Answers and Solutions ltd

Remote Worker Chat Service - QuickChat - Powered by Zulip

A chat service provides a quick simple way of your team exchanging one sentence questions and answers, and if necessary, small files or photo. Because the chats are grouped by subject conversations are easily followed. This platform has a full audit facility. Competes successfully against Slack and MS Teams.

Features

• Zulip is a chatservice with subject threading and advanced features
• Subject threading means conversations are kept together
• Delete message get archieved to an admin account, not removed
• Cross Platform - One account on Phone and/or PC.
• Hosted on UK based servers means you control your data
• Able to take your data with you when you leave
• Large number of integrations into other platforms
• 50GB of storage across user base.
• Low cost
• Full search facility.

Benefits

• Message threading makes this Better than email for many applications
• Integrates with your email - notifications sent for watched topics
• Low cost platform

£8 a user a month

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Christopher.Wainwright@letsdiscuss.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

971506187857545

Contact

Christopher Wainwright
02920733722
Christopher.Wainwright@letsdiscuss.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Private cloud
  • Community cloud
• Service constraints: The software is highly configurable. For all practical purposes, you are unlikely to be constrained by it. It will be installed on a server system dedicated to this solution.
• System requirements:
  • We offer this ready for use in our hosted environment
  • A web browser is required
  • An optional installable client can de deployed for easier usage
  • A domain name is required but can be provided

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: Usually within a few hours, but our SLA will be 48hrs
• User can manage status and priority of support tickets: No
• Phone support: No
• Web chat support: Yes, at an extra cost
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: This is a accessible product but the supplier has not certified it as such.
• Web chat accessibility testing: Tested with people suffering from colour blindness.
• Onsite support: Yes, at extra cost
• Support levels: We shall produce a base system setup. Onsite training may be required.; ; Please see the Service Leaflet.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: TBC
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: The data is held in industry standard format and many 3rd party tools are available to extract the data
• End-of-contract process: We will assist with data export, and then we will cease the service.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The solution can of course be used via an Internet Browser, but it also supports directly installed apps for better performance.
• Service interface: Yes
• User support accessibility: WCAG 2.1 A
• Description of service interface: The interface allow admins to issue rights to users. for example, you may want deleted messages to be retained in the audit logs, data export is possible. These can all be set via the Admin panel.
• Accessibility standards: WCAG 2.1 A
• Accessibility testing: Colour blindness affects 1:12 men and is thus one of the most important aspects of the accessibility standard. This has been tested with Colour blind users.
• API: No
• Customisation available: No

Scaling

• Independence of resources: The software will be hosted on servers that we own and operate. These can scale out significantly, and additional servers will be added when the need arises.; ; Our company policy is to over-provision, not under provision.

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Several Software Products are Combined.

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: A Chat service is not designed for use where long term data retention is required. In day to day use, users should copy and paste any data that requires retention into another application.
• Data export formats: Other
• Data import formats:
  • CSV
  • Other
• Other data import formats: NB: Data import is a chargeable service

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: We aim for 99.9% availability. In the event of an unplanned outage of one or more hours being notified we will provide a week of free operation.; ; Pre-notified outages do not qualify for refunds since we will liaise with the customer and choose a time mutually acceptable. Planned works are rare, and will be scheduled for out of hours.
• Approach to resilience: This is available on request
• Outage reporting: A public dashboard

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: N/A in this document. Management interfaces are provided in our cloud hosting document
• Access restriction testing frequency: At least once a year
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: You control when users can access audit information
• How long user audit data is stored for: Between 6 months and 12 months
• Access to supplier activity audit information: You control when users can access audit information
• How long supplier audit data is stored for: Between 1 month and 6 months
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: WorldPay
• PCI DSS accreditation date: 31/10/2019
• What the PCI DSS doesn’t cover: We do not store CC details on our servers; CC details are processed by our bank on their PCI DSS certified servers. Our PCI certification was issued with this processing method declared. Most payment processing applications handover to an external CC payment provider, who accepts payment before handing purchase approval back to the application that you would be running on our system. This means that our PCI DSS certification is suitable for eCommerce solutions used by most organisations . If you want to store people CC details on our servers, that can be arranged and our PCI DSS would be amended to suit. Your software solution would need to be PCI DSS compliant. Using a 3rd party processor such as Worldpay [or one of their numerous competitors] is by far the best way to handle PCIO DSS aspects of Credit Card processing.
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: CSA CCM version 3.0
• Information security policies and processes: Information security is maintained in house and managed via our Information security policies

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: We use the ITiL Configuration and Change management appraoch
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: This service will be Pentested before going into live usage. Patches are issued by the software publisher. These are installed on a regular basis.
• Protective monitoring type: Undisclosed
• Protective monitoring approach: We are subscribed various services that check the integrity of our hosting platform. We run regular Anti-Virus scans. The risks not covered include those from people with valid username/passwords who deface a website / damage data etc. Scanning services that address this risk are available at extra cost.; ; Our aim is to avoid being compromised. Our response is determined by the type of compromise detected.
• Incident management type: Undisclosed
• Incident management approach: Users can report incidents via a ticketing system. Reported incidents will be logged and an incident report provided at month end. Reports will not be generated in those months when no incidents occurred unless requested by the buyer.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  Climate change is minimised by reducing CO2 emissions. We use an energy provider that has minimized its reliance on fossil fuel power generation and sources as much nuclear energy as possible. Renewable energy is included in the mix (hydro, solar and wind). Any shortfall is topped up by a small top up from fossil fuels. We also minimise power consumption by using shared infrastructures for some clients, and where a client requires a non-shared infrastructure, we minimise energy consumption using virtualisation techniques.
• Covid-19 recovery:

  Covid-19 recovery

  As part of our commitment to CO2 reduction and our commitment to Covid-19 recovery, we allow home working and use virtual meeting technologies as much as possible.
• Tackling economic inequality:

  Tackling economic inequality

  We place as much business as possible in areas that are short of opportunities. The economic advantages are obvious, but additional business advantages include those that accrue from having a stable workforce.
• Equal opportunity:

  Equal opportunity

  We provide equal opportunity and recruitment is based solely on ability. Individuals are free to hold any personal view they wish and no discrimination is permitted on those grounds.
• Wellbeing:

  Wellbeing

  All staff are encouraged to have a healthy work-life balance. Staff are encouraged to exercise regularly and hold diverse interests. We offer a salary sacrifice scheme for all physically active recreational activities that meet this requirement, and undertake occasional team-building events in pursuit of the wellbeing criteria.

Pricing

• Price: £8 a user a month
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: We offer a free demonstration system. We reset this from time to time.; ; The demonstration is more than adequate for testing and evaluation. We don't include staff training during the evaluation stage. You should not load live data into the system since we will not be able to migrate it.
• Link to free trial: Links and access logins are provided On Request

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Christopher.Wainwright@letsdiscuss.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.