OneConsultation Service
OneConsultation is a fully-managed and fully customisable virtual consultation service, utilising Microsoft Office 365 technology and leveraging Microsoft Teams. The solution is a highly secure and scalable Microsoft Azure based application that can be accessed via one-click from any browser, smartphone, tablet, or PC.
Features
- Supports any public web-browser. Don't need to download a plugin
- Maintains anonymity between professional and public users
- Offers 1-2-1 and group consultation spaces
- Individual virtual waiting rooms for each service
- Customised patient web portal for each service
- Real time usage and call quality dashboard
- Maintains existing booking system and process
- Screenshare and IM chat support
- Consistent user experience - minimal training needed
Benefits
- Intuitive and easy to use
- Secure, scalable infrastructure
- Convenient, saving on travel and waiting time
- Efficient and productive
- Inclusive for low technology users and those outside Microsoft Teams
- Ideal for professional/consumer interactions
Pricing
£0.02 to £0.08 a unit a minute
- Education pricing available
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 13
Service ID
1 2 9 6 1 4 8 8 8 8 1 2 1 1 2
Contact
GCI Network Solutions Ltd
Roy Rodford
Telephone: 03450030000
Email: tenders@nasstar.com
Service scope
- Software add-on or extension
- Yes, but can also be used as a standalone service
- What software services is the service an extension to
- Microsoft Teams or Pexip.
- Cloud deployment model
- Private cloud
- Service constraints
- Requires Microsoft Office 365 with Azure Active Directory.
- System requirements
-
- Users must have a Microsoft Azure AD account
- Company must sync with OneConsultation service as a trusted domain
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- Depending on the priority of the ticket raised, we have a 24 hour response time.
- User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- None or don’t know
- Phone support
- Yes
- Phone support availability
- 24 hours, 7 days a week
- Web chat support
- No
- Onsite support
- No
- Support levels
- As part of the solution, we will provide product implementation and technical support to the end customer as part of the annual licence fee.
- Support available to third parties
- No
Onboarding and offboarding
- Getting started
- We offer train the trainer sessions as part of the provisioning stage and regular support throughout the contract to the project team to ensure OneConsultation is successfully deployed and understood.
- Service documentation
- Yes
- Documentation formats
-
- HTML
- End-of-contract data extraction
- No data is held for the customer or any users who access the OneConsultation service. Once the contract ends, we will terminate access to the customer's Microsoft Office 365 environment.
- End-of-contract process
- When the contract expires, we will remove the customer from our OneConsultation service and disable the public facing download page. All data relating to the customer will be deleted.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Opera
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- People can access our service from any supported web browser.
- Service interface
- Yes
- User support accessibility
- None or don’t know
- Description of service interface
- Users can access, join and manage virtual consultations. Users cannot personalise the OneConsultation rooms with any branding, that needs to be done by us.
- Accessibility standards
- None or don’t know
- Description of accessibility
- User can login using their O365 credentials. OneConsultation makes use of the existing Microsoft Authentication. We have a multi-tenant Azure AD application, which requires admin consent before it can read AD data for authentication. The security model we use is based on the flow here: https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-authentication-scenarios (specifically the section on Multi-tenanted Applications).
- Accessibility testing
- None.
- API
- Yes
- What users can and can't do using the API
- There is an Admin API which exposes details of consultations that have been created and which can be joined. Please contact us should you wish to integrate with the OneConsultation API.
- API documentation
- No
- API sandbox or test environment
- No
- Customisation available
- Yes
- Description of customisation
- The patient facing web portal can be customised with the logo and branding of the organisation. The URL for public facing web portal can also be customised.
Scaling
- Independence of resources
-
OneConsultation uses the Microsoft Azure Communication service to provide bridging services to OneConsultation - details of their SLA and resiliency can be accessed via the below URL:
https://azure.microsoft.com/en-gb/support/legal/sla/communication-services/v1_0/
Analytics
- Service usage metrics
- Yes
- Metrics types
- Number of consultations, average duration of calls, call quality and potential problem calls.
- Reporting types
- Real-time dashboards
Resellers
- Supplier type
- Reseller providing extra features and support
- Organisation whose services are being resold
- Pexip
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Security Clearance (SC)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- No
- Datacentre security standards
- Managed by a third party
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- Another external penetration testing organisation
- Protecting data at rest
- Other
- Other data at rest protection approach
- Data is held in Azure, refer to Microsoft for current standards.
- Data sanitisation process
- Yes
- Data sanitisation type
- Deleted data can’t be directly accessed
- Equipment disposal approach
- In-house destruction process
Data importing and exporting
- Data export approach
- Request to us and we will provide an extract in Excel format.
- Data export formats
- CSV
- Data import formats
- CSV
Data-in-transit protection
- Data protection between buyer and supplier networks
- TLS (version 1.2 or above)
- Data protection within supplier network
- TLS (version 1.2 or above)
Availability and resilience
- Guaranteed availability
- Service availability is at 99.9% up time.
- Approach to resilience
- Service is hosted in Microsoft Azure with multiple conferencing nodes in different regions so if one region is unavailable, the service automatically fails over to another available node.
- Outage reporting
-
Public facing website which customers can subscribe to so they receive email or RSS alerts if there are any updates or outages to the system.
https://status.oneconsultation.net/
Identity and authentication
- User authentication needed
- Yes
- User authentication
- Username or password
- Access restrictions in management interfaces and support channels
- Active Directory Windows Authentication.
- Access restriction testing frequency
- At least every 6 months
- Management access authentication
- Username or password
Audit information for users
- Access to user activity audit information
- Users contact the support team to get audit information
- How long user audit data is stored for
- Between 1 month and 6 months
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- Between 1 month and 6 months
- How long system logs are stored for
- Between 1 month and 6 months
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- United Registrar of Systems (URS)
- ISO/IEC 27001 accreditation date
- 17/12/2021
- What the ISO/IEC 27001 doesn’t cover
-
No aspect of Nasstar’s operations, products or services are out of scope.
No Annex A controls are out of scope. - ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- Yes
- Who accredited the PCI DSS certification
- NCC
- PCI DSS accreditation date
- 14/05/2021
- What the PCI DSS doesn’t cover
- Nasstar’s Live Agent & IVR Payment Solution.
- Cyber essentials
- Yes
- Cyber essentials plus
- Yes
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
- ISO 27001
Operational security
- Configuration and change management standard
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Configuration and change management approach
- Any changes made to the application is initially undertaken in a non-production environment to assess the impact on security, client requirements and functionality. Once approved and quality of service confirmed, and following communications sent to existing customers, the changes are applied to the production environment in line with our ISO27001 approved processes.
- Vulnerability management type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Vulnerability management approach
- We use our pro-active monitoring tools to identify potential threats including DOS and new service creation. We deploy patches within 2 hours once notification of potential threat has been received.
- Protective monitoring type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Protective monitoring approach
- We use our pro-active monitoring tools to identify potential threats including DOS and new service creation. We deploy patches within 2 hours once notification of potential threat has been received.
- Incident management type
- Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
- Incident management approach
- We have a defined Incident Management process. There are defined methods of how customers can raise and track tickets and ticket escalation process. The Incident Management process does include a known error database and common questions.
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Public sector networks
- Connection to public sector networks
- No
Social Value
- Fighting climate change
-
Fighting climate change
Nasstar is ISO14001 certificated. We also comply with SECR (Streamlined Energy Carbon Reporting) and ESOS (Energy Savings Opportunities Scheme). These are all things that look at how we manage, monitor and where possible reduce our environmental impact. - Covid-19 recovery
-
Covid-19 recovery
Nasstar was heavily affected by the pandemic, facing and overcoming considerable challenges to recover. We have been uniquely placed as a remote working solutions communications provider to assist customers in enabling thousands of employees to operate safely, securely and reliably from their home premises during lockdowns. Furthermore, we have continued to advise and enable thousands of end-users to adopt a hybrid model of work, taking advantage of both COVID-secure office workspaces and the benefits of remote operations as the UK works its way out of the COVID pandemic. We are proud to be enabling the future of the British economy and are driven to ensure as many businesses as possible are empowered by our support to deliver a strong national recovery.
We have evolved our hybrid working policy to improve conditions and productivity for our own employees. Our policy continues to guide the minimising of transmission by managing attendance in physical office spaces. Our office spaces are COVID-secure and continue to implement social distancing arrangements, improved sanitising/cleaning of workspaces and have included strict testing regimes to ensure the risk of spreading infection was well mitigated.
Within our workforce we are committed to protecting the most vulnerable to COVID-19, with support to both those who are personally shielding, or those whose family members/close contacts require shielding. Enhanced sick pay and flexibility for care arrangements enable our team to deal with the challenges COVID-19 has and continues to pose to us all, without undue fear of financial penalty or other restrictive situations. Employees have access to mental health first aiders and an Employee Assistance Programme, to further reduce reliance on public services.
Our commitments to supporting local communities under the Economic Equality responses can equally work in relation to COVID-19 recovery as they do for enhancing technology careers. - Tackling economic inequality
-
Tackling economic inequality
To positively influence economic equality we ensure we deliver quality services to a growing customer base. This puts us in a strong position to grow our employee base, extending opportunities and enhancing economic equality through job creation and additional training opportunities.
We take an active interest in our customer’s end customer and local community, seeking to help where we can add value, especially where our customers support an underprivileged or underrepresented group in society. We’re able to share value beyond the contract’s prescribed services by offering our technical/commercial insights through lectures, talks, webinars, roundtables etc to the community. In particular, members of Nasstar are able and experienced in running community education sessions on topics ranging from career guidance to technology-specific workshops including IT adoption/education.
We’re keen to support early career development and access within the IT/Telecoms space and utilise apprenticeships, work placements, internships and graduate opportunities in order to encourage future growth within the industry.
We can partner locally to do this by:
• Linking with local schools and colleges to enable interested young people to attend our sites and undertake work experience either in our offices or by shadowing technical field staff.
• Offering graduate/internship opportunities to local university students to experience technical projects, enabling them to put theory into practice and to gain vital work experience to gain permanent positions post-graduation.
• Providing apprenticeship opportunities, both administrative and technical and at different levels.
• Undertaking to increase these placements when large contracts are won, aligned to the public sector social value guidelines, in order to share and improve our social contribution to local communities.
In contrast to an industry where profit maximisation is traditionally motive (the private obligation), Nasstar believes that driving and fulfilling social value (the public obligation) is an integral part of any modern contractual relationship. - Equal opportunity
-
Equal opportunity
Nasstar actively promotes a culture of fair and equal treatment. Our ethos values people’s differences, and how they help everyone achieve more at work as well as in their personal lives. Our desire is to operate a business every person in society can feel proud to be an important part of. We are committed to providing a working environment that is responsive to different cultures and groups, where everyone has an equal chance to succeed and in which all employees are treated with respect and dignity.
We believe that the best decisions about people at work are based on their abilities, skills, performance, behaviour and our business requirements. Where necessary, we believe in taking proactive steps to make sure that policy, process and procedure provide a “level playing field” for everyone regardless of an individual’s protected characteristics. Training is freely provided within our business, with access to thousands of e-learning courses given to every employee across technical, personal, commercial skills and diversity, equity and inclusion awareness topics.
In 2022 we are committed to implementing a variety of pledges and covenants that demonstrate our objective of widening opportunity and representation in our business. These include the Disability Confident Scheme, Mental Health at Work Commitment, Armed Forces Covenant and the Equality and Human Rights Commission’s Working Forward community.
In 2022 we are seeking to expand representation across our business by adding recruitment advertising in equal opportunities-specific resources such as Women in Technology.
Our aim is to employ and retain individuals who embrace our inclusive culture, positive work ethic and have enthusiasm to join Nasstar on our journey of growth. Our goal is to create a workforce of the future within our sector, full of a genuine cross-section of society and all protected. characteristics. - Wellbeing
-
Wellbeing
Our Environment, Social and Governance Policy articulates our commitments which broadly align to the key features reported in the Good Work Plan (satisfaction, fair pay, participation and progression, well-being, safety and security, voice and autonomy). These work together to provide a healthy and engaging work environment. A selection of relevant commitments/policy positions are provided below:
• We believe in providing a working environment where our people can do their best work, and feel positive about the contribution they make to our success. We implement multiple initiatives that help provide a motivating workplace including regular performance reviews, setting and achieving personal objectives, and being recognised by managers for delivering good work.
• Our Personal Development, Training Policy and Procedure outlines our commitment to providing job and career development for all employees, including opportunity to have a Personal Development Plan (PDP) and access to external courses/training.
• Our Health and Safety, Stress Management and Mental Health strategies include giving access to an Employee Assistance Programme, and having trained Mental Health First Aiders who run a virtual community where employees are able to discuss any concerns with a trained individual. We proactively promote this, to demonstrate there is no stigma in our business around this subject.
• We provide our team with opportunity to give back to their communities, recognising the importance of personal interests in and recognising wider ethical causes in supporting the wellbeing of our team and local communities. This includes an annual charity elected by employees for donations and sponsorship events and donations of volunteer days for employees to be able to contribute working hours to worthy community / charitable causes.
• We provide awareness training for our managers on a variety of topics that help to develop a motivating and safe environment where all employees can thrive and succeed.
Pricing
- Price
- £0.02 to £0.08 a unit a minute
- Discount for educational organisations
- Yes
- Free trial available
- Yes
- Description of free trial
- A 30-day free trial version of the full application available.