CRAVEN & FINDLAY LIMITED

CFone VoIP

Business cloud and VoIP phone systems.

Features

• Auto attendant with IVR
• Call Recording
• Soft phone apps and Yealink phones supported
• Migration from other phone platforms
• Porting numbers and monthly account management
• 24/7 365 phone support with help desk and email
• Wall boards, live and automated call reporting
• UK hosted
• Remote access
• Secure

Benefits

• Flexible packages
• Work from anywhere
• Easily deployed
• YouTube and onsite training
• Reliable

£10 to £20 a user a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at mark@cfone.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

260591783939911

Contact

Mark Hodgkinson
0208 573 1177
mark@cfone.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: We supply the NHS, Clinics, Schools and businesses across the UK. To do this, we work with each clients support and maintenance requirements to ensure continuous service. There are no constraints to be made aware of.
• System requirements:
  • Windows 10 or 11
  • IPhone 8 or later
  • Android 5 or later
  • Yealink phones use PoE or power supplies

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: At weekends we respond to emergency calls straight away, but emails and tickets are responded to weekdays 9am to 5pm.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: We deliver onsite installation, training, support and account management.; Online training, technical support and account management are included.; Onsite Installation costs £500 per day.; Onsite UK Training costs £250 per day.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We provide onsite and online training via our Youtube channel CFone VoIP.; Our well rehearsed onboarding plan takes clients from their initial enquiry, onsite demo with real phones, through scoping their requirements, agreeing a quote, system specification, porting numbers, firewall changes, onsite trial, everything to confirm staff are confident the phone system does what it should and users are proficient in the use of the phone system, including onsite installation, training, account management and support.
• Service documentation: No
• End-of-contract data extraction: Users can download call logs, call recordings, voicemails, phone books and phone users lists via a supported web browser and secure role based access control.
• End-of-contract process: Online support, training and account management is included throughout the contract. Onsite support and training is chargeable. At the end of the contract, the client can renew their contract or move away. The notice period is 90 days.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • MacOS
  • Windows
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Just visual differences. The functionality is the same.
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Permits technical people to administer the system to their own needs.
• Accessibility standards: None or don’t know
• Description of accessibility: From a supported web browser, users with role based access control can change call flows, auto attendants, call queues, replay call recordings, amend hunt and call groups, add remove users and update phone books.
• Accessibility testing: None.
• API: Yes
• What users can and can't do using the API: Users can download call data reports to see how calls were handled by the phone system and answered by the users.
• API documentation: Yes
• API documentation formats: HTML
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Users can customise how calls are handled, recognise incoming caller phone numbers and match them to their phonebook so callers can be greeted by their names. Music on hold can be changed with professional scripts to upsell services to callers.

Scaling

• Independence of resources: Every phone system is designed and built on scalable AWS servers based on its intended usage. Phone systems and call carriers can draw on additional abundent resourses when required. Systems monitor irregular call patterns of excessive use and alert us to take action to prevent other users being affected.

Analytics

• Service usage metrics: Yes
• Metrics types: Real time call statistics, wall boards, call records and schedulled call reports.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: VIP VoIP Ltd

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest: Physical access control, complying with CSA CCM v3.0
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: By downloading their data from a supported browser and secure role based access control.
• Data export formats:
  • CSV
  • Other
• Other data export formats: Wav
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: We prioritise high availability for users through a robust infrastructure and adherence to SLAs guaranteeing at least 99.9% uptime. Failure to meet these commitments triggers refunds or service credits as outlined in our SLA. We ensure transparency by notifying users of maintenance or downtime, providing updates until resolution. Our support team is available to address any concerns.
• Approach to resilience: Our service prioritises resilience through robust technological features, such as AWS route 53 resiliency and operational strategies incorportating Cyber Essentials compliance. Technologically, we ensure redundancy and failover mechanisms across servers, storage, and networks, bolstered by cloud-based solutions. Operationally, we maintain comprehensive disaster recovery plans, including data backup, rapid system recovery protocols, and regular testing. Detailed information about our resilient datacenter setup is available upon request, adhering to industry best practices against various threats. We're committed to continuously enhancing our infrastructure and procedures to deliver reliable service to users, even in challenging circumstances.
• Outage reporting: We have a public service status dashboard and send out email alerts to notify users about any outages or incidents that may impact their access to our services. These email alerts include detailed information about the nature of the outage, expected resolution time, and any actions users may need to take.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: Secure role based access controls who can access what and which services they can use or administer.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: Sysnet Global Solutions
• PCI DSS accreditation date: 10/08/2023
• What the PCI DSS doesn’t cover: Nothing.
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: Being Cyber Essentials certified, we recognise the importance of information assets. We are also currently working towards ISO 27001:2013. We employ various security measures and committments to compliance, continual improvement, transparent communication, collaboration, staff training, and customer satisfaction. All employees share responsibility, supported by management. Ongoing reviews ensure the integrity of our customer's information, with formal assessments conducted annually during Management Review meetings.
• Information security policies and processes: We have diverse security measures and commit to legal compliance, continual enhancement, transparent communication, stakeholder collaboration, staff training, and exceeding customer expectations. All employees share responsibility, backed by management. We perform regular checks to ensure the efficacy and relevance of our security.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: We monitor the components of our services throughout their lifetime. Changes are sandbox tested for potential security impanct prior to deploying them.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We assess potential threats through proactive monitoring, threat intelligence feeds, and vulnerability assessments. Our response time to deploy patches depends on severity, with critical patches prioritised for immediate deployment. We gather information about potential threats from a variety of sources, including security advisories from vendors, industry forums, security research organisations, and internal security teams collaborating to stay informed and mitigate risks promptly.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We use tools to monitor system logs, network traffic, and user activities in real-time to detect anomalies or suspicious behavior.; ; Upon detection, our incident response team is alerted, following predefined procedures to isolate affected systems and conduct forensic analysis.; ; Response times vary based on severity, with critical incidents addressed near-instantly and less severe ones within minutes to hours.; ; Our goal is to minimise the impact, ensuring the integrity, availability, and confidentiality of our systems and data.
• Incident management type: Supplier-defined controls
• Incident management approach: We ensure efficient handling and resolution of security incidents:; ; Our pre-defined processes help us mange event such as data breaches, malware infections, and unauthorised access to ensure swift and consistent resolution.; ; Incidents are reported to us by phone, email or help desk ticket.; ; Upon receipt of an incident, we assess the incident, assigns roles and initiates containment actions, fostering seamless communication throughout.; ; Thorough investigation and remediation helps us restore operations and minimise impact.; ; Detailed incident reports are shared with users to ensure transparency.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Fighting climate change

  Fighting climate change

  CFone are part of the SME Climate Hub and we have committed to the race to zero carbon footprint by 2030. As an environmentally-friendly VoIP provider, we want to reduce the impact that our VoIP services have on the planet and joining the SME Climate Hub is just one of the many ways that we are becoming more eco-friendly. The Hub is recognised by The United Nations Race to Zero campaign which includes governments, businesses, cities, regions, and universities from around the world.; ; We have undertaken an assessment of our carbon footprint and created a carbon reduction plan which can be found on our website https://www.cfone.co.uk/carbon-reduction-plan/; ; We plant a tree for every VoIP plan and VoIP phone handset that we sell. It is our way of taking care of the planet and playing our part in the UK’s race to reduce its carbon emissions. By choosing CFone as your VoIP provider, you will not only benefit from a great phone system, you will also be taking care of the planet too. Every small action towards helping the environment counts and we are proud to be not only reducing our CO2 emissions but also helping our customers to reduce their carbon footprint too.

Pricing

• Price: £10 to £20 a user a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Everything is included for up to two weeks.; Onsite demonstration, kit evaluation, simple training to familiarise users with our prodcuts and services. A full live trial to ensure users are confident our phone service fits their requirements and staff are proficient in the use thereof.
• Link to free trial: https://www.cfone.co.uk/

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at mark@cfone.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.