Sota Solutions Ltd

SotaVOIP - Hosted Telephony

SotaVOIP – Hosted Telephony provides a highly resilient communication platform for installations of less than 150 handsets. We proactively monitor and manage quality of service across our network under a SLA with 24x7x365 expert technical support. See our Skype for Business solution for larger installations.


  • Voicemail to email
  • Call recording
  • Click to dial application
  • Conference calls
  • Keep your existing numbers
  • Auto attendant/IVR: advanced call routing options
  • Mobile twinning: never miss a call
  • CRM application integration
  • Call plans
  • ISO27001 certified


  • Significant savings
  • Improved efficiencies, features & flexibility
  • Flexibility for home and remote working
  • Scalable to add or remove users as per your requirements
  • Highly resilient
  • Highly competitive call rates
  • Fully supported platform
  • UK based service and support


£8.50 per person per month

  • Education pricing available

Service documents


G-Cloud 11

Service ID

5 4 8 2 2 6 3 7 1 9 3 8 1 2 1


Sota Solutions Ltd

Sales Enquiries

01795 413500

Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to Skype for Business Contact Centre
Cloud deployment model Private cloud
Service constraints No constraints
System requirements No system requirements

User support

User support
Email or online ticketing support Email or online ticketing
Support response times SLAs vary depending on severity and service
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Standard support includes a 99.95% service uptime promise and ticketing responses 08:00 - 18:00 Monday and Friday (not weekends). We provide an additional tier of support, allowing customers to specify SLA requirements and ensuring 24x7x365 monitoring and response.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Our Account Management team will work with the customer to ensure the right service is procured and implemented. Our ticketing system can also be used to assist people with our service.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction This entirely depends on the application, and could be anything from an entire VM snapshot exported from VMware and delivered to the customer, to database and code dumps provided in an archive format. We would work with the customer to ensure they get the data they need, in the format they need it, within reason.
End-of-contract process At the end of the contract any data the customer requires exporting is exported and delivered, then the server(s) are shut down.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
Application to install Yes
Compatible operating systems
  • Android
  • IOS
  • MacOS
  • Windows
  • Windows Phone
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Yes
Service interface No
Customisation available No


Independence of resources As part of our ISO 27001 certified service management system, we regularly carry out usage and resource checks. We ensure the system is always working within generous limits, so even a significant customer spike in usage would not affect other customers. Our virtualisation technology will automatically smooth out resource usage by seamlessly migrating guest servers between hypervisors as load requires.


Service usage metrics No


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance None

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Supplier-defined controls
Penetration testing frequency At least once a year
Penetration testing approach In-house
Protecting data at rest Physical access control, complying with another standard
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Customers may request assistance by logging a ticket with the Service Desk.
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks Other
Other protection between networks Contact Sota for details.
Data protection within supplier network Other
Other protection within supplier network Contact Sota for details.

Availability and resilience

Availability and resilience
Guaranteed availability We provide 99.95% uptime on our private cloud infrastructure and network connectivity. Should we fail to deliver, customers may request a service credit from their account manager.
Approach to resilience We have no single point of failure anywhere in our systems, from datacentre fibre connections through to firewalls, cabling and switching. Everything is at least doubled. We use resilient Dell SANs to provide the disks for our virtual servers, which is highly available and connected over a resilient fibre-optic network to our hypervisors. Our virtualisation technology automatically moves guests to a new hypervisor seamlessly and without a break in service, should a host machine fail. We also have datacentre level DoS protection running to mitigate DoS attempts in real time.
Outage reporting We will correspond by email with customers in the event of a serious incident.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels All accounts are dedicated to individual users, and username and password is a minimum requirement.
Access restriction testing frequency Never
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 BSI
ISO/IEC 27001 accreditation date 12/10/2016
What the ISO/IEC 27001 doesn’t cover All aspects of the business are in scope.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes We are ISO 27001 certified by the British Standards Institute. We have many checks and balances in place within our normal working processes in order to ensure policies are adhered to. Reporting to management occurs through monthly committee meetings, which are attended by the board of directors.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Every change goes through peer review, is requested in a ticket, checked for error and impact, as well as implications to wider security, before being accepted. Only senior staff may accept changes on a day to day basis.
Vulnerability management type Supplier-defined controls
Vulnerability management approach We subscribe to all available security mailing lists for the software we use. We maintain a patching schedule which ensures every server is patched not less than every 3 weeks. In the event of a serious security flaw a security incident is raised, inline with our ISO 27001 policy, and is then used to track the mitigating steps. This is done as quickly as possible, outside of the standard 3 week patching cycle, and customer security contacts are kept informed of progress by their account manager via email.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Our monitoring and management processes are closely aligned to our ISO27001 accredited Information Security Management System (ISMS). Incidents are responded to based on their priority rating following ITIL defined classification.
Incident management type Supplier-defined controls
Incident management approach We have an ISO 27001 certified incident management process which we follow in the event of an actual or possible threat to our service. Customers may report incidents to us either via their ticketing system, by email to their account manager or, if anonymity is required, via our website contact form. Reports can be provided on request in PDF form by email.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No


Price £8.50 per person per month
Discount for educational organisations Yes
Free trial available No

Service documents

Return to top ↑