Truststream Security Solutions

Zscaler Private Access Service

Zscaler Private Access is a cloud-based service that delivers policy-based, secure access to private applications and assets without the cost, support burden, or security risks of a VPN. It delivers seamless, policy-driven, access to private internal applications and assets whether they are in the cloud, the data center, or both.


  • No VPN client to launch, exit, support and manage
  • Enable application-specific access to staff, individual contractors, and business partners
  • Users never placed on network, enabling use of unmanaged devices
  • Consistent security policy enforcement for application access
  • Unauthorized users are not able to see applications
  • Removes complexity and security risk of VPNs
  • Reduces Capex and Opex compared to traditional VPNs
  • Easy and fast deployment
  • Decouples private internal applications from the physical network
  • Automatically routes to the location that delivers the best performance


  • Provides secure access to your internal applications
  • No VPN on-premise equipment capital and support (FTE) costs
  • Easily apply your organisation’s security access policy
  • Applications never exposed to the internet, reducing the DDoS threat
  • Seamless integration with your existing identity stores
  • Scalable to any size of workforce and number of applications
  • Requires no changes to current infrastructure
  • Reduces the complexity of network/security architectures, accelerating cloud adoption
  • Simplifies cloud security through partnerships with Microsoft/Azure and Amazon/AWS


£0.94 per user per month

  • Free trial available

Service documents

G-Cloud 10


Truststream Security Solutions

Mike Wawro

07815 188212

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints There are no operational constraints to the service
System requirements None

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Standard Support: P1 response time 2 hours, P2 response time 4 hours, P3 response time 12 hours, P4 response time 48 hours.

Premium Support: P1 response time 30 minutes, P2 response time 1 hour, P3 response time 3 hours, P4 response time 4 hours.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Yes, at extra cost
Support levels Standard support is provided by Zscaler with the ZPA service. Premium support is available from Truststream at 15% of the annual net cost of the service. The Truststream Zscaler Premium Support service provides a support engineer with contextual knowledge of the customer implementation. It also gives regular technical account management meetings which can be in person or by Webex. The frequency of the meetings are agreed at the time of the implementation. Typically, more frequently initially, settling to a quarterly or bi-annual frequency.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started The implementation of the Zscaler Private Access service is not a complex nor lengthy project. Truststream supports organisations that are new to the service every step of the way. Online training and comprehensive user documentation is provided. Often, organisations evaluate and become comfortable with the service using a proof-of-concept trial. They then purchase the service and the PoC is simply switched into production making implementation straightforward and low-risk.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction We do not hold any client data
End-of-contract process The customer would have to phase-in alternative application access methods in advance of the service contract ending.

Using the service

Using the service
Web browser interface No
Application to install Yes
Compatible operating systems
  • Android
  • IOS
  • MacOS
  • Windows
Designed for use on mobile devices Yes
Differences between the mobile and desktop service None
Accessibility standards None or don’t know
Description of accessibility The admin monitor is viewable as an application through a web browser. There is no user interaction as the system is passive to the end user.
Accessibility testing Not applicable
Customisation available Yes
Description of customisation The ZPA service can be customised via the administration portal. It is very comprehensive in deployment, granular policy control options and reporting.


Independence of resources The Zscaler global network consists of over 100 data centers. If there is a problem with one DC, user traffic is simply routed to the nearest alternative DC. Zscaler has been designed as a scalable cloud service from day 1. Currently, over 5,000 organisations in 185 countries are using the service to make 30 billion requests a day, 125 million of which are blocked for protection and compliance purposes.


Service usage metrics Yes
Metrics types The interactive reporting tool in the admin portal presents a wide range of standard reports and provides the ability to create custom reports as well. It supports real-time interactive analysis.
Reporting types
  • Real-time dashboards
  • Regular reports


Supplier type Reseller providing extra support
Organisation whose services are being resold Zscaler

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
  • Other locations
User control over data storage and processing locations Yes
Datacentre security standards Supplier-defined controls
Penetration testing frequency At least every 6 months
Penetration testing approach In-house
Protecting data at rest Other
Other data at rest protection approach We do not hold customer data
Data sanitisation process No
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach For compliance mandates on local log archival, Zscaler Nanolog Streaming Service (NSS) allows you to transmit your logs to your SIEM in real time for external logging or advanced threat correlation. You can even fine-tune threat feeds to receive particular data in order to accommodate SIEM Events Per Second (EPS) restrictions.
Data export formats Other
Other data export formats Customizable to send log fields based on complex log filters
Data import formats Other
Other data import formats Live user credentials from ADFS or SSO integration

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks Private network or public sector network
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability The SaaS will be available to accept Customer’s Transactions and Sessions 100% of the total hours during every month Customer uses the SaaS. Service Availability is monitored by a third party service (Site 24x7 by ZOHO), and Service Availability is validated by this third-party service. Excluded Transactions and Sessions would not be factored into this Service Availability validation. Failure to meet this Service Availability Agreement results in a Service Credit as follows. Percentage of Transactions and Sessions Processed During a Month:
>= 99.999%, service credit 0 days;
< 99.999% but >= 99.99%, service credit 3 days;
< 99.99% but >= 99.00%, service credit 7 days;
< 99.00% but >= 98.00%, service credit 15 days;
< 98.00%, service credit 30 days.
Approach to resilience N+1 failover Data Centres
Outage reporting Public Dashboard & Email. The Zscaler Service Continuity Customer Notification Protocol is available on request. Type the term into a search engine.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Other
Other user authentication SAML
Access restrictions in management interfaces and support channels Role-based access control. Details available upon request.
Access restriction testing frequency At least once a year
Management access authentication Other

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for Between 1 month and 6 months
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for Between 1 month and 6 months
How long system logs are stored for Between 1 month and 6 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 Brightline for Zscaler, The British Assessment Bureau for Truststream
ISO/IEC 27001 accreditation date 26/06/14 for Zscaler, 07/10/16 for Truststream
What the ISO/IEC 27001 doesn’t cover Truststream scope: provision of cyber security services. Zscaler scope: the Zscaler cloud operations for its Security as a Service platform (including operations employees and network operations center) located in Zscaler’s network operations center in San Jose, California. Everything else is out of scope.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications Truststream is Cyber Essentials Plus certified

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards Truststream is Cyber Essentials Plus certified
Information security policies and processes Available on request

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Available on request
Vulnerability management type Undisclosed
Vulnerability management approach Following industry best practices with Qualys scanning
Protective monitoring type Undisclosed
Protective monitoring approach Available upon request
Incident management type Undisclosed
Incident management approach Available upon request

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks Yes
Connected networks New NHS Network (N3)


Price £0.94 per user per month
Discount for educational organisations No
Free trial available Yes
Description of free trial Full product on qualified 30-day proof-of-concept trial. When organisations satisfy themselves that the service functions as advertised, they usually proceed to purchase and the PoC trial is simply switched to production and the full production user-load added.


Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑