8x8 UK Limited

Unified Communications

Unified Communications service from 8x8's X-Series (1 to 8), increases productivity, delivering a full communications solution, including telephony, voicemail; collaboration via web chat, video, email, IM, conference calls, data sharing, online meetings; call recording, customer analytics, internet fax. Call plans, per user per month: UK local, national and mobile numbers


  • Unified Communications accessible via desktop application, mobile app, online dashboard
  • Unified messaging via email, web/ online chat, Instant Messaging (IM)
  • Collaboration via online meetings, video chat/ video calls/ video conferencing
  • Platform interoperability, including Google, Office 365, Salesforce, Skype for Business
  • Plugins: Presence, caller ID database match, click-to-dial from application/ web
  • Call recording, call screening, call waiting. Full customer administration suite
  • Auto attendant for customisable automated call connect, transfers, queues, greetings
  • Cloud PBX: telephony with direct dial extension for every user
  • Conference call, group intercom paging
  • Unified voicemail management, voicemail-to-email and in-app voicemail


  • Unified Communications: enables digital transformation; agile, flexible working, and homeworking
  • Distributed workforces can interact as one unified organisation
  • Deploy Unified Communications via the web for national connectivity
  • Fosters cultural change: seamless user-controlled movement between phones and softphones
  • Collaboration: rapidly conference with colleagues; data sharing/ file sharing
  • Reduced cost of support and maintenance via lower management overheads
  • Switch between devices, even during calls. Simple and intuitive
  • Switch between devices, even during calls. Simple and intuitive
  • Reduces costs and complexity, providing excellent value for money
  • 8x8's specialist industry-expert teams for health, councils, housing authorities


£3 per licence per month

  • Free trial available

Service documents

G-Cloud 10


8x8 UK Limited

Russell Tilsed



Service scope

Service scope
Service constraints 8x8 performs maintenance at no disruption to the customer. Customer-facing elements of the service, for example portals and softphones, are upgraded at customer convenience. Non-customer-facing elements, for example PBX functionality, are upgraded with full service continuity.
System requirements
  • Personal computer, MacBook or web browser-enabled device
  • A high-speed connection to the Internet
  • A telephone device
  • Mobile access – download free app; iOS and Android only

User support

User support
Email or online ticketing support Email or online ticketing
Support response times 8x8’s experienced UK-based Customer Support team has a one-hour target time for initial response.
8x8’s experienced UK-based Technical Support team has a target time for initial response of 30 minutes, for Critical and High priority issues; and one hour, for Medium and Low priority issues.
Core business hours for the Customer and Technical Support teams are Monday-Friday, 08:00-18:30, to respond to emails and phone calls.
Customers that are on the 24x7 customer list will receive support outside of core business hours.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels 8x8 provides Service Level Agreements for our customers; further detail is outlined in the accompanying Definition Document.
General ongoing product support is inclusive within the licence cost.
For deployments in excess of 50 users, a Deployment Engineer is part of the installation process; this is included in the pricing. This assumes a specified Statement of Work (SoW) has been mutually agreed as part of the buying process.
For Business As Usual support requests, where technical engineers cannot resolve the issue remotely, on-site availability will be provided, at £495 plus VAT, per day.
Inclusive 24x7 support is for customers with monthly expenditure of £5,000 or more.
A Technical Account Manager can be made available.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started Our deployment and training teams work together with you to help you start using our service. They provide you the necessary knowledge and training to setup, design, configure, maintain and use the solution efficiently.
The deployment team ensures a smooth transition from your old to our new solution, using PMI methodology, in line with PRINCE2 principles. Starting the engagement with the Deployment, Training and Customer Success Teams will work in parallel from the initial Customer Kick-Off meeting. After Go-Live until the transition to our Support teams, the deployment team is ready to help you through issues arising during onboarding. Project lifecycle process and governance is implemented from Day One, until closure.
We offer training courses and resources across multiple services. Our courses, along with customer adoption materials, help you get the most from your 8x8 system. Courses are offered open enrolment, via virtual classroom with hands-on exercises and labs, and accompanying user adoption kits. Content includes co-branding, best practices, resource guides, and an eBook with videos, tutorials, and starting tips. This approach provides sustainability, and fast onboarding for new users.
Other delivery and customisation options are also available.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
  • Other
Other documentation formats
  • Word
  • Excel
End-of-contract data extraction Customers can extract and download data at their convenience, from the administration portal. Designated administrators will be able to retrieve this data.
Call recordings and CDRs are available for the customer to download until the service termination is complete and access is no longer available.
Data is retained in line with legislation as relevant to the type of data it is.
End-of-contract process At the end of the contract, data retained within the customer's PBX is available for download from the point of deployment, via FTP and web download subject to current regulations. Number porting is driven by the gaining provider and 8x8 adheres to porting guidelines.

Using the service

Using the service
Web browser interface Yes
Using the web interface Buyers can customise with out of the box integrations, along with extensive customisation of the structure and features of their PBX. Some additional functionality is chargeable, via Professional Services – see Service Definition and Pricing documents attached.
Web interface accessibility standard None or don’t know
How the web interface is accessible Hardware can be made available to end users who have accessibility requirements.
Web interface accessibility testing 8x8 undertakes web interface testing
What users can and can't do using the API 8x8 has a common language (RESTful) and open API policy, where users proficient in URL-based HTTP APIs can inter-operate across 12 8x8 pre-written APIs. These enable multiple functions, for integration, for example with common CRMs.
Various bespoke functionality features can be achieved with the APIs. Depending on the proficiency of the user, multiple APIs can be used to widen functionality. Changes are made by the simple manipulation of the HTTP codes.
The use of APIs must be by proficient users, familiar with these programming techniques.
API automation tools Other
API documentation Yes
API documentation formats HTML
Command line interface No


Scaling available Yes
Scaling type Manual
Independence of resources To Complete
Usage notifications No


Infrastructure or application metrics Yes
Metrics types
  • HTTP request and response status
  • Network
  • Number of active instances
  • Other
Other metrics
  • Screen Capture (Synchronized with Audio Recordings)
  • Speech to Text Transcription
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least every 6 months
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
  • Hardware containing data is completely destroyed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery
Backup and recovery Yes
What’s backed up Data
Backup controls Key financial data is scheduled to be backed up daily. Backup's are configured for notification:
a) UK-IT manages and monitors backups for Finance Shares and 8x8 Solutions Domain Controller.
b) 8x8 Solutions-IT manages and monitors backups
c) 8x8 Inc System Operations manages and monitors backups for Ability database
Datacentre setup
  • Multiple datacentres with disaster recovery
  • Multiple datacentres
Scheduling backups Supplier controls the whole backup schedule
Backup recovery Users contact the support team

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • Other
Other protection between networks Another way 8x8 protects data between your network and our network, is by setting up a private connection into an 8x8 data centre.
All web-based portals – including administration and analytics – use the most up-to-date versions of TLS.
One other way to protect data between your network and 8x8’s, is to encrypt calls using SRTP, which includes Secure SIP of TLS.
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Other
Other protection within supplier network In addition, 8x8’s data centres are at the tier 3 level, so bring the high physical security that comes with that. And a customer can create a private connection between data centres for their data, for further protection.

Availability and resilience

Availability and resilience
Guaranteed availability We aim to have our Services available to Customers 24x7. 8x8 use commercially reasonable efforts to provide Customers with average annual Services availability equal to or greater than 99.95%. 8x8’s records and data are basis for all service availability calculations and determinations.
8x8 use commercially reasonable efforts to respond to Unplanned Service Interruptions, 24x7, that are reported through one of 8x8’s Customer Support channels.
To receive Service Credits, the Customer must notify 8x8 within 30 days from the time Customer becomes eligible to receive Service Credits. Failure to comply with this forfeits Customer’s right to receive a Service Credit.
The Service Credit will be issued on the 8x8 invoice for the period following the Customer’s request for the Service Credit, unless the Service Credit is due in the Customer’s final month of the Term. In such a case, the Service Credit refund will be mailed to the Customer.
Approach to resilience 8x8 ensures its high resilience and business continuity – 99.95% minimum guaranteed uptime of all core systems – by delivering its cloud-based communications services through top tier data centres that are fully redundant, mirrored, and in a geographically-dispersed N+1 configuration, for automatic failover. If a server fails, a backup server automatically takes over. 8x8’s infrastructure is designed and built to ensure no single points of failure within our network. This includes using multiple carriers for internet and call traffic.
This ensures uninterrupted service, in the highly unlikely event of a local outage.
Outage reporting We update service incidents via email. We have trigger conditions for major incidents which are quick and robust, as they use a combination of white box, black box alarms, automated service measures and customer symptoms based on call intensity into the support email, chat and phone queues. At the point an incident is declared, each of the teams have clear activities to perform. Leaders from Technical Support and Operations will occupy pre-agreed roles in terms of problem leadership (Operations), symptom refinement and problem reproduction (Technical Support) and customer communication. Email updates are at the beginning and end of an event; and at 30-minute intervals, on the very rare occasions an event lasts longer.

Identity and authentication

Identity and authentication
User authentication
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels Only authorised Customer Support super-users can access service portals, helping customer configuration and usage queries. Super-user logins are restricted to office LAN workstations, or via secure VPN using two-factor authentication out-of-hours.
Only authorised Technical Support can access back-end databases, for deeper diagnosis, and only within the office LAN/VPN.
Network Operations can access server operating systems, controlled via centralised authentication management. They are the only staff with physical access to data centre-based production hardware.
System access must be approved by system owners, regularly audited by senior security- and IT manager-led Information Security Forum. External Information Technology auditors audit the access processes.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password
Devices users manage the service through
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device on a government network (for example PSN)
  • Dedicated device over multiple services or networks
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 Alcumus
ISO/IEC 27001 accreditation date 30/10/2017
What the ISO/IEC 27001 doesn’t cover Software Development and Financial Operations
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications Cyber Essentials +

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards CSA CCM v3.0;
ISO/IEC 27001;
ISO 9001;
CLOUD SECURITY ALLIANCE (rated Enterprise-Ready by Skyhigh Networks CloudTrust);
Information security policies and processes We hold ISO 27001: 2103 certification for our information security policies and processes. We also have annual rigorous audits via our Sarbanes-Oxley framework requirements.
The UK Quality Systems and Compliance Manager is dedicated to ensuring continued compliance to these, and reports directly to the Chief Technical Officer. As part of this, the Quality Systems and Compliance Manager ensures company-wide full awareness for information security – via annual campaigns, and induction training for new starters. This ensure that all staff know about these principles, and what everyone needs to do to ensure continued compliance.
Furthermore, we comply with the following rigorous certifications and accreditations, to ensure information is thoroughly secure: Cyber Essentials Plus; UK Government Authority To Operate (ATO); Cloud Security Alliance; FISMA; and, HIPAA.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Our configuration and change management processes are methodically assessed, categorised and tested, in line with ensuring continued compliance of our information security programme to: Federal Information Security Management Act (FISMA), one of the world’s most rigorous security standards; our ISO27001 accreditation, and its regular internal and external audits; the rigours of our Sarbanes-Oxley (SOX) framework requirements; and, the principles of segregation of duties.
8x8 is the only cloud-based Unified Communications provider advertising compliance to Health Insurance Portability and Accountability Act of 1996 (HIPAA), and third party verification of our FISMA compliance.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach 8x8 assesses potential threats to our service using top-rated vulnerability scanning tools, including VERACODE, Qualys and Nessus.
The speed of patch deployment depends on the criticality. If 8x8 deems it high priority, 8x8 addresses it immediately. If medium priority, within a week. If low, within two weeks.
We get alerts from the FBI, DHS, US CERT, SANS Institute, and from the above-named scanning tools. Our Head of Security is on the FBI Cyber InfraGard board and has access to their bulletins, amongst many other sources.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach 8x8 identifies potential compromises using Nagios and other industry-standard tools.
When we find a potential compromise, we respond through our thorough processes, for which we have regular training and drills. Our 24x7 Network Operations Centre (NOC) and Security Operations Centre (SOC) are trained to evaluate the data from our various tools, and they go through the steps listed in our incident response policies and procedures.
Once it is confirmed to be an incident via these tools, policies and procedures, criteria and training, our 24x7 NOC and SOC respond immediately.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Our thorough incident management processes cover pre-defined procedures for common events.
Users report incidents via a form template. Our Internal Information Security Forum collates this information and regularly meets to review and act upon these issues. They ensure any rogue accounts are swiftly shut down.
We provide incident reports within 48 hours via email if it relates in any way to a customer.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart Yes
Who implements virtualisation Supplier
Virtualisation technologies used VMware
How shared infrastructure is kept separate Access controls

Energy efficiency

Energy efficiency
Energy-efficient datacentres Yes


Price £3 per licence per month
Discount for educational organisations No
Free trial available Yes
Description of free trial 8x8 is able to undertake to provide a structured and controlled formal Proof of Concept (POC). This would be on a trial basis which would require further scope, measurement criteria and consideration of potential cost implications to be agreed.


Pricing document View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑