Arrow Business Communications Limited

SD-WAN

Arrows’ software-defined, wide area network (SD-WAN) solution is a security-driven, network technology and managed-service-solution, providing central network orchestration (control, monitoring, and analysis) with a tiered, enterprise-grade support capability.
It consolidates SD-WAN, next-generation firewall with advanced routing features and allows the secure control of network and application traffic in near real-time

Features

simplified operations, centralised orchestration, enhanced analytics and zero-touch provisioning;
carrier and transport technology agnostic;
tiered and/or bespoke, enterprise-grade managed service wrap
guaranteed data-sovereignty with key-components hosted-in UK-based data-centre
enhanced granular analytics for end-to-end visibility and control;
self-healing capabilities for enhanced user experience;
enhanced-application-monitoring with 5000+ applications identified with real-time SSL inspection
cloud on-ramp for efficient and secure Software-as-a-Service (SaaS) adoption;
supports micro, macro, single task VDOM and multi VDOM segmentation;

Benefits

application-driven approach supports broad application steering, accurate application -
identification and enhanced WAN remediation/self-heeling;
mature cloud integration allows for accelerated cloud on-ramp (AWS-Azure etc.);
natively integrated NGFW and SD-WAN capability preserves the security ......
and availability of-the-network
tiered and/or bespoke, enterprise-grade managed service wrap
enables thin-edge (SD-WAN-routing) and WAN edge (SD-WAN-routing, NGFW)...

£105 to £1,192 an instance a month

Service documents

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@aro.tech. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

Contact

Arrow Business Communications Limited John Loftus
Telephone: 07545 929225
Email: gcloud@aro.tech

Service scope

Software add-on or extension: No
Cloud deployment model: Public cloud
Service constraints: A suitable private or public internet connection is required
System requirements: Connectivity to the internet

User support

Email or online ticketing support: Email or online ticketing
Support response times: Our standard response time is four working hours Monday-Friday 9-5.30pm. We can supply bespoke SLA agreements.
User can manage status and priority of support tickets: No
Phone support: Yes
Phone support availability: 24 hours, 7 days a week
Web chat support: Web chat
Web chat support availability: 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard: None or don’t know
How the web chat support is accessible: There is a web-chat icon on each page of the support section in our web-site. Zendesk supports or partially supports WCAG 2.0 guidelines.
Web chat accessibility testing: None Completed to Date
Onsite support: Onsite support
Support levels: We provide one level of support, Standard. Standard business hours and Monday to Friday 9-5.30. Standard support guarentees a response within 4 hours to a fault properly reported to the Arrow Support Desk. Contract includes 10 dial ins per month with a maxiumum total time limit of 2 hours.
Support available to third parties: Yes

Onboarding and offboarding

Getting started: An Account Manager and pre-sales consultant will work with you to identify the correct service specification and configuration. If required we will attend site to conduct site surveys, demonstrations and audits. Once our proposal is accepted and our SD-WAN service contract signed, we add the project to our internal task system. Each new customer project is allocated a Prince 2 qualified Project Manager (PM) who assumes overall responsibility for the successful delivery of the project. The PM will communicate with the customer by phone, e-mail, video or in person. A Project Initiation Document is issued once we have gathered all required information, this document defines the project. All user information is gathered and amended if required. A meeting to discuss all aspects of the service configuration. The service configuration agreement written up and issued. The PM will liaise with the Network Engineering team to manage the necessary resources. The assigned Network Engineer will configure the service and attend site to carry out the deployment. Where the customer specifies on-site training, a trainer will attend site to provide the necessary instruction.
Service documentation: Yes
Documentation formats: PDF
End-of-contract data extraction: The customer via the relevant service portals can extract all historical data
End-of-contract process: Once the service fully terminates, Arrow technical staff will de-commission the customers service ensuring all data is permanently deleted.

Using the service

Web browser interface: No
Application to install: Yes
Compatible operating systems: Android

IOS

Linux or Unix

MacOS

Windows
Designed for use on mobile devices: No
Service interface: Yes
User support accessibility: None or don’t know
Description of service interface: Available upon request
Accessibility standards: None or don’t know
Description of accessibility: Available upon request
Accessibility testing: None Completed to Date
API: No
Customisation available: Yes
Description of customisation: Available upon request

Scaling

Independence of resources: Our platform is monitored 24/7/365. We maintain a surplus of licensing to ensure that even during peak usage our customers are not affected.

Analytics

Service usage metrics: Yes
Metrics types: Metrics can be provided to the customer on usage
Reporting types: Reports on request

Resellers

Supplier type: Not a reseller

Staff security

Staff security clearance: Other security clearance
Government security clearance: None

Asset protection

Knowledge of data storage and processing locations: Yes
Data storage and processing locations: United Kingdom
User control over data storage and processing locations: Yes
Datacentre security standards: Supplier-defined controls
Penetration testing frequency: At least once a year
Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest: Other
Other data at rest protection approach: Available upon request
Data sanitisation process: Yes
Data sanitisation type: Explicit overwriting of storage before reallocation
Equipment disposal approach: In-house destruction process

Data importing and exporting

Data export approach: Via a secure web-portal. Portal address to be provided by engineering upon commencement of the service.
Data export formats: CSV

Other
Other data export formats: Xls
Data import formats: CSV

Data-in-transit protection

Data protection between buyer and supplier networks: Legacy SSL and TLS (under version 1.2)

Other
Other protection between networks: The video conferencing streams are encrypted end to end
Data protection within supplier network: Other
Other protection within supplier network: The SD-WAN service operates from secure UK data centre locations and the equipment is only accessible by cleared Arrow technical personnel. All customer

data resides within the Arrow managed racks and no data is transferred either outside of this environment of overseas. The Cloud video service operates in line with the guidance laid out in the ISO27001:2013 certification for Information and Security

Management. We operate a robust data protection policy and retain customer data for the minimum amount of time necessary to deliver the service.

Availability and resilience

Guaranteed availability: Service Availability

Arrow undertakes to provide Service Availability of 99.9% of the available time in

each month. Failure to meet this level will result in a Service Credit offered to the

Qualifying Customer.

Service Availability Credit

100% of the Monthly Recurring Charges billed for the Arrow Cloud Video service

provided to the relevant customer for the relevant month.

Response Time

Arrow offers two levels of support service cover: standard and total care. During

Arrow’s Normal Working Hours on Business Days, standard service level cover

guarantees a response within 8 working hours to a fault properly reported to Arrow’s

technical helpdesk. During Arrow’s Normal Working Hours on Business Days, total

care service level cover guarantees a response within 4 hours to a fault properly reported

to Arrow’s technical helpdesk.

Failure to meet the relevant response time subject to eligibility will as described below,

result in a Service Credit of 50% of the relevant billed Monthly Recurring Charges for the

month in which the failure occurred.
Approach to resilience: We operate the service from a fault tolerant virtual platform with real-time replication between virtual hosts.
Outage reporting: We have a process to communicate with customers in the event of a major service outage and provide a Reason for Outage report. This is based through emails from the support team. Once an outage is noted then regular hourly emails are sent detailing progress to resolution.

Identity and authentication

User authentication needed: Yes
User authentication: Dedicated link (for example VPN)

Username or password
Access restrictions in management interfaces and support channels: Available on request (not public)
Access restriction testing frequency: At least once a year
Management access authentication: 2-factor authentication

Public key authentication (including by TLS client certificate)

Dedicated link (for example VPN)

Username or password

Audit information for users

Access to user activity audit information: Users have access to real-time audit information
How long user audit data is stored for: At least 12 months
Access to supplier activity audit information: No audit information available
How long system logs are stored for: At least 12 months

Standards and certifications

ISO/IEC 27001 certification: Yes
Who accredited the ISO/IEC 27001: DNV Business Assurance UK Limited
ISO/IEC 27001 accreditation date: 01 December 2023
What the ISO/IEC 27001 doesn’t cover: This certificate is valid for the following scope:

Provision of IT and Telecommunications Services (AV and Video Conferencing, Business Mobile, Cloud Telephony, Contact Centre, Cyber Security, Data Centre Services, Data services, IT, Software Development, Mobile Data) in accordance with the Statement of Applicability, version 1.0, plus Code of Practice ISO 27017:2015 on information security controls for cloud services and Code of Practice ISO 27018:2019 for protection of personally identifiable information (PII) in public clouds.
ISO 28000:2007 certification: No
CSA STAR certification: No
PCI certification: No
Cyber essentials: Yes
Cyber essentials plus: Yes
Other security certifications: Yes
Any other security certifications: NHS Data Security and Protection Toolkit. ODS Code: 8J121

Security governance

Named board-level person responsible for service security: Yes
Security governance certified: Yes
Security governance standards: Other
Other security governance standards: NHS Information governance toolkit level 2
Cyber Essentials. Registration number QGCE2305.
Information security policies and processes: The Chief Executive Officer, along with the board, in partnership with the Head of IT is responsible for the approval of all of the IT policies and ensuring that they are discharged to the relevant managers. Arrow's Information Security Policy outlines our approach to information security as well as being a method to establish a set of tools to outline the responsibilities necessary to safeguard the security of the Company’s information systems with supporting policies, codes of practice, procedures and guidelines. The policy applies to all employees - current and new - of the Company as well as all other authorised users. The policy relates to the use of all Company-owned information system assets, to all privately owned systems when connected directly or indirectly to the Company’s network and to all Company-owned and or licensed software/data. Authorised members of the IT Department will from time to time monitor the information systems under their control to ensure compliance. This is supported by training during the Induction process for new employees and updates to existing staff as appropriate.

Operational security

Configuration and change management standard: Supplier-defined controls
Configuration and change management approach: All components are recorded on a asset register and asset tagged where necessary. Should changes be needed a formal request is submitted to the change management board and risks would be assessed against the current safeguards in place against that component. Based on this assessment that change management board would recommend the correct and safest course of action.
Vulnerability management type: Supplier-defined controls
Vulnerability management approach: Potential threats are identified through risk assessments. Our response to identified threats is measured on severity and impact. This also defines the level to which the issue is escalated. Regular software patches to our service are released by the manufacturer Vidyo. We implement these patches onto our platform in a timely manner.
Protective monitoring type: Supplier-defined controls
Protective monitoring approach: Arrow's Data Protection Policy details the extensive controls, measures and methods used to protect personal data, uphold the rights of data subjects, mitigate risks, minimise breaches and comply with the data protection laws and associated laws and codes of conduct. We also carry out regular audits and compliance monitoring processes, to ensure that the measures and controls in place are adequate, effective and compliant at all times. All data breaches are reported immediately to the direct line manager and the reporting officer. Measures must be taken immediately to contain the breach and to stop any further risks or breaches.
Incident management type: Supplier-defined controls
Incident management approach: Arrow’s Data Breach Policy states that all staff must report a data breach immediately to the direct line manager.

The Supervisory Authority is to be notified within 72 hours of any breach where it is likely to result in a risk to the rights and freedoms of individuals.

A full investigation is conducted and recorded on the incident form, the outcome of which is communicated to all staff involved in the breach, in addition to upper management. A copy of the completed incident form is filed for audit and record purposes.

Secure development

Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks: Yes
Connected networks: Joint Academic Network (JANET)

Health and Social Care Network (HSCN)

Pricing

Price: £105 to £1,192 an instance a month
Discount for educational organisations: No
Free trial available: No

Service documents

Request an accessible format

Cookies on Digital Marketplace

SD-WAN

Features

Benefits

Pricing

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Social Value

Pricing

Service documents