| Contact Us Notice | | 1. This Bespoke Application Service is private and should not be used by members of the public. | | 2. This Contact Us notice has been provided to enable approved people who are not able to sign-in to use self-service support to author a message at any time of the day or night. The approved person does not need to be concerned with the name of the person they need to contact, because they can select from a list the roles and responsibilities to match their message. Contact Us Notice complies with the legal obligation (GDPR article 13(1a+1b)) to provide people with data controller contact facilities. Contact Us Notice complies with the legal obligation (GDPR article 38.4) to provide people with the right to send a messge to the Data Protection Officer. | | 3. Contact Us Notice is safe and secure, so private, confidential and sensitive business information that should not be communicated by other means can be entered. All messages are encrypted and only disclosed to the Request Fulfilment Management team who will direct the message to the most appropriate person who is on duty at the time. Where a message is not responded to within the hour, an escalation process is used to elevate the message for the attention of an Officer. | | 4. Contact Us Notice is also known as the 24*7 Receptionist who can take your message and pass it to the most appropriate person who is on duty. Bespoke Application Services operate 24*7 with revolving teams of people providing the roles needed to provide business continuity without any downtime. People will pass messages to other people at the end of their shift so no message can be overlooked or forgotten. |
| Comment | | 1. The privacy of the information provided will be respected, will be encrypted so it cannot be stolen and will be shared with the Second Level Support team who will resolve the request. Not all information is mandated, but every message is assumed to be a phishing attack until evidence is provided to the contrary. | | 2. This is a private Bespoke Application Service that is provided for the benefit of approved people and not for the use of the public. Messages from approved people will be rapidly resolved, but messages from strangers will be treated in an appropriate way. | | 3. To prevent injection attacks, only alpha-numeric characters are processed while symbols and punctuation will be ignored without any error message. |
| First Level Support | | 1. The First Level Support (FLS) team must be protected from attack by members of the public who abuse, offend, intimidate and impersonate others. As a duty of care, the team are provided with a wealth of standard answer web pages to standard questions via an online search and retrieval application that is also available to the public. The team are able to add a new Contact Us message so the Request Fulfilment Management team can deal with specific requests in a formal way with evidence generation. To prevent accidental data leaks, the team do not have access to any private business information, do not have access to the Bespoke Application Service and do not have access to any Personally Identifiable Information. | | 2. First Level Support team can no longer involved get involved on any sign-in issues, hardware issues or Internet downtime issues. By eliminating the ability of the Bespoke Application Service to stop or have any downtime, the responsibilities of First Level Support have been improved and simplified. | | 3. Focus has evolved to become customer centric where an approved person with self-service support resolves their own issues in real-time without the inconvenience of waiting on others. Personal preferences has evolved from a simple list of options to a dynamic set of facilities that evolve at the same rate as the person using the facility. Given a little time and with pressure to minimise costs and maximise availability, First Level Support will be fully automated. | | 4. No person is permitted to be involved in a survey, no matter what privacy promises are made. Any person involved in anything that could be said to be a survey, no longer works with the Application Service Provider. |
| Phone | | 1. All phone calls must be treated as a phishing attack by a criminal impersonator because an approved person would use the self-service support facility or the online message service. The phone message must be transcribed into the Contact Us Application where it can be managed in the normal way with the privacy it deserves. As soon as the phone message has been transcribed, the audio phone message shall be erased. By the end of each day, all audio phone messages will have been erased. | | 2. In a busy world, people are not available 24*7 to answer the phone and any phone call will involve delays that can be eliminated by online messages. No private, confidential or sensitive business information should be leaked by phone. | | 3. Phone communication can use a number as: 02084288366. |
| Email | | 1. All emails must be treated as a phishing attack by a criminal impersonator because an approved person would use the self-service support facility or the online message service. The email must be transcribed, copied or uploaded into the Contact Us Application where it can be managed in the normal way with the privacy it deserves. As soon as the email has been transcribed, the email message shall be erased. By the end of each day, all email messages will have been erased. | | 2. In a busy world, people are not available 24*7 to answer an email and any email will involve delays that can be eliminated by online messages. No private, confidential or sensitive business information should be leaked by email. | | 3. Email communication can use an address as: support@computer-management.co.uk. |
| Post | | 1. All post must be treated as a phishing attack by a criminal impersonator because an approved person would use the self-service support facility or the online message service. The post must be scanned and uploaded into the Contact Us Application where it can be managed in the normal way with the privacy it deserves. As soon as the post has been uploaded, the post shall be shredded. By the end of each day, all post and paper documents will have been shredded. | | 2. In a busy world, people are not always available read and reply to a letter. Letters will involve delays that can be eliminated by online messages. The unrealiability and high cost of postal communication mean that post is no longer a cost effective way to conduct business. | | 3. Postal communication can use an address as: PO Box 9 Foxleys Watford WD19 5DB. |
| Assigned Account Manager | | 1. In the good old days before customers demanded a 24*7 service, an Account Manager was assigned by a name such as "Alex". The "Alex" email address was continually monitored by the First Level Support team who would raise a Contact Us message so the message could be managed by the Request Fulfilment Management team in the normal way. If a phone call came in for "Alex" then the call could be routed to another member of the First Level Support team to act on behalf of "Alex" as a deputy. | | 2. People now demand a 24*7 service where "Alex" has evolved to a 24*7 receptionist who can route messages to the most applicable person who is on duty at that point in time. The names of people has evolved to job titles to prevent privacy leaks and attacks on named people. People have demanded self-service facilities with an instant response to replace the call and wait on a reply type of service. In practice, the assigned account manager had no authority to take any action until the request is documented as evidence and processed using formal business procedured and rules. The self-service facility has eliminated the middle-man, cut costs, cut delays and improved evidence of what was needed. | | 3. The Request Fulfilment Manager has a team of people who replace the account manager by formally passing messages to those in the organisation who can make things happen. First Level Support exist to initiate the formal passing of messages by using the Contact Us Application on behalf of an approved person who chooses not to use the Contact Us Application. Evidence is that the Contact Us Application is used more out of business hours than when an account manager would have been available. | | Please click here to popup more information about organisation structure |
| Message To | | 1. The message author does not need to know the name of the person who is available to handle their request because they can select from a drop down list of roles and responsibilities as:- All roles are manned 24*7 to expect a response within the hour and an automatic escallation to an officer if a message is not being resolved in an effective way. | | 3. For advice and guidance about these roles and responsibilities, please lookup the Information Technology Infrastructure Library (ITIL) ISO 20001 International standard. |
| Forgotten Password | | 1. This Contact Us Application must not be used by a person who has forgotten their password because forgotten password procedures can be faked by a criminal. A criminal can trigger a forgotten password procedure and expect a series of questions that need a simply reply. Where the criminal cannot lookup the replies using social media, they can send an official-looking forgotten password page to the target person to ask the questions they have been asked. When the target enters a reply, the criminal copies that reply into the real forgotten password form. When the forgotten password procedure sends an access code by SMS or phone, the target enters the access code and the criminal copies the access code into the real forgotten password form. The criminal can then reset the password and tell the target that the application is down for maintenance and try again later. The criminal then has full access to the targets account because the forgotten password procedure can be faked. | | 2. When a person forgets their password, they must ask their manager (or any senior approved person) for a one-time pass-phrase. If no senior approved person is available, then any other person may create a self-service support request to ask the Request Fulfilment Management team to assign a one-time pass-phrase to the person. A self-service support request can only be created by an approved person and so no criminal can fake the procedure with a similar looking web pages. |
| Document Management Service | | 1. Title: Contact Us Notice. | | 2. Reference: 161206. | | 3. Key Words: privacy, security, legal compliance, contact us, 23*7 receptionist. | | 4. Description: Public contact us notice with online messages to be authored by members of the public. | | 5. Privacy: Public shared for the benefit of humanity without copyright. | | 6. Edition: 1.2. | | 7. Issued: 2 Sep 2017. |
|
|