Charterhouse Voice & Data

Fusion - Zoom

Zoom is an all-in-one collaboration platform that makes connecting easier, more immersive, and more dynamic for people and businesses. Our team chat, phone, meetings, omnichannel contact centre, whiteboard, workspace, and AI solutions help hybrid teams collaborate and get more done.

Features

• AI-powered collaboration platform streamlines your communications and improves productivity
• AI seamlessly integrated across the platform
• Simplified video conferencing and messaging across any device
• Feature-rich cloud phone system for organizations of all sizes
• Omnichannel contact centre for prompt, accurate, and personalised customer experiences
• Instant Messaging tool designed to streamline communications between users
• Drive communication and engagement via a leading employee experience platform
• Affordable and user-friendly video conferencing rooms
• Powerful, all-in-one platform to create virtual events, webinars, and experiences
• Developer platform and existing library of over 2,500 integrations

Benefits

• Single unified communication platform built for cloud from ground up
• AI Companion included at no additional cost
• Single admin console to ensure fast deployment/scalability
• Affordable, with predictable subscription pricing and clear licensing
• Frequent updates - hundreds every year
• An easy and intuitive user experience for fast adoption
• Easy administration with powerful user reporting and dashboard
• Development releases can be managed through MSI
• Technical support available 24/7

£2.92 a licence a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at publicsector@cvdgroup.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

924227045548844

Contact

Liz Holmes
02076137441
publicsector@cvdgroup.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: Not applicable
• System requirements:
  • Internet connection broadband wired/wireless
  • Speakers and microphone built-in/USB plug-in/wireless Bluetooth
  • Webcam or HD webcam built-in or USB plug-in
  • HD cam or HD camcorder with video capture card
  • Virtual camera software for use with broadcasting software
  • See more here: https://support.zoom.com/hc/en/article?id=zm_kb&sysparm_article=KB0060748

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Support Hours are 24x7, including public holidays, where agents or technical engineers are available for email or live support. ; ; Target Response Time for a Support Ticket will be the time (a) commencing when Zoom receives a proper Support Ticket from Customer and (b) ending when customer receives notification that the Support Ticket has been logged. For Pro, Business, API or Education plan subscribers this will be:; Priority 1 - Urgent: 1 Hour; Priority 2 - High: 4 Hours; Priority 3 - Normal: 24 Hours; Priority 4 - Low: 24 Hours; ; Read more here: https://support.zoom.com/hc/en/contact?id=contact_us
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Web chat
• Web chat support availability: 24 hours, 7 days a week
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: Not Applicable
• Onsite support: No
• Support levels: We understand how important Zoom products are for keeping our clients connected. We offer several options so customers can choose the support plan that best meets your organisation's needs: Access (included with licensing fees), and Premier and Premier + (options available for an additional fee). Each programme offers access to a wealth of support tools and expertise, including 24/7 access to our Global Support Centres and the Zoom Learning Center, local language support, and Zoom status notifications. Additional support options, such as priority response, will vary based on account type, user type, and how the account is configured.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Customers will have access to Zoom's Customer Success Advisors. Starting with the onboarding journey, the CS Advisor team guides where customers can get started with learning via the Zoom Learning Center and various support guides. Once our customers are live on their Zoom solutions, this team provides proactive digital deliverables to help customers drive adoption and maximize their investment in Zoom. Our Customer Success program is focused on ensuring customers achieve the value they expect throughout their Zoom journey. This approach enables faster response times with group knowledge for better and more efficient support. Self Service Offerings also include: Zoom Learning Center (Learn anytime, anywhere and expand your product knowledge), Zoom Community (get involved, become a leader, and connect with other Zoom users and customers), Zoom Support (find answers to your product questions in our many articles and training materials, or contact the support team for technical assistance), and Webinars (attend onboarding webinars to learn about best practices and get the latest information about the Zoom platform).
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: Upon contract termination, Zoom deactivates all user IDs related to the customer account and any saved data is deleted. Therefore, the customer will have to download any recorded meetings prior to their termination date by visiting their online user profile, navigating to their recordings and downloading selected recordings to an alternate source.; ; Zoom has a data retention standard that details how data is deleted when a customer terminates service (i.e., purged on day 31). Furthermore, our Data Protection Standard states how Zoom must sanitise media. Zoom has a process for records retention to ensure that Personal Information is retained for no longer than necessary to fulfill the obligations or meet legal retention requirements.
• End-of-contract process: Upon termination of the customer's contract, Zoom will deactivate all user IDs associated to that billing account and delete any saved recordings.; ; Zoom has a data retention standard that details how data is deleted when a customer terminates service (i.e., purged on day 31). Furthermore, our Data Protection Standard states how Zoom must sanitise media. Zoom has a process for records retention to ensure that Personal Information is retained for no longer than necessary to fulfill the obligations or meet legal retention requirements.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
  • Other
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: See the link below for a comparison of features between the Zoom desktop clients, mobile apps, web client, and Zoom Web App:; https://support.zoom.com/hc/en/article?id=zm_kb&sysparm_article=KB006552
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: Yes
• What users can and can't do using the API: The Zoom API is the primary means for developers to access a collection of resources from Zoom. Apps can read and write to the resources and mirror some of the most popular features available in Zoom Web Portal such as creating a new meeting, creating, adding and removing users, viewing reports and dashboards on various usage, and so on using the Zoom API. Depending on your app’s use case, you can choose from our various APIs and implement the features accordingly. All APIs under the Zoom API are based on REST architecture and are accessed via HTTPS at specified URLs. The base URL for all requests is https://api.zoom.us/v2/. The complete URL varies depending on the endpoint of the resource being accessed. For instance, you can list all users on an account via a GET request to this URL: https://api.zoom.us/v2/users/. Within our API reference pages, you can send test requests and view responses. You can also view the code for the request in various languages such as Python, Node, Java and more. With each release, we add additional APIs and enhancements to meet the needs of our customers.
• API documentation: Yes
• API documentation formats: Other
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Zoom offers a number of opportunities to customise the service. Zoom’s App Marketplace brings together integrations, apps, and bots built by Zoom, third-party developers, and oftentimes our own customers, making it easy for Zoom users to extend the power of Zoom for any business need. The Zoom App Marketplace hosts over 2,500 apps and integrations for our solutions. In addition, Zoom’s APIs allow for a robust extension of the core Zoom product and apps can read and write to the resources and mirror some of the most popular features available in the Zoom Web Portal such as creating, adding and removing users, viewing reports and dashboards on various usage, and so on. Experienced developers can choose to leverage Zoom’s SDKs to incorporate the Zoom experience into their own application. Lastly, role-based access control enables the creation of custom user roles that have a set of permissions that allows access only to the pages a user needs to view or edit.

Scaling

• Independence of resources: Zoom’s unique architecture allows us to quickly and easily scale to meet demand. We maintain excess capacity in all aspects of our infrastructure to accommodate growing business, healthcare, and education needs and to meet peak usage requirements. Our proven infrastructure supports billions of meeting minutes a month and our architecture is built to handle growing levels of activity, as our unified communications platform is architected from the ground up to address the most technologically difficult aspect of communications: video. Our modern cloud architecture gives our platform its trademark reliability, quality, and scalability.

Analytics

• Service usage metrics: Yes
• Metrics types: The Zoom Dashboard allows administrators on the account to view information ranging from overall usage to live data relating to Zoom solutions. This data can be used to analyse issues that may have occurred as well better understand how users are intreacting with the Zoom platform within your organisation.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: Cirrus, 8x8, Mitel, Zoom, Gamma, Ribbon

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Reports and recordings can be exported via the Zoom web portal as required.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • MP4
  • MP3
  • VTT
• Data import formats:
  • CSV
  • Other
• Other data import formats: SAML

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
  • Other
• Other protection between networks: Zoom’s communications infrastructure for real-time video, audio, and data communications resides on Zoom dedicated servers, which are housed in SSAE 16 SOC2 compliant data centers.; ; Zoom sessions are completely temporary and operate analogously to the popular mobile conversation over the public mobile network.; ; Zoom can encrypt all presentation content at the application layer using the Advanced Encryption Standard (AES) 256-bit algorithm.; ; Zoom can secure all session content by encrypting the communications channel between the Zoom client and the multimedia router using a 256-bit Transport Layer Security (TLS) encryption tunnel.
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
  • Other
• Other protection within supplier network: Zoom adheres to OWASP standards for internal security process.

Availability and resilience

• Guaranteed availability: SLAs are addressed in Zoom's Master Services Agreement (MSA) and may include 99.9% uptime, excluding excused downtime (maintenance).
• Approach to resilience: Zoom web services leverage AWS high availability infrastructure with multi-region configuration operating in Active/Standby mode. For realtime communications, Zoom leverages multiple Tier 1 data centers running in Active/Active mode.
• Outage reporting: Zoom posts any general incident announcement and other announcements including scheduled maintenance, outages, updates, through our status page at status.zoom.us. For incidents affecting a specific customer, Zoom will notify the account owner and administrator(s) through email or as specified in fully executed agreement.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Management interfaces are accessed via user name and password derived from integration via SSO or user name and password stored in a salted hash. Interfaces are accessed based upon role based access control (RBAC).
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: Between 6 months and 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Between 6 months and 12 months
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Schellman & Company, LLC
• ISO/IEC 27001 accreditation date: 01/04/2024
• What the ISO/IEC 27001 doesn’t cover: Not applicable
• ISO 28000:2007 certification: No
• CSA STAR certification: Yes
• CSA STAR accreditation date: 20/01/2023
• CSA STAR certification level: Level 2: CSA STAR Attestation
• What the CSA STAR doesn’t cover: Not Applicable
• PCI certification: Yes
• Who accredited the PCI DSS certification: Schellman & Company, LLC
• PCI DSS accreditation date: 08/10/2022
• What the PCI DSS doesn’t cover: Not applicable
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • SOC2 Type 2
  • TRUSTe

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: Cyber Essentials, Cyber Essentials Plus, SOC2 Type 2, GDPR, TRUSTe Certified Privacy
• Information security policies and processes: Zoom's security policies are derived from ISO 27001 framework.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Change triggers for unique processes and controls are: Code, Database, Infrastructure, Data.; ; Weekly meetings held to request changes that need to be performed during maintenance windows. Change requests are presented, validated, and scheduled. Changes are approved by the Change Manager. Implementation in production should not be by the same individual who developed the change. When staffing levels do not permit this separation, management oversight and approval of the change and testing process ensure appropriate processes are followed. Dev and test environments are physically and logically segregated from production. No customer data is used in testing.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Zoom has a formal Vulnerability Management Plan in place. Zoom performs monthly vulnerability and web application scanning using an external party (Qualys). Scan reports are reviewed by our Security and technical teams and discussed with the engineering and development teams. Validated findings are tracked in our JIRA system throughout remediation.; ; Zoom has a monthly patch cadence. Zoom will patch all applications, workstations, and servers (virtual or physical) with all current operating system, database, and application patches deployed in our computing environment according to a schedule predicated on the criticality of the patch. Maintenance/patching typically will have no service downtime.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: We have monthly vulnerability and web application scans. Findings are reviewed and validated by our technical and engineering team. Vulnerability rated on severity level and tracked using our JIRA system. Vulnerability fixes are release from our engineering team and follow our formal change management process for deployment to production. Zoom also has DDoS monitoring and Managed service in place. Affected traffic are diverted and filtered through a scrubbing centre.; ; Zoom responds to incidents as defined within our SOC2 report available upon execution of a mutual NDA.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Zoom communicates the incident response policy to internal and external users and instructs users to contact their supervisor and the information security representative if they become aware of a possible security breach. When a potential security incident is detected, a defined incident management process is initiated by authorised personnel. Incidents are tracked through the tracking application, which includes the corrective actions implemented in accordance with the defined policies and procedures.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  At Charterhouse group are working hard to fight climate change, from Zero or offset carbon suppliers, to making sure we can use the circular economy and deploy tools and services that are carbon or energy reducing compared to the current platforms and services. Some examples are SIP from a carbon neutral company, to recycling old handsets and PBX equipment, and looking to displace handsets for power savings by using softphones on laptops and PC's that are already consuming power over physical handsets that draw power in addition to devices already being powered. ; We are empowering the business to look at this area closely and develop new policies and objectives as part of the business planning cycles. The Environment Policy of The Company is to ensure so far as it is reasonably practicable that its operations will be carried out with a commitment to protecting and enhancing the environment. As an office we know that we generate wastepaper products. However, as we strive for excellence in every aspect of our business, we are committed to minimising the environmental impacts of the business operation.; Our stated aims are to:; • Aim to continuously improve our environmental performance particularly with regards to our recycling and re-use of paper.; • Where possible we will use recycled or ecologically friendly paper.; • We will use 'waste' paper for notepads unless confidentiality may be compromised.; • Reduce our consumption of resources and improve the efficiency of those resources by printing double sided where practicable.; • Manage waste generated from my business operations according to the principles of reduction, re-use and recycling.; • Recycle all paper products, ink or toner cartridges.; • Comply as a minimum with all relevant environmental legislation as well as other environmental requirements.

  Covid-19 recovery

  Charterhouse is a growing group of companies, made up of several organisations from across the UK, we are continuing to employ staff from various backgrounds. ; We have created new employment opportunities, will re-train staff that find themselves in a position that their role is no longer available and support employment of those who left employment by COVID-19. Locally sourced staff is no longer the norm, we are embracing the work from anywhere culture, our staff current and new will have the option to work from home or an office and no longer need to be employed from the local area however, where new staff would like to work from a local office, they will be given that opportunity. ; Charterhouse will look to support businesses in the recovery from Covid by supporting them in new ways of working by implementing new technologies that support the new ways of working that decrees the need for travel and reduce the chance of infection rates. These new technologies and ways of working will support the recovery of our NHS and other organisations to levels pre-Covid. Our ability to bring together many technology stacks allows business to employ the right people as Charterhouse does and drive success through innovative ways of working. ; Implementing new health initiatives within Charterhouse will support mental and physical health for staff, maintaining the hybrid working environment will stop the spread of the COVID 19 within our workforce allowing economic growth.; At Charterhouse, we feel strongly about being able to give back to our community. Each year we nominate an organisation doing great work with those in need and support them – both financially through our regular fundraising, and practically with our business technology expertise where they need help and support.

  Tackling economic inequality

  Charterhouse is growing, in the last 3 years we have purchased existing business to ensure group growth, these companies have brought growth to both their business and ours. These businesses are hiring within the group to ensure that we can continue organic growth to secure the future of staff and the wider group. Our ability to support SME’s is backed by our experience as an SME and one of a family run business. ; Growth for our group comes from within and externally where your ability and attitude is more important than diversity or background. Employing the best person is key to growth, but more importantly equality. Our HR team look at the person and ability to carry out a role rather than disability or background. ; Our goal is to continue growth from organic, ethical and people centric sales. We allow people to be themselves, to thrive, to learn and grow in their role or for future roles. Our staff where needed will be accredited via vendors and suppliers as well as industry standard qualifications needed, backed by time and support from Charterhouse to achieve these skills and accreditations. ; Charterhouse are introducing more robust policies to promote a supply chain that is more sustainable and based on value than size. Smaller distributers and suppliers can deliver more value to the group, we can support smaller business by offering more opportunities to work with us and on behalf of our customers where we need 3rd party support or distribution. ; We work closely with suppliers to ensure that we can deliver on contracts sustainable, ethically and securely, working to many ISO standards though to Cyber essentials and Cyber Essentials Plus, our accreditations provide a framework for growth, improvement and security.

  Equal opportunity

  We have a robust recruitment policy that drives equality from the top down. ; Assessment criteria; Our aim at Charterhouse Group, will be to always recruit the person who is most suited to each role, whether the candidate is internal or external. We recruit solely on the basis of the candidate’s skills, capabilities and individual merit as measured against the criteria for the role. Qualifications, experience, and skills may also be assessed at the level that is relevant to the job.; Job descriptions and employee specifications; Before initiating the recruitment process, the responsible Hiring Manager must ensure that there is an up-to-date job description for the role with clear employee specification.; Advertisement of vacancies; It is our policy that all vacancies be advertised on the company intranet. ; Equality, Diversity and Inclusion; We are committed to applying our equality, diversity and inclusion policy at all stages of the recruitment and selection process. We always carry out shortlisting, interviewing and selection without regard to an applicant's sex, gender identity, sexual orientation, marital or civil partnership status, skin colour, race, nationality, ethnic or national origins, religion or belief, age, pregnancy or maternity leave.; We will never exclude any candidate with a disability unless it is clear that the candidate is unable to perform a duty that is intrinsic to the role, having taken into account reasonable adjustments. ; To prevent any candidate from being disadvantaged because of a disability, the individual responsible for communicating with applicants should ask each candidate whether or not they require reasonable adjustments to be made. ; Interviews; Hiring Managers conducting recruitment interviews will ensure that any questions asked during the interview is not in any way discriminatory or unnecessarily intrusive. The interview will focus on the role and the skills needed to perform it effectively.

  Wellbeing

  Charterhouse take wellbeing seriously, not only do we ensure staff can work to a health work/life balance, but also can work from home when needed.; The further deployment of Yu Life gives staff a set of tools and challenges to maintain both body and mental health. Teams, individuals and friends all compete in daily and weekly challenges to keep body fit, and allows for mental hearth checks and challenges. ; Annual company meetings and mental health first aiders all encourage staff to maintain mental health, but in a time of need they know they have help available. ; In addition to the above, Charterhouse offer all staff added benefits, for example Private Health care, free flu jabs and eye tests, a day off on your birthday each year, all to help boost mind and body health.

Pricing

• Price: £2.92 a licence a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Zoom provides a free Basic license that includes some of the features and functionalities of paid user licenses with a 40-minute meeting limitation, and basic, limited functionality. For further information please see the following link:; https://zoom.us/pricing
• Link to free trial: https://zoom.us/signup

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at publicsector@cvdgroup.com. Tell them what format you need. It will help if you say what assistive technology you use.