RPM Solutions

One-Path Cloud

RPM’s One-Path Medical Solution provides cloud telephony functionality and technology with extensive and fully manageable features which give you complete control over your communications estate, whether you’re a single or multi-site environment with handset, mobile or desktop users.


  • Access to online portal and complete system awareness
  • Choice of softphones, desktop phones or mobile users
  • Applications - Integrated screen-pop, voicemail and cloud fax services
  • Call queuing and hunt groups
  • Estimated wait time and call queue position
  • Real-time call centre analysis
  • Call recording - all calls or on demand, stored on-line
  • Disaster recovery and call guard fraud protection
  • Voicemail-to-email, fax-to-email or email-to-fax (cloud mail)
  • Language translation services


  • Ability to take calls on any device, anywhere
  • Call recording access for dispute resolution and training
  • Data security and fraud detection and prevention facilities
  • Reduce abandoned calls
  • Take steps toward a paperless environment and reduce carbon footprint
  • Disaster recovery and operational continuity
  • Inclusive maintenance within monthly rentals
  • 24/7 access to online portal to make configuration changes
  • 24/7 access to RPM support team
  • Free of charge calls to UK local/national/mobile destinations


£7.95 per licence per month

  • Education pricing available

Service documents


G-Cloud 11

Service ID

8 1 3 3 6 4 6 4 2 9 5 6 6 9 4


RPM Solutions

Jon Richardson

0333 6006 999


Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints As a VoIP service, calls to 999 may not be possible during a service outage where the customer loses total connectivity for example, owing to a power outage or the failure of all data access.
One-Path does not support the following:

Analogue phones and devices, although we do supply ATAs

ISDN data calls

Presentation of multiple CLIs per site or per user

IP handsets that have not been supplied by us

We do not support some fax and franking machines which cannot connect via an ATA
System requirements
  • Dedicated and compatible IP network required
  • Min upload speed availability of 100Kbps per user

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Within 1-5 working days, depending on the priority of the query.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Yes, at extra cost
Support levels RPM provide a dedicated service response centre staffed by qualified personnel. Our aim is to provide a prompt, positive and professional response to your call or email if you require technical advice or should your cloud system develop a fault. First line support is available via email or over the phone 24/7/365. For any major faults or system failures RPM aims to respond within 4 working hours and within 16 working for a minor fault. Our working hours are Monday to Friday 8:30am - 5:30pm, however the fault reporting service is available 24 hours a day. We regularly inform the status of a raised support query and provide a support ticket reference where applicable. Any updates to this support reference are emailed to the specified contact for the account.

We provide Service Desk and Account Management Teams. Support engineers answer the phones in the RPM Service Desk and perform first stage fault analysis. If they are unable to resolve the incident will be escalated to Tier 2 and Tier 3 engineers.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started On-site training is fully inclusive within the system purchase cost and is usually provided by the RPM engineers installing the solution. Additional remote training can also be provided at an extra cost. User guides for handsets are available and left with the customer at installation stage.

General queries and guidance can be directed to our operations and support teams who are available via phone or email.

A named account manager will also be assigned to your account to support you and provide responses on any questions in the first instance.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction Our online admin portal is a secure online space giving customers complete visibility of the assets that we manage for them, which includes a breakdown of the numbers (CLIs) and sites which we support. This information can be easily downloaded for extraction into excel. This information can be easily downloaded for extraction into excel. Our monthly ebill information which is sent out to the customer via email also includes a breakdown of the communications estate in a PDF format.

RPM can also provide a more detailed list of devices or numbers in an excel or CSV file format.
End-of-contract process At the end of the contract the customer moves onto a rolling contract in line with our T's and C's. Users have the ability to port their numbers away to alternative providers at the end of the contract term if preferred, as long as a porting agreement exists between the networks in use. A named account manager from RPM would assist with the account transition. RPM require written notice 90 days prior to contract cancellation in order to comply efficiently with the transfer request, which can either be sent to our operations team or their direct account manager. Call recordings can be downloaded to a local server and kept indefinitely if required.

All hardware is included within the price of the contract. This can include, but is not limited to, handsets, headsets, expansion modules, PCs, monitors, PC peripherals, PoE switches, Cat5e cabling/sundries and routers where applicable. Software licenses for the use of the cloud platform are non-transferable. Routers supplied by RPM for dedicated network services are not included within the price of the contract and we expect these to be returned at the expense of the customer.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install Yes
Compatible operating systems
  • Android
  • IOS
  • MacOS
  • Windows
Designed for use on mobile devices Yes
Differences between the mobile and desktop service We have a bolt on App that can be added as an option to One-Path. Once downloaded from the relevant app store, the user is able to log in to access a subset of functionality.
The mobile soft client app allows a user to make and receive calls on a mobile device, as well as accessing key settings for their service. It provides all the same functionality as the desktop soft client, with the exception of Click-to-Call and Group Chat.
Service interface No
What users can and can't do using the API Customers can inform us of any CRM or other types of database which they would like to interact with the cloud software. This could include the integration and 'screen-popping' of customer information as they call into the system, which then appears on the end users desktop. We also allow the implementation of some automated download services for call recordings, as well as development on updates to cloud storage services for call recording back-ups.
API documentation No
API sandbox or test environment No
Customisation available Yes
Description of customisation Users are unable to change the features within the graphical user interface, however they have the ability to move 'widgets' around on the home screen in an order which suits them best. Users have full control over call flow features and schedules. This means at any time of the day they can program a change to the system and adapt where incoming calls are answered. These schedules are programmed to activate automatically, which means pre-defined events (such as training dates, bank holidays, lunch modes etc.) can all be scheduled in advance. Voicemail, voicemail-to-email and auto-attendant messages can be altered. User presentation ID can be changed, which can be a user ID, the site main number or withheld completely.

Administrators have access to the full feature set of the platform, including the statistics and call recording sections. Each application user can also be given access to their own portal which offers completely separate widgets based around individual statistics, call history and login/logout features for call groups.


Independence of resources RPM perform pre-installation checks to ensure that the network service provided is adequate to support the requirements of the customer. This involves the installation of a new IP circuit with the highest care level available with the network. Once the IP circuit goes 'live', a 10 day training period is placed on the circuit and we monitor the activity to ensure that it meets the necessary standard.


Service usage metrics Yes
Metrics types The standard system comes with historical call statistics 'out-of-the-box' which is accessible for up to the previous 12 months. This highlights the number of inbound/outbound calls, and can be filtered by specific hunt groups, users or sites. For an advanced call reporting 'call centre' experience, an additional comprehensive call centre package is available. This integrated software (also cloud-based, accessed via web pages) offers granular detail on call flow and user activity, as well as real-time wallboards, reporting and agent status if required.
Reporting types
  • Real-time dashboards
  • Regular reports


Supplier type Reseller providing extra features and support
Organisation whose services are being resold BT OpenReach

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach A number of the feature pages within the platform have blue 'export' icons which allow you to download a list of the data relevant to that page. This could include user info, hardware info or call statistics and recordings.
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks Private network or public sector network
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Availability and resilience
Guaranteed availability The Service Availability and other measures with the SLA relate to the core One-Path service and does not include access or local CPE elements.

If a Service is partially available then the Unplanned Downtime shall be calculated in equal proportion i.e. if a service is 50% available then the unplanned downtime will be calculated as: [50% x elapsed period of the incident]. Availability Measurement Period: 3 Calendar months.

One-Path user subscriptions will be available 99.95% of the time.

One-Path Graphical User Interface (GUI) will be available to end customers 99.9% of the time.

Auto-Attendant, Call Recording and Unified Messaging subscriptions will be available 99.0% of the time.

Not included:
- Outages which are deemed by us to be the result of matters outside of direct control
- Planned or emergency maintenance
- User error
Notes:Core functions are part of the Switching infrastructure, transmission equipment and core network, the service that supports call routing and termination.
Non-Core functions include the network Support Systems, access to any relevant portals and feature based services such as Call Plans, Call diverts, Auto Attendant and Call Recording
PESQ score target for G711 is 4.1 and G729 is 3.7
Approach to resilience The core service is hosted across 2 data centres based in London and Manchester. Data is replicated between the two to protect against loss of information or service disruption. The underlying core network is based on BT OpenReach fibre connectivity with both 'business care' level added to the IP connection and 'care level 4' on the circuit, which is OpenReach's highest level of response for faults. Cloud-based services are accessible by our support department 24/7 and therefore calls can be routed to disaster recovery locations in the event of a fault or unforeseen circumstance. This provides reassurance with complete operational continuity options available round-the-clock. With leased line connectivity RPM can also implement a backup DSL service for additional cost should the customer request this.
Outage reporting For major service outages to the core network RPM can contact the affected customer's via email. Updates on the severity and estimated fix time can also be directed to the point of contact for each affected site. From time to time RPM may also utilise it's social media presence to highlight any issues which may have occurred at a national level.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels Access to our platform is typically provided on a secure and dedicated network with firewall restriction and QoS-enabled routers. End user access to the features and underlying software is protected via username and password credentials via a secure web interface.
Access restriction testing frequency At least once a year
Management access authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 Lloyd's Register Quality Assurance Ltd
ISO/IEC 27001 accreditation date 29/04/17
What the ISO/IEC 27001 doesn’t cover N/A
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security No
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes The underlying network and infrastructure operators have deployed an Information Security Management System Manual (ISMS) which meets and is certified to ISO 27001:2013. It is supported by numerous policies and processes including but not limited to the following:

Information Security Policy
Information Security Incident Policy
Acceptable use policy
Access Control Procedure
Backup Plan
Business Continuity Plan
Confidential Data Policy
Data Protection Policy

The Reporting structure is from employees or customers to the Information Security Manager to the Information security Forum which is attended by several Directors and heads of departments. The Information Security Forum meets monthly to review all security incidents and events and corrective actions are agreed and tracked at this forum.

To raise awareness there is also access to a computer-based training platform for Security Awareness which is repeated annually. Line Managers have a responsibility to ensure their staff are aware of and follow these policies.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach Change Control Process covers changes made to operational systems, to mitigate the risks and impacts that any change has and ensures good communication at all stages.
Change Management ensures changes to core infrastructure and services are performed and implemented correctly.
Best practice guidance, aligned to ITIL (OGC), recommends that the starting point for any change should be a review of generic questions or the ‘seven Rs’.
A risk and impact assessment is carried out for each change this involves detailing the assets under change.
The Change Advisory Board (CAB) has a representative from each impacted business area.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach Our network utilise failure mode effects analysis process, conducting regular, systematic assessments of vulnerabilities to determine the necessity of safeguards, countermeasures and controls, monitoring for changes to maintain an acceptable level of risk. Includes identifying key information assets and subjecting them to specific risk assessments, assessing exposure to a list of common threats and vulnerabilities, maintaining risk registers, implementing technical, policy, business continuity and management initiatives;
Each patch is assessed and deployed accordingly:
High - Urgently.
Medium - ASAP.
Low - time permitting.
Our network utilise many Vendor sources and industry RSS feeds, CERT, Ubuntu and Debian. Member of CiSP.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Our network utilise GPG 13 guidance. There is a pre-built Security Information & Event Management Solution (SIEM) to identify potential compromises. If a compromise is found it is investigated. A Security Incident is raised to track the investigation, root cause and solutions if required to rectify or improve the situation. There is a response to incidents as close to real time as practicable.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Our network operate an Incident Management process which has numerous pre-defined sub groups of staff designated for particular products or scenarios. It can be initiated by any member of staff and is managed by the 24/7 Network Operations Centre (NOC). Any incident is reported by the customer to the Service Desk, it is recorded in a customer relationship management tool (CRM) and an Incident report is produced after root cause analysis has taken place. Any Incident reports are made available to end users via pdf.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No


Price £7.95 per licence per month
Discount for educational organisations Yes
Free trial available No

Service documents

Return to top ↑