GLOBAL 4 COMMUNICATIONS LIMITED

Global 4's OneConsultation Service

OneConsultation is a fully-managed and fully customisable virtual consultation service, utilising Microsoft O365/M365 technology and leveraging existing Microsoft Teams deployments. The solution is a highly secure and scalable Microsoft Azure based application that can be accessed via one-click from any browser, smartphone, tablet, or PC.

Features

• Supports any public web browser no need to download plugin
• Maintains anonymity between professional and public users
• Offers 1-2-1/group and Auditorium consultation spaces
• Individual virtual waiting rooms for each service
• Customised patient web portal for each service
• Real time usage and call quality dashboard
• Maintains existing booking system and process
• Microsoft Azure cloud-based platform
• Intelligent transcoding so highest video quality

Benefits

• Intuitive and easy to use
• Secure, scalable infrastructure
• Convenient, saving on travel and waiting time
• Efficient and productive
• Inclusive for low technology users and those outside Microsoft Teams
• Ideal for professional/consumer interactions

£3,000.00 a device a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at james.routledge@global4.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

696104156630723

Contact

James Routledge
01403272910
james.routledge@global4.co.uk

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Microsoft Teams
• Cloud deployment model: Private cloud
• Service constraints: Requires Microsoft Office 365 with Azure Active Directory
• System requirements:
  • Users must have a Microsoft Azure AD account
  • Company must sync with the OneConsultation service as trusted domain

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Depending on the priority of the ticket raised Nasstar have a 24 hour response time
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: No
• Support levels: As part of the solution Global 4 will providing product implementation and technical support to the end customer as part of the annual licence fee.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: We offer train the trainer sessions as part of the provisioning stage and regular support throughout the contract to the project team to ensure OneConsultation is properly implemented and understood.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: No data is held for the customer or any users who access the OneConsultation service. Once the contract ends, we will terminate access to the customer's Microsoft Office 365 environment
• End-of-contract process: When the contract expires, we will remove the customer from our OneConsultation service and disable the public facing download page. All data relating to the customer will be deleted.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: No differences - People can access our service from any supported web browser.
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Users can access, join and manage virtual consultations. Users cannot personalise the OneConsultation rooms with any branding, that needs to be done by Nasstar
• Accessibility standards: None or don’t know
• Description of accessibility: User can login using their O365 credentials. OneConsultation makes use of the existing Microsoft Authentication. We have a multi-tenant Azure AD application, which requires admin consent before it can read AD data for authentication. The security model we use is based on the flow here: https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-authentication-scenarios (specifically the section on Multi-tenanted Applications).
• Accessibility testing: None
• API: Yes
• What users can and can't do using the API: There is an Admin API which exposes details of consultations that have been created and which can be joined. Please contact Global 4 should you wish to integrate with the OneConsultation API.
• API documentation: No
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: The patient facing web portal can be customised with the logo and branding of the organisation. The URL for public facing web portal can also be customised.

Scaling

• Independence of resources: The OneConsultation service is configured with multiple conference nodes in an Azure location, in the event a conference node goes offline in that location, the other available conference nodes in the location will service the signalling requests. As capacity within a cluster is used, additional burst nodes are activated when the capacity threshold is reached on the lead regional node. As additional nodes are activated, secondary and tertiary nodes continue to be activated to meet capacity requirements. If all regional resources are consumed additional capacity is scaled up in neighbour regions to meet demand.

Analytics

• Service usage metrics: Yes
• Metrics types: Number of consultations Average duration of calls Call quality Potential problem calls
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Other
• Other data at rest protection approach: Data is held in Azure, refer to Microsoft for current standards
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Request to Global 4 and we will provide an extract in Excel format.
• Data export formats: CSV
• Data import formats: Other
• Other data import formats: N/A

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Service availability is at 99.9% up time
• Approach to resilience: Service is hosted in Microsoft Azure with multiple conferencing nodes in different regions so if one region is unavailable, the service automatically fails over to another available node.
• Outage reporting: Public facing website which customers can subscribe to so they receive email or RSS alerts if there are any updates or outages to the system. https://status.oneconsultation.net/

Identity and authentication

• User authentication needed: Yes
• User authentication: Other
• Other user authentication: Username and password
• Access restrictions in management interfaces and support channels: Active Directory Windows Authentication
• Access restriction testing frequency: At least every 6 months
• Management access authentication: Other
• Description of management access authentication: Username and password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: Between 1 month and 6 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Between 1 month and 6 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: United Registrar of Systems
• ISO/IEC 27001 accreditation date: 14/6/21
• What the ISO/IEC 27001 doesn’t cover: The Registered Scope is as follows: Information security management system for the delivery of communications and associated technologies, products and services provided by the Group.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: SAQ-D self assessment
• PCI DSS accreditation date: 12/05/2023
• What the PCI DSS doesn’t cover: Globa 4 PCI self-assessment covers all aspects of its Live Agent & IVR payment solution used by our customer to transit card payments from their customer to their merchant banks / payment service providers in a PCI compliant manner. Only the Live Agent & IVR Payment solutions, which are run on dedicated
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • ISO27017
  • ISO27018
  • ISO20000
  • PSN
  • CISPE Code of Conduct Certification

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Global 4's approach to Security forms part of our overall Integrated Business Systems Management scheme. The Company Secretary is responsible at Board level for Information Security and ensuring that our ISO/IEC 27001 accreditation is maintained and enforced. The Information Security policy is a top down approach within Global 4 with Business Areas having responsibilities for Information, Network and Customer Data relating to their operational areas. The policies and procedures define access restrictions to all of our IT systems, networks and stored data. The practical policies and processes start with our Integrated Business Management Systems Manual which defines the Information Security Management system as a key part of our business. The Information Security Awareness process requires that all staff and contractors are periodically trained and assessed on their familiarity with Global 4's ISO27001 Information Security policies and processes. Individual contracts and services will have a specific Security Plan defining the specific measures which will apply to the contract or service. All employees are responsible for Information Security and are trained in reporting suspected breaches to our IMS team who will identify risks and actions to minimise any such breaches.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Customers may raise a service change request via the support process, this will then be tracked via ticket number for visibility. Either Global 4 , or the customer will prepare a change request document, describing the nature of the change, the reason for the change, and the effect of the change on the solution. If both parties agree to implement the change request, and subject to commercial agreement, the change will be accepted via the sign off of the change request form. Global4 will engage with the customers change process where required in order to schedule and manage the change.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Global 4 deploys pro-active monitoring tools to identify potential threats including DOS and new service creation. We deploy patches within 2 hours once notification of potential threat has been received.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Employs a wide range of security management practices to provide a secure and reliable service to customers. All traffic passes through industry-leading infrastructure to protect against a suite of application attack vectors. Predefined processes & procedures can be obtained upon request.
• Incident management type: Supplier-defined controls
• Incident management approach: All incidents and service requests are raised through Global 4 support team, where a unique ticket reference is provided and the incident is tracked with a full audit trail from initial contact through to resolution. Customers can report incidents through email or telephone, with telephone recommended for urgent or high-priority incidents, enabling the most effective response.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: Yes
• Connected networks: NHS Network (N3)

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Global 4 operates a paperless office and supports flexible working to minimise travel, which impacts the environment. Where possible, meetings are held virtually using either 8x8's video conferencing system or Microsoft Teams, which Global 4 have an integration into using 8x8. There are recycling bins across the office and this is actively encouraged across the business. Global 4 has recently renewed its company fleet with vehicles offering a lower CO2 emissions value than the previous mark.

  Covid-19 recovery

  Global 4 operated a strict working from home policy during the pandemic, whilst maintaining an operational workforce with minimal use of the furlough scheme. Coming back into the office, Global 4 implemented a one-way system across the office with social distancing, antibacterial gels and dispensers, face masks were obligatory and a camera over the entry to the building alerted if someone wasn't wearing a mask or had a high temperature. We also took measures to ensure staff tested twice per week and submitted their results on our HR platform, isolating and working from home (assuming well enough) in the event of a positive result. Global 4 also supported Clients with free periods of rental during the difficult times. Thanks to its success, Global 4 has been growing and offering employment to support the increase in its workforce, and actively enrols its staff on apprenticeship courses to nurture their growth.

  Tackling economic inequality

  Global 4 actively and regularly interrogates its supply chain to position itself to deliver the best products in the marketplace at the keenest commercials, represented by its accolade of Platinum Partner of 8x8, one of three in the country. We have created employment through the growth of the workforce and success of the business, actively enrolling staff onto apprenticeships to nurture their growth.

  Equal opportunity

  Global 4 are an equal opportunities employer, who employ staff across multiple ethnicities and without any judgment.

  Wellbeing

  Global 4 subscribe to BUPA's mental health service and actively encourage its staff to use the service at no cost. All management will perform a monthly one-to-one with their respective team members and the dedicated HR team have weekly check ups with new starters whilst they are getting settled into the organisation.

Pricing

• Price: £3,000.00 a device a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: A 30-day free trial version of the full application available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at james.routledge@global4.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.