Telefonica UK Limited

O2 Smart Connect

M2M and IoT (Internet of Things) technology solutions that are flexible, efficient and easy to manage. Smart Connect provides data connections with or without roaming capabilities, API’s and has a comprehensive self service management platform.

Features

  • Reliable, Secure, Global Network, Telco Grade Solution
  • Increased efficiency by reducing complexity and improving workflows
  • UK or Global Connectivity options
  • Trial option available

Benefits

  • Range of sims and tariffs
  • API's for integration into existing systems
  • Secure connectivity
  • Advanced management capabilities on our self-service portal
  • Flexible and scalable connecting any number of devices
  • From simple to complex linking remote devices, anywhere
  • Increased efficiency by improving complexity and improving workflows

Pricing

£1.94 a gigabyte a month

  • Free trial available

Service documents

Framework

G-Cloud 12

Service ID

7 3 8 3 0 7 8 4 7 5 5 9 6 9 4

Contact

Telefonica UK Limited Neil Cruden
Telephone: 07872015506
Email: g-cloud_framework@o2.com

Service scope

Service constraints
Depending on the selected platform choice, some elements are located outside of EEA
System requirements
  • Desktop/Mobile browser to access management platforms
  • IoT Device Compliant with O2 Device Behavior Guidelines

User support

Email or online ticketing support
Email or online ticketing
Support response times
Incidents can be reported through email or directly over the phone.

Different priority incidents have different response times our current service charter can be viewed here:

o2.co.uk/iotcharter .

All incidents 08:30 to 18:00 Monday to Friday (Business Days only) via Service Experience Management Centre
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
No
Support levels
Incident Classification of P1, P2 & P3. service charter available upon request.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Once customers are on-boarded and received their SIM they can start to use the platform and connections.
Service documentation
Yes
Documentation formats
HTML
End-of-contract data extraction
Only billing data and specific SIM related data is held on the platform which can be downloaded if required via the GUI
End-of-contract process
If the customer wants to off-board then O2 would implement the documented off-boarding process.

Using the service

Web browser interface
Yes
Using the web interface
User can perform a range of self service management functions, from activating to deactivating connections and get details reporting. See product definition document complete description.
Web interface accessibility standard
None or don’t know
How the web interface is accessible
Self-service portal, supported through standard browsers with a secure login
Web interface accessibility testing
Not applicable to the service
API
Yes
What users can and can't do using the API
Self service manangement of all services available through the GUI
API automation tools
Other
Other API automation tools
  • SOAPUI
  • Postman
API documentation
Yes
API documentation formats
HTML
Command line interface
No

Scaling

Scaling available
Yes
Scaling type
Automatic
Independence of resources
The Platform decides automatically how to balance the work load.
Usage notifications
Yes
Usage reporting
  • API
  • Email

Analytics

Infrastructure or application metrics
Yes
Metrics types
Other
Other metrics
  • Data usage
  • Voice usage
  • SMS ysage
  • Status of SIMs
  • Expense
  • Alarms
Reporting types
Real-time dashboards

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
User control over data storage and processing locations
No
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Other
Other data at rest protection approach
Not applicable to the service
Data sanitisation process
Yes
Data sanitisation type
Hardware containing data is completely destroyed
Equipment disposal approach
A third-party destruction service

Backup and recovery

Backup and recovery
Yes
What’s backed up
  • Database Information
  • CDRs and Logs
Backup controls
Users cannot control the backups.
The backups are managed by Platform Support teams.
Datacentre setup
Multiple datacentres with disaster recovery
Scheduling backups
Supplier controls the whole backup schedule
Backup recovery
Users contact the support team

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Other
Other protection between networks
Device ciphering, IPSec tunnels or MPLSconnectivity.
Data protection within supplier network
Other
Other protection within supplier network
Physical Security controls, Logical separation (MPLS) on transmission circuits, etc.
Encryption over service bearers (TLS 1.2 or higher), etc.
GTP tunnels following GSMA standards

Availability and resilience

Guaranteed availability
> 99.90% Quarterly.
Approach to resilience
Redundancy , capacity managed (bandwidth on radio access network (Licensed), Core is resilient and self-healing, etc.) etc. ISO 22301 certified BC processes.
Outage reporting
Service Management reporting processes

Identity and authentication

User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels
The platform is roles based from a security perspective
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Username or password
Devices users manage the service through
Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
BSI
ISO/IEC 27001 accreditation date
23/01/2019
What the ISO/IEC 27001 doesn’t cover
All relevant areas covered
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
OWASP
ISO27001
ISO20000
ISO9000
ISO14001
Tier IV Gold Uptime Institute
Information security policies and processes
Internal Model based on Information Governance functions within our business, implemented through managed change procedures and appropriate policies.

ISO 27001 based Policies, but built on legacy HMG CAS(T) principles (so more rigor required than ISO 27001 baseline).

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Internal methodology, which follows best practices as paf internal Formal Change Management process.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Internal CERT function and formal patch management policies with appropriate governance applied.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
ETom Framework

Management Platforms monitor many data points to inform the users about operational and security related events such as :SIM Card Change, Location Change, Aggressive Device Behavior etc.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
ETom Framework

O2 provides first line support - global services provides second line and any 3rd party supports will be covered underd 3rd line.

Secure development

Approach to secure software development best practice
Supplier-defined process

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
Yes
Who implements virtualisation
Supplier
Virtualisation technologies used
VMware
How shared infrastructure is kept separate
Database level separation.

Energy efficiency

Energy-efficient datacentres
No

Pricing

Price
£1.94 a gigabyte a month
Discount for educational organisations
No
Free trial available
Yes
Description of free trial
Please contact O2 for further details.

Service documents