CW Squared Ltd

Zoom Video Communications/Managed Service

There are plenty of audio-visual suppliers who can rack and stack video conferencing solutions. However, there aren’t many companies that know how to create a video-enabled collaborative business. As an accredited Zoom solution provider, we specialise in getting the best from the technology – saving you time, effort and money.

Features

  • Meetings and video conferencing from desktop, mobile and in-room devices
  • Complete workplace management solution including room bookings
  • Enterprise cloud phone system with centralised management
  • Unified app for phone, video meetings and chat
  • Zoom certified hardware and audio-visual equipment installs
  • Create efficient digital workflows aligned to your existing processes

Benefits

  • Seamlessly elevate phone calls to a Zoom meeting
  • Align digital strategy with Zoom solutions
  • Video triage services for local and central government services
  • Digital inclusion and support
  • Monitoring of room occupancy and CO2 for return to office
  • COVID-safe spaces for consultations and assessments

Pricing

£15.99 a licence a month

  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at public.sector@cw-squared.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

8 0 7 4 2 8 8 1 3 6 8 5 4 6 5

Contact

CW Squared Ltd Public Sector team
Telephone: 020 7167 4349
Email: public.sector@cw-squared.co.uk

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
No
System requirements
  • An internet connection: broadband wired or wireless (3G or 4G/LTE)
  • Speakers and a microphone: built-in, USB plug-in, or wireless Bluetooth
  • A webcam or HD webcam: built-in, USB plug-in, or:
  • An HD cam or HD camcorder with a video-capture card
  • Virtual camera software for use with broadcasting software
  • MacOS 10.9 or later
  • Windows 7, 8, 8.1, 10 Home, Pro or Enterprise
  • IOS or Android, Blackberry and Surface Pro 2
  • Ubuntu 12.04+, Mint 17.1+, RHEL 6.4+, Oracle Linux 6.4+
  • CentOS 6.4+, Fedora 21+, OpenSUSE 13.2+, ArchLinux (64-bit)

User support

Email or online ticketing support
Email or online ticketing
Support response times
P1: Urgent, service down, 1 hour
P2: High, significant aspects of the service negatively affected, 4 hours
P3: Normal, general issues related to a feature or set of features, 24 hours
P4: Low, informational or feature change request, 24 hours

These are target response times and not service level guarantees.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
Web chat
Web chat support availability
24 hours, 7 days a week
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
Zoom in and out using browser controls. Select language. Download transcripts.
Web chat accessibility testing
None, although we have experience of building GDS-compliant web chat services so could provide this if required at additional cost.
Onsite support
Yes, at extra cost
Support levels
L1/2: Service/customer specific service desk 24/7, 20 tickets per month
L2/3: Direct with Zoom or AV supplier as required

Dedicated service desk is priced at £800 setup and £600 per month for 20 tickets. Other pricing is available.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Zoom is straightforward to use and comes with extensive user documentation. We are able to provide onsite training and online training at additional cost should it be required.
Service documentation
Yes
Documentation formats
HTML
End-of-contract data extraction
Data about meetings including cloud recordings can be exported as a CSV fie. Cloud recordings can be dowloaded to a local machine straight from the account settings.
End-of-contract process
As a cloud service, the service will cease when the contract ends. Any equipment purchased by the client remains their property and it may be possible to use with other video communications solutions.

Using the service

Web browser interface
No
Application to install
Yes
Compatible operating systems
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
None
Service interface
Yes
Description of service interface
Zoom Account Settings is a web page for administrators allowing them to change setting for all users in their account. They can also lock settings to prevent users from changing them and customise tiered settings.

Users can use the desktop

Zoom Device Management(ZDM) is Zoom Rooms(ZR) device management tool, which offers additional remote functionality on ZR devices from the same Zoom web portal. ZDM allows you to manage your Zoom Rooms and devices without having to physically engage with each room’s devices or be an expert in device management.
Accessibility standards
WCAG 2.1 AA or EN 301 549
Accessibility testing
Integrates seamlessly with 3rd party closed captioning providers through our Closed Captioning REST API.

Customize the font size of chat and closed captioning in our accessibility settings. Or if you use Zoom with a screen reader, focus on what you hear with granular control over screen reader alerts.
API
Yes
What users can and can't do using the API
The Zoom API is the primary means for developers to access a collection of resources from Zoom. Apps can read and write to the resources and mirror some of the most popular features available in Zoom Web Portal such as creating a new meeting, creating, adding and removing users, viewing reports and dashboards on various usage, and so on using the Zoom API. Depending on your app’s use case, you can choose from our various APIs and implement the features accordingly.

All APIs under the Zoom API are based on REST architecture and are accessed via HTTP at specified URLs. The base URL for all requests is https://api.zoom.us/v2/. The complete URL varies depending on the endpoint of the resource being accessed. For instance, you can list all users on an account via a GET request to this URL: https://api.zoom.us/v2/users/.

To support GDPR requirements of EU customers, you may use https://eu01api-www4local.zoom.us as the base URL for all API requests associated with EU accounts.
API documentation
Yes
API documentation formats
HTML
API sandbox or test environment
Yes
Customisation available
No

Scaling

Independence of resources
Zoom scales elastically across multiple cloud providers according to demand, including AWS and Oracle. This has enabled it to rapidly scale from 20m to 300m users in a very short period. The video codec is SVC and Multimedia Routing is used.

Analytics

Service usage metrics
Yes
Metrics types
Usage reports including Topic, Meeting ID, Start Time, End Time Duration, Participants for configurable periods of time.

Registration reports and poll reports
Reporting types
  • Real-time dashboards
  • Reports on request

Resellers

Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
Zoom

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
EU-US Privacy Shield agreement locations
User control over data storage and processing locations
No
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
From the client, data can be exported including cloud recordings and reports.
Data export formats
  • CSV
  • Other
Other data export formats
  • MP4 cloud video recordings
  • M4A cloud audio recordings
Data import formats
Other

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Other
Other protection between networks
Encryption: Protecting your event content by encrypting the session’s video, audio, and screen sharing. This content is protected during transit with the Advanced Encryption Standard (AES) 256 using a one-time key for that specific session when using a Zoom client.

End-to-end Encryption, when enabled, ensures that communication between all meeting participants in a given meeting is encrypted using cryptographic keys known only to the devices of those participants. This ensures that no third party -- including Zoom -- has access to the meeting’s private keys.
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Zoom strives for 99.999% availability. The current status can be found at https://status.zoom.us
Approach to resilience
Hosted in multiple cloud providers across multiple availability zones.
Outage reporting
Dashboard at https://status.zoom.us where users can subscribe for notifications

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
Username and password, role-based access
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
Between 1 month and 6 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
Between 1 month and 6 months
How long system logs are stored for
Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
Yes
CSA STAR accreditation date
23/1/2017
CSA STAR certification level
Level 2: CSA STAR Attestation
What the CSA STAR doesn’t cover
None
PCI certification
No
Other security certifications
Yes
Any other security certifications
  • NCSC Cyber Essentials
  • IAPP Silver Member
  • SOC 2 Type II

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
CSA CCM version 3.0
Information security policies and processes
.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Each change is initiated as a Request – better known as a "Request for Change (RFC)”. This request will also serve as a record and as evidence that a particular change has been requested. The change can be initiated internally or externally, and will be registered in a specific form on the support portal.
The RFC is received by a person who is responsible for analysing it, so this person is the first filter. This person is responsible for studying the details of the request and identifying the potential impact to the business, including economic and information security impact.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
We use OWASP, Open Web Application Security Project, tools to perform vulnerability testing. The OWASP method is based on the black box approach. The tester knows nothing or has very little information about the application to be tested. Once a potential threat is identified it is sent through the RFC process to ensure we follow our processes and anything that has a business critical impact is addresses as a top priority.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
We use OWASP, Open Web Application Security Project, tools to perform vulnerability testing. The OWASP method is based on the black box approach. The tester knows nothing or has very little information about the application to be tested. Once a potential threat is identified it is sent through the RFC process to ensure we follow our processes and anything that has a business critical impact is addresses as a top priority.
Incident management type
Supplier-defined controls
Incident management approach
All incidents are logged and tracked through our online helpdesk portal. Any new incidents reported via email/phone/chat will be logged as a new ticket with all relevant information. All updates are provided via email through the helpdesk and phone calls where necessary. Each ticket is handled by the 1st line team and escalated to other teams as required.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Pricing

Price
£15.99 a licence a month
Discount for educational organisations
No
Free trial available
Yes
Description of free trial
Zoom offers a free basic plan which can host up to 100 participants. One-on-one meetings are unlimited but group meetings are limited to 40 minutes. There is no cloud recording included.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at public.sector@cw-squared.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.