CW Squared Ltd

Zoom Video Communications/Managed Service

There are plenty of audio-visual suppliers who can rack and stack video conferencing solutions. However, there aren’t many companies that know how to create a video-enabled collaborative business. As an accredited Zoom solution provider, we specialise in getting the best from the technology – saving you time, effort and money.

Features

• Meetings and video conferencing from desktop, mobile and in-room devices
• Complete workplace management solution including room bookings
• Enterprise cloud phone system with centralised management
• Unified app for phone, video meetings and chat
• Zoom certified hardware and audio-visual equipment installs
• Create efficient digital workflows aligned to your existing processes

Benefits

• Seamlessly elevate phone calls to a Zoom meeting
• Align digital strategy with Zoom solutions
• Video triage services for local and central government services
• Digital inclusion and support
• Monitoring of room occupancy and CO2 for return to office
• COVID-safe spaces for consultations and assessments

£15.99 a licence a month

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at public.sector@cw-squared.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

276443758076026

Contact

Public Sector team
020 7167 4349
public.sector@cw-squared.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: No
• System requirements:
  • An internet connection: broadband wired or wireless (3G or 4G/LTE)
  • Speakers and a microphone: built-in, USB plug-in, or wireless Bluetooth
  • A webcam or HD webcam: built-in, USB plug-in, or:
  • An HD cam or HD camcorder with a video-capture card
  • Virtual camera software for use with broadcasting software
  • MacOS 10.9 or later
  • Windows 7, 8, 8.1, 10 Home, Pro or Enterprise
  • IOS or Android, Blackberry and Surface Pro 2
  • Ubuntu 12.04+, Mint 17.1+, RHEL 6.4+, Oracle Linux 6.4+
  • CentOS 6.4+, Fedora 21+, OpenSUSE 13.2+, ArchLinux (64-bit)

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: P1: Urgent, service down, 1 hour; P2: High, significant aspects of the service negatively affected, 4 hours; P3: Normal, general issues related to a feature or set of features, 24 hours; P4: Low, informational or feature change request, 24 hours; ; These are target response times and not service level guarantees.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Web chat
• Web chat support availability: 24 hours, 7 days a week
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: Zoom in and out using browser controls. Select language. Download transcripts.
• Web chat accessibility testing: None, although we have experience of building GDS-compliant web chat services so could provide this if required at additional cost.
• Onsite support: Yes, at extra cost
• Support levels: L1/2: Service/customer specific service desk 24/7, 20 tickets per month; L2/3: Direct with Zoom or AV supplier as required; ; Dedicated service desk is priced at £800 setup and £600 per month for 20 tickets. Other pricing is available.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Zoom is straightforward to use and comes with extensive user documentation. We are able to provide onsite training and online training at additional cost should it be required.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: Data about meetings including cloud recordings can be exported as a CSV fie. Cloud recordings can be dowloaded to a local machine straight from the account settings.
• End-of-contract process: As a cloud service, the service will cease when the contract ends. Any equipment purchased by the client remains their property and it may be possible to use with other video communications solutions.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: None
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: Zoom Account Settings is a web page for administrators allowing them to change setting for all users in their account. They can also lock settings to prevent users from changing them and customise tiered settings.; ; Users can use the desktop ; ; Zoom Device Management(ZDM) is Zoom Rooms(ZR) device management tool, which offers additional remote functionality on ZR devices from the same Zoom web portal. ZDM allows you to manage your Zoom Rooms and devices without having to physically engage with each room’s devices or be an expert in device management.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: Integrates seamlessly with 3rd party closed captioning providers through our Closed Captioning REST API.; ; Customize the font size of chat and closed captioning in our accessibility settings. Or if you use Zoom with a screen reader, focus on what you hear with granular control over screen reader alerts.
• API: Yes
• What users can and can't do using the API: The Zoom API is the primary means for developers to access a collection of resources from Zoom. Apps can read and write to the resources and mirror some of the most popular features available in Zoom Web Portal such as creating a new meeting, creating, adding and removing users, viewing reports and dashboards on various usage, and so on using the Zoom API. Depending on your app’s use case, you can choose from our various APIs and implement the features accordingly.; ; All APIs under the Zoom API are based on REST architecture and are accessed via HTTP at specified URLs. The base URL for all requests is https://api.zoom.us/v2/. The complete URL varies depending on the endpoint of the resource being accessed. For instance, you can list all users on an account via a GET request to this URL: https://api.zoom.us/v2/users/.; ; To support GDPR requirements of EU customers, you may use https://eu01api-www4local.zoom.us as the base URL for all API requests associated with EU accounts.
• API documentation: Yes
• API documentation formats: HTML
• API sandbox or test environment: Yes
• Customisation available: No

Scaling

• Independence of resources: Zoom scales elastically across multiple cloud providers according to demand, including AWS and Oracle. This has enabled it to rapidly scale from 20m to 300m users in a very short period. The video codec is SVC and Multimedia Routing is used.

Analytics

• Service usage metrics: Yes
• Metrics types: Usage reports including Topic, Meeting ID, Start Time, End Time Duration, Participants for configurable periods of time.; ; Registration reports and poll reports
• Reporting types:
  • Real-time dashboards
  • Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Zoom

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: From the client, data can be exported including cloud recordings and reports.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • MP4 cloud video recordings
  • M4A cloud audio recordings
• Data import formats: Other

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Other
• Other protection between networks: Encryption: Protecting your event content by encrypting the session’s video, audio, and screen sharing. This content is protected during transit with the Advanced Encryption Standard (AES) 256 using a one-time key for that specific session when using a Zoom client.; ; End-to-end Encryption, when enabled, ensures that communication between all meeting participants in a given meeting is encrypted using cryptographic keys known only to the devices of those participants. This ensures that no third party -- including Zoom -- has access to the meeting’s private keys.
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Zoom strives for 99.999% availability. The current status can be found at https://status.zoom.us
• Approach to resilience: Hosted in multiple cloud providers across multiple availability zones.
• Outage reporting: Dashboard at https://status.zoom.us where users can subscribe for notifications

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Username and password, role-based access
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: Between 1 month and 6 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Between 1 month and 6 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: Yes
• CSA STAR accreditation date: 23/1/2017
• CSA STAR certification level: Level 2: CSA STAR Attestation
• What the CSA STAR doesn’t cover: None
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • NCSC Cyber Essentials
  • IAPP Silver Member
  • SOC 2 Type II

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: CSA CCM version 3.0
• Information security policies and processes: .

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Each change is initiated as a Request – better known as a "Request for Change (RFC)”. This request will also serve as a record and as evidence that a particular change has been requested. The change can be initiated internally or externally, and will be registered in a specific form on the support portal.; The RFC is received by a person who is responsible for analysing it, so this person is the first filter. This person is responsible for studying the details of the request and identifying the potential impact to the business, including economic and information security impact.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We use OWASP, Open Web Application Security Project, tools to perform vulnerability testing. The OWASP method is based on the black box approach. The tester knows nothing or has very little information about the application to be tested. Once a potential threat is identified it is sent through the RFC process to ensure we follow our processes and anything that has a business critical impact is addresses as a top priority.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We use OWASP, Open Web Application Security Project, tools to perform vulnerability testing. The OWASP method is based on the black box approach. The tester knows nothing or has very little information about the application to be tested. Once a potential threat is identified it is sent through the RFC process to ensure we follow our processes and anything that has a business critical impact is addresses as a top priority.
• Incident management type: Supplier-defined controls
• Incident management approach: All incidents are logged and tracked through our online helpdesk portal. Any new incidents reported via email/phone/chat will be logged as a new ticket with all relevant information. All updates are provided via email through the helpdesk and phone calls where necessary. Each ticket is handled by the 1st line team and escalated to other teams as required.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  Zoom video communications drastically reduces the need for your teams to travel to meet and collaborate. A weekly team meeting via Zoom with six participants, for one hour in HD 1080p video consumes around 0.05kg of carbon. In a year this would add up to just 2.68kg, equivalent to driving just over 9 miles. Zoom Cares is a comprehensive sustainability programme designed to minimise their impact on the environment. In 2020 Zoom helped to reduce 45 million tonnes of carbon emissions by enabling millions of users to work from home during the pandemic.
• Equal opportunity:

  Equal opportunity

  Zoom believes in equality for all. They started their journey supporting racial justice and equality with a few key partners, donating $250,000 to the Association for the Study of African American Life & History, Equal Justice Initiative, and the National Association for the Advancement of Colored People. Their work in this space is ongoing, and includes their own diversity, equity, and inclusion efforts.; ; And, knowing that the pandemic has widened already existing disparities in wealth, access to healthcare, and education, they donated more than $1.4 million to support COVID-19 response. The American Heart Association, CDC Foundation, Destination Home, San Jose Digital Inclusion, and UN World Health Organization provided much-needed economic relief, improving care access, connecting students remotely, and promoting mental wellness during this difficult time.

Pricing

• Price: £15.99 a licence a month
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Zoom offers a free basic plan which can host up to 100 participants. One-on-one meetings are unlimited but group meetings are limited to 40 minutes. There is no cloud recording included.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at public.sector@cw-squared.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.