Hospital Services Limited

HSL - Integrated Video Services

A specialised software subscription-based cloud service enabling secure, seamless calling from any standards based video system using SIP/H323, SfB, Hangouts, Teams or WebRTC with both internal and external contacts, via our quality-assured global cloud video platform allowing you a scalable solution without the need to purchase expensive infrastructure and hardware.

Features

  • Up to 50 simultaneous connections
  • Standards-based video address (SIP/H.323) on any video network
  • SIP/H323 desktop software
  • Web browser, smartphone or tablet
  • Video calling with live screen-share and recording
  • Audio connectivity
  • Seamless connectivity between your existing video units and SfB users
  • Scheduled meetings hosted on the HSL Integrated Video Service
  • Endpoint registration – Register hardware video devices to the Cloud
  • Firewall traversal

Benefits

  • Seamless connectivity
  • Audio, video, content and screen sharing capability
  • Supports connectivity to all standard based videoconferencing devices
  • Ability to connect regardless of hardware, software or telephony
  • Secure collaboration and connections using the HSL IVS
  • Simple to use
  • Centralised directory management
  • ROI from any existing hardware infrastructure
  • Pick and Mix combination solutions
  • Reporting feature

Pricing

£16.34 per licence per month

  • Free trial available

Service documents

Framework

G-Cloud 11

Service ID

7 5 4 6 1 3 6 7 9 5 9 6 2 1 4

Contact

Hospital Services Limited

Joanne Rix

01157043000

sales@hsl.co.uk

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
The add on services available are:
Google Hangouts ;Microsoft Teams integration/gateways and device registration to enable seamless connectivity. For use of IE, the user must download the my meeting app, provided as part of the service.
Cloud deployment model
Public cloud
Service constraints
Maintenance windows will adhere to the existing Change Management process with a 10-business day notification period. Emergency changes are managed as one-off scenarios and each organisation will be contacted by email and phone as soon as possible before the event. Where possible, maintenance will take place outside core business hours.
System requirements
  • Supply of devices - Tablet, Smartphone, IPad, Video system
  • Supply of network
  • Supply of Skype for Business or applicable software application

User support

Email or online ticketing support
Email or online ticketing
Support response times
Support requests will be acknowledged within 2 hours. The Support Operations Centre (SOC) is available 09.00am-17.00pm Monday to Friday (excluding UK public holidays). If the SOC is required outside of this window, arrangements can be made and priced depending on the requirement and application.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
We adapt our support to the needs of the users and can offer most support levels requested by clients. We are able to provide first and second line support to our clients. We have provided both real-time telephone support and mail support. The costs of each of these models is tailored to the specific needs of our clients to ensure the right level of support is provided to the service. In all of our client engagements there will be a dedicated account manager, a cloud support engineer and technical account manager depending on the needs of the client which is identified during on boarding process.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Once an order for The Integrated Video Service has been received, the order will be passed to your dedicated account manager who will then complete the following:
• Clarify the use of the service and the requirement with the buying organisation
• Deployment options and timescales
•Organisation Administration details
•Individual user and device details
•Training delivery and user documentation (if applicable) either on site or remotely
Once the use of The Integrated Video Service has been activated, basic onboarding emails, followed up with review meetings between owners, users and HSL account managers to discuss and understand the features of the service and increase usage and adoption within your organisation.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
There is no data to be extracted at the end of the contract, there is metadata that is created as part of the services and this is deleted in line with our retention policies. Further Information is available on request in relation to data extraction.
End-of-contract process
90 days prior to the end of the service term the customer will be informed of the termination of the service date by email, followed up by telephone. Offboarding will then be agreed.

Using the service

Web browser interface
Yes
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Yes
Compatible operating systems
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Based on simplicity, our solutions have been designed with the familiar interface for all desktop and mobile applications to ensures a seamless experience across all devices.
Service interface
No
API
No
Customisation available
Yes
Description of customisation
Subject to certain criteria, the branding and styling of the clients (web app, mobile and desktop) can be customised. This changes the look and feel of the client regardless of which service is being accessed. To customise the clients you typically create and then upload a branding package to the Management Node. That branding package is then automatically applied to all users of the web app. To apply the same customised branding to the next-generation desktop and mobile clients you can provision features to instruct those clients to override their built-in branding and use the customised branding instead. Branding customisation that are applied via the Management Node and will persist over upgrades to subsequent versions of the software, although the customer may need to adapt the customisation to cater for any new features when upgrading to a new major release.

Scaling

Independence of resources
The services, when contracted, will be assured to give the capacity required, the services will not be affected by other service users. Capacity and resource planning is managed as part of our management procedures and monitoring processes.

Analytics

Service usage metrics
Yes
Metrics types
Audit logs and system updates with appropriate user rights
monitor usage of individual users; team VMRs and endpoints; current and previous months usage; sort users by numbers of calls or duration, identify high users; identify who may require assistance.
Reporting types
  • Real-time dashboards
  • Regular reports

Resellers

Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
Pexip Videxio

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
In-house
Protecting data at rest
Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
The HSL-IVS service does not store data regarding participants beyond that which is necessary to uniquely identify them on the service for the purpose of call processing to initiate, route, maintain, and terminate calls. Call Detail Records (CDRs) are generated by way of the use of the video services, to allow subscribers to track call activity. These CDRs can be provided by our Support Operations Centre
Data export formats
CSV
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
The SLA for each main service elements:
1. Core services; components that are crucial to access the service: the calling network, endpoint registrations, the VMRs . Guaranteed uptime for this is 99.9%.
2. Secondary services; non-critical service items like the analytics. Guaranteed uptime for this is 99.5%. The customer will be entitled to a Service Credit for each Severity 1 – 3 Fault which is not rectified within the guaranteed resolution time.
1. The Service is down or there is a critical impact to business operation. No workaround exists. HSL will commit full-time resources to resolve the issue.
2. Operation of components of the HSL platform are severely degraded or business critical aspects of the End Users’ experience are negatively impacted by unacceptable performance.
3. A light degradation of service with medium to low impact on business operations. Single user is able to operate normally but with some inconvenience. For each fault affecting a Service which is not rectified within the resolution time, a Service Credit will be payable calculated as 3% of the monthly recurring charge per day for the relevant service and customer. One month’s credits can not exceed the monthly recurring charges for that month.
Approach to resilience
The Service core PoPs consist of redundant Data Centres to handle all media and firewall traversal of devices supported ensuring resilience. The Data Centres (our Core PoPs) can operate together or separately to create full redundancy, providing for a robust and high-availability call service. We test and monitor our resilience strategy within our business continuity, incident management, emergency and resilience planning, focusing on maximising availability and minimising incident occurrence as well as ensuring timely recovery. Further information is available on request.
Outage reporting
Planned outages will be advised by email and/or telephone within 10 working days. Where possible these will take place out of core business hours. For any unexpected disruptions, we will advise the user by telephone followed up by email. This will detail the nature of the outage, what the incident is, the expected down time or alternative options and when we expect the service to be resumed. We will contact all users throughout the outage and once we have confirmed normal service has been resumed. For any service outages, we will follow our incident management procedures detailed within our Business Continuity Plan. All incidents will be fully documented, reviewed and conclusive action be implemented where possible.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels
As the onboarding process, we work with the organisation to look at the security requirements. Users are allocated appropriate levels of access to the service i.e administrative or user rights. Any changes after go live are subject to approval by the customers authorised administrator. All users of our service have access to support channels.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
No
Security governance approach
We are in the process of gaining accreditation for ISO27001 and Cyber Essentials. All our policies and procedures are in line with the Information Security Management System but are not yet certified
Information security policies and processes
The reporting structure consists of the ISM Team. The Management Team understands its accountability and champions it at every level throughout the business. The ISM Team ensures that the business is compliant with all applicable legislative, regulatory, security and corporate governance requirements and also with the client requirements. The ISM Team has nominated appropriate individuals to be responsible for the day to day implementation, maintenance testing and upkeep of the ISMS. Quarterly internal audits are conducted to exercise, review and ensure maintenance of both practices and procedures are followed and relevant. Business Continuity and Disaster Recovery Business Impact Analysis Resilience strategy Technical Security Procedure – including access controls policy/technical security management policy/encryption Risk, Assessment Applicable legislation, Change Management Procedure, Communication Plan, Data Protection Policy, Improvement and Corrective Action, Information Classification, Information Security Management Procedure, Incident Reporting, Process Starters and Leavers, Procedure Statement of Applicability and Objectives & Measure Tracker

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
All components of our services are tracked through their lifetime. Changes are assessed for potential security impact. Once we have identified the project, accountability is established. Process tracking describes how the configuration change is controlled and measured. The whole process is documented. The ISM team assign and document every aspect from identification, changes through to the tracking of accountability. The ISM Team, along with stakeholders, meet to discuss. The ISM Team set audits that cover all stages of the project. The final audit is documented and describes the full security and configuration on completion.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
The service consists of both in-house authored applications as well as those provided by vendors. Anti-virus and anti-malware detection software is always kept current. The service closely monitors the devices and resources which comprise the Service Network for unusual activity such as traffic spikes, gross changes in device registration counts, and suspicious access attempts. As security notifications from the vendors are disclosed to the technical escalation team (ISM) who assess the threat and level of exposure, and then takes appropriate action to remediation the issue within an appropriate time scale applicable to the threat following our ISM processes
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
The Service Network employs Intrusion Detection System (IDS) solutions from OSSEC and Suricata as part of its strategy to secure its infrastructure. Each PoP are closely and continually monitored by an Operations Team 24x7x365, including tracking of traffic volume, video device registration activity, and usage patterns.
Trending patterns are logged and studied in addition suspicious changes to historic load patterns are tracked and scrutinised to identify potential issues and threats to the service. Logs are produced daily for every production device in the service with our operational team receiving automated notifications which will be actioned according.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Reported by telephone/email to the SOC with escalation to the ISM Team. Service Incidents or reported weaknesses are tracked via the Improvement Log Report. The SOC will raise a security incident report (SIR) and update the security incident log (SIL) with information. The ISM Team will categorise and priorities the incident. A response will be given by phone/email after the category and priority has been established. An investigation is conducted and diagnosis agreed. The resolution and recovery phase is then instigated. Changes will engage the change control process. The conclusion will be updated on the SIR/SIL and stakeholders advised.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Pricing

Price
£16.34 per licence per month
Discount for educational organisations
No
Free trial available
Yes
Description of free trial
We are able to offer all potential customers a trial period of 14 days. This trial period will give your organisation the opportunity to experience The Integrated Video Service and review the service first hand, with all the benefits and features of the service.

Service documents

Return to top ↑