Horizon UCaaS and Contact CCaaS

Service scope

Software add-on or extension: No
Cloud deployment model: Public cloud

Private cloud

Hybrid cloud
Service constraints: A suitable private or public internet connection is required.

As a VoIP service, calls to 999 may not be possible, during a service outage where the customer loses total connectivity for example, owing to a power outage or the failure of all data access.

Horizon does not support the following:
ISDN data calls
IP handsets that have not been supplied by us
We do not support some fax and franking machines used with an ATA
System requirements: The self service admin portal is web-browser based.

Suitable connectivity to the internet (Check with Arrow)

The handsets require a power over ethernet port

User support

Email or online ticketing support: Email or online ticketing
Support response times: Our standard response time is four working hours Monday-Friday 8-6pm. We can supply bespoke SLA agreements.
User can manage status and priority of support tickets: No
Phone support: Yes
Phone support availability: 24 hours, 7 days a week
Web chat support: Web chat
Web chat support availability: 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard: None or don’t know
How the web chat support is accessible: There is a web-chat icon on each page of the support section in our web-site. Tawk.to supports WCAG 2.0 guidelines
Web chat accessibility testing: None Completed to Date
Onsite support: Yes, at extra cost
Support levels: Arrow provides a core level of support which in included with the contract. Additional bespoke support levels are available upon request at an additional monthly service fee.

Any incident (an unplanned interruption to a service) can be logged by the customer with Arrow’s Service Desk. Arrow will respond to and resolve remotely any incident or issue that is impacting the customer’s supported scope using our cloud support engineers.

A service change (something which represents a minor change to the supported scope where there is a risk of impact on the service) may be subject to additional charges depending on the scope of the change and will also be managed by our cloud support engineers.
Support available to third parties: Yes

Onboarding and offboarding

Getting started: An Account Manager and pre-sales consultant will work with you to identify the correct service specification and configuration. If required we will attend site to conduct site surveys, demonstrations and audits. Once our proposal has been accepted and our Cloud Telephony service contract signed, the project is added to our internal task system. Each new customer project is allocated to a Prince 2 qualified Project Manager who assumes overall responsibility for the project. The Project Manager will communicate with the customer by phone, e-mail, video or in person. A Project Initiation Document is issued once we have gathered all required information. A meeting to discuss all aspects of the phone service configuration is held with
the customer. The service configuration agreement is written up and issued to the customer. The Project Manager will liaise with the Cloud IP Engineering team to
manage the necessary technical resources. The PM will also manage the process of porting numbers in to the Arrow network. The assigned Cloud IP Engineer will configure the service and attend
site to carry out the deployment. Where the customer specifies on-site training, a qualified trainer will attend site to provide the necessary instruction.
Service documentation: Yes
Documentation formats: PDF
End-of-contract data extraction: The customer via the relevant service portals can extract all historical call detail and call recording information held.
End-of-contract process: Once terminated, Arrow technical staff will de-commission the customer’s service ensuring all database information, call recording and analytics data are permanently deleted. Services included in the price of the contract will be monthly rental charges and any hardware or professional services which were agreed at the beginning of the contract period. Additional costs may be for incremental licences.

Using the service

Web browser interface: Yes
Supported browsers: Internet Explorer 11

Microsoft Edge

Firefox

Chrome

Safari
Application to install: Yes
Compatible operating systems: Android

IOS

MacOS

Windows

Windows Phone
Designed for use on mobile devices: Yes
Differences between the mobile and desktop service: A bolt App can be added as an option to Horizon. Upon successful download from the relevant app store onto the desktop, the user is able to log in to access a subset of Horizon functionality.
The mobile soft client app allows a user to make and receive calls on a mobile device, as well as accessing key settings for their service. It provides all the same functionality as the desktop soft client, with the exception of Click to Call. The Collaborate mobile soft client does not allow a user to share files or their "desktop"
Service interface: Yes
User support accessibility: None or don’t know
Description of service interface: Horizon provides a secure web portal - a simple, easy to use management system that allows the following tasks to be undertaken:
• Site Management–control site numbers & Schedules, Music on Hold, & Call Barring
• User Management–create/edit users & assign devices, telephone numbers, set call barring & optional services
• Group Management–manage IVR, ACDs & Hunt Groups
• Call Recording Management–call recording & manage storage
• Security–manage username & passwords including softclients
Statistical information across the estate for inbound & outbound calls can also be accessed.
Individual users also have access to a portal to manage their settings.
Accessibility standards: None or don’t know
Description of accessibility: Standard web-browser/app access with standard accessibility options associated with those web-browsers/apps.
Accessibility testing: None Completed to Date
API: No
Customisation available: Yes
Description of customisation: There is an extensive list of customisable features and functions on Horizon (available on request).
The service offers a range of clever features and an emphasis on control and administration through the web. For administrators, you can quickly configure the system according to your organisation’s changing requirements, whilst individual users can manage their calls easily and effectively.
Users can implement a wide range of features via the web portal, either at a company, site, or User level giving full and easy control of
an entire telephony environment, even over multiple sites.

Scaling

Independence of resources: The platform is maintained across geo-resilient data centres. The underlying network is configured and monitored to ensure that each customer's service has the recommended resources published in our vendor's specification documentation. As more customer's are added to the platform, underlying network resources are scaled to suit demand.
Each Horizon customer's resource requirements are taken into account and sufficient network is allocated to them. Gamma also manage the network to spread traffic during very busy periods.

Analytics

Service usage metrics: Yes
Metrics types: The Horizon service provides a range of on line call reporting on a per number basis. Full summary reports are provided; how many calls are getting through, where are my customers located, what are my call trends, when are my busy times. Detailed call analysis is available via the advanced statistics package (Akixi).
Reporting types: Real-time dashboards

Regular reports

Reports on request

Resellers

Supplier type: Reseller providing extra support
Organisation whose services are being resold: Gamma Telecom

Staff security

Staff security clearance: Conforms to BS7858:2019
Government security clearance: Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations: Yes
Data storage and processing locations: United Kingdom
User control over data storage and processing locations: No
Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency: At least once a year
Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest: Encryption of all physical media
Data sanitisation process: Yes
Data sanitisation type: Deleted data can’t be directly accessed
Equipment disposal approach: A third-party destruction service

Data importing and exporting

Data export approach: Via a secure web-portal. Portal address to be provided by engineering upon commencement of the service.
Data export formats: CSV

Other
Other data export formats: Xls
Data import formats: CSV

Data-in-transit protection

Data protection between buyer and supplier networks: Private network or public sector network
Data protection within supplier network: Legacy SSL and TLS (under version 1.2)

Availability and resilience

Guaranteed availability: Horizon service availability is calculated as:
Total number of minutes in the measurement period – Unplanned Downtime x 100 / Total number of minutes in the measurement period
Note: If a Service is partially available then the Unplanned Downtime shall be calculated in equal proportion i.e. if a service is 50% available then the unplanned downtime will be calculated as 50% x elapsed period of the incident.
Availability Measurement Period: 1 Calendar month
Target Service availability for Horizon is:
Horizon Graphical User Interface (GUI) is 99.9%
Horizon user subscriptions is 99.5%
Horizon Auto Attendant, Call Recording, and Unified Messaging subscriptions - 99%
Mean Average PESQ Score target of 4.1 for G711 and 3.7 for G729.
Not included:
- Outages which are deemed by us to be the result of matters outside of direct control
- Planned or emergency maintenance
- User error
Notes:Core functions are Gamma Switching infrastructure, transmission equipment and
core network, the service that supports call routing and termination.
Non-Core functions include Gamma Support Systems, access to any relevant portals and feature based services such as Call Plans, Call diverts, Auto Attendant, Call Recording, and Unified Messaging
PESQ score target for G711 is 4.1 and G729 is 3.7
Approach to resilience: ISO 22301:2012 Business Continuity Management accreditation. As this information is sensitive, further specific information is available on request.
Outage reporting: We have a process to communicate with customers in the event of a major service outage and provide a Reason for Outage report. This is based through emails from the support team. Once an outage is noted then regular hourly emails are sent detailing progress to resolution.

Identity and authentication

User authentication needed: Yes
User authentication: Username or password
Access restrictions in management interfaces and support channels: Customer administrators can set permissions for other users to give them access to certain areas of the portal. They are able to restrict access to certain areas of the management and support interfaces.
Access restriction testing frequency: At least once a year
Management access authentication: Username or password

Audit information for users

Access to user activity audit information: Users contact the support team to get audit information
How long user audit data is stored for: At least 12 months
Access to supplier activity audit information: Users contact the support team to get audit information
How long supplier audit data is stored for: At least 12 months
How long system logs are stored for: At least 12 months

Standards and certifications

ISO/IEC 27001 certification: Yes
Who accredited the ISO/IEC 27001: DNV Business Assurance UK Limited
ISO/IEC 27001 accreditation date: 01 December 2023
What the ISO/IEC 27001 doesn’t cover: This certificate is valid for the following scope:

Provision of IT and Telecommunications Services (AV and Video Conferencing, Business Mobile, Cloud Telephony, Contact Centre, Cyber Security, Data Centre Services, Data services, IT, Software Development, Mobile Data) in accordance with the Statement of Applicability, version 1.0, plus Code of Practice ISO 27017:2015 on information security controls for cloud services and Code of Practice ISO 27018:2019 for protection of personally identifiable information (PII) in public clouds.
ISO 28000:2007 certification: No
CSA STAR certification: No
PCI certification: No
Cyber essentials: Yes
Cyber essentials plus: Yes
Other security certifications: Yes
Any other security certifications: NHS Data Security and Protection Toolkit. ODS Code: 8J121

Security governance

Named board-level person responsible for service security: Yes
Security governance certified: Yes
Security governance standards: Other
Other security governance standards: NHS Information governance toolkit level 2 Cyber Essentials. Registration number QGCE2305.
Information security policies and processes: The Chief Executive Officer, along with the board, in partnership with the Head of IT is responsible for the approval of all of the IT policies and ensuring that they are discharged to the relevant managers. Arrow's Information Security Policy outlines our approach to information security as well as being a method to establish a set of tools to outline the responsibilities necessary to safeguard the security of the Company’s information systems with supporting policies, codes of practice, procedures and guidelines. The policy applies to all employees - current and new - of the Company as well as all other authorised users. The policy relates to the use of all Company-owned information system assets, to all privately owned systems when connected directly or indirectly to the Company’s network and to all Company-owned and or licensed software/data. Authorised members of the IT Department will from time to time monitor the information systems under their control to ensure compliance. This is supported by training during the Induction process for new employees and updates to existing staff as appropriate.

Operational security

Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach: Change Control Process covers changes made to operational systems, to mitigate the risks and impacts that any change has and ensures good communication at all stages.
Change Management ensures changes to core infrastructure and services are performed and implemented correctly.
Best practice guidance, aligned to ITIL (OGC), recommends that the starting point for any change should be a review of generic questions or the ‘seven Rs’.
A risk and impact assessment is carried out for each change this involves detailing the assets under change.
The Change Advisory Board (CAB) has a representative from each impacted business area.
Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach: We use failure mode effects analysis process, conducting regular, systematic assessments of vulnerabilities to determine the necessity of safeguards, countermeasures and controls, monitoring for changes to maintain an acceptable level of risk. Includes identifying key information assets and subjecting them to specific risk assessments, assessing exposure to a list of common threats and vulnerabilities, maintaining risk registers, implementing technical, policy, business continuity and management initiatives;
Each patch is assessed and deployed accordingly:
High - Urgently.
Medium - ASAP.
Low - as time permits.
Gamma utilises many Vendor sources and industry RSS feeds, CERT, Ubuntu and Debian. Member of CiSP.
Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach: Gamma utilises GPG 13 guidance. Gamma have built a Security Information & Event Management Solution (SIEM) to identify potential compromises. If a compromise is found it is investigated. A Security Incident is raised to track the investigation, root cause and solutions if required to rectify or improve the situation. We respond to incidents as close to real time as practicable.
Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach: Gamma has an Incident Management process which has numerous pre-defined sub groups of staff designated for particular products or scenarios. It can be initiated by any member of staff and is managed by the 24/7 Network Operations Centre (NOC). Any incident is reported by the customer to the Service Desk, it is recorded in a customer relationship management tool (CRM) and an Incident report is produced after root cause analysis has taken place. Any Incident reports are made available to end users via pdf.

Secure development

Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks: Yes
Connected networks: Joint Academic Network (JANET)

Social Value

Wellbeing

To help us drive wellbeing and engagement throughout Arrow, we have dedicated Wellness Champions at each of our key sites – these are voluntary roles and act as a central point of contact for advice and guidance around the mental health and wellbeing of our people. They also help to drive the promotion and organisation of various corporate social responsibility initiatives across Arrow further driving engagement. A dedicated Teams channel is used to communicate, share, and promote these activities. Each Champion has completed Mental Health First Aider training so that they are equipped with the necessary skills to fulfil this role. These courses run through MHFA England have also been attended by other members of the wider team. The engagement of our people is paramount at Arrow, and we track this closely, currently sitting at 89% this places us in the upper quartile of all benchmarked organisations. In addition to our 2 main annual surveys, we also track the wellbeing and resilience of our people as well as our eNPS score monthly to ensure we keep a close temperature check on how they are feeling. Our current eNPS score is 52% which places us in the top 25% of organisations in our industry.

Pricing

Price: £7.50 a user a month
Discount for educational organisations: No
Free trial available: Yes
Description of free trial: The trial version of our service can be created for up to 5 users for the period of one week in order to test the quality and useability.
Link to free trial: N/A

Features

Benefits

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Pricing

Service documents

Cookies on Digital Marketplace

Horizon UCaaS and Contact CCaaS

Features

Benefits

Pricing

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Social Value

Pricing

Service documents