Arrow Business Communications Limited

Arrow Cloud Telephony and Unified Communications Solution

A secure cloud based telephony service utilising Mitel PBX software and handsets. Customers can add Contact Centre functionality, Compliant call recording, Call Analytics, Remote workers, mobile and soft clients and collaboration tools. The service is managed, monitored around the clock and customers are provided with a self service administration portal.


  • Mitel PBX control software configured live across two data centres
  • Cloud based Contact Centre Service routing voice and Multi Media
  • FCA Compliant secure and resilient call recording software.
  • Call analytics reporting service with live wallboard display capability
  • Secure web based portal for self service administration
  • Application for deployment on Smartphone device
  • Support for handset to be deployed at a remote location.
  • All standard executive PBX calling features
  • Desktop 'MiCollab' client for PC and MAC.
  • Best of Breed Mitel Handsets


  • Best in class PBX functionality with excellent business continuity
  • Helps allocate correct resources to maintain service levels.
  • Monitor call quality, to improve levels of customer service.
  • Provides visibility of call response times to aid customer service.
  • Changes can be made without external resource or cost.
  • Receive calls on mobile and landline device simultaneously.
  • Allows home workers to communicate more effectively.
  • Immediate notification and retrieval of voicemail when away from office.
  • Use collaboration tools for effective home-working
  • Control call routing and view call history from your desktop.


£8.95 per user per month

Service documents


G-Cloud 11

Service ID

6 2 9 8 9 1 5 2 4 5 3 9 6 8 3


Arrow Business Communications Limited

Catherine Ingram


Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints A suitable private or public internet connection is required. Alternatively Arrow can provide dedicated voice connectivity.
System requirements
  • The self service admin portal is web-browser based.
  • The handsets require a power over ether net port

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Our standard response time is four working hours Monday-Friday 9-5.30pm. We can supply bespoke SLA agreements.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support Web chat
Web chat support availability 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard None or don’t know
How the web chat support is accessible There is a web-chat icon on each page of the support section in our web-site. Zendesk supports or partially supports WCAG 2.0 guidelines.
Web chat accessibility testing None completed to date
Onsite support Onsite support
Support levels We provide two levels of support, Standard and Premium: Standard business hours are 9-5.30pm, Monday-Friday. Standard support guarantees a response within 4 working hours to a fault properly reported to Arrow’s support team. The contract also includes 1 dial in per calendar month for any non-fault related moves, adds and changes with a maximum time of 15 minutes. Outside these parameters moves and changes will become chargeable as follows; Remote dial in, £50 for up to 15 minutes or £90 per hour. Onsite call outs, £95 for the first 30 minutes and £27 for every 15 minutes thereafter. Premium support provides a maintenance service 24/7/365. The maximum response time for a Standard Fault will be 8 operational hours and the maximum response time to a System Crash will be 4 operational hours. The contract includes up to 10 dials-in per month with a maximum total time limit of 2 hours. Outside these parameters moves and changes will become chargeable as follows; Remote dial in, £50 for up to 15 minutes or £90 per hour. Onsite call outs, £95 for the first 30 minutes and £27 for every 15 minutes thereafter. Premium support is an additional £5.00 per user.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started An Account Manager and pre-sales consultant will work with you to identify the correct service specification and configuration. If required we will attend site to conduct site surveys, demonstrations and audits. Once our proposal has been accepted and our Cloud Telephony service contract signed, the project is added to our internal task system. Each new customer project is allocated to a Prince 2 qualified Project Manager who assumes overall responsibility for the project. The Project Manager will communicate with the customer by phone, e-mail, video or in person. A Project Initiation Document is issued once we have gathered all required information. A meeting to discuss all aspects of the phone service configuration is held with
the customer. The service configuration agreement is written up and issued to the customer. The Project Manager will liaise with the Cloud IP Engineering team to
manage the necessary technical resources. The PM will also manage the process of porting numbers in to the Arrow network. The assigned Cloud IP Engineer will configure the service and attend
site to carry out the deployment. Where the customer specifies on-site training, a qualified trainer will attend site to provide the necessary instruction.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction The customer can extract all historical billing and call recording information held bia the relevant service portals
End-of-contract process Arrow’s standard cancellation terms are 90 days following the expiry of the initial term. Once a termination request has been received and contractual terms agreed Arrow will work with the customer to ensure a smooth transition from our side. If a customer wishes to retain their telephone numbers hosted by Arrow they can be ported away in line with industry regulations and Arrow will make available necessary information so as not to hinder this process. We will also agree timescales for any additional services that need to be ceased completely. Arrow will agree a plan for which hardware needs to be returned. When all services have been transferred or ceased Arrow will send a final invoice. The customer via the relevant service portals can extract all historical billing and call recording information held. Once terminated, Arrow technical staff will de-commission the customer’s service ensuring all database information, call recording and analytics data are permanently deleted. Services included in the price of the contract will be monthly rental charges and any hardware or professional services which were agreed at the beginning of the contract period. Additional costs may be for incremental licences.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install Yes
Compatible operating systems
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Our MiCollab application works on PC and Mac desktop and will also work on a mobile devices (iOS and Android) via the MiCollab app.
Service interface Yes
Description of service interface The administration portal is accessed via a web browser over the internet.
Accessibility standards None or don’t know
Description of accessibility Mitel designs its products to make sure that what it offers is accessible to everyone, regardless of their physical limitations. Mitel’s solutions offer features that provide, or work with assistive technology to provide, telephone communications, e-mail, voice mail, fax, and PC desktop applications to disabled users. All solution components, from its telephones to applications including Mitel Unified Communicator Advanced and Mitel Unified Messaging.
Accessibility testing Mitel, the software vendor, have undertaken extensive User Experience testing in the design of the Oria self-service administration portal and the latest MiCollab interface.
What users can and can't do using the API APIs only refer to additional features such as CRM integration where we will work with the customer's particular integration requirements. This will differ from customer to customer.
API documentation Yes
API documentation formats PDF
API sandbox or test environment Yes
Customisation available No


Independence of resources Each customer has their own high availability pair of virtual PBX's across geo-resilient data centres. The underlying network is configured and monitored to ensure that each customer's service has the recommended resources published in our vendor's specification documentation. As more customer's are added to the platform, underlying network resources are scaled to suit demand.


Service usage metrics Yes
Metrics types We provide metrics on inbound and outbound calls made from each extension via our web-based call analytics portal.
Reporting types
  • Real-time dashboards
  • Regular reports


Supplier type Reseller providing extra features and support
Organisation whose services are being resold Mitel Redbox BT Wholesale Tollring Gamma

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance None

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Supplier-defined controls
Penetration testing frequency Less than once a year
Penetration testing approach In-house
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Other
Other data at rest protection approach All data is stored on servers within racks dedicated to and only accessible by directly employed Arrow technical staff. These data centres are fully security compliant and this is reviewed regularly. Arrow has been auditing it's information process and storage in line with GDPR regulations. Part of this process is updating our Information Security Policy with some of the following objectives:

• Protecting all Company information systems
• Analysing/evaluating risk on a continuous basis. Developing response plans/carry out testing to deal with assessed risks.
• Make certain that users are aware of/comply with all current and relevant UK/EU legislation.
Data sanitisation process No
Equipment disposal approach In-house destruction process

Data importing and exporting

Data importing and exporting
Data export approach Call data can be exported in .CSV format from the relevant service portal.
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks Legacy SSL and TLS (under version 1.2)
Data protection within supplier network Other
Other protection within supplier network Private WAN Service
Media and signalling path encryption is supported for all of Mitel's IP phones.
Media path encryption is accomplished with Secure RTP using 128-bit Advanced
Encryption Standard (AES)

Availability and resilience

Availability and resilience
Guaranteed availability The Cloud telephony service architecture is such that we can offer high availability of service to all customers. We offer a 99.99% uptime SLA. IF the SLA is not met then we have a prescriptive method of offering refunds against a users monthly subscriptions.
Approach to resilience The service is operated from two data centre with a customer specific PBX being deployed in each. All handsets have the ability to connect to PBX call control at both data centres. All connectivity to the PSTN and Public internet is offered from both data centres for resiliency.
Outage reporting We operate a real time network monitoring tool that allows us to see in real - time any issues on our network. We use a manual e-mail notification service in the event of a MSO to inform the relevant customers.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels We offer various levels of access in to the call analytics, call recording and contact centre tools based on role and permissions for customers. Core network access is only granted to Arrow's dedicated engineering team. Within the engineering team there are various levels of access dependant on engineer accreditation and job role.
Access restriction testing frequency At least once a year
Management access authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications Integrated to GTT’s network which is governed by ISO 27001

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes The Chief Executive Officer, along with the board, in partnership with the Head of IT is responsible for the approval of all of the IT policies and ensuring that they are discharged to the relevant managers. Arrow's Information Security Policy outlines our approach to information security as well as being a method to establish a set of tools to outline the responsibilities necessary to safeguard the security of the Company’s information systems with supporting policies, codes of practice, procedures and guidelines. The policy applies to all employees - current and new - of the Company as well as all other authorised users. The policy relates to the use of all Company-owned information system assets, to all privately owned systems when connected directly or indirectly to the Company’s network and to all Company-owned and or licensed software/data. Authorised members of the IT Department will from time to time monitor the information systems under their control to ensure compliance. This is supported by training during the Induction process for new employees and updates to existing staff as appropriate.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Our Cloud Telephony services are deeply integrated into GTT’s ( network.  GTT has maintained ISO 27001 accredited Enterprise Security Management System for their Operations Centres and Data Centres since September 2005.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Our Core Telephony services are actively managed by network monitoring tools 24/7/365 and provide alerts to any vulnerabilities within the Core services.  All of our services are patched to each vendors latest supported version, and any new vulnerabilities are addresses and communicated to Arrow to take immediate action and new patches provided and applied.  Our data centres are suitably firewalled and run industry leading anti-virus.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Arrow's Data Protection Policy details the extensive controls, measures and methods used to protect personal data, uphold the rights of data subjects, mitigate risks, minimise breaches and comply with the data protection laws and associated laws and codes of conduct. We also carry out regular audits and compliance monitoring processes, to ensure that the measures and controls in place are adequate, effective and compliant at all times. All data breaches are reported immediately to the direct line manager and the reporting officer. Measures must be taken immediately to contain the breach and to stop any further risks or breaches.
Incident management type Supplier-defined controls
Incident management approach Arrow’s Data Breach Policy states that all staff must report a data breach immediately to the direct line manager.

The Supervisory Authority is to be notified within 72 hours of any breach where it is likely to result in a risk to the rights and freedoms of individuals.

A full investigation is conducted and recorded on the incident form, the outcome of which is communicated to all staff involved in the breach, in addition to upper management. A copy of the completed incident form is filed for audit and record purposes.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks Yes
Connected networks
  • NHS Network (N3)
  • Joint Academic Network (JANET)


Price £8.95 per user per month
Discount for educational organisations No
Free trial available No

Service documents

Return to top ↑