Clear Visual Communications Ltd

Pexip Cloud Video

Cloud video service offering secure, scalable video meeting solutions and advanced interoperation with Microsoft Teams

Features

• Personalisation options for virtual meeting rooms and waiting areas.
• Microsoft Teams Interop for H323
• A single-click feature to join any meeting instantly
• Compatibility gateway for Microsoft Teams, Skype for Business, Google Meet
• Quick meeting access through QR code scanning
• Cloud or On-Premise Deployment
• Available integrations through an API
• Microsoft Teams Lobby Pass Through
• Register Existing H323

Benefits

• Endpoint authentication to eliminate entry delays
• Complete customization of the platform for seamless integration
• Maximise the use of existing hardware investments
• No touch join, using your smart device to join.
• Cross-compatibility with other standard-based services.
• Versatile deployment choices, including a hybrid option

£24 a user a month

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@clearvc.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

867173625934498

Contact

Rebecca McCartney
033 0088 3984
sales@clearvc.co.uk

Service scope

• Software add-on or extension: Yes
• What software services is the service an extension to: Pexip provides secure video conferencing services as well as interoperability from standards based video systems with Microsoft Skype for Business and Microsoft Teams as well as Google Meet.
• Cloud deployment model: Public cloud
• Service constraints: As a shared cloud platform, there are no APIs and although brandable, customisation is limited.
• System requirements:
  • A Public DNS domain needs to be assigned.
  • Public internet needs to be accessible from all client devices.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Ticket response times depend on the severity of the incident being reported. Priority 1 – The incident has resulted in a vital business function or service being unavailable, and is responded to in 15 minutes, with time to resolution four hours. Priority 2 – The incident has significantly impaired the user’s ability to perform their normal business operation, and is responded to in 30 minutes, with time to resolution eight hours. Priority 3 – The incident has impaired the user’s ability to perform their normal business operation, and is responded to in one hour, with time to resolution two days.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: The direct routing for Microsoft Teams calling solution infrastructure is managed and supported 24/7 as standard and as part of the agreed service cost. Additional support services, such as user administration and the inclusion of a service delivery manager, can be layered as part of specific client proposals for agreed costs, based on the demands of each requirement.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Pexip deliver services through channel partners only, not directly, these partners have access to cloud service and can enable users. There is a 'Getting started with the Pexip Service' page at https://help.pexip.com where everything is clearly documented for the Pexip cloud platform. In addition Pexip offers Customer Success Support to re-sellers and customers.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Data can be extracted at the end of a relationship either by copy to a dedicated storage device provided by the client, or through online data copy to another location. The engineering time required to complete these services would typically be charged on a time-spent basis.
• End-of-contract process: At the end of the initial contract, there is a period of auto renewal where a customer can cancel the service three months before the end of the term, or continue on the same agreement. After the auto-renewal period, the contract will need reviewing before the service can continue. All data will be destroyed and adequately disposed of once the contract is terminated.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • MacOS
  • Windows
  • Windows Phone
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: None
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Pexip.me allows a user to manage their own meeting space.; Pexip Control Centre is for admin and analytics tasks
• Accessibility standards: None or don’t know
• Description of accessibility: Management is via Web portals accessible via local credentials or SSO (Azure AD/SAML2), Video services are via Webapp, Desktop or mobile app, or standards based video system.
• Accessibility testing: None
• API: No
• Customisation available: Yes
• Description of customisation: The service can be branded with the company logo and custom backgrounds for landing pages.

Scaling

• Independence of resources: System resources are allocated on a per organisation basis, so that they are not affected by the demand other users place on the service.

Analytics

• Service usage metrics: Yes
• Metrics types: Via an API a range of metrics can be provided such as monthly usage, total number of minutes, minutes per endpoint, number of meetings per endpoint, quality of service
• Reporting types: API access

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: Pexip

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: Other locations
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Other
• Other data at rest protection approach: The user interface of any portals are with RBAC / principal of least privilege access.
• Data sanitisation process: No
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Via PCC, Prodec administrator or CSM
• Data export formats:
  • CSV
  • Other
• Other data export formats: Microsoft Powerpoint
• Data import formats:
  • CSV
  • Other
• Other data import formats: Microsoft Powerpoint

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Other
• Other protection between networks: Video media is encrypted using AES 128 or 256 bit. The video service should be considered solely as a secure communications conduit for real-time video and audio traffic between participants, and does not store data regarding participants beyond that which is necessary to uniquely identify them on the Service for the purpose of call processing to initiate, route, maintain, and terminate calls. Call Detail Records (CDRs) are generated by way of the use of the video services, to allow subscribers and their organizations to track call activity.
• Data protection within supplier network: Other
• Other protection within supplier network: Data which contains Personally identifiable information (PII) is encrypted in transit and at rest. The servers and databases are all shared components, where the data is logically separated in the user interface of any portals with RBAC / principal of least privilege access

Availability and resilience

• Guaranteed availability: The service-level agreement (SLA) offered for availability is 99.9%, and should the SLA not be met in any given one-month period, there are contractual thresholds which provide scaled refunds through service credits, depending on the severity of any SLA breach.
• Approach to resilience: The service is architected so that it is highly resilient both locally within each data centre and geographically across multiple data centres. In the event of either an outage or maintenance we simply fail over the load to another data centre.
• Outage reporting: We employ a variety of technical safeguards, including system alerts and monitoring, intrusion detection systems coupled with extensive system logging, and our service team is dedicated to the ongoing monitoring and maintenance of the platform. Uur Service Support team addresses issues reported by customers and partners.

Identity and authentication

• User authentication needed: Yes
• User authentication: 2-factor authentication
• Access restrictions in management interfaces and support channels: Role based access control, principal of least privilege
• Access restriction testing frequency: At least every 6 months
• Management access authentication: 2-factor authentication

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: DNV
• ISO/IEC 27001 accreditation date: 14/02/2020
• What the ISO/IEC 27001 doesn’t cover: Pexip Engage and Pexip ERM (Engage in the process of being added to the scope)
• ISO 28000:2007 certification: No
• CSA STAR certification: Yes
• CSA STAR accreditation date: 16/12/2021
• CSA STAR certification level: Level 1: CSA STAR Self-Assessment
• What the CSA STAR doesn’t cover: Anything outside the scope of "Pexip Service"
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: As per the requirements of ISO/IEC 27001:2013 standard, Pexip is committed to managing its information security responsibilities and ensures the following commitments are adhered to:; ; ● Making an active commitment to information security;; ; ● Coordinating the implementation of information security;; ; ● Allocating information security roles and responsibilities;; ; ● Establishing procedures for new information processing facilities;; ; ● Maintaining relationships with other organizations;; ; ● Maintaining relationships with special interest groups; and; ; ● Performing independent information system reviews.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Changes are classified based on potential impact and cost of implementation with different processes being followed for each. Rollback plans are in place where required.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Pexip follows the Common Vulnerabilities and Exposures (CVE) system that provides a reference-method for publicly known information-security vulnerabilities and exposures. Pexip also maintains visibility on security announcements from the vendors for software and equipment deployed in the Pexip Service Network. As security notifications from the various vendors are disclosed, Pexip assesses the threat and level of exposure, and then takes appropriate action to remediate the issue. Vulnerabilities are ranked in terms of criticality and exposure, then scheduled for patching based on this assessment.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: 1. IDS systems shall send email alerts of abnormal activities; 2. VMs should be monitored, and alerts sent if critical levels of:; a. Disk usage; b. Reachability; c. CPU if applicable; d. Memory if applicable; 3. Weekly meeting for a walk-through of error logs; 4. Real time alerting of security incidents
• Incident management type: Supplier-defined controls
• Incident management approach: Pexip has a documented Incident Response Plan which is followed. This defines cyber incident response process and provides a step-by-step guideline for establishing a timely, consistent and repeatable incident process. It allows prompt and efficient response to and recovery from different levels of information security incidents and mitigates or minimizes the effects of any such information security incident on Pexip, its partners, customers, employees and others. All incidents and logged and tracked. Key stakeholders are engaged and participate in resolving security incidents, while fostering continuous improvements in Pexip's information security program and incident response process.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Fighting climate change

  Fighting climate change

  at Pexip we believe in the power of video conferencing to contribute to a sustainable future, from reducing carbon emissions from travel, reducing e-waste and network usage, to providing a better work life balance for our employees, partners and customers. We offer solutions for a more interconnected and inclusive world, that emphasizes cooperation. In Pexip, they are committed to ensure that their ESG responsibilities convert into positive outcomes.

Pricing

• Price: £24 a user a month
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@clearvc.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.