Skip to main content

Help us improve the Digital Marketplace - send your feedback

Sota Solutions Ltd

SotaVOICE

SotaVOICE – Presents your organisation to the outside world as a co-ordinated and connected, singular organisation, even though your people may be distributed in different offices, at home, or even across the globe.

Features

  • Make and Receive Calls -VoIP
  • Teams integration
  • Auto Attendant
  • Desktop and mobile app
  • PCI compliant call recording
  • SIP trunks
  • Phone numbers
  • 24/7 UK Service Desk
  • Managed handsets

Benefits

  • Accessible from any location
  • Highly available and resilient
  • SLA backed services
  • 24/7 monitoring & support
  • Low cost calling
  • UK base datacentres and support

Pricing

£6.50 a unit

  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@sota.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

8 8 2 6 7 8 7 9 3 6 2 9 8 3 6

Contact

Sota Solutions Ltd Sales Enquiries
Telephone: 01795 413500
Email: tenders@sota.co.uk

Service scope

Service constraints
Our pre-sales team will engage with you to fully understand your requirements for handsets, auto attendant, call recording etc requirements to ensure the best configuration of services is identified.
Any constraints will be identified and highlighted at this point.
Outside of the technical requirements, there are very little constraints on the use of the service.
System requirements
The customer's broadband could affect call quality

User support

Email or online ticketing support
Email or online ticketing
Support response times
Server Support Essentials - Mon-Fri 08:00-18:00
High Priority Incident Response < 2 Hours
Standard Priority Incident Response < 4 Hours

Server Support PRO - 24/7
High Priority Incident Response < 1 Hours
Standard Priority Incident Response < 2 Hours
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
No
Onsite support
Onsite support
Support levels
Sota provide four levels of user support, SotaSupport User Essentials, Essentials +, PRO and PRO +.
Essentials provides Monday to Friday 08:00 - 18:00 support and so is ideal for non-business critical systems.
PRO provides 24/7 support as well as customer 3rd party vendor collaboration and engineer managed patching.

See SotaSupport User Matrix for full details of service levels and costs.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
We will walk you through our tried and tested onboarding process. This starts with a detailed discovery step, followed by a Prince2 planning & implementation stage, User Acceptance Testing ending with Handover To Support. Proof of concept or evaluation stages can be made available depending on the nature of the requirement.

Requirements Discovery
Sota will work with you to obtain a detailed understand of your requirements and provide a comprehensive proposal for the required solution.

Implementation planning
We assign an experienced dedicated Project Manager to review the requirements and map the design brief to a formal project plan. All Risk, Issues, Assumptions & Dependencies are logged and tracked throughout the delivery of the project.
As a minimum, weekly project progress meetings will be chaired by the PM with you, providing an update on progress and future deliverables.

Training
Any user training requirements will be identified as part of the Requirements Discovery stage. These can include How To documents, videos and both remote and onsite instructor lead training.

Proof of Concept & evaluation
We provide PoC and evaluations based on any 3rd party licence constraints. Set-up costs may apply depending on the scope of the PoC.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
All data is the property of the customer and we apply no restrictions on the extraction of such data. During the offboarding process we will actively support both the customer and new provider in the transfer of all data and configurations.

As a minimum, we allow for a month’s grace period for all live environments for the purpose of offboarding, allowing for post go-live issues to be easily resolved. Longer cutover periods can be provided at an agreed cost.

Offboarding support is provided free of charge.
End-of-contract process
We will assign and appropriate technical resource to act as a single point of contact for both the customer and new service provider.

They will ensure that the required project deliverables are fulfilled to ensure a successful transfer.

Using the service

Web browser interface
No
API
No
Command line interface
No

Scaling

Scaling available
No
Independence of resources
The SotaVoice platform provides a guarantee of resource availability specific to each individual client i.e. DDIs, SIP trunks, call recoding storage etc.

The underlying SotaVoice hardware is grouped into clusters. Each cluster is comprised of multiple physical hardware devices. This approach allows us to load balance within clusters as well as across clusters should the need arise.

The SotaVoice platform has been implemented on an N+1 basis allowing for overall platform resilience.
Usage notifications
Yes
Usage reporting
  • Email
  • Other
Other usage reporting
Account Management reports provide a breakdown of resource utilisation of the provisioned services.

Should any usage limits be identified, these will be highlighted in the report and discussed with the customer during the Account Management meeting.

Analytics

Infrastructure or application metrics
Yes
Metrics types
  • Disk
  • Network
  • Number of active instances
  • Other
Other metrics
Itemised call billing
Reporting types
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
At least every 6 months
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
Hardware containing data is completely destroyed
Equipment disposal approach
A third-party destruction service

Backup and recovery

Backup and recovery
Yes
What’s backed up
  • Tenancy configuration
  • Call recording
Backup controls
Call recording retention period is agreed with the customer during the discovery stage.
The customer is unable to change any parameters.
Datacentre setup
Multiple datacentres with disaster recovery
Scheduling backups
Supplier controls the whole backup schedule
Backup recovery
Users contact the support team

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
We guarantee 100% uptime on our private cloud for virtual hardware and network connectivity. Should we fail to deliver, customers may request a service credit from their account manager.
Approach to resilience
We have no single point of failure anywhere in our systems, from datacentre fibre connections through to firewalls, cabling and switching. Everything is at least doubled. We use resilient Dell SANs to provide the disks for our virtual servers, which is highly available and connected over a resilient fibre-optic network to our hypervisors. Our virtualisation technology is by VMware and support their Distributed Resource Scheduler system, which automatically moves guests to a new hypervisor seamlessly and without a break in service, should a host machine fail. We also have datacentre level DoS protection running to mitigate DoS attempts in real time.
Outage reporting
We will correspond by email with customers in the event of a serious incident.

Identity and authentication

User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels
All accounts are dedicated to individual users, and username and password is a minimum requirement.
Access restriction testing frequency
Never
Management access authentication
  • 2-factor authentication
  • Username or password
Devices users manage the service through
Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
BSI
ISO/IEC 27001 accreditation date
12/10/2016
What the ISO/IEC 27001 doesn’t cover
All aspects of the business are in scope.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
Yes
Other security certifications
Yes
Any other security certifications
IASME Cyber Assurance Level 2

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
We are ISO 27001 certified by the British Standards Institute. We have many checks and balances in place within our normal working processes in order to ensure policies are adhered to. Reporting to management occurs through monthly committee meetings, which are attended by the board of directors.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Every change goes through peer review, is requested in a ticket, checked for error and impact, as well as implications to wider security, before being accepted. Only senior staff may accept changes on a day to day basis.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
We subscribe to all available security mailing lists for the software we use. We maintain a patching schedule which ensures every server is patched not less than every 3 weeks. In the event of a serious security flaw a security incident is raised, inline with our ISO 27001 policy, and is then used to track the mitigating steps. This is done as quickly as possible, outside of the standard 3 week patching cycle, and customer security contacts are kept informed of progress by their account manager via email.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
To be defined
Incident management type
Supplier-defined controls
Incident management approach
We have an ISO 27001 certified incident management process which we follow in the event of an actual or possible threat to our service. Customers may report incidents to us either via their ticketing system, by email to their account manager or, if anonymity is required, via our website contact form. Reports can be provided on request in PDF form by email.

Secure development

Approach to secure software development best practice
Supplier-defined process

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
Yes
Who implements virtualisation
Supplier
Virtualisation technologies used
Hyper-V
How shared infrastructure is kept separate
If required, we can provide different subnets and even different hypervisor clusters for different customers. Total separation is possible if necessary.

Energy efficiency

Energy-efficient datacentres
No

Social Value

Social Value

Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

Fighting climate change

Our datacentre is powered by 100% renewable energy. By using our services, customers do not have to replicate the same facilities and services and so reduce their carbon footprint in building, running and maintaining their own facilities.

Tackling economic inequality

Our services allow start-up businesses to purchase a single Cloud instance. The business can then scale up resources as it grows. This negates the need for the business to invest in hardware infrastructure, reducing the need for fund seeding for the start-up.

Equal opportunity

Our Cloud based services allow for people to work from any location. this approach supports people with mobility issues to function from home, so negating the need negotiate transport challenges to and from offices.

Wellbeing

Cloud services enable people to work from any location other than a traditional office environment. This provides people with the flexibility to work in an environment of their choosing.
This enables people to perform their duties in a way that supports their needs, whether this is caring duties or dealing with mental health issues away from an office environment.

Pricing

Price
£6.50 a unit
Discount for educational organisations
No
Free trial available
Yes
Description of free trial
Trials are normally for a maximum of 3 month.
Professional Services time is normally chargeable.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@sota.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.