RM Education Ltd

RM Unify

RM Unify is a true single sign on identity and access management service. It delivers an App Library, Launch Pad and Management Console to users through any browser, on any device. There are full network integration options for MIS and AD user management and provisioning. Onboarding/offboarding section details exit plan.

Features

  • User provisioning from CSV, AD and or MIS
  • Network provisioning from MIS
  • o365 and G suite Group provisioning from MIS
  • Desktop and web single sign on
  • Full SSO for either o365, G Suite of both simultaneously
  • One click Launch Pad provisioning from the App Library
  • User password management
  • MIS sync to AD for rich user data
  • Parent account provisioning
  • App Library featuring 'safe for education' Apps

Benefits

  • Anytime, anywhere learning. Access everything though the web
  • Always up to date. No local software installs.
  • Flexible and scalable. School, Multi-Academy Trust, School District
  • True Single Sign On. Platforms (o365 and GSuite) and apps
  • Time saving. Automated user provisioning, de-provisioning and management
  • Cost saving. App, Device and Platform (0365 and GSuite) management
  • Data Security and Management. App data share reporting.
  • Customisable for school, user, group and individual
  • Network Management. AD Synch and desktop SSO
  • Ever evolving and growing. Dynamic roadmap and development.

Pricing

£0 to £1495 per licence per year

  • Free trial available

Service documents

G-Cloud 10

171551347015659

RM Education Ltd

RM Education

08450 700300

tendersteam@rm.com

Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to RM Unify integrates with a large number of 3rd party apps by design enabling SSO functionality and general user management. RM Unify provide IAM to a number of RM products including RM Safetynet, RM Buzz, RM Finance and RM Integris.
Cloud deployment model Public cloud
Service constraints None
System requirements None

User support

User support
Email or online ticketing support Yes, at extra cost
Support response times Mon-Fri 8am-6pm - 2 hour response
Sat-Sun - closed
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.0 A
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Basic - access to online RM Knowledge Library only. Cost - free.
Premium - all the above. Cost - £745 (<500 users) - £1495 (>500 users) annually.
Up to third-line level support, with a remote access service provided by RM to resolve issues where appropriate (Premium only).
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started User have access to a support portal to reach quick start guides and technical help. In addition users have access to video guides to key features via a dedicated YouTube channel.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction RM Unify acts as a data conduit and not a data producer. The service is an Identity and Access Management platform used to integrate data sources (LDAP and MISs) and third party online services. As such, it is not a content creation platform holding customer data. The limited data that is held, which is primarily identity data, is available for export by CSV (with the exception of user passwords, on security grounds).
End-of-contract process Due to the lack of data in the service there is no off-boarding service built into the standard contract. Support channels however are designed to assist customers in such circumstances.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service None
Accessibility standards WCAG 2.0 AA or EN 301 549
Accessibility testing The Shaw Trust, a charitable independent body, is used to ensure that compliance with WCAG AA is met.
API Yes
What users can and can't do using the API The service has numerous APIs allowing third parties to extend our platform as required by customers. The service supports a variety of data sources from local and cloud hosted MIS (Management Information Systems) and customers are free to integrate their own. Third party services can be used to extend the platform, by leveraging data and SSO APIs. The API documentation at http://dev.rmunify.com describes the technical integration required complete with examples in multiple languages. All third party integration is validated by RM Education and data sharing consent is sought from end user administrators for customers that choose to use these integrations.
API documentation Yes
API documentation formats
  • Open API (also known as Swagger)
  • HTML
API sandbox or test environment Yes
Customisation available Yes
Description of customisation -The Launch Pad is customisable by role e.g. student, teacher, non-teacher. Further customisation options include groups.
- Admins can personalise their Launch Pad with images, themes and messages. Organsisations can have their own unique URL e.g https://yourschoolname.rmunify.com.
- Admins can choose from a range of username formats when provisioning users.
- The login screen can be branded
- There are a number of user provisioning methods to choose from including sourcing from a CSV, Active Directory, a school MIS or direct from the UI.
- In addition to a Super Admin role, users can be permissioned as Password or Launchpad admins.

Scaling

Scaling
Independence of resources The service is hosted on elastic public cloud, provided by Microsoft. This allows RM Education to scale our service in response to increasing and decreasing traffic to ensure a consistent user experience. We continually monitor the latency of common user journeys and scale appropriately to meet user performance expectations.

Analytics

Analytics
Service usage metrics No

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations European Economic Area (EEA)
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach The service is an Identity and Access Management platform used to integrate data sources (LDAP and MISs) and third party online services. As such, it is not a content creation platform holding customer data. The limited data that is held, which is primarily identity data, is available for export by CSV (with the exception of user passwords, on security grounds).
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability RM Education provide an availability SLA of 99.9% within agreed service periods.
Approach to resilience The service is hosted in Microsoft Azure Platform as a Service, a highly resilient base on top of which RM Unify is built. The Azure platform provides high availability guarantees, automated security patching, health monitoring and self-healing services.

Our service is 'cloud native' and deployed as a set of independent fault tolerant services, multiple instances of which run concurrently on Azure. The load is balanced between these multiple instances providing high availability in the event of hardware or software failure. Any repeatedly failing instances are automatically taken out of circulation and a healthy node takes its place.
Outage reporting RM Education publish the service status of RM Unify at http://status.rmunify.com

Customers can subscribe to email or RSS alerts via the status page, providing updates of software patching, deployment and service performance.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels The management functions are restricted to users using role-based access control. On signing up to the service, a single Admin user is created to perform the onboarding of their organisational end users - typically the students and staff of the education institution. Once complete, the Admin can identify the other staff that need the Admin permissions and delegate permissions to these users.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for Between 6 months and 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 Certification Europe
ISO/IEC 27001 accreditation date 04/06/2014
What the ISO/IEC 27001 doesn’t cover Commercial functions.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications Cyber Essentials.

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes RM has the following security policies:
RM Group Security Policy.
Acceptable Usage Policy and Security Guidelines ("AUP").
Backup Policy.
Data Classification and Handling.
Data Protection.
CCTV Policy & Guidelines.
Cryptographic Policy.
Incident Reporting Management & Forensic Readiness.
Legislative Compliance (Security) Policy.
Physical Access.
Protective Monitoring.

All staff are required to read and acknowledge the AUP on an annual basis, as well as having security clauses in their contracts.

Core functions, e.g. IT and HR, are subject to regular internal and external audit.
There is a network of Local Security Officers and the Group Security and Business Continuity Committee monitors compliance with polices.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach The development and operations of RM Unify is governed by ISO 27001:2013 processes, which document our change process. All software changes are communicated to customers proactively through the service status, and fully documented for end users via a blog and release note.

As a cloud service developed according to an agile methodology, changes are made to the service with predictable frequency, usually every 4 weeks. Throughout this cycle, infosec evaluation takes place and appropriate actions and mitigations are made.
Vulnerability management type Supplier-defined controls
Vulnerability management approach The service is automatically security patched for OS and web server vulnerabilities monthly, mitigating many threats. In addition RM Education use a CHECK certified third party to annually perform a deep web application security test covering vulnerability scanning, service configuration and the software itself. For high-stake areas of functionality additional independent peer review is sought from our security partner.
Protective monitoring type Supplier-defined controls
Protective monitoring approach The service itself is build on top of Microsoft Azure Platform as a Service and as such all compute nodes (VMs) are rebuilt from scratch with every software release. This brings a number of benefits, one of which being the removal of any Advanced Persistent Threats (APTs). RM Ops monitor traffic from web server logs to identify traffic anomalies and identify threats to the service.
Incident management type Supplier-defined controls
Incident management approach All security incidents are reported on an internal logging system. The log records nature and impact of incident, as well as potential preventative measures. All reported incidents are reviewed by senior management and evaluated at either divisional or Group security forums. Major security incidents would be managed according to a defined major incident management process.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £0 to £1495 per licence per year
Discount for educational organisations No
Free trial available Yes
Description of free trial RM Unify Basic is a free service offering restricted functionality for an indefinite period. Full detail rm.com/products/rm-unify

Documents

Documents
Pricing document View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑