How do I check if our VoIP supplier meets NCSC good practice?

Updated

Choosing a VoIP (Voice over Internet Protocol) supplier who follows the National Cyber Security Centre (NCSC) good practice is essential for protecting your business communications. Simply put, this means your phone system provider takes appropriate steps to secure your calls and data against cyber threats, helping to avoid disruptions, data breaches, or loss of customer trust.

For a UK SME, a poorly secured VoIP system can lead to significant downtime if attackers exploit vulnerabilities, potentially halting phone-based sales or customer service. Moreover, sensitive information shared over calls or stored in call logs might be exposed, raising compliance concerns under UK GDPR and the Data Protection Act 2018. Ensuring your VoIP supplier aligns with NCSC guidance helps reduce these risks and supports audit readiness, especially if you pursue Cyber Essentials or ISO 27001 certification.

Consider a typical business with around 50 staff using a VoIP phone system for daily operations. If their supplier neglects strong authentication or fails to keep software patched, attackers could hijack phone lines to make fraudulent calls or intercept conversations. A responsible IT partner would regularly review the supplier's security measures, verify encryption standards, and implement multi-factor authentication (MFA) for access to the management portal. This proactive approach minimises the risk of costly fraud and service interruptions.

How to check if your VoIP supplier meets NCSC good practice

  • Ask about security certifications: Does the supplier have Cyber Essentials (or Cyber Essentials Plus) certification? This is a practical baseline for UK SMEs.
  • Inquire about encryption: Are calls and signalling encrypted end-to-end using recognised protocols (e.g., TLS, SRTP)?
  • Authentication controls: Does the supplier enforce strong password policies and offer MFA for account access?
  • Software updates: How often is the VoIP platform updated and patched against known vulnerabilities?
  • Access management: Can you review and control who has administrative access to your phone system?
  • Incident response: What procedures are in place if a security breach or service disruption occurs?
  • Data handling: Where is your call data stored, and does the supplier comply with UK data protection laws?
  • Service Level Agreements (SLAs): Check for clear commitments on uptime, support response times, and security responsibilities.

Simple internal checks to complement supplier verification

  • Review user accounts and permissions regularly to ensure only authorised staff can access the system.
  • Ensure your own network firewall and router are configured to restrict VoIP traffic to trusted sources.
  • Enable MFA on any management portals or admin interfaces you control.
  • Check that call recordings or logs containing personal data are stored securely and access is limited.

By following these steps, you can better assess whether your VoIP supplier aligns with NCSC good practice and supports your business's security and compliance needs. If you're unsure how to evaluate these aspects or want to improve your overall telephony security, consider consulting a trusted managed IT provider or IT advisor with experience in UK SME cybersecurity. They can help you ask the right questions, interpret technical details, and implement suitable controls without unnecessary complexity.

Tools & software for this topic

Not ready to change IT providers yet? These buying guides walk through tools your team can use to improve things on your own.

We may earn a small commission if you sign up with any of these tools and services, at no extra cost to you. We only feature tools that are appropriate for British businesses like yours.

Tools you can try right away

These tools line up with the topics in this guide and are commonly used by small and mid-sized businesses.

8x8 X Series

Best for: Best for UK SMEs needing integrated voice, video, and chat in one platform

Reliable cloud-based phone system for flexible business communication

8x8 X Series is a cloud-hosted VoIP solution commonly used by SMEs to unify calls, video meetings, and messaging. It offers global connectivity with features that support hybrid working and outsourced IT management.

View 8x8 X Series plans

Aircall

Best for: Best for UK SMEs needing easy-to-manage, app-based call handling

Cloud-based phone system for flexible team communication

Aircall is a cloud VoIP service commonly used by small businesses to manage calls across devices. It offers straightforward setup and integrates with popular CRM and helpdesk tools, helping teams stay connected whether in the office or remote.

View Aircall plans

CloudTalk

Best for: Best for UK SMEs needing scalable VoIP with straightforward call management

Reliable cloud-based phone system for flexible business communication

CloudTalk is a cloud-hosted VoIP system commonly used by SMEs to manage calls efficiently. It offers features like call routing and analytics, helping teams stay connected whether in the office or remote.

View CloudTalk plans

Dialpad

Best for: Best for UK SMEs needing easy-to-manage VoIP with strong mobile integration

Reliable cloud-based phone system for flexible business communication

Dialpad is a cloud VoIP service commonly used by SMEs to streamline calls and messaging across devices. It offers clear call quality and integrates well with mobile and desktop apps, helping teams stay connected whether in the office or remote.

View Dialpad plans

GoTo Connect

Best for: Best for UK SMEs needing a unified phone and video platform with easy setup

Reliable cloud phone system for clear calls and flexible working

GoTo Connect is a cloud-based VoIP system commonly used by SMEs for voice calls, video meetings, and messaging. It offers straightforward setup and integrates well with common business tools, helping teams stay connected whether in the office or remote.

View GoTo Connect plans

Grasshopper

Best for: Best for small UK businesses needing straightforward virtual phone systems

Simplifies business phone management with flexible VoIP features

Grasshopper is a VoIP phone system commonly used by small businesses to manage calls without traditional hardware. It offers easy call forwarding, voicemail transcription, and multiple extensions, helping teams stay connected whether in the office or working remotely.

View Grasshopper plans

Need hands-on help?

If you’d rather have a provider handle this for you, here are firms that work on VoIP & Phone Systems in United Kingdom.

Top firms for VoIP & Phone Systems
Cloud10 IT & Cloud Services
Manchester, England

Overview

Cloud10 IT & Cloud Services is a managed IT services provider based in Manchester, England. They specialise in delivering reliable IT support tailored for small and medium-sized enterprises (SMEs), charities, and professional services. With a focus on fostering secure communication and efficient issue resolution, this IT support company plays a vital role in enhancing the operational integrity of their clients.

This MSP is dedicated to providing consistent and effective support that simplifies the IT experience for its clients. They ensure that technical issues are resolved swiftly and that there is ongoing communication throughout the process. By offering a range of services, Cloud10 helps organisations streamline their operations while maintaining compliance with regulations such as the UK GDPR and Cyber Essentials.

What clients say about this company

Feedback from clients highlights the exceptional level of support they receive from Cloud10. Many appreciate the ease of raising issues and the prompt response times that facilitate smooth resolutions. Clients often remark on how well the team communicates during troubleshooting, which builds trust and reassurance.

5.0★
Optima Computers
London, England

Overview

Optima Computers is a managed IT services provider based in London, England. This IT support company focuses on offering reliable IT solutions to a variety of clients, including small and medium-sized enterprises, charities, and professional services. Their aim is to ensure technology functions smoothly, helping organisations maintain productivity and efficiency.

This MSP provides a range of services, including IT support, data recovery, and WiFi solutions. They are known for their commitment to customer satisfaction, providing clear communication and timely assistance. With a strong emphasis on reliability and transparency, this company tailors its services to meet the specific needs of their clients while adhering to relevant standards such as UK GDPR and Cyber Essentials.

What clients say about this company

Clients often appreciate the personal and attentive service provided by Optima Computers. Many highlight the reliability and speed of their IT support, mentioning prompt responses to issues and effective resolutions. Positive experiences include efficient repairs and transparency regarding costs and procedures.

The commitment to customer care is frequently noted, with clients expressing gratitude for the patience and professionalism of the staff. This managed IT services provider has built a reputation for being friendly and approachable, making the technology-related challenges easier to face for their clients.

4.9★
Com Cubed Computers
Londonderry, Northern Ireland

Overview

Com Cubed Computers is a managed IT services provider based in Londonderry, Northern Ireland. They offer a range of IT support services, helping small to medium enterprises (SMEs), charities, and professional services to manage their technology needs effectively. This IT support company focuses on delivering reliable solutions, ensuring clients have the right tools and support for their operations.

This MSP assists clients with various services, including computer repairs, technical support, and system management. They are committed to transparency and organisation, providing clear communication throughout the service process. By aligning with standards such as UK GDPR and Cyber Essentials, they prioritise security and data protection for all their clients.

What clients say about this company

Clients appreciate the consistent communication and reliability offered by this managed IT services provider. They often highlight the efficiency of the repairs and services, such as replacing screens or removing batteries, praising the company's timely follow-up and dedication to making sure everything works well after a service.

Feedback reflects a strong appreciation for the honesty and transparency displayed by Com Cubed Computers. Customers frequently commend their fair pricing and the quality of documentation provided during the service process, reinforcing trust in their expertise and commitment to client satisfaction.

4.7★
Andromeda Solutions
Middlesbrough, England

Overview

Andromeda Solutions is a managed IT services provider based in Middlesbrough, England. They focus on delivering comprehensive IT support and solutions tailored for small and medium-sized enterprises (SMEs), charities, and education sectors across the UK. Their services include IT support, PC repairs, phone systems, and assistance with various technology needs.

This IT support company is dedicated to ensuring reliability and security for their clients. They take pride in their thorough approach and clear communication, helping clients navigate IT challenges while reducing downtime. With a commitment to customer satisfaction, they ensure that clients are updated on the progress of their requests and repairs.

Andromeda Solutions places importance on professionalism and attention to detail. Their knowledgeable team is characterised by a respectful and polite service manner. Clients appreciate their willingness to go the extra mile, often providing on-site support and tailored solutions that end-users can trust.

What clients say about this company

Clients speak highly of the consistent service provided by this managed IT services provider. They appreciate the effort made to travel distances for quick and urgent repairs, noting the helpful communication throughout the process. Such dedication has fostered strong relationships with clients who often rely on their support.

Feedback highlights the professionalism and thoroughness of Andromeda Solutions staff. Many customers have shared positive experiences with team members who demonstrate extensive knowledge and clear respect for their clients' premises during service visits. This level of care has led to long-lasting loyalty among their clientele.

Clients also commend Andromeda Solutions for their swift response times and effective problem-solving abilities. Their proactive approach to IT issues has helped prevent potential disruptions for businesses and personal users alike. This commitment to delivering quality services ensures that customers can depend on them for their technology needs.

4.9★
ITC Service
Hebburn, England

Overview

ITC Service is a managed IT services provider located in Hebburn, England. This IT support company operates primarily in the United Kingdom, focusing on delivering reliable IT solutions to small and medium enterprises, charities, and professional service firms. They assist clients by managing their IT needs, ensuring systems run smoothly and securely.

This MSP offers a range of services, including IT support, network security, and VOIP solutions. They are known for their commitment to excellent communication and responsiveness. Clients appreciate how the team at ITC Service goes the extra mile, providing a calm and professional approach to IT issues.

What clients say about this company

Feedback from clients highlights the honesty and reliability of ITC Service. Many have described their experience as positive, noting the approachable nature of the team. The professional service received over the years has led to numerous recommendations to others seeking IT support.

Clients also value the security focus of this IT support company, stating that projects are completed on time and to a high standard. The team's patient and responsive attitude helps reduce stress during technical difficulties, allowing businesses to maintain their operations smoothly and confidently.

5.0★
User2 Computers
Edinburgh, Scotland

Overview

User2 Computers is a managed IT services provider based in Edinburgh, Scotland. This IT support company offers a range of services, focusing primarily on PC repair and network solutions, catering mainly to small and medium-sized enterprises, charities, and individual clients. They assist these customers by providing quick and effective IT support, ensuring smooth operations and minimal downtime.

This MSP is known for its reliability and responsiveness, often addressing urgent issues promptly. With a commitment to professionalism, they ensure that clients receive clear explanations of problems and solutions, making the technical aspects easy to understand. Additionally, they align their practices with industry standards to enhance security and data protection.

What clients say about this company

Clients appreciate the high level of responsiveness demonstrated by this IT support company. Users have commended their ability to address urgent issues swiftly, often leading to quick fixes without unnecessary delays. This reliability has built strong trust among their clientele.

The knowledge and expertise of the team at User2 Computers are frequently highlighted in feedback. Clients have shared positive experiences regarding the efficiency and professionalism of the staff, especially when handling complex problems. Overall, the feedback reflects a strong customer satisfaction with the services received.

4.6★
See all VoIP & Phone Systems service companies
By city
London, England
View all
Nottingham, England
View all
Hull, England
View all
Stoke-On-Trent, England
View all
Birmingham, England
View all
Bristol, England
View all
Fareham, England
View all
Glasgow, Scotland
View all

Related reading