Cloud Fax Service
A cloud-based faxing service that allows users to send and receive fax documents as electronic messages directly from their existing email accounts at any time. It eliminates the need for on-premise fax servers, fax machines and related infrastructure; as well as reducing costs and management overheads, whilst improving work-flow productivity.
- Sending FAX via email, printers, mobile without installing any software
- Receiving FAX via email
- Sending FAX as simple as sending and receiving email
- Reduce capital cost, onsite hardware/software/telecom charges, upkeep onsite fax solution/machines
- Provides secure connections and encryption for sent and received files
- Trackable delivery with no busy signals or capacity constraints
- World-class network scaling to support large data transmissions/peak fax traffic
- Enterprise-Grade – Integrate with enterprise applications to optimise workflows
|Software add-on or extension||No|
|Cloud deployment model||Public cloud|
|Service constraints||There are no service constraints that buyers should know about.|
|System requirements||No system requirements, other than email access|
|Email or online ticketing support||Email or online ticketing|
|Support response times||Response times are based on issue severity.|
|User can manage status and priority of support tickets||No|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
We offer an additional Enterprise Support Level, which we tailor to the customer’s requirements. Costs are dependent on the additional requirements requested.
Technical account management, and access to support engineers, are included within our standard support offering.
|Support available to third parties||Yes|
Onboarding and offboarding
All training material, end user and admin guides are available via the on-line portal.
Online training can also be arranged by prior agreement.
|End-of-contract data extraction||Users can export data via CSV, or ask our Support Desk to do this|
|End-of-contract process||At the end of the contract period, it is automatically renewed unless the appropriate notice is given.|
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||
There are no differences between the mobile and desktop versions.
All features are available to users accessing the platform from any device. Web interface will fit to screen based on the device used.
|Description of service interface||We provide access to a web portal for sending faxes, monitoring received faxes and some administration functions.|
|Accessibility standards||WCAG 2.1 AA or EN 301 549|
|Accessibility testing||Interface testing with users of assistive technology has not been carried out.|
|What users can and can't do using the API||Full management of inbound and outbound fax traffic within customers’ existing applications.|
|API documentation formats||
|API sandbox or test environment||Yes|
|Description of customisation||Customers are able to customise how fax header sheets are presented to a recipient.|
|Independence of resources||
OpenText uses a world class Capacity Management process based on ITIL’s best practices in Service Design.
It consists of three main processes:
• Business Capacity Management (BCM) – ensure future business requirements are well understood and planned for
• Service Capacity Management (SCM) – ensure services are effectively monitored and demand is managed to meet internal/external SLAs
• Component Capacity Management (CCM) – ensure component/finite resource usage is base-lined and monitored, and utilisation profiles are well-defined and current.
The underlying procedures for each process involve collection of statistics, analysis of the data, generation of reports and communication with relevant groups.
|Service usage metrics||Yes|
|Metrics types||Inbound and outbound fax traffic|
|Reporting types||Real-time dashboards|
|Supplier type||Reseller providing extra support|
|Organisation whose services are being resold||Wholly-owned subsidiary, ProcessFlowsUK Ltd, EMEA distributor for opentext cloudfax platform.|
|Staff security clearance||Other security clearance|
|Government security clearance||Up to Baseline Personnel Security Standard (BPSS)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||Yes|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||Another external penetration testing organisation|
|Protecting data at rest||Other|
|Other data at rest protection approach||
Data is encrypted during transit with AES256 encryption, and at rest with AES128 encryption.
We are SOC1 and SOC2 certified, and our security controls comply with ISO 27001 format.
|Data sanitisation process||Yes|
|Data sanitisation type||Deleted data can’t be directly accessed|
|Equipment disposal approach||Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001|
Data importing and exporting
|Data export approach||Via CSV|
|Data export formats||CSV|
|Data import formats||CSV|
|Data protection between buyer and supplier networks||Other|
|Other protection between networks||
Data can be transferred via SSL, TLS, VPN, SFTP and MQ.
Protection is via 256 AES encryption.
|Data protection within supplier network||
|Other protection within supplier network||Data can be transferred via SSL, TLS, VPN, SFTP and MQ.|
Availability and resilience
|Guaranteed availability||99.5% SLA|
|Approach to resilience||
Proprietary – Can be shared during on-site visit or WebEx with an NDA in place.
The wholly-owned data centre is located in the UK with extensive back arrangements. The fail-over data centre is located in Amstelveen in the Netherlands.
|Outage reporting||Email alerts|
Identity and authentication
|User authentication needed||Yes|
|User authentication||Username or password|
|Access restrictions in management interfaces and support channels||
Only our approved and vetted administrators have access to our cloud production platform. The data is also encrypted.
Two-factor authentication is implemented for administrators to access the production platform. We operate a formal Data Loss Protection service: Citrix ZenApp.
The Citrix ZenApp security gateway also functions as a DLP clean room, preventing data from the commercial services environment from being copied, cut, pasted or moved to a lower security area, open, moved to email or the internet, or otherwise removed from the secured commercial environment.
Access is based on job role, and only essential personnel have access to Production.
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||Username or password|
Audit information for users
|Access to user activity audit information||Users receive audit information on a regular basis|
|How long user audit data is stored for||Between 6 months and 12 months|
|Access to supplier activity audit information||Users receive audit information on a regular basis|
|How long supplier audit data is stored for||Between 6 months and 12 months|
|How long system logs are stored for||Between 6 months and 12 months|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||NQA|
|ISO/IEC 27001 accreditation date||26/11/2013|
|What the ISO/IEC 27001 doesn’t cover||All relevant and applicable products, services and processes are covered|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Who accredited the PCI DSS certification||Worldpay|
|PCI DSS accreditation date||30/05/2018|
|What the PCI DSS doesn’t cover||Covers the limited number of credit card transactions that we process. There are no credit card related payment processes outside of this scope.|
|Other security certifications||Yes|
|Any other security certifications||
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||
|Other security governance standards||
SOC1,2 & 3. Opentext follows information security and risk management industry best practices as defined by our ISO 27001:2013 Global Information Security Management System (ISMS).
Our ISMS provides continuous and rigorous risk management processes to help ensure the ongoing confidentiality, integrity and availability of all information in Opentext custody.
|Information security policies and processes||
Konica Minolta is committed to operating an effective Information Security Management System that will ensure information is protected from a loss of confidentiality, integrity and availability.
Given this, our basic approach to information security is to continuously make improvements by measuring and assessing risks associated with important information assets and applying effective measures to mitigate those risks.
To support this, we have identified key information security principles; and to ensure these key principles are met, we have established a set of information security objectives as part of our Integrated Business Management System which are monitored and reviewed regularly.
This Policy covers Konica Minolta Business Solutions (UK) Ltd and all relevant subsidiaries, including all UK regional offices. It is applicable to all colleagues, visitors, suppliers, customers and contractors related to business activities, products or services.
Compliance with the Information Security Policy is mandatory. All Leaders are directly responsible for implementing this policy and ensuring colleagues’ compliance within their Business Units and Shared Functions.
At ProcessFlows, our Global Information Security Policies are reviewed at least annually and approved by Chief Information Security Officer. If required, we can provide a Table of Contents for our Global Information Security Policy to demonstrate its comprehensiveness.
|Configuration and change management standard||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Configuration and change management approach||
We have a fully mature ITIL-based Change Management process. All changes to the Production environment must go through the Change Management process. Changes in non-production/QA/Test environment do not require a change ticket.
Once testing is completed, the results are listed in the Production Change ticket that would be submitted for approval to the Change Management Board, along with a back-out plan and risk assessment for the change.
There is a segregation of duties as to who submits the change, who implements the change, and who approves the change.
|Vulnerability management type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Vulnerability management approach||
Assets are scanned monthly and do daily incremental scans.
Third party/external Internet facing (application and network) penetration test are performed annually.
Vulnerabilities are remediated based on risk, leveraging NIST CVSS standards.
Our patching methodology follows our policy to maintain a commercial environment where OS and 3rd party applications are never more than n-1 versions away from the most current minor version available.
We conduct monthly reviews and ranking exercises of new security patch notifications and reported vulnerabilities.
Patches are applied based on applicability and severity/impact to our environment.
Emergency 0-3 days
High 0-30 days
Medium 9-90 days
Low 0-180 days
|Protective monitoring type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Protective monitoring approach||
A Security Event Management (SIEM) tool collects, analyses and triages security events. Logs are stored on a secure server; security events are managed through ITIL processes that alert, triage and escalate events, ensuring the right steps are taken for resolution.
IDS/IPS services (in place via Unified Threat Management device that process all network traffic) are updated daily with prevention signatures, using a 24/7/365 Network Operations Centre to review and triage monitored events.
For events requiring additional review, they are escalated to an ITIL-based Incident Management process with embedded SIRP that will work until resolution and/or service is restored.
|Incident management type||Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402|
|Incident management approach||Security events are managed through an ITIL-based security incident event response process that is in place to alert, triage and escalate events. This program ensures that the right steps are taken to resolve the event.|
|Approach to secure software development best practice||Conforms to a recognised standard, but self-assessed|
Public sector networks
|Connection to public sector networks||No|
|Price||£75.00 per instance per month|
|Discount for educational organisations||No|
|Free trial available||Yes|
|Description of free trial||The free version offers the same functionality as the production, for max. 30 days|
|Link to free trial||Not required – set up available on request|