Arrow Business Communications Limited

Arrow Video Conferencing and Audio Visual Solutions

The Cloud Video Conferencing service allows secure, high quality video conferences to take place with Room Systems, PC's, Laptops and Tablet devices enabling easy collaboration. For the Healthcare sector the Clinecall module allows secure video consultations and virtual clinics to be held between healthcare professionals and patients.


  • Video calls arranged by sending out simple email invitations
  • Calls joined using a PC, laptop or tablet devices.
  • The service automatically adjusts video quality based on bandwidth available.
  • Users can share presentations alongside the video images on screen.
  • WebRTC is supported so video runs within the web browser
  • Clinecall video consultation module for use by healthcare professionals.
  • External, IP based video room systems can easily join conferences.
  • An audio only dial in number service is provided
  • Blocked Firewall ports are automatically negotiated by the service.
  • Video calls can be recorded for playback in HD quality.


  • Service deployed on concurrent line usage model for maximum efficiency
  • No need for dedicated video conferencing hardware reducing costs.
  • Service runs over low quality broadband connections whilst maintaining quality
  • WebRTC removes the need for any software downloads or plugins
  • Video Bridging allows video calling with any external company
  • Dedicated ioS and Android Apps ease use from tablet devices
  • Recording service allows non attendees to watch play back later.
  • Calls can be joined from any internet connection over 1Mbps
  • Clinecall service has secure passcode protection for patients and doctors
  • Consultation service has dedicated App for easy patient use.


£200 a user a month

  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 12

Service ID

5 6 9 2 3 3 5 7 5 8 3 7 9 2 8


Arrow Business Communications Limited Catherine Ingram
Telephone: 03304404444

Service scope

Software add-on or extension
Cloud deployment model
Public cloud
Service constraints
A suitable private or public internet connection is required
System requirements
  • The service requires NHS firewall ports to be opened.
  • Connectivity to the internet
  • Usable device, etc. with webcam, mic and speaker

User support

Email or online ticketing support
Email or online ticketing
Support response times
Our standard response time is four working hours Monday-Friday 9-5.30pm. We can supply bespoke SLA agreements.
User can manage status and priority of support tickets
Phone support
Phone support availability
24 hours, 7 days a week
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
There is a web-chat icon on each page of the support section in our web-site. Zendesk supports or partially supports WCAG 2.0 guidelines.
Web chat accessibility testing
None Completed to Date
Onsite support
Onsite support
Support levels
We provide one level of support, Standard. Standard business hours and Monday to Friday 9-5.30. Standard support guarentees a response within 4 hours to a fault properly reported to the Arrow Support Desk. Contract includes 10 dial ins per month with a maxiumum total time limit of 2 hours.
Support available to third parties

Onboarding and offboarding

Getting started
An Account Manager and pre-sales consultant will work with you to identify the correct service specification and configuration. If required we will attend site to conduct site surveys, demonstrations and audits. Once our proposal is accepted and our Cloud video service contract signed, we add the project to our internal task system. Each new customer project is allocated a Prince 2 qualified Project Manager (PM) who assumes overall responsibility for the successful delivery of the project. The PM will communicate with the customer by phone, e-mail, video or in person. A Project Initiation Document is issued once we have gathered all required information, this document defines the project. All user information is gathered and amended if required. A meeting to discuss all aspects of the service configuration. The service configuration agreement written up and issued. The PM will liaise with the Cloud IP Engineering team to manage the necessary resources. The assigned Cloud IP Engineer will configure the service and attend site to carry out the deployment. Where the customer specifies on-site training, a trainer will attend site to provide the necessary instruction. Arrow also provide a library of pre-recorded training videos covering the Cloud Video conferencing service.
Service documentation
Documentation formats
End-of-contract data extraction
The customer via the relevant service portals can extract all historical call detail and call recording information held
End-of-contract process
Once the service fully terminates, Arrow technical staff will de-commission the customers service ensuring all data base information and call recording and analytics data permanently deleted. Additional costs would be incurred should the customer wish for the Arrow Engineering team to export all data (recordings etc.)

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Compatible operating systems
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
Designed for use on mobile devices
Differences between the mobile and desktop service
There is no inherent functionality difference between the desktop and mobile interface
Service interface
Description of service interface
Users will interface either as a guest or as a primary user. Guests will join via a guest link and through a web browser whilst primary users will join through the Vidyo Connect client.
Accessibility standards
None or don’t know
Description of accessibility
Our service is accessible either via a desktop client, webpage or mobile application.
Accessibility testing
None Completed to Date
Customisation available
Description of customisation
The Clinecall healthcare video consultation service can be branded and we can also add in additional functionality on request. This branding is on a paid basis and is done via our engineering team working with the customer. Examples of additional functionality could be CRM integration.


Independence of resources
Our platform is monitored 24/7/365. We maintain a surplus of licensing to ensure that even during peak usage our customers are not affected.


Service usage metrics
Metrics types
Metrics can be provided to the customer on usage and when calls took place. These are exported via the Vidyo router and can be viewed in a CSV file.
Reporting types
Reports on request


Supplier type
Reseller providing extra features and support
Organisation whose services are being resold

Staff security

Staff security clearance
Other security clearance
Government security clearance

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
Less than once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Encryption of all physical media
Data sanitisation process
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
Via a secure web-portal. Portal address to be provided by engineering upon commencement of the service.
Data export formats
  • CSV
  • Other
Other data export formats
Data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
  • Legacy SSL and TLS (under version 1.2)
  • Other
Other protection between networks
The video conferencing streams are encrypted end to end
Data protection within supplier network
  • Legacy SSL and TLS (under version 1.2)
  • Other
Other protection within supplier network
The Cloud Video service operates from secure UK data centre locations and the

equipment is only accessible by cleared Arrow technical personnel. All customer

data resides within the Arrow managed racks and no data is transferred either

outside of this environment of overseas. The Cloud video service operates in line with the

guidance laid out in the ISO27001:2013 certification for Information and Security

Management. We operate a robust data protection policy and retain customer data for

the minimum amount of time necessary to deliver the service.

Availability and resilience

Guaranteed availability
Service Availability

Arrow undertakes to provide Service Availability of 99.9% of the available time in

each month. Failure to meet this level will result in a Service Credit offered to the

Qualifying Customer.

Service Availability Credit

100% of the Monthly Recurring Charges billed for the Arrow Cloud Video service

provided to the relevant customer for the relevant month.

Response Time

Arrow offers two levels of support service cover: standard and total care. During

Arrow’s Normal Working Hours on Business Days, standard service level cover

guarantees a response within 8 working hours to a fault properly reported to Arrow’s

technical helpdesk. During Arrow’s Normal Working Hours on Business Days, total

care service level cover guarantees a response within 4 hours to a fault properly reported

to Arrow’s technical helpdesk.

Failure to meet the relevant response time subject to eligibility will as described below,

result in a Service Credit of 50% of the relevant billed Monthly Recurring Charges for the

month in which the failure occurred.
Approach to resilience
We operate the service from a fault tolerant virtual platform with real-time replication between virtual hosts.
Outage reporting
We have a process to communicate with customers in the event of a major service outage and provide a Reason for Outage report. This is based through emails from the support team. Once an outage is noted then regular hourly emails are sent detailing progress to resolution.

Identity and authentication

User authentication needed
User authentication
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
If a customer requires access to the Cloud Video Conferencing service administration portal they will access it via a secure HTTPS login using industry standard KPI
Access restriction testing frequency
At least once a year
Management access authentication
Public key authentication (including by TLS client certificate)

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
No audit information available
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications
Any other security certifications
Cyber Essentials QGCE 2305

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
Other security governance standards
NHS Information governance toolkit level 2
Cyber Essentials. Registration number QGCE2305.
Information security policies and processes
The Chief Executive Officer, along with the board, in partnership with the Head of IT is responsible for the approval of all of the IT policies and ensuring that they are discharged to the relevant managers. Arrow's Information Security Policy outlines our approach to information security as well as being a method to establish a set of tools to outline the responsibilities necessary to safeguard the security of the Company’s information systems with supporting policies, codes of practice, procedures and guidelines. The policy applies to all employees - current and new - of the Company as well as all other authorised users. The policy relates to the use of all Company-owned information system assets, to all privately owned systems when connected directly or indirectly to the Company’s network and to all Company-owned and or licensed software/data. Authorised members of the IT Department will from time to time monitor the information systems under their control to ensure compliance. This is supported by training during the Induction process for new employees and updates to existing staff as appropriate.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
All components are recorded on a asset register and asset tagged where necessary. Should changes be needed a formal request is submitted to the change management board and risks would be assessed against the current safeguards in place against that component. Based on this assessment that change management board would recommend the correct and safest course of action.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Potential threats are identified through risk assessments. Our response to identified threats is measured on severity and impact. This also defines the level to which the issue is escalated. Regular software patches to our service are released by the manufacturer Vidyo. We implement these patches onto our platform in a timely manner.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Arrow's Data Protection Policy details the extensive controls, measures and methods used to protect personal data, uphold the rights of data subjects, mitigate risks, minimise breaches and comply with the data protection laws and associated laws and codes of conduct. We also carry out regular audits and compliance monitoring processes, to ensure that the measures and controls in place are adequate, effective and compliant at all times. All data breaches are reported immediately to the direct line manager and the reporting officer. Measures must be taken immediately to contain the breach and to stop any further risks or breaches.
Incident management type
Supplier-defined controls
Incident management approach
Arrow’s Data Breach Policy states that all staff must report a data breach immediately to the direct line manager.

The Supervisory Authority is to be notified within 72 hours of any breach where it is likely to result in a risk to the rights and freedoms of individuals.

A full investigation is conducted and recorded on the incident form, the outcome of which is communicated to all staff involved in the breach, in addition to upper management. A copy of the completed incident form is filed for audit and record purposes.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
Connected networks
  • NHS Network (N3)
  • Joint Academic Network (JANET)


£200 a user a month
Discount for educational organisations
Free trial available
Description of free trial
The trial version of our service can be created for up to 10 users for the period of one week in order to test the quality and useability. We can also provide the HD2 codec in conjunction with this trial.
Link to free trial

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.