Zoom Video Communications, Inc.

Zoom Workplace

Zoom Workplace is an AI-powered collaboration platform designed to reimagine teamwork by streamlining communications, increasing employee engagement, optimising in-person time, and improving productivity across flexible work. It’s Zoom’s core communications products, combined with employee engagement, spaces, and productivity solutions, all within the Zoom experience, with AI woven throughout.

Features

• AI-powered collaboration platform that streamlines your communications and improves productivity
• AI seamlessly integrated across the platform
• Simplified video conferencing and messaging across any device
• Feature-rich cloud phone system for organisations of all sizes
• Instant Messaging tool designed to streamline communications between users
• Productivity tools including Docs, Whiteboard, Clips, and more
• Drive communication and engagement via a leading employee experience platform
• Affordable and user-friendly video conferencing rooms
• Developer platform and existing library of over 2,500 integrations

Benefits

• AI-powered tools that work together effortlessly across a single app
• Improve productivity with products that are built for modern work
• Optimise office experiences and hybrid work with flexible workspace solutions
• Connect your entire workforce with enhanced employee experiences
• Enable seamless experiences with your preferred business apps

£7.40 a licence a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  ODS

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ben.lorimer@zoom.us. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

164362055695264

Contact

Ben Lorimer
+44 (0)207 155 1410
ben.lorimer@zoom.us

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: Not applicable.
• System requirements:
  • Internet connection broadband wired or wireless (3G or 4G/LTE)
  • Speakers and a microphone
  • A webcam or HD webcam built-in or USB plug-in (optional)
  • Or HD cam or HD camcorder with video capture card
  • Or alternatively virtual camera software
  • See more here: https://support.zoom.com/hc/en/article?id=zm_kb&sysparm_article=KB0060748

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Support Hours are 24x7, including public holidays, where agents or technical engineers are available for email or live support. ; ; Target Response Time for a Support Ticket will be the time (a) commencing when Zoom receives a proper Support Ticket from Customer and (b) ending when customer receives notification that the Support Ticket has been logged. For Pro, Business, API or Education plan subscribers this will be:; Priority 1 - Urgent: 1 Hour; Priority 2 - High: 4 Hours; Priority 3 - Normal: 24 Hours; Priority 4 - Low: 24 Hours; ; Read more here: https://support.zoom.com/hc/en/contact?id=contact_us
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Web chat
• Web chat support availability: 24 hours, 7 days a week
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: Not applicable.
• Onsite support: No
• Support levels: We understand how important Zoom products are for keeping our clients connected. We offer several options so customers can choose the support plan that best meets your organisation's needs: Access (included with licensing fees), and Premier and Premier + (options available for an additional fee). Each programme offers access to a wealth of support tools and expertise, including 24/7 access to our Global Support Centres and the Zoom Learning Center, local language support, and Zoom status notifications. Additional support options, such as priority response, will vary based on account type, user type, and how the account is configured.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Customers will have access to Zoom's Customer Success Advisors. Starting with the onboarding journey, the CS Advisor team guides where customers can get started with learning via the Zoom Learning Center and various support guides. Once our customers are live on their Zoom solutions, this team provides proactive digital deliverables to help customers drive adoption and maximize their investment in Zoom. Our Customer Success program is focused on ensuring customers achieve the value they expect throughout their Zoom journey. This approach enables faster response times with group knowledge for better and more efficient support. Self Service Offerings also include: Zoom Learning Center (Learn anytime, anywhere and expand your product knowledge), Zoom Community (get involved, become a leader, and connect with other Zoom users and customers), Zoom Support (find answers to your product questions in our many articles and training materials, or contact the support team for technical assistance), and Webinars (attend onboarding webinars to learn about best practices and get the latest information about the Zoom platform).
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: Upon contract termination, Zoom deactivates all user IDs related to the customer account and any saved data is deleted. Therefore, the customer will have to download any recorded meetings prior to their termination date by visiting their online user profile, navigating to their recordings and downloading selected recordings to an alternate source.; ; Zoom has a data retention standard that details how data is deleted when a customer terminates service (i.e., purged on day 31). Furthermore, our Data Protection Standard states how Zoom must sanitise media. Zoom has a process for records retention to ensure that Personal Information is retained for no longer than necessary to fulfill the obligations or meet legal retention requirements.
• End-of-contract process: Upon termination of the customer's contract, Zoom will deactivate all user IDs associated to that billing account and delete any saved recordings.; ; Zoom has a data retention standard that details how data is deleted when a customer terminates service (i.e., purged on day 31). Furthermore, our Data Protection Standard states how Zoom must sanitise media. Zoom has a process for records retention to ensure that Personal Information is retained for no longer than necessary to fulfill the obligations or meet legal retention requirements.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
  • Other
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: See the link below for a comparison of features between the Zoom desktop clients, mobile apps, web client, and Zoom Web App:; https://support.zoom.com/hc/en/article?id=zm_kb&sysparm_article=KB006552
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: Yes
• What users can and can't do using the API: The Zoom API is the primary means for developers to access a collection of resources from Zoom. Apps can read and write to the resources and mirror some of the most popular features available in Zoom Web Portal such as creating a new meeting, creating, adding and removing users, viewing reports and dashboards on various usage, and so on using the Zoom API. Depending on your app’s use case, you can choose from our various APIs and implement the features accordingly. All APIs under the Zoom API are based on REST architecture and are accessed via HTTPS at specified URLs. The base URL for all requests is https://api.zoom.us/v2/. The complete URL varies depending on the endpoint of the resource being accessed. For instance, you can list all users on an account via a GET request to this URL: https://api.zoom.us/v2/users/. Within our API reference pages, you can send test requests and view responses. You can also view the code for the request in various languages such as Python, Node, Java and more. With each release, we add additional APIs and enhancements to meet the needs of our customers.
• API documentation: Yes
• API documentation formats: Other
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Zoom offers a number of opportunities to customise the service. Zoom’s App Marketplace brings together integrations, apps, and bots built by Zoom, third-party developers, and oftentimes our own customers, making it easy for Zoom users to extend the power of Zoom for any business need. The Zoom App Marketplace hosts over 2,500 apps and integrations for our solutions. In addition, Zoom’s APIs allow for a robust extension of the core Zoom product and apps can read and write to the resources and mirror some of the most popular features available in the Zoom Web Portal such as creating, adding and removing users, viewing reports and dashboards on various usage, and so on. Experienced developers can choose to leverage Zoom’s SDKs to incorporate the Zoom experience into their own application. Lastly, role-based access control enables the creation of custom user roles that have a set of permissions that allows access only to the pages a user needs to view or edit.

Scaling

• Independence of resources: Zoom’s unique architecture allows us to quickly and easily scale to meet demand. We maintain excess capacity in all aspects of our infrastructure to accommodate growing business, healthcare, and education needs and to meet peak usage requirements. Our proven infrastructure supports billions of meeting minutes a month and our architecture is built to handle growing levels of activity, as our unified communications platform is architected from the ground up to address the most technologically difficult aspect of communications: video. Our modern cloud architecture gives our platform its trademark reliability, quality, and scalability.

Analytics

• Service usage metrics: Yes
• Metrics types: The Zoom Dashboard allows administrators on the account to view information ranging from overall usage to live data relating to Zoom solutions. This data can be used to analyse issues that may have occurred as well better understand how users are interacting with the Zoom platform within your organisation.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Reports and recordings can be exported via the Zoom web portal as required.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • MP4
  • MP3
  • VTT
• Data import formats:
  • CSV
  • Other
• Other data import formats: SAML

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
  • Other
• Other protection between networks: Zoom’s communications infrastructure for real-time video, audio, and data communications resides on Zoom dedicated servers, which are housed in SSAE 16 SOC2 compliant data centers.; ; Zoom sessions are completely temporary and operate analogously to the popular mobile conversation over the public mobile network.; ; Zoom can encrypt all presentation content at the application layer using the Advanced Encryption Standard (AES) 256-bit algorithm.; ; Zoom can secure all session content by encrypting the communications channel between the Zoom client and the multimedia router using a 256-bit Transport Layer Security (TLS) encryption tunnel.
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
  • Other
• Other protection within supplier network: Zoom adheres to OWASP standards for internal security processes.

Availability and resilience

• Guaranteed availability: SLAs are addressed in Zoom's Master Services Agreement (MSA) and may include 99.9% uptime, excluding excused downtime (maintenance).
• Approach to resilience: Zoom web services leverage AWS high availability infrastructure with multi-region configuration operating in Active/Standby mode. For realtime communications, Zoom leverages multiple Tier 1 data centers running in Active/Active mode.
• Outage reporting: Zoom posts any general incident announcement and other announcements including scheduled maintenance, outages, updates, through our status page at status.zoom.us. For incidents affecting a specific customer, Zoom will notify the account owner and administrator(s) through email or as specified in fully executed agreement.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Management interfaces are accessed via user name and password derived from integration via SSO or user name and password stored in a salted hash. Interfaces are accessed based upon role based access control (RBAC).
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: Between 6 months and 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Between 6 months and 12 months
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Schellman & Company, LLC
• ISO/IEC 27001 accreditation date: 04/01/2024
• What the ISO/IEC 27001 doesn’t cover: Not applicable.
• ISO 28000:2007 certification: No
• CSA STAR certification: Yes
• CSA STAR accreditation date: 20/01/2023
• CSA STAR certification level: Level 2: CSA STAR Attestation
• What the CSA STAR doesn’t cover: Not applicable.
• PCI certification: Yes
• Who accredited the PCI DSS certification: Schellman & Company, LLC
• PCI DSS accreditation date: 10/08/2022
• What the PCI DSS doesn’t cover: Not applicable.
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • SOC2 Type 2
  • TRUSTe
  • Please see: https://explore.zoom.us/en/trust/legal-compliance/#certifications

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: Cyber Essentials, Cyber Essentials Plus, SOC2 Type 2, Privacy Shield, GDPR, TRUSTe Certified Privacy
• Information security policies and processes: Zoom's security policies are derived from the ISO 27001 framework.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Change triggers for unique processes and controls are: Code, Database, Infrastructure, Data.; ; Weekly meetings held to request changes that need to be performed during maintenance windows. Change requests are presented, validated, and scheduled. Changes are approved by the Change Manager. Implementation in production should not be by the same individual who developed the change. When staffing levels do not permit this separation, management oversight and approval of the change and testing process ensure appropriate processes are followed. Dev and test environments are physically and logically segregated from production. No customer data is used in testing.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Zoom has a formal Vulnerability Management Plan in place. Zoom performs monthly vulnerability and web application scanning using an external party (Qualys). Scan reports are reviewed by our Security and technical teams and discussed with the engineering and development teams. Validated findings are tracked in our JIRA system throughout remediation.; ; Zoom has a monthly patch cadence. Zoom will patch all applications, workstations, and servers (virtual or physical) with all current operating system, database, and application patches deployed in our computing environment according to a schedule predicated on the criticality of the patch. Maintenance/patching typically will have no service downtime.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: We have monthly vulnerability and web application scans. Findings are reviewed and validated by our technical and engineering team. Vulnerability rated on severity level and tracked using our JIRA system. Vulnerability fixes are release from our engineering team and follow our formal change management process for deployment to production. Zoom also has DDoS monitoring and Managed service in place. Affected traffic are diverted and filtered through a scrubbing centre.; ; Zoom responds to incidents as defined within our SOC2 report available upon execution of a mutual NDA.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Zoom communicates the incident response policy to internal and external users and instructs users to contact their supervisor and the information security representative if they become aware of a possible security breach. When a potential security incident is detected, a defined incident management process is initiated by authorised personnel. Incidents are tracked through the tracking application, which includes the corrective actions implemented in accordance with the defined policies and procedures.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Zoom plays an important role in enabling remote working for millions of people around the world every day. We estimate our product has helped our customers reduce their carbon emissions by tens of millions of metric tons, and we continue to help take cars off the road for commuters who are able to work remotely. Our dedication to environmental sustainability does not end there; we also want to ensure the sustainability of our operational footprint, and as such are committing to reaching 100% renewable electricity in our operations by 2030. Our report shares some of the initiatives that will help us reach our goals. We’re also taking action to make sustainable choices for our company to lessen our impact on the environment. Here’s a snapshot of our recent accomplishments: ; - Quantifying three years of our greenhouse gas emissions so we can understand trends, set goals and maximize reductions through prioritized actions. ; - Adopting Salesforce’s Net Zero Cloud to have a central repository for all our social, environmental, and governance metrics, and in anticipation of the SEC’s climate disclosure requirements.; - Proactively engaging with third-party raters to address customer inquiries and improve our scores.; - Continuing to our ESG Report detailing our framework and accomplishments.; - Presenting our own operational perspective at Zoomtopia, our annual customer conference, with the panel, “Exploring a New Dimension: Sustainability & ESG at Zoom”.; ; Our latest ESG report can be found at the folloiwng link:; https://explore.zoom.us/media/fy2023-zoom-esg-report.pdf

  Covid-19 recovery

  During the COVID-19 pandemic, we provided our education services to over 125,000 education domains in 25 countries for free to help students stay connected safely to continue learning. We also provided training and resources to help more than 35,000 educators to teach remotely on Zoom during the pandemic with the Zoom Summer Academy, which brought together educators and administrators from all across the world together to hone their skills, discuss pedagogical applications of hybrid learning best practices, and envision the future of higher education. We are proud of the way people turned to us during the pandemic, but this was an acceleration of changes already underway - a decade’s transformation took place in 12 months.

  Tackling economic inequality

  Our philanthropic program, Zoom Cares, strives to make a positive impact on our local and global communities by leveraging charitable funding, technology, our passionate employees, policy advocacy, and our voice to support education and social equity. Our latest Impact Report can be found at the following link and highlights the tireless efforts of our nonprofit partners and Zoom’s social impact activities:; https://explore.zoom.us/docs/en-us/zoomcares.html

  Equal opportunity

  To make sure that our products and culture continue to incorporate everyone's perspectives and experience we never discriminate on the basis of race, religion, national origin, gender identity or expression, sexual orientation, age, or marital, veteran, or disability status. Zoom is proud to be an equal opportunity workplace and is an affirmative action employer.; ; To see additional information, please read about our approach to diversity, equity and inclusion at the Zoom Careers page at the following link:; https://careers.zoom.us/home ; ; In addition, at Zoom we also strive to ensure that people of all abilities can meet and collaborate with one another by taking into consideration the wide range of hearing, vision, mobility, and cognitive abilities. We ensure that accessibility considerations are not just nice-to-haves, but requirements in our development process; and our accessibility team collaborates with the product and engineering teams at every stage of the release process. Our accessibility features are available to all Zoom users. These include the option to customise font sizes, add manual closed captioning, keyboard shortcuts, screen reader support, and automatic transcript generation - making it easy to search and review written records of meetings which are recorded in the cloud. To ensure our products are as inclusive as possible, we regularly gather feedback to identify areas where there is a mismatch between our products and our users' abilities.

  Wellbeing

  At Zoom, we believe that in order to deliver happiness to our customers, our employees should be happy at work. That’s why we focus on cultivating a culture around our value of Care.; ; Our Diversity, Equity & Inclusion (DEI) team leads our company-wide effort to bring greater diversity and inclusiveness to our people and products, from our recruiting and hiring practices to the accessibility of our platform. We view our efforts within 4 pillars:; - Workforce - Workforce is about who and how we hire. We actively engage with external sourcing partners to invite the best and brightest talent from the broadest backgrounds to consider working at Zoom. We continuously take stock of how we evaluate candidates to ensure that they are getting a fair and equal opportunity to share their capabilities.; - Marketplace - Our DEI Marketplace efforts are all about how we include and consider our customers, with the ultimate goal of creating better products and experiences with them in mind. An example of our Marketplace efforts include leveraging our ERGs and strategic partners to provide feedback on product designs and features.; - Workplace Community - Workplace is how Zoomies experience Zoom once they are here. Do they feel a sense of belonging to the organization? Do they have an opportunity to build networks and connections outside of their day-to-day roles? Examples of our Workplace efforts include our Employee Resource Groups, employee-driven, volunteer groups that foster DEI in the workplace and encourage employee engagement and support.; - Community - Our DEI Community efforts are focused on how we do our part to make the world more equitable for all. In partnership with our internal teams and external strategic partners, we forge partnerships that advance our DEI mission and Zoom’s core value of Care.

Pricing

• Price: £7.40 a licence a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Zoom provides a free Basic license that includes some of the features and functionalities of paid user licenses with a 40-minute meeting limitation, and basic, limited functionality. For further information please see the following link:; https://zoom.us/pricing
• Link to free trial: https://zoom.us/signup

Service documents

• Pricing document

  ODS

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ben.lorimer@zoom.us. Tell them what format you need. It will help if you say what assistive technology you use.