Konica Minolta Business Solutions (UK) Ltd

Cloud Fax Service

A cloud-based faxing service that allows users to send and receive fax documents as electronic messages directly from their existing email accounts at any time. It eliminates the need for on-premise fax servers, fax machines and related infrastructure; as well as reducing costs and management overheads, whilst improving work-flow productivity.


  • Sending FAX via email, printers, mobile without installing any software
  • Receiving FAX via email


  • Sending FAX as simple as sending and receiving email
  • Reduce capital cost, onsite hardware/software/telecom charges, upkeep onsite fax solution/machines
  • Provides secure connections and encryption for sent and received files
  • Trackable delivery with no busy signals or capacity constraints
  • World-class network scaling to support large data transmissions/peak fax traffic
  • Enterprise-Grade – Integrate with enterprise applications to optimise workflows


£75.00 per instance per month

Service documents


G-Cloud 11

Service ID

6 7 5 0 5 9 6 2 7 5 0 3 5 7 3


Konica Minolta Business Solutions (UK) Ltd

Kathleen Rogers

01268 534444


Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints There are no service constraints that buyers should know about.
System requirements No system requirements, other than email access

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Response times are based on issue severity.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels We offer an additional Enterprise Support Level, which we tailor to the customer’s requirements. Costs are dependent on the additional requirements requested.
Technical account management, and access to support engineers, are included within our standard support offering.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started All training material, end user and admin guides are available via the on-line portal.
Online training can also be arranged by prior agreement.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction Users can export data via CSV, or ask our Support Desk to do this
End-of-contract process At the end of the contract period, it is automatically renewed unless the appropriate notice is given.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service There are no differences between the mobile and desktop versions.
All features are available to users accessing the platform from any device. Web interface will fit to screen based on the device used.
Service interface Yes
Description of service interface We provide access to a web portal for sending faxes, monitoring received faxes and some administration functions.
Accessibility standards WCAG 2.1 AA or EN 301 549
Accessibility testing Interface testing with users of assistive technology has not been carried out.
What users can and can't do using the API Full management of inbound and outbound fax traffic within customers’ existing applications.
API documentation Yes
API documentation formats
  • HTML
  • PDF
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Customers are able to customise how fax header sheets are presented to a recipient.


Independence of resources OpenText uses a world class Capacity Management process based on ITIL’s best practices in Service Design.

It consists of three main processes:
• Business Capacity Management (BCM) – ensure future business requirements are well understood and planned for
• Service Capacity Management (SCM) – ensure services are effectively monitored and demand is managed to meet internal/external SLAs
• Component Capacity Management (CCM) – ensure component/finite resource usage is base-lined and monitored, and utilisation profiles are well-defined and current.
The underlying procedures for each process involve collection of statistics, analysis of the data, generation of reports and communication with relevant groups.


Service usage metrics Yes
Metrics types Inbound and outbound fax traffic
Reporting types Real-time dashboards


Supplier type Reseller providing extra support
Organisation whose services are being resold Wholly-owned subsidiary, ProcessFlowsUK Ltd, EMEA distributor for opentext cloudfax platform.

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest Other
Other data at rest protection approach Data is encrypted during transit with AES256 encryption, and at rest with AES128 encryption.
We are SOC1 and SOC2 certified, and our security controls comply with ISO 27001 format.
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Via CSV
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks Other
Other protection between networks Data can be transferred via SSL, TLS, VPN, SFTP and MQ.
Protection is via 256 AES encryption.
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Other
Other protection within supplier network Data can be transferred via SSL, TLS, VPN, SFTP and MQ.

Availability and resilience

Availability and resilience
Guaranteed availability 99.5% SLA
Approach to resilience Proprietary – Can be shared during on-site visit or WebEx with an NDA in place.

The wholly-owned data centre is located in the UK with extensive back arrangements. The fail-over data centre is located in Amstelveen in the Netherlands.
Outage reporting Email alerts

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels Only our approved and vetted administrators have access to our cloud production platform. The data is also encrypted.

Two-factor authentication is implemented for administrators to access the production platform. We operate a formal Data Loss Protection service: Citrix ZenApp.
The Citrix ZenApp security gateway also functions as a DLP clean room, preventing data from the commercial services environment from being copied, cut, pasted or moved to a lower security area, open, moved to email or the internet, or otherwise removed from the secured commercial environment.

Access is based on job role, and only essential personnel have access to Production.
Access restriction testing frequency At least every 6 months
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users receive audit information on a regular basis
How long user audit data is stored for Between 6 months and 12 months
Access to supplier activity audit information Users receive audit information on a regular basis
How long supplier audit data is stored for Between 6 months and 12 months
How long system logs are stored for Between 6 months and 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 NQA
ISO/IEC 27001 accreditation date 26/11/2013
What the ISO/IEC 27001 doesn’t cover All relevant and applicable products, services and processes are covered
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification Yes
Who accredited the PCI DSS certification Worldpay
PCI DSS accreditation date 30/05/2018
What the PCI DSS doesn’t cover Covers the limited number of credit card transactions that we process. There are no credit card related payment processes outside of this scope.
Other security certifications Yes
Any other security certifications
  • Cyber Essentials, and Cyber Essentials Plus
  • Common Criteria and ISO 15408

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards SOC1,2 & 3. Opentext follows information security and risk management industry best practices as defined by our ISO 27001:2013 Global Information Security Management System (ISMS).

Our ISMS provides continuous and rigorous risk management processes to help ensure the ongoing confidentiality, integrity and availability of all information in Opentext custody.
Information security policies and processes Konica Minolta is committed to operating an effective Information Security Management System that will ensure information is protected from a loss of confidentiality, integrity and availability.

Given this, our basic approach to information security is to continuously make improvements by measuring and assessing risks associated with important information assets and applying effective measures to mitigate those risks.

To support this, we have identified key information security principles; and to ensure these key principles are met, we have established a set of information security objectives as part of our Integrated Business Management System which are monitored and reviewed regularly.

This Policy covers Konica Minolta Business Solutions (UK) Ltd and all relevant subsidiaries, including all UK regional offices. It is applicable to all colleagues, visitors, suppliers, customers and contractors related to business activities, products or services.

Compliance with the Information Security Policy is mandatory. All Leaders are directly responsible for implementing this policy and ensuring colleagues’ compliance within their Business Units and Shared Functions.

At ProcessFlows, our Global Information Security Policies are reviewed at least annually and approved by Chief Information Security Officer. If required, we can provide a Table of Contents for our Global Information Security Policy to demonstrate its comprehensiveness.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach We have a fully mature ITIL-based Change Management process. All changes to the Production environment must go through the Change Management process. Changes in non-production/QA/Test environment do not require a change ticket.
Once testing is completed, the results are listed in the Production Change ticket that would be submitted for approval to the Change Management Board, along with a back-out plan and risk assessment for the change.
There is a segregation of duties as to who submits the change, who implements the change, and who approves the change.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach Assets are scanned monthly and do daily incremental scans.
Third party/external Internet facing (application and network) penetration test are performed annually.
Vulnerabilities are remediated based on risk, leveraging NIST CVSS standards.

Our patching methodology follows our policy to maintain a commercial environment where OS and 3rd party applications are never more than n-1 versions away from the most current minor version available.
We conduct monthly reviews and ranking exercises of new security patch notifications and reported vulnerabilities.
Patches are applied based on applicability and severity/impact to our environment.
Emergency 0-3 days
High 0-30 days
Medium 9-90 days
Low 0-180 days
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach A Security Event Management (SIEM) tool collects, analyses and triages security events. Logs are stored on a secure server; security events are managed through ITIL processes that alert, triage and escalate events, ensuring the right steps are taken for resolution.

IDS/IPS services (in place via Unified Threat Management device that process all network traffic) are updated daily with prevention signatures, using a 24/7/365 Network Operations Centre to review and triage monitored events.
For events requiring additional review, they are escalated to an ITIL-based Incident Management process with embedded SIRP that will work until resolution and/or service is restored.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Security events are managed through an ITIL-based security incident event response process that is in place to alert, triage and escalate events. This program ensures that the right steps are taken to resolve the event.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No


Price £75.00 per instance per month
Discount for educational organisations No
Free trial available Yes
Description of free trial The free version offers the same functionality as the production, for max. 30 days
Link to free trial Not required – set up available on request

Service documents

Return to top ↑