SIP

Service scope

Software add-on or extension: Yes, but can also be used as a standalone service
What software services is the service an extension to: Gamma's Inbound Service, Cloud Based or Hosted PBXs, Session Border Controllers
Cloud deployment model: Public cloud

Private cloud

Hybrid cloud
Service constraints: As a VoIP service, calls to 999 via SIP trunks may not be possible, during a service outage where the customer loses total connectivity for example, owing to a power outage or the failure of all data access.
In such circumstances the customer should use their PSTN line or mobile to make the emergency call.
System requirements: Conformance tested PABX (Confirm with Arrow)

Compatible Session Border Controller (Confirm with Arrow)

Appropriately sized data access

IP Address Authentication

Sufficient SIP Licences on PABX

User support

Email or online ticketing support: Email or online ticketing
Support response times: Our standard response time is four working hours Monday-Friday 8-6pm. We can supply bespoke SLA agreements.
User can manage status and priority of support tickets: No
Phone support: Yes
Phone support availability: 24 hours, 7 days a week
Web chat support: Web chat
Web chat support availability: 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard: None or don’t know
How the web chat support is accessible: There is a web-chat icon on each page of the support section in our web-site. Tawk.to supports WCAG 2.0 guidelines
Web chat accessibility testing: None Completed to Date
Onsite support: Yes, at extra cost
Support levels: Arrow provides a core level of support which in included with the contract. Additional bespoke support levels are available upon request at an additional monthly service fee. Any incident (an unplanned interruption to a service) can be logged by the customer with Arrow’s Service Desk. Arrow will respond to and resolve remotely any incident or issue that is impacting the customer’s supported scope using our cloud support engineers. A service change (something which represents a minor change to the supported scope where there is a risk of impact on the service) may be subject to additional charges depending on the scope of the change and will also be managed by our cloud support engineers.
Support available to third parties: Yes

Onboarding and offboarding

Getting started: An Account Manager and pre-sales consultant will work with you to identify the correct service specification and configuration. If required we will attend site to conduct site surveys, demonstrations and audits. Once our proposal has been accepted and our Cloud Telephony service contract signed, the project is added to our internal task system. Each new customer project is allocated to a Prince 2 qualified Project Manager who assumes overall responsibility for the project. The Project Manager will communicate with the customer by phone, e-mail, video or in person. A Project Initiation Document is issued once we have gathered all required information. A meeting to discuss all aspects of the phone service configuration is held with
the customer. The service configuration agreement is written up and issued to the customer. The Project Manager will liaise with the Cloud IP Engineering team to
manage the necessary technical resources. The PM will also manage the process of porting numbers in to the Arrow network. The assigned Cloud IP Engineer will configure the service and attend
site to carry out the deployment. Where the customer specifies on-site training, a qualified trainer will attend site to provide the necessary instruction.
Service documentation: Yes
Documentation formats: PDF
End-of-contract data extraction: The customer via the relevant service portals can extract all historical call detail and call recording information held.
End-of-contract process: Once terminated, Arrow technical staff will de-commission the customer’s service ensuring all database information, call recording and analytics data are permanently deleted. Services included in the price of the contract will be monthly rental charges and any hardware or professional services which were agreed at the beginning of the contract period. Additional costs may be for incremental licences.

Using the service

Web browser interface: Yes
Supported browsers: Internet Explorer 11

Microsoft Edge

Firefox

Chrome

Safari
Application to install: Yes
Compatible operating systems: Android

IOS

MacOS

Windows

Windows Phone
Designed for use on mobile devices: Yes
Differences between the mobile and desktop service: There is a bolt on App that can be added as an option to SIP Trunk Call Manager. Upon successful download from the relevant app store, the user is able to log in to access a subset of SIP Trunk Call Manager Functionality as available at: www.siptrunkcallmanager.co.uk. The user has access to edit
components of call routing for numbers provisioned on this service and in accordance with their user permissions.
Functionality includes ability to route calls to an alternative destination number/voicemail/divert calls/invoke
pre-configured call plan. Key reporting statistics are also available including Performance graphs and call history.
Service interface: Yes
User support accessibility: None or don’t know
Description of service interface: There is an optional bolt on - SIP Trunk Call Manager. Portal-based, the user is able to log in and has access to edit components of call routing for numbers provisioned on this service and in accordance with their user permissions.
Functionality includes ability to route calls to an alternative destination number/voicemail/divert calls/invoke
pre-configured call plan. Key reporting statistics are also available including Performance graphs and call history.
Accessibility standards: None or don’t know
Description of accessibility: Standard web-browser access with standard accessibility options associated with those web-browsers
Accessibility testing: None Completed to Date
API: No
Customisation available: Yes
Description of customisation: The design of the SIP service can be configured and customised for various designs (Active / Standby, Loadshare, Resilient+, Enhanced). Customer confirms design option during project kick-off and then built by Arrow.
The number of concurrent call channels required (subject to minimum number) can be customised subject to sufficient data bandwidth being available.
Whether existing customer DDI numbers are ported from other services. Determined by administrators.
Whether new DDI numbers are required for the service. These can be added by administrators of the service.
If individual call control is required per DDI this can be achieved through a web based customer portal using SIP Trunk Call Manager.
Where the option is taken, customer administrators can manage SIP Trunk Call Manager, a feature-rich, centralised inbound call management service via an easy-to-use web portal and App. The following are customisable:

Call Queuing Day
Time of Day Routing
Hunt Group
Voice Mail
Date Routing
Increased resilience
Announcement
Auto attendant
Set user access individually
Divert (on busy, on no reply, on failure)
Access to full call statistics
Advanced Statistics

Scaling

Independence of resources: Gamma undertake a monthly Capacity Planning Forum whereby the utilisation of every network component is reviewed against planning rules and sales forecast to ensure that there is sufficient capacity and overhead to manage customer's requirements. Additionally there is weekly planning review on capacity management adjustments.
Each SIP customer's resource requirements are taken into account and sufficient network is allocated to them. Gamma also manage their network to spread traffic during very busy periods.

Analytics

Service usage metrics: Yes
Metrics types: SIP Trunk Call Manager service provides a range of on line call reporting on a per number basis. Full summary reports are provided; how many calls are getting through, where are my customers located, what are my call trends, when are my busy times. Detailed call analysis is available via the advanced statistics package.
Reporting types: Real-time dashboards

Regular reports

Reports on request

Resellers

Supplier type: Reseller providing extra support
Organisation whose services are being resold: Gamma Telecom

Staff security

Staff security clearance: Conforms to BS7858:2019
Government security clearance: Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations: Yes
Data storage and processing locations: United Kingdom
User control over data storage and processing locations: No
Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency: At least once a year
Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest: Encryption of all physical media
Data sanitisation process: Yes
Data sanitisation type: Deleted data can’t be directly accessed
Equipment disposal approach: A third-party destruction service

Data importing and exporting

Data export approach: If using SIP Trunk Call Manager via a secure web-portal. Portal address to be provided by engineering upon commencement of the service. If not data can be exported via the Arrow Billing Portal or provided by Arrow upon request.
Data export formats: CSV

Other
Other data export formats: Excel
Data import formats: CSV

Other
Other data import formats: Excel

Data-in-transit protection

Data protection between buyer and supplier networks: Private network or public sector network
Data protection within supplier network: Legacy SSL and TLS (under version 1.2)

Availability and resilience

Guaranteed availability: SIP trunk service availability is calculated as:
Total number of minutes in the measurement period – Unplanned Downtime x 100 / Total number of minutes in the measurement period
Note: If a Service is partially available then the Unplanned Downtime shall be calculated in equal proportion i.e. if a service is 50% available then the unplanned downtime will be calculated as 50% x elapsed period of the incident.
Availability Measurement Period: 1 Calendar month
Target availability for SIP Trunk Endpoint Resilient Build:
Core service: 99.99%
Non-Core Services: 99.50%
Not included:
- Outages which are deemed to be the result of matters outside of Arrow's direct control
- Planned or emergency maintenance works
- User error
Notes:
(1) Core functions are defined as Gamma Switching infrastructure, transmission equipment and
core network, the service that supports call routing and termination.
(2) Non-Core functions include Gamma Support Systems, access to any relevant portals and feature based services such as Call Plans, Call diverts, Auto Attendant, Call Recording, and Unified Messaging
(3) A Resilient build SIP Trunking means a Gamma approved
configuration such as dual Session Border Controllers offering geographic diversity.
PESQ score target for G711 is 4.1 and G729 is 3.7
Approach to resilience: Gamma hold ISO 22301:2012 Business Continuity Management accreditation. As this information is sensitive, further specific information is available on request
Outage reporting: We have a process to communicate with customers in the event of a major service outage and provide a Reason for Outage report. This is based through emails from the support team. Once an outage is noted then regular hourly emails are sent detailing progress to resolution.

Identity and authentication

User authentication needed: Yes
User authentication: Username or password
Access restrictions in management interfaces and support channels: Relevant only to SIP Trunk Call Manager services. Customer administrators can set permissions for other users to give them access to certain areas of the portal. They are able to restrict access to certain areas of the management and support interfaces
Access restriction testing frequency: At least once a year
Management access authentication: Username or password

Audit information for users

Access to user activity audit information: Users contact the support team to get audit information
How long user audit data is stored for: At least 12 months
Access to supplier activity audit information: Users contact the support team to get audit information
How long supplier audit data is stored for: At least 12 months
How long system logs are stored for: At least 12 months

Standards and certifications

ISO/IEC 27001 certification: Yes
Who accredited the ISO/IEC 27001: DNV Business Assurance UK Limited
ISO/IEC 27001 accreditation date: 01 December 2023
What the ISO/IEC 27001 doesn’t cover: This certificate is valid for the following scope:

Provision of IT and Telecommunications Services (AV and Video Conferencing, Business Mobile, Cloud Telephony, Contact Centre, Cyber Security, Data Centre Services, Data services, IT, Software Development, Mobile Data) in accordance with the Statement of Applicability, version 1.0, plus Code of Practice ISO 27017:2015 on information security controls for cloud services and Code of Practice ISO 27018:2019 for protection of personally identifiable information (PII) in public clouds.
ISO 28000:2007 certification: No
CSA STAR certification: No
PCI certification: No
Cyber essentials: Yes
Cyber essentials plus: Yes
Other security certifications: Yes
Any other security certifications: NHS Data Security and Protection Toolkit. ODS Code: 8J121

Security governance

Named board-level person responsible for service security: Yes
Security governance certified: Yes
Security governance standards: Other
Other security governance standards: NHS Information governance toolkit level 2
Cyber Essentials. Registration number QGCE2305.
Information security policies and processes: The Chief Executive Officer, along with the board, in partnership with the Head of IT is responsible for the approval of all of the IT policies and ensuring that they are discharged to the relevant managers. Arrow's Information Security Policy outlines our approach to information security as well as being a method to establish a set of tools to outline the responsibilities necessary to safeguard the security of the Company’s information systems with supporting policies, codes of practice, procedures and guidelines. The policy applies to all employees - current and new - of the Company as well as all other authorised users. The policy relates to the use of all Company-owned information system assets, to all privately owned systems when connected directly or indirectly to the Company’s network and to all Company-owned and or licensed software/data. Authorised members of the IT Department will from time to time monitor the information systems under their control to ensure compliance. This is supported by training during the Induction process for new employees and updates to existing staff as appropriate.

Operational security

Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach: Change Control Process covers changes made to operational systems, to mitigate the risks and impacts that any change has and ensures good communication at all stages.
Change Management ensures changes to core infrastructure and services are performed and implemented correctly.
Best practice guidance, aligned to ITIL (OGC), recommends that the starting point for any change should be a review of generic questions or the ‘seven Rs’.
A risk and impact assessment is carried out for each change this involves detailing the assets under change.
The Change Advisory Board (CAB) has a representative from each impacted business area.
Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach: We use failure mode effects analysis process, conducting regular, systematic assessments of vulnerabilities to determine the necessity of safeguards, countermeasures and controls, monitoring for changes to maintain an acceptable level of risk. Includes identifying key information assets and subjecting them to specific risk assessments, assessing exposure to a list of common threats and vulnerabilities, maintaining risk registers, implementing technical, policy, business continuity and management initiatives;
Each patch is assessed and deployed accordingly:
High - Urgently.
Medium - ASAP.
Low - as time permits.
Gamma utilise many Vendor sources and industry RSS feeds, CERT, Ubuntu and Debian. Member of CiSP.
Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach: Gamma utilises GPG 13 guidance. Gamma has built a Security Information & Event Management Solution (SIEM) to identify potential compromises. If a compromise is found it is investigated. A Security Incident is raised to track the investigation, root cause and solutions if required to rectify or improve the situation. We respond to incidents as close to real time as practicable.
Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach: Gamma has an Incident Management process which has numerous pre-defined sub groups of staff designated for particular products or scenarios. It can be initiated by any member of staff and is managed by the 24/7 Network Operations Centre (NOC). Any incident is reported by the customer to the Service Desk, it is recorded in a customer relationship management tool (CRM) and an Incident report is produced after root cause analysis has taken place. Any Incident reports are made available to end users via pdf.

Secure development

Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks: Yes
Connected networks: Joint Academic Network (JANET)

Social Value

Wellbeing

To help us drive wellbeing and engagement throughout Arrow, we have dedicated Wellness Champions at each of our key sites – these are voluntary roles and act as a central point of contact for advice and guidance around the mental health and wellbeing of our people. They also help to drive the promotion and organisation of various corporate social responsibility initiatives across Arrow further driving engagement. A dedicated Teams channel is used to communicate, share, and promote these activities. Each Champion has completed Mental Health First Aider training so that they are equipped with the necessary skills to fulfil this role. These courses run through MHFA England have also been attended by other members of the wider team. The engagement of our people is paramount at Arrow, and we track this closely, currently sitting at 89% this places us in the upper quartile of all benchmarked organisations. In addition to our 2 main annual surveys, we also track the wellbeing and resilience of our people as well as our eNPS score monthly to ensure we keep a close temperature check on how they are feeling. Our current eNPS score is 52% which places us in the top 25% of organisations in our industry.

Pricing

Price: £6.00 a user a month
Discount for educational organisations: No
Free trial available: Yes
Description of free trial: Arrow can set up a test endpoint for a two week period in order to test the quality and useability.
Link to free trial: N/A

Features

Benefits

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Pricing

Service documents

Cookies on Digital Marketplace

SIP

Features

Benefits

Pricing

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Social Value

Pricing

Service documents