Xuper Limited

Video Service Access Point

The Video Services Access Point is an Infrastructure as a Services (IAAS), that gives the user the full functionality and security of video conferencing infrastructure without the requirement to purchase the associated hardware.


  • Private Network Connection
  • System registration
  • Dial Plan Managment
  • IP and ISDN Gateways
  • Virtual Meeting room Access
  • Connectivity to external Video Conferencing Systems
  • External user connectivity to your Virtual Meeting Rooms


  • Reduced risk
  • Reducing cost
  • Increase productivity
  • Improved availability of key staff
  • ISO27001:2013 Certified Service


£2185 per unit per year

Service documents

G-Cloud 10


Xuper Limited

Mark Webb

0330 300 0000


Service scope

Service scope
Service constraints Maintenance windows will adhere to the existing Change Management process with a 10 business day notification period. Emergency changes are managed as one-off scenarios. Where possible maintenance will take place outside core business hours.

For each endpoint connected to the VSAP a managed service contract is required to be purchased from Questmark this is available as a Specialist Cloud Services on the G-Cloud framework.
System requirements Video End point for connection to the services

User support

User support
Email or online ticketing support Email or online ticketing
Support response times The response is during normal office hours 08.00-18.00 Monday to Friday excluding UK bank Holidays.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels The availability of the service is offered at an uptime of 99.5%. The ServiceDesk is available 08.00am-18.00pm Monday to Friday (excluding English bank holidays) and outside of this service window by arrangement and 24/7 priced on need. Dedicated test facilities are available 24x7x365.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Once an order has been received the order will be passed to the logistic team who will then arrange the following tasks:
Date of activation and configuration of conferencing services
Training delivery and documentation.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction There is no data that is required to be extracted as part of the services.
End-of-contract process 90 days prior to the end of the service term the customer will be informed of the termination of the service date.

Using the service

Using the service
Web browser interface No
Command line interface No


Scaling available Yes
Scaling type Manual
Independence of resources Resources are allocated to specific users ensuring there can be no impact from other users.
Usage notifications Yes
Usage reporting Other


Infrastructure or application metrics Yes
Metrics types Number of active instances
Reporting types Regular reports


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest Physical access control, complying with another standard
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
  • Hardware containing data is completely destroyed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery
Backup and recovery No

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks Private network or public sector network
Data protection within supplier network IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability 99.9% uptime
Approach to resilience Information is available on request
Outage reporting Email Alerts

Identity and authentication

Identity and authentication
User authentication Username or password
Access restrictions in management interfaces and support channels Only Questmark engineers have access to management interfaces, access to these is controlled and maintained in our ISO27001:2013 data center. If more information is required this can be supplied on request as part of our ISMS process.
Access restriction testing frequency At least every 6 months
Management access authentication Dedicated link (for example VPN)
Devices users manage the service through Dedicated device on a segregated network (providers own provision)

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 ACS Registrars- IMS UK/01/0138992653
ISO/IEC 27001 accreditation date 09/05/2013
What the ISO/IEC 27001 doesn’t cover All areas of Questmark's business and services are covered by the certification
ISO 28000:2007 certification No
CSA STAR certification Yes
CSA STAR accreditation date 27/01/2017
CSA STAR certification level Level 1: CSA STAR Self-Assessment
What the CSA STAR doesn’t cover The certification covers all aspects of our cloud services
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes We have a fully implemented audited and certified Information Security Managment System that complies to ISO27001:2013. All process management and policies are governed via the ISMS.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Our configuration and change management process is managed via our ISO27001:2013 certified ISMS, details are available on request.We are registered with the Cloud Security Alliance.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Our vulnerability management approach is managed via our ISMS as part of our ISo27001:2013 certification, more details are available on request. We are registered with the Cloud Security Alliance.
Protective monitoring type Supplier-defined controls
Protective monitoring approach We deploy a Protective monitoring solution, this is managed via our ISMS and is covered by our ISO27001:2013 certification, more information is available on request.We are registered with the Cloud Security Alliance.
Incident management type Supplier-defined controls
Incident management approach We manage Incident management via our ISMS which is part of our ISO 27001:2013 certification, more information is available on request.We are registered with the Cloud Security Alliance.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart No

Energy efficiency

Energy efficiency
Energy-efficient datacentres Yes


Price £2185 per unit per year
Discount for educational organisations No
Free trial available No


Pricing document View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑