Cisco Collaboration by KCOM

The agile, elastic collaboration offerings:
Webex Meetings – the leading enterprise solution for video conferencing & web conferencing;
Webex Teams (formally Cisco Spark) – a secure app for continuous teamwork with video meetings, messaging, file sharing and white boarding.
Integration with other KCOM Workplaces services further enhances the overall experience.


  • Webex Meetings: enterprise solution for video conferencing & web conferencing
  • Webex Teams: secure continuous teamwork, video meetings, messaging, file-sharing, white-boarding
  • Exchange messages and share files
  • Message anyone
  • Bring people together to create, communicate, and collaborate
  • One continuous workstream before, during, and after the meeting
  • Teams more effective across any mobile or video device


  • increase business flexibility empowering IT to focus on strategic priorities
  • Simpler to implement
  • Shorter time to value
  • More cost–effective
  • Boost efficiency
  • Improve agility
  • Improve secure collaboration between employees, citizens and other organisations

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Hybrid cloud
Service constraints N/A
System requirements
  • Windows PCs—Windows 7 Service Pack 1 and later
  • Mac—MacOS 10.12 and later on a supported Mac
  • IPhone and iPad—iOS 11.0 and later
  • Android Smartphones—KitKat 4.4 and later
  • Web—Last two major releases of one of the supported browsers
  • Google Chrome, Mozilla Firefox, Apple Safari, and Microsoft Edge

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Negotiable
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.1 AA or EN 301 549
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Yes, at extra cost
Support levels KCOM can provide a managed service with either business hours or 24x7 support
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started Cisco provide a range of solution documentation, onsite & online training and implementation services for customers.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction After a Customer’s subscription terminates or expires, its remaining encrypted User-Generated Information and personal data is retained on our platform for 7 years. Customers that have terminated the Service can request deletion of personal data retained on the Cisco Webex platform. When a Customer that has terminated the Service makes a request for deletion, Cisco endeavors to delete the requested data from its systems within 30 days, unless the data is required to be retained for Cisco’s legitimate business purposes. If there is a requirement to retain certain categories of data (such as support information logs), the reason why its retain and the retention period can be provided.
In a group space, the retention policy of the organization that created the space controls, and its administrator can delete all of the information posted in the group space. In a one-on-one space, each organization’s administrator can delete only those messages and files posted by its own user in accordance with its retention policy.
End-of-contract process Upon termination or expiration of subscription, customer data is subject to the following conditions:
- If requested by the customer, the data is exported to an industry standard format and shared with the customer;
- A portion of the data or meta data that is required for billing and audit purposes is retained and all other data is securely deleted from the primary and backup locations.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install Yes
Compatible operating systems
  • Android
  • IOS
  • MacOS
  • Windows
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Designed to be a consistent experience across both mobile and desktop services.

Supported on mobile systems:
Android Smartphones—KitKat 4.4 and later
iPhone and iPad—iOS 10.0 and later
Accessibility standards None or don’t know
Description of accessibility You can Customize Branding and Support Settings for Customers in Cico Webex Control Hub, Add Problem Report and Help URLs for Your Users, or enable Single Sign on all from the settings page.
Accessibility testing N/A
What users can and can't do using the API WebEx teams has an API which is used to manage the teams themselves. Teams are created and deleted with this API. You can also update a team to change its name, for example.

Team Memberships represent a person's relationship to a team. This API can be used to list members of any team that you're in or create memberships to invite someone to a team. Team memberships can also be updated to make someone a moderator or deleted to remove them from the team.

The rooms API is used to manage the rooms themselves. Rooms are created and deleted with this API. You can also update a room to change its title, for example.
API documentation Yes
API documentation formats HTML
API sandbox or test environment Yes
Customisation available Yes
Description of customisation The Cisco WebEx depot is a central hub to discover app experiences on the WebEx platform. A catalogue of integrations and bots are readily available which can be easily added to your rooms and spaces by inviting them in as a user. additionally you can develop your own integrations and bots. The Webex for Developers program opens up the power behind the Webex platform to anyone seeking to extend the Webex experience.

The Webex Team APIs give your applications direct access to the Cisco Webex platform, giving you the ability to:
•Create a room and invite people
•Search for people in your company
•Post messages into a room
•Get room history or be notified in real-time when new messages are posted by others


Independence of resources Different 'centers' are available in WebEx to meet differing needs. The centers and scalability attributes are:

WebEx meeting center - Up to 1,000 (including 25 video devices)
WebEx training center - Up to 1,000
WebEx event center - Up to 3,000
WebEx support center - Up to 8 concurrent sessions with 5 participants in each


Service usage metrics Yes
Metrics types For WebEx meetings you can generate and view the following types of reports:
• Common (for the entire site)
• Event Center
• Support Center
• Training Center
• Remote Access
• Access Anywhere
• WebACD

Many reports can be run in 15, 30, and 60-minute intervals.
Reporting types Real-time dashboards


Supplier type Reseller providing extra features and support
Organisation whose services are being resold Cisco

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations EU-US Privacy Shield agreement locations
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach You can export a CSV file that contains the WebEx-specific settings for all entitled users for your site. You can use this file to bulk-inspect settings or as a template that you can edit.
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability 99.5 %
This SLA is for the application and supporting infrastructure in the cloud datacenters and excludes factors outside of KCOM’s control such as inadequate bandwidth or network failures where the service traverses the public Internet.
Service credits are between 8% and 10% of monthly charges based on missed availability targets in the range of <0.5% to >10%.
Approach to resilience Cisco WebEx meeting sessions use switching
equipment located in multiple data centers around
the world. These data centers are strategically
placed near major Internet access points and use
dedicated high-bandwidth fiber to route traffic
around the globe. Cisco operates the entire
infrastructure within the Cisco WebEx Cloud with
industry-standard enterprise security.
Additionally, Cisco operates network point-of presence
(PoP) locations that facilitate backbone
connections, Internet peering, global site backup,
and caching technologies to enhance performance
and availability for end users.
Outage reporting A public dashboard is available at the following location

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels The measures implemented in order to manage and restrict access can be divided into six sub-categories: 1) Physical Access Control; 2) Logical Access Control; 3) Access Administration; 4) Authentication and Authorization; 5) Data Access Control; 6) Data Transfer. Please consult the document "Information Security Practices" for more information.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information You control when users can access audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information You control when users can access audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 BSI
ISO/IEC 27001 accreditation date 17/06/2015
What the ISO/IEC 27001 doesn’t cover The Registered Scope is as follows: Information security management system for the delivery of communications and associated technologies, products and services provided by the Group. The scope also covers the supporting functions within KCOM Group Services and activities carried out at Data Centres and Switch Sites throughout the UK including Hull, Reading, Bristol and Leeds in accordance with the Group Statement of Applicability Issue 7, dated December 2014.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification Yes
Who accredited the PCI DSS certification NCC Group
PCI DSS accreditation date 12/12/2016
What the PCI DSS doesn’t cover Our certification covers requirements 9 &12 for our Reading and Global Switch data centres and our HMRC Autopayments service. PCI DSS compliance is designed, built and assessed on a service by service basis. KCOM is experienced in providing consultancy to help customers to design and deliver PCI DSS compliant solutions on cloud platforms.
Other security certifications Yes
Any other security certifications
  • ISO/IEC 20000-1 2011 - IT Service Management
  • ISO 22301 2012 for Business Continuity Management
  • PSN Service Provision Compliance
  • Cyber Essentials - NCC registration 5550492144825142
  • Cyber Essentials PLUS - NCC registration 1797944838680743
  • CAS - Telecommunications CAS (T) 60921839TEL

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes KCOM's approach to Security forms part of our overall Integrated Business Systems Management scheme. The Company Secretary is responsible at Board level for Information Security and ensuring that our ISO/IEC 27001 accreditation is maintained and enforced. The Information Security policy is a top down approach within KCOM with Business Areas having responsibilities for Information, Network and Customer Data relating to their operational areas. The policies and procedures define access restrictions to all of our IT systems, networks and stored data. The practical policies and processes start with our Integrated Business Management Systems Manual which defines the Information Security Management system as a key part of our business. The Information Security Awareness process requires that all staff and contractors are periodically trained and assessed on their familiarity with KCOM's ISO27001 Information Security policies and processes. Individual contracts and services will have a specific Security Plan defining the specific measures which will apply to the contract or service. All employees are responsible for Information Security and are trained in reporting suspected breaches to our IMS team who will identify risks and actions to minimise any such breaches.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach The Change Management process includes a formal review and approval of all changes via the Change Advisory Board (CAB) which includes representatives from the different teams within the SaaS Hosting organization. All changes submitted to the CAB have to be prepared in a Request for Change (RFC) template that includes (but not limited to) items such as: issue statement, components to be changed, environment, test procedure, back out plans, escalation process, etc. The RFC has to be reviewed and approved by a manager before it is presented to the CAB. Controls are attested via third-party SSAE 16 audits.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach Vulnerability Management - KCOM uses Tenable Nessus to evaluate and validate the security of our service on an ongoing basis. High risks are identified, validated, and remediated before production systems are made available. Medium risks are evaluated and resolved on a priority basis. Ongoing scans are performed to ensure that no new risks have been introduced.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach KCOM maintains a comprehensive set of information security Policies and Procedures that are approved by senior management and are reviewed and updated to remain compliant with the law and current industry practices. These Policies and Procedures include: • Organizational security • Physical and environmental security • Communications and connectivity • Change control • Data integrity • Incident response • Privacy • Backup and offsite storage • Vulnerability monitoring • Information classification • Data-handling; and • Security configuration standards for networks, operating systems, applications and desktops Full details of KCOM's Information Security Practices are available on request.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach KCOM is certified to ISO20000 and follows ITIL v3

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No


Price £0 per unit
Discount for educational organisations No
Free trial available Yes
Description of free trial Submit an initial request via GCloud for your trial and we'll contact you

Service documents

pdf document: Pricing document pdf document: Skills Framework for the Information Age rate card pdf document: Service definition document pdf document: Terms and conditions pdf document: Modern Slavery statement
Service documents
Return to top ↑