Six Degrees Technology Group Limited

Livepay - PCI Compliant SIP Trunking

The Livepay Service delivers PCI DSS compliance by masking credit card information from your agents and your existing call recording platforms. Livepay is a full resilient business grade service to be used with Six Degrees SIP trunking.


  • Inline service using DTMF to allow customers to make payments
  • The Livepay Payment Portal is compatible with most modern browsers
  • Number porting – retain existing numbers
  • Resilient and highly available service
  • Flexible call capacity options
  • Proactively managed service
  • Fraud monitoring
  • Business grade IP telephony
  • Integration with majority of payment service providers


  • Compatible with all SIP based customer PBXs, Gateways, or PBXs.
  • Resilient, scalable and highly available service
  • Flexible technical and commercial models
  • Quick and efficient route to achieving PCI compliance
  • Cost effective solution


£15.50 a unit a month

  • Education pricing available
  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 12

Service ID

8 8 0 8 2 8 2 5 3 7 0 8 1 9 6


Six Degrees Technology Group Limited Rob Walton
Telephone: 07813303485

Service scope

Software add-on or extension
What software services is the service an extension to
Livepay must be used with Six Degrees SIP Trunking.
Cloud deployment model
  • Public cloud
  • Private cloud
  • Hybrid cloud
Service constraints
Livepay is hosted on Six Degrees infrastructure and must be used with the Six Degrees SIP trunking service. Calls must route through the Six Degrees network in order to use the Livepay service.
System requirements
  • SIP RFC3261 compliant PABX, gateway or SBC
  • Sufficient customer SIP trunk capacity
  • Integration with customer's payment gateway provider

User support

Email or online ticketing support
Email or online ticketing
Support response times
Please see Service Description for all SLAs and KPIs
User can manage status and priority of support tickets
Online ticketing support accessibility
WCAG 2.1 A
Phone support
Phone support availability
24 hours, 7 days a week
Web chat support
Onsite support
Yes, at extra cost
Support levels
Full support of services are provided as standard via our Support Desk. The Support Desk is available 24x7 and is manned by 1st/2nd line support engineers. The service desk has direct escalation to the operations team where full 3rd line support is provided.

Full out of hours support is also provided for all P1 and P2 incidents with clear escalation paths.

All customers are allocated a service delivery manager who is responsible for ensuring the smooth delivery of the service, acts as an escalation point for all incidents, and provides full monthly service reporting.
Support available to third parties

Onboarding and offboarding

Getting started
Not applicable for SIP services.
Service documentation
Documentation formats
  • PDF
  • Other
Other documentation formats
Microsoft Word and Excel
End-of-contract data extraction
Not applicable for SIP services.
End-of-contract process
We will provide transition services within reason to help the customer move to another service.

Using the service

Web browser interface
Application to install
Designed for use on mobile devices
Service interface
Description of service interface
Users can raise support tickets and change requests etc. through Six Degrees' online customer portal, which is provided via our chosen IT Service Management tool.
Accessibility standards
WCAG 2.1 A
Accessibility testing
Customisation available
Description of customisation
Users can choose geographical and non-geographical numbering from the UK and rest of world. We can provide load sharing, active / standby configurations for SIP endpoints and trunk capacity to suit their requirements.


Independence of resources
We proactively manage our network capacity to ensure we have sufficient headroom. We configure all customer trunks with their number of contracted channels to ensure one customer cannot impact another customer's ability to use the service.


Service usage metrics
Metrics types
We are able to provide SIP trunk utilisation statistics including the number of calls.
Reporting types
Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
Physical access control, complying with CSA CCM v3.0
Data sanitisation process
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Not applicable for SIP services.
Data export formats
Other data export formats
Not applicable for SIP services.
Data import formats
Other data import formats
Not applicable for SIP services.

Data-in-transit protection

Data protection between buyer and supplier networks
Other protection between networks
SIP traffic terminates on the Six Degrees Session Border Controllers (SBCs) which act as back to back user agents (B2BUA), which provides robust security between networks. Traffic is unencrypted as standard, TLS and SRTP is available as a separate cost option.
Data protection within supplier network
Other protection within supplier network
Data (SIP traffic) within the Six Degrees network is authenticated based upon a known IP address which provides a high level of security. Different customers' traffic is separated into different MPLS VRFs.

Availability and resilience

Guaranteed availability
99.99% uptime for resilient SIP trunks and an R-Factor greater than 85.
Approach to resilience
Our service is designed with no single points of failure - we have geographically diverse and highly available session border controller clusters, multiple physical and logical carrier trunks and a multi-path QOS enabled MPLS network over which services run.
Outage reporting
We have a suite of network management tools that proactively alert should there be any service issues.

Identity and authentication

User authentication needed
User authentication
Other user authentication
SIP trunk IP address authentication.
Access restrictions in management interfaces and support channels
SIP trunk IP address authentication. The Six Degrees SBCs will only allow traffic from known customer IP addresses. Traffic from other source IP addresses will be discarded.

Only authorised contacts are granted access rights to the service. The Support Desk will only accept requests from authorised contacts. Communication with anybody at Six Degrees will need to be pre-approved by a known individual in writing. Management of the infrastructure is via dedicated connectivity and out of band of customer data and customer networks
Access restriction testing frequency
At least every 6 months
Management access authentication
Username or password

Audit information for users

Access to user activity audit information
No audit information available
Access to supplier activity audit information
No audit information available
How long system logs are stored for
Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
Lloyd's Register Quality Assurance (LRQA)
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Who accredited the PCI DSS certification
Convergent Network Solutions
PCI DSS accreditation date
What the PCI DSS doesn’t cover
Only the physical and environmental security at Six Degrees' data centres in Birmingham, London and Studley were included in this assessment. The relates to the provision of the secure physical environment for the Colocation Services with Six Degrees provides to its clients. All other services provided by Six Degrees, internal systems supporting business operations or for other clients are specifically excluded from this assessment.
Other security certifications
Any other security certifications
  • PSN Compliance Certified
  • Cyber Essentials Plus

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
Cyber Essentials & PSN
Information security policies and processes
All ISO 27001:2013 controls and associated policies are in place. Enhanced weekly and quarterly external approved scanning vendor (ASV) vulnerability scanning. Six Degrees comply with our PSN CoCo which is aligned to our security principles that allows us to deliver our customers PSN Secure and Protect.
Six Degrees operate a rolling internal audit programme to ensure continuity of compliance to our various accreditations , as well as internal technical auditing of our systems through the use of various integrity checks. This ensures that there is always a fully justified and documented Change Request for any modification of our secure systems.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
All non-standard changes must be pre-authorised by going through a peer, senior and CAB approval process. Standard changes are created in template form and are approved in CAB before being implement into Change controls.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Six Degrees (Public Sector) run an internal vulnerability test once a week. All reported vulnerabilities that are reported are categorised into priority depending on the severity and a case is logged with the operation team who will fix the vulnerability under the time frames dictated by Public sector patching policy. This conforms to the PCI-DSS standard.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Six Degrees (Public Sector) have a protective monitoring system where all logs are centralised and checked on a daily basis for security breaches using several key search filters. Alerts are sent out for high risk activity and are pro-actively responded to by the operations and security teams. This conforms to the PCI DSS standard.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Six Degrees operate an ITIL aligned incident management process with associated procedures for security related incidents. The process has a clearly defined governance framework, including roles & responsibilities, clear policies and associated KPIs. This process conforms to PCI DSS.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
Connected networks
Public Services Network (PSN)


£15.50 a unit a month
Discount for educational organisations
Free trial available
Description of free trial
We can provide free Livepay SIP channel rental for a period of 3 months, the customer pays for call usage.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.