Chatbots for Customer Engagement

Automate customer interactions through AI-powered digital assistants. The system handles customer enquiries, provides personalised recommendations, collects feedback, and manages lead generation, enabling 24/7 customer engagement while streamlining sales conversions and service improvement.

Instructions

• This page helps you prepare "Solution Requirements" section in Vendor Management Portal and you will see the exact questions and flow.

• 🔴 Mandatory questions: Must answer "Yes" to continue

• 🟡 Preferred questions: Can answer either way and continue

• Follow the question flow as indicated

Q1 🔴 Mandatory - Gen AI

Main Question: Does your solution utilise GenAI functionality to power the Chatbot?

GenAI Definition: GenAI chatbots use a technology called Generative Pre-Trained Transformer (GPT) based on a Large Language Model. Compared to previous generation chatbots, GenAI chatbots have better natural language processing (NLP), providing more accurate responses and engage in context-aware conversations with the customers. Additionally, these chatbots can learn from user interactions and improve their responses over time, resulting in a more personalised and effective user experience.

🔴 Answer: ○ Yes [Next: Q2] ○ No [⚠️ Cannot Proceed]

Q2 🔴 Mandatory - Risk Mitigation Briefing

Main Question: Does the vendor commit to conducting a briefing (online or in-person) for each potential client before client purchases the solution, to ensure that each client is aware of the risks associated with using the Gen AI solution for its business, and the best practices to mitigate these risks?

Requirements: [1] Vendors must adequately brief SME participants on these associated risks to ensure responsible Gen AI solution usage. Vendors will also be required to secure SMEs' acknowledgement of the associated risks before provisioning the solution. [2] Vendors may also consider providing documentation or further information about their models' training data to their clients.

Submission Requirements: Please submit the following documents: a. Briefing materials (e.g. slides, pre-recorded video, etc.) that will be used to brief each client on the risks of using the Gen AI solution (e.g. accuracy, bias, reliability, toxicity, IP infringement, privacy, etc.) and risk mitigation measures (e.g. setting escalation criteria, out-of-bounds markers, etc.) b. Template of the customer quotation or contract where each client's acknowledgement of this briefing will be secured

Click "Yes" to confirm you have completed the instructions.

🔴 Answer: ○ Yes [Next: Q3] ○ No [⚠️ Cannot Proceed]

Upload Supporting Document Required: [File Upload] Text Elaboration Required: [Text Box for Description/Details]

Q3 🔴 Mandatory - Setup and Data Pipeline

Main Question: Does your solution enable the company to perform the following functions during setup?

Setup Functions: a. Upload company-specific knowledge base in varied formats (e.g. FAQ flowcharts, customer service manuals, brand information or guide, etc.) to contextualise generated responses b. Set escalation criteria to automatically escalate certain type(s) of customer enquiries to human agents c. Allow business owners to define the conversation boundaries to restrict the chatbot responses to information available on the business website

🔴 Answer: ○ Yes [Next: Q4] ○ No [⚠️ Cannot Proceed]

Q4 🔴 Mandatory - AI Chatbot Knowledge Ingestion

Main Question: Can your solution ingest at least TWO of the following data sources to build the chatbot's knowledge base?

Data Sources: a. Direct website crawl (with website URL as input) b. Direct database integration (via SQL, API, etc) Examples of database integration may include: i. CRM (Customer data such as transaction history, communication history, loyalty programme, etc) ii. Sales or E-Commerce platform (Sales data such as SKUs, available stock, prices, campaign, promotion, etc) iii. Any other integrations to optimise and enhance customer engagement c. Structured files, such as FAQ with Question-and-Answer pairing, Product and Services offerings, etc d. Unstructured files, such as PDF or Word Document

🔴 Answer: ○ Yes [Next: Q5] ○ No [⚠️ Cannot Proceed]

Q5 🔴 Mandatory - Customer Communication Platform Integration

Main Question: Can your solution be deployed on at least ONE of the following digital platforms or channels for customer engagement?

Digital Platforms: a. Company website b. Messaging apps (e.g. WhatsApp, Facebook Messenger, Telegram, etc) c. Email d. Social media (e.g. Instagram, TikTok, etc) e. Customer Relationship Management (CRM) system f. Audio calls or call center

Note: Vendor must provide implementation services to ensure that the solution is successfully integrated with the company's selected digital platform(s).

🔴 Answer: ○ Yes [Next: Q6] ○ No [⚠️ Cannot Proceed]

Q6 🔴 Mandatory - Frontend and/or Backend Customer Engagement Capabilities

Main Question: Can your solution fulfill EITHER Frontend Customer Engagement Capabilities OR Backend Customer Engagement Capabilities?

Please indicate "Yes" for both question number 7 and 8 if your solution can fulfill BOTH requirements.

🔴 Answer: ○ Yes [Next: Q7] ○ No [⚠️ Cannot Proceed]

Q7 🟡 Preferred - Frontend Customer Engagement Capabilities

Main Question: Can your solution provide a customer-facing chatbot that demonstrates at least TWO of the following capabilities?

Frontend Capabilities: a. Leads Management: to automatically collect information on and follow up on leads, facilitating tracking and conversion. b. Sales Assistant: to guide customers through the sales process, answering informational enquires and providing recommendations

For chatbots taking the role of sales assistant in an e-commerce environment, the two following features must be demonstrated: i. Assist the customer to complete an end-to-end sales via the chatbot conversation ii. Provide product upselling and cross-selling recommendation during the sales checkout process

c. Post-Sales Customer Support: to perform post-sales support, providing customers with information (e.g. order status, product or service support, escalation, etc) d. Scheduling and Reservation: to assist customers in making bookings based on resource (e.g. personnel, facility) availability, customer's past preferences, etc.

🟡 Answer: ○ Yes [Next: Q8] ○ No [Next: Q8]

Q8 🟡 Preferred - Backend Customer Engagement Capabilities

Main Question: Can your solution provide an internal-facing chatbot that demonstrates at least THREE of the following capabilities?

Backend Capabilities: a. Suggestions or Improvements for Customer Engagement Agents: Generate real-time suggestions to improve responses or automatically translate messages b. Automated Reminders for Follow-Ups: Provide timely reminders to agents to provide follow-up actions for all instances of customer engagement c. Centralised Platform for Multi-Channel Customer Engagement: Provide a centralised platform for agents to manage customer conversations across multiple channels (e.g. Website, Social Media, Messaging Apps etc.) d. Real-Time Interventions: Enable managers to intervene conversations and take actions where necessary e. Creation of Customer Profiles: Identify customer characteristics and build comprehensive customer profiles based on conversations with customers

🟡 Answer: ○ Yes [Next: Q9] ○ No [Next: Q9]

Q9 🟡 Preferred - Post-deployment Self-learning and Training Capabilities

Main Question: Can your solution self-learn to improve the accuracy and/or relevance of chatbot responses generated over time?

Self-learning Examples: a. Use reinforcement learning or feedback loops based on positive and negative customer interactions b. Learn from instances when a human agent takes over to answer customer enquiries c. Enable manual "supervised" training or customisation of chatbot responses and conversation flows d. Automatically retrain the chatbot based on business updates to their website or information

🟡 Answer: ○ Yes [Next: Q10] ○ No [Next: Q10]

Q10 🟡 Preferred - Automatic Source Citations

Main Question: Can your solution automatically cite sources or references as part of its factual responses (e.g. to reduce hallucination risk when answering factual enquiries)?

🟡 Answer: ○ Yes [Next: Q11] ○ No [Next: Q11]

Q11 🟡 Preferred - Multi-Language Support

Main Question: Can your solution support conversations with customers in more than ONE language, other than English (e.g. Simplified/Traditional Mandarin, Bahasa Melayu, Tamil, etc.)?

🟡 Answer: ○ Yes [Next: Q12] ○ No [Next: Q12]

Q12 🟡 Preferred - Audio-based Conversation Support

Main Question: Can your solution support conversations with customers over voice chat?

🟡 Answer: ○ Yes [Next: Q13] ○ No [Next: Q13]

Q13 🔴 Mandatory - Dashboards and Reports (Chatbots)

Main Question: Can your solution track customer leads and conversation histories on a single dashboard, and generate reports on key performance metrics and customer insights?

Dashboard Requirements: Your digital solution should have one or more dashboards that provide an at-a-glance overview of key metrics/indicators with at least 4 charts/graphs to help users analyse data through data visualisation.

Interactive Features (Must include at least one): The dashboard must include at least one of the following interactive features:

• Option 1: Interactive charts/graphs that allow users to interact with one chart and apply that interaction as a filter to other charts on the dashboard, and vice versa

• Option 2: At least three common filters/slicers applicable to ALL charts/graphs on the same dashboard

🔴 Answer: ○ Yes [Next: Q14] ○ No [⚠️ Cannot Proceed]

Q14 🟡 Preferred - Project Moonshot Evaluation

Main Question: Has your solution undergone evaluation by Project Moonshot?

Project Moonshot Information: Project Moonshot is a LLM Evaluation Toolkit, designed to integrate benchmarking, red teaming and testing baselines. It helps developers, compliance teams, and AI system owners manage LLM deployment risks by providing a seamless way to evaluate their applications' performance, both pre- and post-deployment. More information on Project Moonshot is provided at https://aiverifyfoundation.sg/project-moonshot/

🟡 Answer: ○ Yes [Next: Q15] ○ No [Next: Q16]

--

Q15 🔴 Mandatory Follow-up - Project Moonshot Evaluation - Elaboration

This question appears only if you answered "Yes" to Q14

Main Question: Please provide the report generated by Project Moonshot upon completion of the evaluation, where vendors are required to test their Gen AI system with the benchmarks stated below, which are available on Project Moonshot:

Required Benchmarks: i. MLCommons AI Safety Benchmark - Hate ii. Bias Benchmark for QA (BBQ) iii. UCI Adult Dataset

Complete the Moonshot testing form: https://form.gov.sg/6699c08bfc8b1217e4d6662e

Click "Yes" to proceed after you have uploaded the report and completed the form.

🔴 Answer: ○ Yes [Next: Q16] ○ No [⚠️ Cannot Proceed]

Upload Supporting Document Required: [File Upload] Text Elaboration Required: [Text Box for Description/Details]

Q16 🔴 Mandatory - Business Data Extraction

Main Question: Can your solution enable SMEs to efficiently extract business data in various discrete formats such as CSV, XLSX, XML, and TSV?

🔴 Answer: ○ Yes [Next: Q17] ○ No [⚠️ Cannot Proceed]

Q17 🟡 Preferred - Personal Data Collection

Main Question: Does your digital solution collect, use, disclose, process or dispose personal data?

🟡 Answer: ○ Yes [Next: Q18] ○ No [Next: Q20]

--

Q18 🔴 Mandatory Follow-up - Personal Data Protection

This question appears only if you answered "Yes" to Q17

Main Question: Can your solution demonstrate compliance with the following Personal Data Protection requirements?

Compliance Requirements: Digital solutions that collect, use, disclose, process or dispose personal data should incorporate features that support the obligations under the Personal Data Protection Act (2020).

To comply with this requirement, you MUST complete the Personal Data Protection Requirements form at https://go.gov.sg/pdp.

🔴 Answer: ○ Yes [Next: Q19] ○ No [⚠️ Cannot Proceed]

Q19 🔴 Mandatory - Vulnerability Assessment/Penetration Testing (VA/PT)

Main Question: Has your solution undergone a comprehensive security vulnerability assessment/penetration testing (VA/PT) conducted by a qualified third-party within the last 12 months?

Scope Requirements: The scope of the VA/PT must cover network security; application security; data protection measures and access control (if applicable); API security testing (if applicable); Cloud security configuration review (if applicable). Specifically, for web application security, the scope must cover minimally all OWASP Top 10 vulnerabilities.

Submission Requirements: Please submit the VA/PT report (dated maximum 1 year from the checklist submission date). The VA/PT Report must include Executive summary; Detailed findings and risk ratings; Remediation recommendations; Evidence of vulnerability fixes or mitigation plans; Testing methodology used; Scope of assessment; Assessor's qualifications and certifications.

If you are the reseller of the solution, please obtain the VA/PT report from your product principal. SOC 2 Type II report can be accepted if the detailed technical vulnerability assessment results are part of the SOC2 Type II scope.

Qualified Third-party Definition: [1] Qualified third-party refers to: CREST-certified companies [https://www.crest-approved.org/members/] or companies with security professional with relevant CREST certifications; Security professionals with recognised certifications such as: Offensive Security Certified Professional (OSCP); EC-Council Certified Penetration Testing Professional (CPENT); GIAC Penetration Tester (GPEN); or other equivalent industry-recognised certifications.

Click "Yes" to confirm you have completed the instructions.

🔴 Answer: ○ Yes [Next: Q20] ○ No [⚠️ Cannot Proceed]

Date of Issue Required: [Date Field] Upload Supporting Document Required: [File Upload] Text Elaboration Required: [Text Box for Description/Details]

Q20 🟡 Preferred - Cybersecurity Compliance - Cyber Essentials Mark (CEM)

Main Question: Are you the Product Principal of the solution that you are submitting for pre-approval?

🟡 Answer: ○ Yes [Next: Q21] ○ No [Next: Q23]

--

Q21 🟡 Preferred - CEM for Product Principal

This question appears only if you answered "Yes" to Q20

Main Question: Has your organisation achieved CSA Cyber Essentials for ICT Vendor Mark certification or equivalent recognised cybersecurity certifications (including but not limited to Cyber Trust Mark or ISO27001) that validate the implementation of appropriate security controls against common cyber threats in your organisation and the solution you are submitting for pre-approval?

Requirements: Vendors are encouraged to comply at application and are required to meet this requirement by the Annual Review, where it will be assessed as mandatory.

Note: For more information on Cyber Essentials mark, please refer to https://www.csa.gov.sg/cyber-essentials/

🟡 Answer: ○ Yes [Next: Q22] ○ No [Assessment Finished]

--

Q22 🔴 Mandatory Follow-up - CEM for Product Principal - Elaboration

This question appears only if you answered "Yes" to Q21

Main Question: Please specify the following information:

Required Information: i. The certificate demonstrating your organisation has attained Cyber Essentials for ICT Vendors i. The cybersecurity certification the organisation has met ii. The scope of the certification

Please also upload a copy of the Certification and indicate the Certification Issuance Date in the date field.

Click "Yes" to confirm you have completed the instructions.

🔴 Answer: ○ Yes [Assessment Finished] ○ No [⚠️ Cannot Proceed]

Date of Issue Required: [Date Field] Upload Supporting Document Required: [File Upload] Text Elaboration Required: [Text Box for Description/Details]

Q23 🟡 Preferred - CEM for Resellers

This question appears only if you answered "No" to Q20

Main Question: Has your organisation achieved CSA Cyber Essentials Mark certification or equivalent recognised cybersecurity certifications (including but not limited to Cyber Trust Mark or ISO27001) that validate the implementation of appropriate security controls against common cyber threats in your organisation and the solution you are submitting for pre-approval?

Requirements: Vendors are encouraged to comply at application and are required to meet this requirement by the Annual Review, where it will be assessed as mandatory.

Note: For more information on Cyber Essentials mark, please refer to https://www.csa.gov.sg/cyber-essentials/

🟡 Answer: ○ Yes [Next: Q24] ○ No [Assessment Finished]

--

Q24 🔴 Mandatory Follow-up - CEM for Resellers - Elaboration

This question appears only if you answered "Yes" to Q23

Main Question: Please specify the following information:

Required Information: i. The cybersecurity certification the organisation has met ii. The scope of the certification

Please also upload a copy of the Certification and indicate the Certification Issuance Date in the date field.

Click "Yes" to confirm you have completed the instructions.

🔴 Answer: ○ Yes [Assessment Finished] ○ No [⚠️ Cannot Proceed]

Date of Issue Required: [Date Field] Upload Supporting Document Required: [File Upload] Text Elaboration Required: [Text Box for Description/Details]