VideoCentric Ltd

Bluejeans VMR Service

Gateway for Microsoft Teams that seamlessly integrates existing video room systems, connecting people in meetings across board rooms, conference rooms, and huddle spaces. Provided by certified provider BlueJeans & accredited reseller VideoCentric.

Features

  • Up to 1080p Video, Audio & Web Conferencing
  • VMR service (conferencing bridge) for up to 100 participants
  • Join from H.323/SIP
  • Integrate with Teams, Facebook, Skype for Business, Slack
  • Cloud Recording & Streaming
  • Screen sharing
  • Full Analytics & Reporting Dashboard
  • Scheduling & calendar integration
  • Free mobile app included for iOS & Android
  • Managed & supported by UKs leading Video Communication experts

Benefits

  • Enable users with HD Video Conferencing without CAPEX investment
  • Join meetings anywhere on any device
  • Simple user interface with one touch-to-join simplicity
  • Reporting & ROI calculations for user adoption & troubleshooting
  • Provides Video, Audio & Content collaboration for every employee
  • Highly secure, resilient & distributed infrastructure
  • Self provisioning & management portal for administrators
  • Comprehensive support services inc. 24/7/365 telephone support

Pricing

£21.35 a user a month

  • Education pricing available
  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at david.shimell@videocentric.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

5 9 3 8 5 2 4 0 6 3 6 1 2 2 7

Contact

VideoCentric Ltd David Shimell
Telephone: 01189798910
Email: david.shimell@videocentric.co.uk

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
NA
System requirements
NA

User support

Email or online ticketing support
Email or online ticketing
Support response times
1 hour meaningful response.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
VideoCentric's award-winning support levels can include technical & telephone support & email support, interoperability testing, software patches, releases & upgrades from a highly accredited in-house technical team. Services can also include onsite escalation services, training, remote diagnosis and deployment services depending on any service wrap-around requirements (i.e. in room AV/endpoints/networking etc). All customers have a dedicated Account Manager and direct access to 1st, 2nd and 3rd line expert support, and assistance with any direct liaison required with vendors. Access to online resources for both IT administrators and end users and any available ongoing user adoption & onboarding support included. Reporting, ROI & analytics assistance can be added if required. Many of our cloud services do not require full maintenance programmes or relevant support is included within original service, though some services can be added as optional extras or included for related hardware. VideoCentric provide the UK's most comprehensive and flexible range of support programmes which can be tailored to meet individual needs, and can also be provided to enhance simple Manufacturer warranties & support levels. Pricing varies dependent upon tailored or chosen programme.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Customers are assigned a Client Success Manager who is responsible for assisting with user training, adoption and problem resolution. The CSM is assigned for the life of the account.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
End user data and company data is stored in-region at VideoCentric and BlueJeans owned operation centress and co-location data centress. Additionally the data is stored in the US. Customer data is controlled under the US EU Privacy Shield principles including when customers' contracts ends and their subscription is terminated. Data is removed or extracted upon request in a suitable transferable format.
End-of-contract process
BlueJeans is a subscription service. Should the customer elect not to continue their subscription by giving the stated written notice, we will work with the customer to confirm a switch-off date and any data or materials the customer can reasonably expect such as end-user reporting. The customer will no longer be able to use the service after the end of contract.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Firefox
  • Chrome
  • Safari 9+
Application to install
Yes
Compatible operating systems
  • Android
  • IOS
  • MacOS
  • Windows
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Both desktop & mobile enable joining a HD video & voice meeting, sharing & discussing content, sending in-meeting messages, customisation, access to participants list and scheduling. The mobile app is designed to replicate the desktop service to make it simple for users.
Service interface
Yes
Description of service interface
The organisation gets access to the Bluejeans Command Centre for analytics & management of the service.
Accessibility standards
WCAG 2.1 A
Accessibility testing
BlueJeans accessibility features enable customers with disabilities such as visual and hearing impairment to attend and participate in a BlueJeans meeting from any computer or mobile device.

These enhancements to the service are based on the Web Content Accessibility Guidelines 2.0 and the 21st Century Communications & Video Accessibility Act requirements and are made in order to expand BlueJeans’ accessibility to customers with disabilities.
API
Yes
What users can and can't do using the API
The BlueJeans API is a JSON REST service that communicates over HTTPS to api.bluejeans.com.
JSON: JavaScript Object Notation
REST: Representational State Transfer
HTTPS: Hypertext Transfer Protocol (secure)
Each API request must include a valid token, which is issued to the user at the time of consuming the Authentication API. Tokens are time-­‐based token that remains active for one hour. Keys are rotated annually or as needed upon termination of operational employees.

An Enterprise customer can request an API trial and access to a API test site to test against.
Changes can be made available to the BlueJeans API team that can add code as required.
API documentation
Yes
API documentation formats
  • HTML
  • PDF
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
Users can customise accounts and dial in numbers that appear within the meeting web application and invitations. The meeting invitation emails can also be customised to your own style and needs. The administrator can customise branding with their own logo for across the apps and invites.

Scaling

Independence of resources
60/40 reorder rule – Upon reaching 60% capacity in any given POP for 5 minutes, we begin ordering enough capacity to lower to 40%. Peak usage is checked weekly and reported. Capacity is re-evaluated after each release using controlled load testing.

Analytics

Service usage metrics
Yes
Metrics types
Administrators get access to a full administration portal which includes IT tools to track adoption, support users, measure ROI with robust deployment, monitoring and centralised moderation controls. This portal empowers the IT team to visualise, measure and manage meetings in real-time, see money saved and carbon emissions reduced by avoiding travel, plan resources, troubleshoot and resolve meeting support requests in real time. User, endpoint, geography, meeting distribution, call quality and historical trends are all available and can be exported into Excel for further analysis.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Reseller providing extra support
Organisation whose services are being resold
Bluejeans

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
EU-US Privacy Shield agreement locations
User control over data storage and processing locations
No
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Other
Other data at rest protection approach
FIPS-assured encryption
Other encryption
Secure containers, racks or cages
Physical access control
Assured by independent validation of assertion
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Data from the analytics portal can be exported through a simple one-click button within the portal. Administrators have access to this information and can be exported via CSV/Excel format.
Data export formats
  • CSV
  • Other
Data import formats
Other

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Guaranteed availability
SLAs.Service Level Agreements are agreed upon and covered in the Master Service Agreement with our customers.
Approach to resilience
The BlueJeans service was built from the ground up by BlueJeans and consists of software that runs on cloud-compute clusters from a leading global server vendor. The service is hosted in multiple ISO27001 certified top-tier co-location data centers around the world, and in each of these PoPs, dedicated cages and racks are protected with 24x7x365 security and multiple levels of biometric access controls. Access to the cages is restricted to BlueJeans Operations personnel.
Outage reporting
Users or administrators can view status via http://status.bluejeans.com/
In the event there is severe degradation or outage of the System, communication procedures are followed. If there is a suspected breach or known intrusion, the Security Incident and Reporting Process is triggered. Administrators will be alerted via email and via telephone if further information is needing to be shared offline. Customer Support will notify affected customers and provide updates when the service is restored.

Identity and authentication

User authentication needed
Yes
User authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
Data is logically seperated. Access is given on a permissions basis. Only specific users in specific roles and job responsibilities will get Access to certain functions. Employee (user) and contractors access to production systems is granted based on role and functional responsibility. Access changes are approved by the business owner. Employee terminations follow Human Resources’ (“HR”) off boarding process. HR sends an email communication to IT, Operations and other internal service groups to disable/remove access as necessary.
Access restriction testing frequency
At least once a year
Management access authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
  • Bluejeans is Accredited to ISO 27001, 27018 and SSAE16
  • Bluejeans has completed SOC 2 requirements
  • Bluejeans leverages a PCI-compliant partner for billing
  • Bluejeans is compliant with the EU-US Privacy Shield Framework

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
Other
Other security governance standards
Bluejeans Data Centres where the service is hosted adhere to ISO/IEC 27001
Information security policies and processes
Audited & certified datacentres to ISO 27001, security and privacy policies and controls are aligned with ISO 27001 and ISO 27018. BlueJeans employs a wide range of security management practices to provide a secure and reliable
service to customers. This includes network firewalls throughout the infrastructure to create security
zones for different applications and services. BlueJeans also deploys proxy servers that terminate all
3rd party / customer traffic at a proxy layer. All web traffic passes through industry-leading load balancers
to protect against a suite of application attack vectors.
Beyond the firewall, proxy servers and load balancers, BlueJeans also periodically scans for network,
port, and application-level vulnerabilities. Vulnerability scans are conducted by a leading 3rd party
SaaS provider, in addition to some special-purpose, in-house scanning tools. Furthermore, all of the
3rd party applications and operating system software is checked for security advisories and is patched
periodically.
Routers, firewalls, load balancers, and proxy application servers are all configured to mitigate numerous
types of DOS attacks. BlueJeans also engages with 3rd party consultants to perform penetration testing
of the service. All of their findings are reviewed and appropriate actions are then taken to address and
mitigate vulnerabilities found in the service.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
The operations team handles all infrastructure maintenance/network build-outs, which have a defined CM process. We have monitoring in place that will alert on failures/other customizable thresholds that are configured. We have devices on our network that do periodic scanning for vulnerabilities and security threats.
The change management policies and documented in our SOC 2 Type II report. All changes to the system must follow the change management procedures which account for emergency changes. Any emergency change must be reviewed with a Root Cause Analysis performed and prevention methods identified to ensure that emergency change is not required in the future.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
BlueJeans periodically scans for network, port, and application-level vulnerabilities. Vulnerability scans are conducted by a leading 3rd party SaaS provider, in addition to some special-purpose, in-house scanning tools. Furthermore, all of the 3rd party applications and operating system software is checked for security advisories and is patched periodically.

Routers, firewalls, load balancers, and proxy application servers are all configured to mitigate numerous types of DOS attacks. BlueJeans also engages with 3rd party consultants to perform penetration testing. All of their findings are reviewed and appropriate actions are then taken to address and mitigate vulnerabilities found in the service.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
BlueJeans employs a wide range of security management practices to provide a secure and reliable service to customers. This includes network firewalls throughout the infrastructure to create security zones for different applications and services. BlueJeans deploys proxy servers that terminate all 3rd party / customer traffic at a proxy layer. All web traffic passes through industry-leading load balancers to protect against a suite of application attack vectors.

Compromises are proactively worked by the BlueJeans InfoSec team and escalated based on severity level until completion.
Incident management type
Supplier-defined controls
Incident management approach
If there is a suspected breach or known intrusion, the Security Incident and Reporting Process is triggered. BlueJeans has policies for Standard Incident Management to define methods for identifying, classifying, tracking, and responding to incidents that will impact business operations. The following plans are in place: Incidents and Rapid Response plan, Security Incident Reporting and Communication plan, Prevention of Incidents, Breech Notification Protocol, Customer Notification, Internal Notification, External Breech Notification.

The incident response program is tested/utilised on a quarterly basis, customers are notified on the website prior to change, maintenance or as a result of outage/incident. More Information AUR.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Pricing

Price
£21.35 a user a month
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
VideoCentric can set up free trials & proof of concept trials for customers on a bespoke basis, dependent upon your specific needs.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at david.shimell@videocentric.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.