Vonage Fined After Emergency Call Failures Leave Businesses at Risk

Key Takeaways

• Emergency Access Failure: Between October 23 and November 3, 2023, Vonage’s UK business customers using desk phones were unable to connect to emergency services due to a faulty software update.
• Regulatory Breach: Ofcom found Vonage failed to test the update, lacked monitoring to detect the outage, and breached rules requiring uninterrupted access to emergency services.
• Financial Penalty: Ofcom imposed a £700,000 fine, reduced by 30% after Vonage admitted liability and agreed to settle.
• Corrective Action: Vonage has since strengthened its change-management and network monitoring processes.

Deep Dive

For nearly two weeks in late 2023, some UK business customers of Vonage picked up their desk phones and discovered they couldn’t dial 999. Today, Ofcom confirmed that lapse will cost the communications provider £700,000.

The regulator’s investigation traced the problem back to a routine software update rolled out on October 23, 2023. Instead of running smoothly, the change effectively severed access to the emergency services for Vonage’s UK VoIP business customers until November 3. Ofcom said the company had failed on two fronts: it neither tested whether the update might affect emergency calls nor monitored its systems closely enough to catch the disruption once it began.

“Being able to call the emergency services can mean the difference between life and death,” said George Lusty, Ofcom’s Enforcement Director. “Vonage fell short on a number of levels, putting its customers at unacceptable risk.”

What Ofcom found went beyond a coding error. The regulator concluded that Vonage’s internal processes weren’t designed to flag changes that could jeopardize critical services. And once the outage was underway, the company’s lack of oversight meant the failure dragged on undetected.

That combination, Ofcom said, breached rules requiring providers to take “all necessary measures” to guarantee uninterrupted emergency access.

Vonage admitted liability, qualifying for a 30% discount on the penalty. The fine, which must be paid within four weeks, will go directly to HM Treasury. Without the settlement, the amount would have been significantly higher.

Since the incident, Vonage has reworked its change-management procedures and stepped up network monitoring to prevent a repeat. Ofcom noted those remedial steps but stressed that telecoms providers cannot afford to treat emergency access as an afterthought.

The GRC Report is your premier destination for the latest in governance, risk, and compliance news. As your reliable source for comprehensive coverage, we ensure you stay informed and ready to navigate the dynamic landscape of GRC. Beyond being a news source, the GRC Report represents a thriving community of professionals who, like you, are dedicated to GRC excellence. Explore our insightful articles and breaking news, and actively participate in the conversation to enhance your GRC journey.