Microsoft Teams – External PSTN Calling

Service scope

Software add-on or extension: Yes
What software services is the service an extension to: Microsoft Teams
Cloud deployment model: Private cloud
Service constraints: As a VoIP service, calls to 999 via SIP trunks may not be possible, during a service outage where the customer loses total connectivity for example, owing to a power outage or the failure of all data access.
In such circumstances the customer should use their PSTN line or mobile to make the emergency call.
System requirements: Microsoft 365 with appropriate Teams Licensing

User support

Email or online ticketing support: Email or online ticketing
Support response times: Our standard response time is four working hours Monday-Friday 8-6pm. We can supply bespoke SLA agreements.
User can manage status and priority of support tickets: No
Phone support: Yes
Phone support availability: 24 hours, 7 days a week
Web chat support: Web chat
Web chat support availability: 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard: None or don’t know
How the web chat support is accessible: There is a web-chat icon on each page of the support section in our web-site. Tawk.to supports WCAG 2.0 guidelines
Web chat accessibility testing: None Completed to Date
Onsite support: Yes, at extra cost
Support levels: ARO provides a core level of support which in included with the contract. Additional bespoke support levels are available upon request at an additional monthly service fee. Any incident (an unplanned interruption to a service) can be logged by the customer with ARO’s Service Desk. ARO will respond to and resolve remotely any incident or issue that is impacting the customer’s supported scope using our cloud support engineers. A service change (something which represents a minor change to the supported scope where there is a risk of impact on the service) may be subject to additional charges depending on the scope of the change and will also be managed by our cloud support engineers.
Support available to third parties: Yes

Onboarding and offboarding

Getting started: An Account Manager and pre-sales consultant will work with you to identify the correct service specification and configuration. If required we will attend site to conduct site surveys, demonstrations and audits. Once our proposal has been accepted and our Cloud Telephony service contract signed, the project is added to our internal task system. Each new customer project is allocated to a Prince 2 qualified Project Manager who assumes overall responsibility for the project. The Project Manager will communicate with the customer by phone, e-mail, video or in person. A Project Initiation Document is issued once we have gathered all required information. A meeting to discuss all aspects of the phone service configuration is held with
the customer. The service configuration agreement is written up and issued to the customer. The Project Manager will liaise with the Cloud IP Engineering team to
manage the necessary technical resources. The PM will also manage the process of porting numbers in to the ARO network. The assigned Cloud IP Engineer will configure the service and attend
site to carry out the deployment. Where the customer specifies on-site training, a qualified trainer will attend site to provide the necessary instruction.
Service documentation: Yes
Documentation formats: PDF
End-of-contract data extraction: The customer via the relevant service portals can extract all historical call detail and call recording information held.
End-of-contract process: Once terminated, Arrow technical staff will de-commission the customer’s service ensuring all database information, call recording and analytics data are permanently deleted. Services included in the price of the contract will be monthly rental charges and any hardware or professional services which were agreed at the beginning of the contract period. Additional costs may be for incremental licences.

Using the service

Web browser interface: No
Application to install: No
Designed for use on mobile devices: No
Service interface: No
User support accessibility: None or don’t know
API: No
Customisation available: No

Scaling

Independence of resources: The underlying network is configured and monitored to ensure that each customer's service has the recommended resources published in our vendor's specification documentation. As more customer's are added to the platform, underlying network resources are scaled to suit demand.

Analytics

Service usage metrics: Yes
Metrics types: CDRS and Management Reports are available via the Arrow Billing Portal.
Reporting types: Regular reports

Reports on request

Resellers

Supplier type: Not a reseller

Staff security

Staff security clearance: Other security clearance
Government security clearance: None

Asset protection

Knowledge of data storage and processing locations: Yes
Data storage and processing locations: United Kingdom
User control over data storage and processing locations: No
Datacentre security standards: Supplier-defined controls
Penetration testing frequency: Less than once a year
Penetration testing approach: In-house
Protecting data at rest: Physical access control, complying with another standard
Data sanitisation process: No
Equipment disposal approach: In-house destruction process

Data importing and exporting

Data export approach: CDRs can be exported via the Arrow Billing Portal or provided by Arrow upon request.
Data export formats: CSV

Other
Other data export formats: Excel
Data import formats: Other
Other data import formats: N/A

Data-in-transit protection

Data protection between buyer and supplier networks: TLS (version 1.2 or above)
Data protection within supplier network: IPsec or TLS VPN gateway

Other
Other protection within supplier network: ADRaaS operates from secure UK data centre locations and the equipment is only accessible by cleared Arrow technical personnel. All customer data resides within the Arrow managed racks and no data is transferred either outside of this environment or overseas. We operate a robust data protection policy and retain customer data for the minimum amount of time necessary to deliver the service.

Availability and resilience

Guaranteed availability: The ADRaaS architecture is such that we can offer high availability of service to all customers. We offer a 99.99% uptime SLA
Approach to resilience: The service is operated from two UK data centres providing resilient connectivity to the Microsoft 365/Teams Platform and UK PSTN/mobile carrier networks. Arrow's Session Border Controllers are certified with Microsoft Teams to provide Direct Routing and are configured in line with the Vendor guidelines.
Outage reporting: We have a process to communicate with customers in the event of a major service outage and provide a Reason for Outage report. This is based through emails from the support team. Once an outage is noted then regular hourly emails are sent detailing progress to resolution.

Identity and authentication

User authentication needed: No
Access restrictions in management interfaces and support channels: Core network access is only granted to Arrow's dedicated engineering team. Within the engineering team there are various levels of access dependent on engineer accreditation and job role.
Access restriction testing frequency: At least once a year
Management access authentication: Username or password

Audit information for users

Access to user activity audit information: Users contact the support team to get audit information
How long user audit data is stored for: At least 12 months
Access to supplier activity audit information: Users contact the support team to get audit information
How long supplier audit data is stored for: At least 12 months
How long system logs are stored for: At least 12 months

Standards and certifications

ISO/IEC 27001 certification: Yes
Who accredited the ISO/IEC 27001: DNV Business Assurance UK Limited,
ISO/IEC 27001 accreditation date: 01/03/2023
What the ISO/IEC 27001 doesn’t cover: This certificate is valid for the following scope:
Provision of IT and Telecommunications Services (AV and Video Conferencing, Business Mobile, Cloud Telephony, Contact Centre, Cyber Security, Data Centre Services, Data services, IT, Software Development, Mobile Data) in accordance with the Statement of Applicability, version 1.0, plus Code of Practice ISO 27017:2015 on information security controls for cloud services and Code of Practice ISO 27018:2019 for protection of identifiable information (PII) in public clouds.
ISO 28000:2007 certification: No
CSA STAR certification: No
PCI certification: No
Cyber essentials: Yes
Cyber essentials plus: Yes
Other security certifications: Yes
Any other security certifications: ISO 22301

Security governance

Named board-level person responsible for service security: Yes
Security governance certified: Yes
Security governance standards: Other
Other security governance standards: NHS Information governance toolkit level 2
Cyber Essentials. Registration number QGCE2305.
Information security policies and processes: The Chief Executive Officer, along with the board, in partnership with the Head of IT is responsible for the approval of all of the IT policies and ensuring that they are discharged to the relevant managers. Arrow's Information Security Policy outlines our approach to information security as well as being a method to establish a set of tools to outline the responsibilities necessary to safeguard the security of the Company’s information systems with supporting policies, codes of practice, procedures and guidelines. The policy applies to all employees - current and new - of the Company as well as all other authorised users. The policy relates to the use of all Company-owned information system assets, to all privately owned systems when connected directly or indirectly to the Company’s network and to all Company-owned and or licensed software/data. Authorised members of the IT Department will from time to time monitor the information systems under their control to ensure compliance. This is supported by training during the Induction process for new employees and updates to existing staff as appropriate.

Operational security

Configuration and change management standard: Supplier-defined controls
Configuration and change management approach: Our ADRaaS services are deeply integrated into GTT’s (https://www.gtt.net/gb-en/) network. GTT has maintained ISO 27001 accredited Enterprise Security Management System for their Operations Centres and Data Centres since September 2005.
Vulnerability management type: Supplier-defined controls
Vulnerability management approach: Our ADRaaS services are actively managed by network monitoring tools 24/7/365 and provide alerts to any vulnerabilities within the Core services. All of our services are patched to each vendors latest supported version, and any new vulnerabilities are addresses and communicated to Arrow to take immediate action and new patches provided and applied. Our data centres are suitably firewalled and run industry leading anti-virus.
Protective monitoring type: Supplier-defined controls
Protective monitoring approach: Arrow's Data Protection Policy details the extensive controls, measures and methods used to protect personal data, uphold the rights of data subjects, mitigate risks, minimise breaches and comply with the data protection laws and associated laws and codes of conduct. We also carry out regular audits and compliance monitoring processes, to ensure that the measures and controls in place are adequate, effective and compliant at all times. All data breaches are reported immediately to the direct line manager and the reporting officer. Measures must be taken immediately to contain the breach and to stop any further risks or breaches.
Incident management type: Supplier-defined controls
Incident management approach: Arrow’s Data Breach Policy states that all staff must report a data breach immediately to the direct line manager. The Supervisory Authority is to be notified within 72 hours of any breach where it is likely to result in a risk to the rights and freedoms of individuals. A full investigation is conducted and recorded on the incident form, the outcome of which is communicated to all staff involved in the breach, in addition to upper management. A copy of the completed incident form is filed for audit and record purposes.

Secure development

Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks: No

Social Value

Wellbeing

To help us drive wellbeing and engagement throughout Arrow, we have dedicated Wellness Champions at each of our key sites – these are voluntary roles and act as a central point of contact for advice and guidance around the mental health and wellbeing of our people. They also help to drive the promotion and organisation of various corporate social responsibility initiatives across Arrow further driving engagement. A dedicated Teams channel is used to communicate, share, and promote these activities. Each Champion has completed Mental Health First Aider training so that they are equipped with the necessary skills to fulfil this role. These courses run through MHFA England have also been attended by other members of the wider team. The engagement of our people is paramount at Arrow, and we track this closely, currently sitting at 89% this places us in the upper quartile of all benchmarked organisations. In addition to our 2 main annual surveys, we also track the wellbeing and resilience of our people as well as our eNPS score monthly to ensure we keep a close temperature check on how they are feeling. Our current eNPS score is 52% which places us in the top 25% of organisations in our industry.

Pricing

Price: £6.00 a user a month
Discount for educational organisations: No
Free trial available: Yes
Description of free trial: Arrow can set up a test endpoint for a two week period in order to test the quality and usability. Professional Services fees will apply for setup and training.
Link to free trial: N/A

Microsoft Teams – External PSTN Calling

Features

Benefits

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Pricing

Service documents

Cookies on Digital Marketplace

Microsoft Teams – External PSTN Calling

Features

Benefits

Pricing

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Social Value

Pricing

Service documents