RPM’s One-Path Medical Solution provides cloud telephony functionality and technology with extensive and fully manageable features which give you complete control over your communications estate, whether you’re a single or multi-site environment with handset, mobile or desktop users.
- Access to online portal and complete system awareness
- Choice of softphones, desktop phones or mobile users
- Applications - Integrated screen-pop, voicemail and cloud fax services
- Call queuing and hunt groups
- Estimated wait time and call queue position
- Real-time call centre analysis
- Call recording - all calls or on demand, stored on-line
- Disaster recovery and call guard fraud protection
- Voicemail-to-email, fax-to-email or email-to-fax (cloud mail)
- Language translation services
- Ability to take calls on any device, anywhere
- Call recording access for dispute resolution and training
- Data security and fraud detection and prevention facilities
- Reduce abandoned calls
- Take steps toward a paperless environment and reduce carbon footprint
- Disaster recovery and operational continuity
- Inclusive maintenance within monthly rentals
- 24/7 access to online portal to make configuration changes
- 24/7 access to RPM support team
- Free of charge calls to UK local/national/mobile destinations
£7.95 per licence per month
- Education pricing available
0333 6006 999
|Software add-on or extension||No|
|Cloud deployment model||Private cloud|
As a VoIP service, calls to 999 may not be possible during a service outage where the customer loses total connectivity for example, owing to a power outage or the failure of all data access.
One-Path does not support the following:
Analogue phones and devices, although we do supply ATAs
ISDN data calls
Presentation of multiple CLIs per site or per user
IP handsets that have not been supplied by us
We do not support some fax and franking machines which cannot connect via an ATA
|Email or online ticketing support||Email or online ticketing|
|Support response times||Within 1-5 working days, depending on the priority of the query.|
|User can manage status and priority of support tickets||No|
|Phone support availability||24 hours, 7 days a week|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
RPM provide a dedicated service response centre staffed by qualified personnel. Our aim is to provide a prompt, positive and professional response to your call or email if you require technical advice or should your cloud system develop a fault. First line support is available via email or over the phone 24/7/365. For any major faults or system failures RPM aims to respond within 4 working hours and within 16 working for a minor fault. Our working hours are Monday to Friday 8:30am - 5:30pm, however the fault reporting service is available 24 hours a day. We regularly inform the status of a raised support query and provide a support ticket reference where applicable. Any updates to this support reference are emailed to the specified contact for the account.
We provide Service Desk and Account Management Teams. Support engineers answer the phones in the RPM Service Desk and perform first stage fault analysis. If they are unable to resolve the incident will be escalated to Tier 2 and Tier 3 engineers.
|Support available to third parties||Yes|
Onboarding and offboarding
On-site training is fully inclusive within the system purchase cost and is usually provided by the RPM engineers installing the solution. Additional remote training can also be provided at an extra cost. User guides for handsets are available and left with the customer at installation stage.
General queries and guidance can be directed to our operations and support teams who are available via phone or email.
A named account manager will also be assigned to your account to support you and provide responses on any questions in the first instance.
|End-of-contract data extraction||
Our online admin portal is a secure online space giving customers complete visibility of the assets that we manage for them, which includes a breakdown of the numbers (CLIs) and sites which we support. This information can be easily downloaded for extraction into excel. This information can be easily downloaded for extraction into excel. Our monthly ebill information which is sent out to the customer via email also includes a breakdown of the communications estate in a PDF format.
RPM can also provide a more detailed list of devices or numbers in an excel or CSV file format.
At the end of the contract the customer moves onto a rolling contract in line with our T's and C's. Users have the ability to port their numbers away to alternative providers at the end of the contract term if preferred, as long as a porting agreement exists between the networks in use. A named account manager from RPM would assist with the account transition. RPM require written notice 90 days prior to contract cancellation in order to comply efficiently with the transfer request, which can either be sent to our operations team or their direct account manager. Call recordings can be downloaded to a local server and kept indefinitely if required.
All hardware is included within the price of the contract. This can include, but is not limited to, handsets, headsets, expansion modules, PCs, monitors, PC peripherals, PoE switches, Cat5e cabling/sundries and routers where applicable. Software licenses for the use of the cloud platform are non-transferable. Routers supplied by RPM for dedicated network services are not included within the price of the contract and we expect these to be returned at the expense of the customer.
Using the service
|Web browser interface||Yes|
|Application to install||Yes|
|Compatible operating systems||
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||
We have a bolt on App that can be added as an option to One-Path. Once downloaded from the relevant app store, the user is able to log in to access a subset of functionality.
The mobile soft client app allows a user to make and receive calls on a mobile device, as well as accessing key settings for their service. It provides all the same functionality as the desktop soft client, with the exception of Click-to-Call and Group Chat.
|What users can and can't do using the API||Customers can inform us of any CRM or other types of database which they would like to interact with the cloud software. This could include the integration and 'screen-popping' of customer information as they call into the system, which then appears on the end users desktop. We also allow the implementation of some automated download services for call recordings, as well as development on updates to cloud storage services for call recording back-ups.|
|API sandbox or test environment||No|
|Description of customisation||
Users are unable to change the features within the graphical user interface, however they have the ability to move 'widgets' around on the home screen in an order which suits them best. Users have full control over call flow features and schedules. This means at any time of the day they can program a change to the system and adapt where incoming calls are answered. These schedules are programmed to activate automatically, which means pre-defined events (such as training dates, bank holidays, lunch modes etc.) can all be scheduled in advance. Voicemail, voicemail-to-email and auto-attendant messages can be altered. User presentation ID can be changed, which can be a user ID, the site main number or withheld completely.
Administrators have access to the full feature set of the platform, including the statistics and call recording sections. Each application user can also be given access to their own portal which offers completely separate widgets based around individual statistics, call history and login/logout features for call groups.
|Independence of resources||RPM perform pre-installation checks to ensure that the network service provided is adequate to support the requirements of the customer. This involves the installation of a new IP circuit with the highest care level available with the network. Once the IP circuit goes 'live', a 10 day training period is placed on the circuit and we monitor the activity to ensure that it meets the necessary standard.|
|Service usage metrics||Yes|
|Metrics types||The standard system comes with historical call statistics 'out-of-the-box' which is accessible for up to the previous 12 months. This highlights the number of inbound/outbound calls, and can be filtered by specific hunt groups, users or sites. For an advanced call reporting 'call centre' experience, an additional comprehensive call centre package is available. This integrated software (also cloud-based, accessed via web pages) offers granular detail on call flow and user activity, as well as real-time wallboards, reporting and agent status if required.|
|Supplier type||Reseller providing extra features and support|
|Organisation whose services are being resold||BT OpenReach|
|Staff security clearance||Other security clearance|
|Government security clearance||Up to Developed Vetting (DV)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||No|
|Datacentre security standards||Managed by a third party|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||‘IT Health Check’ performed by a CHECK service provider|
|Protecting data at rest||Encryption of all physical media|
|Data sanitisation process||Yes|
|Data sanitisation type||Deleted data can’t be directly accessed|
|Equipment disposal approach||A third-party destruction service|
Data importing and exporting
|Data export approach||A number of the feature pages within the platform have blue 'export' icons which allow you to download a list of the data relevant to that page. This could include user info, hardware info or call statistics and recordings.|
|Data export formats||CSV|
|Data import formats||CSV|
|Data protection between buyer and supplier networks||Private network or public sector network|
|Data protection within supplier network||
Availability and resilience
The Service Availability and other measures with the SLA relate to the core One-Path service and does not include access or local CPE elements.
If a Service is partially available then the Unplanned Downtime shall be calculated in equal proportion i.e. if a service is 50% available then the unplanned downtime will be calculated as: [50% x elapsed period of the incident]. Availability Measurement Period: 3 Calendar months.
One-Path user subscriptions will be available 99.95% of the time.
One-Path Graphical User Interface (GUI) will be available to end customers 99.9% of the time.
Auto-Attendant, Call Recording and Unified Messaging subscriptions will be available 99.0% of the time.
- Outages which are deemed by us to be the result of matters outside of direct control
- Planned or emergency maintenance
- User error
Notes:Core functions are part of the Switching infrastructure, transmission equipment and core network, the service that supports call routing and termination.
Non-Core functions include the network Support Systems, access to any relevant portals and feature based services such as Call Plans, Call diverts, Auto Attendant and Call Recording
PESQ score target for G711 is 4.1 and G729 is 3.7
|Approach to resilience||The core service is hosted across 2 data centres based in London and Manchester. Data is replicated between the two to protect against loss of information or service disruption. The underlying core network is based on BT OpenReach fibre connectivity with both 'business care' level added to the IP connection and 'care level 4' on the circuit, which is OpenReach's highest level of response for faults. Cloud-based services are accessible by our support department 24/7 and therefore calls can be routed to disaster recovery locations in the event of a fault or unforeseen circumstance. This provides reassurance with complete operational continuity options available round-the-clock. With leased line connectivity RPM can also implement a backup DSL service for additional cost should the customer request this.|
|Outage reporting||For major service outages to the core network RPM can contact the affected customer's via email. Updates on the severity and estimated fix time can also be directed to the point of contact for each affected site. From time to time RPM may also utilise it's social media presence to highlight any issues which may have occurred at a national level.|
Identity and authentication
|User authentication needed||Yes|
|User authentication||Username or password|
|Access restrictions in management interfaces and support channels||Access to our platform is typically provided on a secure and dedicated network with firewall restriction and QoS-enabled routers. End user access to the features and underlying software is protected via username and password credentials via a secure web interface.|
|Access restriction testing frequency||At least once a year|
|Management access authentication||
Audit information for users
|Access to user activity audit information||Users contact the support team to get audit information|
|How long user audit data is stored for||At least 12 months|
|Access to supplier activity audit information||Users contact the support team to get audit information|
|How long supplier audit data is stored for||At least 12 months|
|How long system logs are stored for||At least 12 months|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||Lloyd's Register Quality Assurance Ltd|
|ISO/IEC 27001 accreditation date||29/04/17|
|What the ISO/IEC 27001 doesn’t cover||N/A|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||No|
|Named board-level person responsible for service security||No|
|Security governance certified||Yes|
|Security governance standards||ISO/IEC 27001|
|Information security policies and processes||
The underlying network and infrastructure operators have deployed an Information Security Management System Manual (ISMS) which meets and is certified to ISO 27001:2013. It is supported by numerous policies and processes including but not limited to the following:
Information Security Policy
Information Security Incident Policy
Acceptable use policy
Access Control Procedure
Business Continuity Plan
Confidential Data Policy
Data Protection Policy
The Reporting structure is from employees or customers to the Information Security Manager to the Information security Forum which is attended by several Directors and heads of departments. The Information Security Forum meets monthly to review all security incidents and events and corrective actions are agreed and tracked at this forum.
To raise awareness there is also access to a computer-based training platform for Security Awareness which is repeated annually. Line Managers have a responsibility to ensure their staff are aware of and follow these policies.
|Configuration and change management standard||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Configuration and change management approach||
Change Control Process covers changes made to operational systems, to mitigate the risks and impacts that any change has and ensures good communication at all stages.
Change Management ensures changes to core infrastructure and services are performed and implemented correctly.
Best practice guidance, aligned to ITIL (OGC), recommends that the starting point for any change should be a review of generic questions or the ‘seven Rs’.
A risk and impact assessment is carried out for each change this involves detailing the assets under change.
The Change Advisory Board (CAB) has a representative from each impacted business area.
|Vulnerability management type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Vulnerability management approach||
Our network utilise failure mode effects analysis process, conducting regular, systematic assessments of vulnerabilities to determine the necessity of safeguards, countermeasures and controls, monitoring for changes to maintain an acceptable level of risk. Includes identifying key information assets and subjecting them to specific risk assessments, assessing exposure to a list of common threats and vulnerabilities, maintaining risk registers, implementing technical, policy, business continuity and management initiatives;
Each patch is assessed and deployed accordingly:
High - Urgently.
Medium - ASAP.
Low - time permitting.
Our network utilise many Vendor sources and industry RSS feeds, CERT, Ubuntu and Debian. Member of CiSP.
|Protective monitoring type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Protective monitoring approach||Our network utilise GPG 13 guidance. There is a pre-built Security Information & Event Management Solution (SIEM) to identify potential compromises. If a compromise is found it is investigated. A Security Incident is raised to track the investigation, root cause and solutions if required to rectify or improve the situation. There is a response to incidents as close to real time as practicable.|
|Incident management type||Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402|
|Incident management approach||Our network operate an Incident Management process which has numerous pre-defined sub groups of staff designated for particular products or scenarios. It can be initiated by any member of staff and is managed by the 24/7 Network Operations Centre (NOC). Any incident is reported by the customer to the Service Desk, it is recorded in a customer relationship management tool (CRM) and an Incident report is produced after root cause analysis has taken place. Any Incident reports are made available to end users via pdf.|
|Approach to secure software development best practice||Supplier-defined process|
Public sector networks
|Connection to public sector networks||No|
|Price||£7.95 per licence per month|
|Discount for educational organisations||Yes|
|Free trial available||No|