Unified Communications service from 8x8's X-Series (1 to 8), increases productivity, delivering a full communications solution, including telephony, voicemail; collaboration via web chat, video, email, IM, conference calls, data sharing, online meetings; call recording, customer analytics, internet fax. Call plans, per user per month: UK local, national and mobile numbers
- Unified Communications accessible via desktop application, mobile app, online dashboard
- Unified messaging via email, web/ online chat, Instant Messaging (IM)
- Collaboration via online meetings, video chat/ video calls/ video conferencing
- Platform interoperability, including Google, Office 365, Salesforce, Skype for Business
- Plugins: Presence, caller ID database match, click-to-dial from application/ web
- Call recording, call screening, call waiting. Full customer administration suite
- Auto attendant for customisable automated call connect, transfers, queues, greetings
- Cloud PBX: telephony with direct dial extension for every user
- Conference call, group intercom paging
- Unified voicemail management, voicemail-to-email and in-app voicemail
- Unified Communications: enables digital transformation; agile, flexible working, and homeworking
- Distributed workforces can interact as one unified organisation
- Deploy Unified Communications via the web for national connectivity
- Fosters cultural change: seamless user-controlled movement between phones and softphones
- Collaboration: rapidly conference with colleagues; data sharing/ file sharing
- Reduced cost of support and maintenance via lower management overheads
- Switch between devices, even during calls. Simple and intuitive
- Switch between devices, even during calls. Simple and intuitive
- Reduces costs and complexity, providing excellent value for money
- 8x8's specialist industry-expert teams for health, councils, housing authorities
£3 per licence per month
- Free trial available
8x8 UK Limited
|Service constraints||8x8 performs maintenance at no disruption to the customer. Customer-facing elements of the service, for example portals and softphones, are upgraded at customer convenience. Non-customer-facing elements, for example PBX functionality, are upgraded with full service continuity.|
|Email or online ticketing support||Email or online ticketing|
|Support response times||
8x8’s experienced UK-based Customer Support team has a one-hour target time for initial response.
8x8’s experienced UK-based Technical Support team has a target time for initial response of 30 minutes, for Critical and High priority issues; and one hour, for Medium and Low priority issues.
Core business hours for the Customer and Technical Support teams are Monday-Friday, 08:00-18:30, to respond to emails and phone calls.
Customers that are on the 24x7 customer list will receive support outside of core business hours.
|User can manage status and priority of support tickets||No|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
8x8 provides Service Level Agreements for our customers; further detail is outlined in the accompanying Definition Document.
General ongoing product support is inclusive within the licence cost.
For deployments in excess of 50 users, a Deployment Engineer is part of the installation process; this is included in the pricing. This assumes a specified Statement of Work (SoW) has been mutually agreed as part of the buying process.
For Business As Usual support requests, where technical engineers cannot resolve the issue remotely, on-site availability will be provided, at £495 plus VAT, per day.
Inclusive 24x7 support is for customers with monthly expenditure of £5,000 or more.
A Technical Account Manager can be made available.
|Support available to third parties||No|
Onboarding and offboarding
Our deployment and training teams work together with you to help you start using our service. They provide you the necessary knowledge and training to setup, design, configure, maintain and use the solution efficiently.
The deployment team ensures a smooth transition from your old to our new solution, using PMI methodology, in line with PRINCE2 principles. Starting the engagement with the Deployment, Training and Customer Success Teams will work in parallel from the initial Customer Kick-Off meeting. After Go-Live until the transition to our Support teams, the deployment team is ready to help you through issues arising during onboarding. Project lifecycle process and governance is implemented from Day One, until closure.
We offer training courses and resources across multiple services. Our courses, along with customer adoption materials, help you get the most from your 8x8 system. Courses are offered open enrolment, via virtual classroom with hands-on exercises and labs, and accompanying user adoption kits. Content includes co-branding, best practices, resource guides, and an eBook with videos, tutorials, and starting tips. This approach provides sustainability, and fast onboarding for new users.
Other delivery and customisation options are also available.
|Other documentation formats||
|End-of-contract data extraction||
Customers can extract and download data at their convenience, from the administration portal. Designated administrators will be able to retrieve this data.
Call recordings and CDRs are available for the customer to download until the service termination is complete and access is no longer available.
Data is retained in line with legislation as relevant to the type of data it is.
|End-of-contract process||At the end of the contract, data retained within the customer's PBX is available for download from the point of deployment, via FTP and web download subject to current regulations. Number porting is driven by the gaining provider and 8x8 adheres to porting guidelines.|
Using the service
|Web browser interface||Yes|
|Using the web interface||Buyers can customise with out of the box integrations, along with extensive customisation of the structure and features of their PBX. Some additional functionality is chargeable, via Professional Services – see Service Definition and Pricing documents attached.|
|Web interface accessibility standard||None or don’t know|
|How the web interface is accessible||Hardware can be made available to end users who have accessibility requirements.|
|Web interface accessibility testing||8x8 undertakes web interface testing|
|What users can and can't do using the API||
8x8 has a common language (RESTful) and open API policy, where users proficient in URL-based HTTP APIs can inter-operate across 12 8x8 pre-written APIs. These enable multiple functions, for integration, for example with common CRMs.
Various bespoke functionality features can be achieved with the APIs. Depending on the proficiency of the user, multiple APIs can be used to widen functionality. Changes are made by the simple manipulation of the HTTP codes.
The use of APIs must be by proficient users, familiar with these programming techniques.
|API automation tools||Other|
|API documentation formats||HTML|
|Command line interface||No|
|Independence of resources||To Complete|
|Infrastructure or application metrics||Yes|
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||Up to Baseline Personnel Security Standard (BPSS)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||
|User control over data storage and processing locations||Yes|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least every 6 months|
|Penetration testing approach||Another external penetration testing organisation|
|Protecting data at rest||
|Data sanitisation process||Yes|
|Data sanitisation type||
|Equipment disposal approach||Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001|
Backup and recovery
|Backup and recovery||Yes|
|What’s backed up||Data|
Key financial data is scheduled to be backed up daily. Backup's are configured for notification:
a) UK-IT manages and monitors backups for Finance Shares and 8x8 Solutions Domain Controller.
b) 8x8 Solutions-IT manages and monitors backups
c) 8x8 Inc System Operations manages and monitors backups for Ability database
|Scheduling backups||Supplier controls the whole backup schedule|
|Backup recovery||Users contact the support team|
|Data protection between buyer and supplier networks||
|Other protection between networks||
Another way 8x8 protects data between your network and our network, is by setting up a private connection into an 8x8 data centre.
All web-based portals – including administration and analytics – use the most up-to-date versions of TLS.
One other way to protect data between your network and 8x8’s, is to encrypt calls using SRTP, which includes Secure SIP of TLS.
|Data protection within supplier network||
|Other protection within supplier network||In addition, 8x8’s data centres are at the tier 3 level, so bring the high physical security that comes with that. And a customer can create a private connection between data centres for their data, for further protection.|
Availability and resilience
We aim to have our Services available to Customers 24x7. 8x8 use commercially reasonable efforts to provide Customers with average annual Services availability equal to or greater than 99.95%. 8x8’s records and data are basis for all service availability calculations and determinations.
8x8 use commercially reasonable efforts to respond to Unplanned Service Interruptions, 24x7, that are reported through one of 8x8’s Customer Support channels.
To receive Service Credits, the Customer must notify 8x8 within 30 days from the time Customer becomes eligible to receive Service Credits. Failure to comply with this forfeits Customer’s right to receive a Service Credit.
The Service Credit will be issued on the 8x8 invoice for the period following the Customer’s request for the Service Credit, unless the Service Credit is due in the Customer’s final month of the Term. In such a case, the Service Credit refund will be mailed to the Customer.
|Approach to resilience||
8x8 ensures its high resilience and business continuity – 99.95% minimum guaranteed uptime of all core systems – by delivering its cloud-based communications services through top tier data centres that are fully redundant, mirrored, and in a geographically-dispersed N+1 configuration, for automatic failover. If a server fails, a backup server automatically takes over. 8x8’s infrastructure is designed and built to ensure no single points of failure within our network. This includes using multiple carriers for internet and call traffic.
This ensures uninterrupted service, in the highly unlikely event of a local outage.
|Outage reporting||We update service incidents via email. We have trigger conditions for major incidents which are quick and robust, as they use a combination of white box, black box alarms, automated service measures and customer symptoms based on call intensity into the support email, chat and phone queues. At the point an incident is declared, each of the teams have clear activities to perform. Leaders from Technical Support and Operations will occupy pre-agreed roles in terms of problem leadership (Operations), symptom refinement and problem reproduction (Technical Support) and customer communication. Email updates are at the beginning and end of an event; and at 30-minute intervals, on the very rare occasions an event lasts longer.|
Identity and authentication
|Access restrictions in management interfaces and support channels||
Only authorised Customer Support super-users can access service portals, helping customer configuration and usage queries. Super-user logins are restricted to office LAN workstations, or via secure VPN using two-factor authentication out-of-hours.
Only authorised Technical Support can access back-end databases, for deeper diagnosis, and only within the office LAN/VPN.
Network Operations can access server operating systems, controlled via centralised authentication management. They are the only staff with physical access to data centre-based production hardware.
System access must be approved by system owners, regularly audited by senior security- and IT manager-led Information Security Forum. External Information Technology auditors audit the access processes.
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||
|Devices users manage the service through||
Audit information for users
|Access to user activity audit information||Users contact the support team to get audit information|
|How long user audit data is stored for||At least 12 months|
|Access to supplier activity audit information||Users contact the support team to get audit information|
|How long supplier audit data is stored for||At least 12 months|
|How long system logs are stored for||At least 12 months|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||Alcumus|
|ISO/IEC 27001 accreditation date||30/10/2017|
|What the ISO/IEC 27001 doesn’t cover||Software Development and Financial Operations|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||Yes|
|Any other security certifications||Cyber Essentials +|
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||
|Other security governance standards||
CSA CCM v3.0;
UK GOVERNMENT ATO:
CLOUD SECURITY ALLIANCE (rated Enterprise-Ready by Skyhigh Networks CloudTrust);
|Information security policies and processes||
We hold ISO 27001: 2103 certification for our information security policies and processes. We also have annual rigorous audits via our Sarbanes-Oxley framework requirements.
The UK Quality Systems and Compliance Manager is dedicated to ensuring continued compliance to these, and reports directly to the Chief Technical Officer. As part of this, the Quality Systems and Compliance Manager ensures company-wide full awareness for information security – via annual campaigns, and induction training for new starters. This ensure that all staff know about these principles, and what everyone needs to do to ensure continued compliance.
Furthermore, we comply with the following rigorous certifications and accreditations, to ensure information is thoroughly secure: Cyber Essentials Plus; UK Government Authority To Operate (ATO); Cloud Security Alliance; FISMA; and, HIPAA.
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||
Our configuration and change management processes are methodically assessed, categorised and tested, in line with ensuring continued compliance of our information security programme to: Federal Information Security Management Act (FISMA), one of the world’s most rigorous security standards; our ISO27001 accreditation, and its regular internal and external audits; the rigours of our Sarbanes-Oxley (SOX) framework requirements; and, the principles of segregation of duties.
8x8 is the only cloud-based Unified Communications provider advertising compliance to Health Insurance Portability and Accountability Act of 1996 (HIPAA), and third party verification of our FISMA compliance.
|Vulnerability management type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Vulnerability management approach||
8x8 assesses potential threats to our service using top-rated vulnerability scanning tools, including VERACODE, Qualys and Nessus.
The speed of patch deployment depends on the criticality. If 8x8 deems it high priority, 8x8 addresses it immediately. If medium priority, within a week. If low, within two weeks.
We get alerts from the FBI, DHS, US CERT, SANS Institute, and from the above-named scanning tools. Our Head of Security is on the FBI Cyber InfraGard board and has access to their bulletins, amongst many other sources.
|Protective monitoring type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Protective monitoring approach||
8x8 identifies potential compromises using Nagios and other industry-standard tools.
When we find a potential compromise, we respond through our thorough processes, for which we have regular training and drills. Our 24x7 Network Operations Centre (NOC) and Security Operations Centre (SOC) are trained to evaluate the data from our various tools, and they go through the steps listed in our incident response policies and procedures.
Once it is confirmed to be an incident via these tools, policies and procedures, criteria and training, our 24x7 NOC and SOC respond immediately.
|Incident management type||Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402|
|Incident management approach||
Our thorough incident management processes cover pre-defined procedures for common events.
Users report incidents via a form template. Our Internal Information Security Forum collates this information and regularly meets to review and act upon these issues. They ensure any rogue accounts are swiftly shut down.
We provide incident reports within 48 hours via email if it relates in any way to a customer.
|Approach to secure software development best practice||Conforms to a recognised standard, but self-assessed|
Separation between users
|Virtualisation technology used to keep applications and users sharing the same infrastructure apart||Yes|
|Who implements virtualisation||Supplier|
|Virtualisation technologies used||VMware|
|How shared infrastructure is kept separate||Access controls|
|Price||£3 per licence per month|
|Discount for educational organisations||No|
|Free trial available||Yes|
|Description of free trial||8x8 is able to undertake to provide a structured and controlled formal Proof of Concept (POC). This would be on a trial basis which would require further scope, measurement criteria and consideration of potential cost implications to be agreed.|
|Pricing document||View uploaded document|
|Service definition document||View uploaded document|
|Terms and conditions document||View uploaded document|