  • PDF
  • Other flat file formats
• Data import formats:
  • CSV
  • ODF
  • Other
• Other data import formats:
  • PDF
  • Other flat file formats

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: 99.95%+ ; ; We have a service credit system in place in case SLAs are not met.; ; Full details of this are included within our Client Support Guide.
• Approach to resilience: Please see here a link to more information from Microsoft Azure's security and resilliency: ; ; https://docs.microsoft.com/en-gb/azure/architecture/patterns/category/resiliency
• Outage reporting: Immediate email alerts and system notifications.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
• Other user authentication: SSO
• Access restrictions in management interfaces and support channels: Q-Flow protects customer and organisational information by controlling who may access each of the system modules and forms in order to view, edit, or delete data. Each user in the system belongs to a single group, which may be in one or many roles. This allows the system administrator to configure and control system behavior and access permissions in a simplified, centralised way.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
• Description of management access authentication: SSO

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Alcumus ISOQAR
• ISO/IEC 27001 accreditation date: 19/12/2019
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • ISO9001
  • ISO27001

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: ISO27001.; ISO9001.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Change management will follow the below steps: ; ; - Request ; - Plan ; - Impact Assessment - security etc.; - Communicate ; - Approve; - Implement ; - Review ; - Close
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: The organisation’s IT infrastructure will be patched according to this policy to minimise vulnerabilities. The IT Department will maintain an up to date inventory of the components within the organisation’s IT infrastructure. The software and hardware identified will scanned for vulnerabilities and patched according to this policy. All of the hardware and software on the network will be scanned using a vulnerability scanner to identify weaknesses in the configuration of systems and to determine if any systems are missing important patches, or software such as anti-virus software. Full details of our vulnerability is provided within our full ISMS documentation.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Backup software will be configured to send daily alert of successful/unsuccessful email to the system admin team. The system admin ensures that all backups are completed successfully and reviews the backup process on all servers daily. Logs are maintained to verify the amount of data backed up and the unsuccessful backup occurrences. More details on this process are included within our full ISMS Documentation.
• Incident management type: Supplier-defined controls
• Incident management approach: ACF has a clearly defined Incident Management Process, all of which is fully documented within our ISMS Documentation. ; ; All incidents are immediately communicated to the assigned people via the agreed channels. ; ; A full incident report is provided post-incident via email / documentation.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: Yes
• Connected networks:
  • Public Services Network (PSN)
  • NHS Network (N3)
  • Health and Social Care Network (HSCN)

Social Value

• Fighting climate change:

  Fighting climate change

  In 2022, ACF Technologies (UK) are committed to becoming a Carbon Neutral business. We take very seriously our role in the global fight against climate change. We have a more detailed Environmental Policy available upon request.

Pricing

• Price: £160 a user a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: We offer a pilot where all software licenses, hosting and support is covered by ACF. We may request some commercial coverage for some professional services, but this is evaulated on a case by case basis. We fully understand the importance of and support the pilot / trial model.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at uksales@acftechnologies.com. Tell them what format you need. It will help if you say what assistive technology you use.