RM Unify is a true single sign on identity and access management service. It delivers an App Library, Launch Pad and Management Console to users through any browser, on any device. There are full network integration options for MIS and AD user management and provisioning. Onboarding/offboarding section details exit plan.
- User provisioning from CSV, AD and or MIS
- Network provisioning from MIS
- o365 and G suite Group provisioning from MIS
- Desktop and web single sign on
- Full SSO for either o365, G Suite of both simultaneously
- One click Launch Pad provisioning from the App Library
- User password management
- MIS sync to AD for rich user data
- Parent account provisioning
- App Library featuring 'safe for education' Apps
- Anytime, anywhere learning. Access everything though the web
- Always up to date. No local software installs.
- Flexible and scalable. School, Multi-Academy Trust, School District
- True Single Sign On. Platforms (o365 and GSuite) and apps
- Time saving. Automated user provisioning, de-provisioning and management
- Cost saving. App, Device and Platform (0365 and GSuite) management
- Data Security and Management. App data share reporting.
- Customisable for school, user, group and individual
- Network Management. AD Synch and desktop SSO
- Ever evolving and growing. Dynamic roadmap and development.
£0 to £1495 per licence per year
- Free trial available
RM Education Ltd
|Software add-on or extension||Yes, but can also be used as a standalone service|
|What software services is the service an extension to||RM Unify integrates with a large number of 3rd party apps by design enabling SSO functionality and general user management. RM Unify provide IAM to a number of RM products including RM Safetynet, RM Buzz, RM Finance and RM Integris.|
|Cloud deployment model||Public cloud|
|Email or online ticketing support||Yes, at extra cost|
|Support response times||
Mon-Fri 8am-6pm - 2 hour response
Sat-Sun - closed
|User can manage status and priority of support tickets||Yes|
|Online ticketing support accessibility||WCAG 2.0 A|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
Basic - access to online RM Knowledge Library only. Cost - free.
Premium - all the above. Cost - £745 (<500 users) - £1495 (>500 users) annually.
Up to third-line level support, with a remote access service provided by RM to resolve issues where appropriate (Premium only).
|Support available to third parties||Yes|
Onboarding and offboarding
|Getting started||User have access to a support portal to reach quick start guides and technical help. In addition users have access to video guides to key features via a dedicated YouTube channel.|
|End-of-contract data extraction||RM Unify acts as a data conduit and not a data producer. The service is an Identity and Access Management platform used to integrate data sources (LDAP and MISs) and third party online services. As such, it is not a content creation platform holding customer data. The limited data that is held, which is primarily identity data, is available for export by CSV (with the exception of user passwords, on security grounds).|
|End-of-contract process||Due to the lack of data in the service there is no off-boarding service built into the standard contract. Support channels however are designed to assist customers in such circumstances.|
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||None|
|Accessibility standards||WCAG 2.0 AA or EN 301 549|
|Accessibility testing||The Shaw Trust, a charitable independent body, is used to ensure that compliance with WCAG AA is met.|
|What users can and can't do using the API||The service has numerous APIs allowing third parties to extend our platform as required by customers. The service supports a variety of data sources from local and cloud hosted MIS (Management Information Systems) and customers are free to integrate their own. Third party services can be used to extend the platform, by leveraging data and SSO APIs. The API documentation at http://dev.rmunify.com describes the technical integration required complete with examples in multiple languages. All third party integration is validated by RM Education and data sharing consent is sought from end user administrators for customers that choose to use these integrations.|
|API documentation formats||
|API sandbox or test environment||Yes|
|Description of customisation||
-The Launch Pad is customisable by role e.g. student, teacher, non-teacher. Further customisation options include groups.
- Admins can personalise their Launch Pad with images, themes and messages. Organsisations can have their own unique URL e.g https://yourschoolname.rmunify.com.
- Admins can choose from a range of username formats when provisioning users.
- The login screen can be branded
- There are a number of user provisioning methods to choose from including sourcing from a CSV, Active Directory, a school MIS or direct from the UI.
- In addition to a Super Admin role, users can be permissioned as Password or Launchpad admins.
|Independence of resources||The service is hosted on elastic public cloud, provided by Microsoft. This allows RM Education to scale our service in response to increasing and decreasing traffic to ensure a consistent user experience. We continually monitor the latency of common user journeys and scale appropriately to meet user performance expectations.|
|Service usage metrics||No|
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||Up to Security Clearance (SC)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||European Economic Area (EEA)|
|User control over data storage and processing locations||No|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||‘IT Health Check’ performed by a CHECK service provider|
|Protecting data at rest||
|Data sanitisation process||Yes|
|Data sanitisation type||Deleted data can’t be directly accessed|
|Equipment disposal approach||Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001|
Data importing and exporting
|Data export approach||The service is an Identity and Access Management platform used to integrate data sources (LDAP and MISs) and third party online services. As such, it is not a content creation platform holding customer data. The limited data that is held, which is primarily identity data, is available for export by CSV (with the exception of user passwords, on security grounds).|
|Data export formats||CSV|
|Data import formats||CSV|
|Data protection between buyer and supplier networks||TLS (version 1.2 or above)|
|Data protection within supplier network||TLS (version 1.2 or above)|
Availability and resilience
|Guaranteed availability||RM Education provide an availability SLA of 99.9% within agreed service periods.|
|Approach to resilience||
The service is hosted in Microsoft Azure Platform as a Service, a highly resilient base on top of which RM Unify is built. The Azure platform provides high availability guarantees, automated security patching, health monitoring and self-healing services.
Our service is 'cloud native' and deployed as a set of independent fault tolerant services, multiple instances of which run concurrently on Azure. The load is balanced between these multiple instances providing high availability in the event of hardware or software failure. Any repeatedly failing instances are automatically taken out of circulation and a healthy node takes its place.
RM Education publish the service status of RM Unify at http://status.rmunify.com
Customers can subscribe to email or RSS alerts via the status page, providing updates of software patching, deployment and service performance.
Identity and authentication
|User authentication needed||Yes|
|Access restrictions in management interfaces and support channels||The management functions are restricted to users using role-based access control. On signing up to the service, a single Admin user is created to perform the onboarding of their organisational end users - typically the students and staff of the education institution. Once complete, the Admin can identify the other staff that need the Admin permissions and delegate permissions to these users.|
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||At least 12 months|
|Access to supplier activity audit information||Users contact the support team to get audit information|
|How long supplier audit data is stored for||At least 12 months|
|How long system logs are stored for||Between 6 months and 12 months|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||Certification Europe|
|ISO/IEC 27001 accreditation date||04/06/2014|
|What the ISO/IEC 27001 doesn’t cover||Commercial functions.|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||Yes|
|Any other security certifications||Cyber Essentials.|
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||ISO/IEC 27001|
|Information security policies and processes||
RM has the following security policies:
RM Group Security Policy.
Acceptable Usage Policy and Security Guidelines ("AUP").
Data Classification and Handling.
CCTV Policy & Guidelines.
Incident Reporting Management & Forensic Readiness.
Legislative Compliance (Security) Policy.
All staff are required to read and acknowledge the AUP on an annual basis, as well as having security clauses in their contracts.
Core functions, e.g. IT and HR, are subject to regular internal and external audit.
There is a network of Local Security Officers and the Group Security and Business Continuity Committee monitors compliance with polices.
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||
The development and operations of RM Unify is governed by ISO 27001:2013 processes, which document our change process. All software changes are communicated to customers proactively through the service status, and fully documented for end users via a blog and release note.
As a cloud service developed according to an agile methodology, changes are made to the service with predictable frequency, usually every 4 weeks. Throughout this cycle, infosec evaluation takes place and appropriate actions and mitigations are made.
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||The service is automatically security patched for OS and web server vulnerabilities monthly, mitigating many threats. In addition RM Education use a CHECK certified third party to annually perform a deep web application security test covering vulnerability scanning, service configuration and the software itself. For high-stake areas of functionality additional independent peer review is sought from our security partner.|
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||The service itself is build on top of Microsoft Azure Platform as a Service and as such all compute nodes (VMs) are rebuilt from scratch with every software release. This brings a number of benefits, one of which being the removal of any Advanced Persistent Threats (APTs). RM Ops monitor traffic from web server logs to identify traffic anomalies and identify threats to the service.|
|Incident management type||Supplier-defined controls|
|Incident management approach||All security incidents are reported on an internal logging system. The log records nature and impact of incident, as well as potential preventative measures. All reported incidents are reviewed by senior management and evaluated at either divisional or Group security forums. Major security incidents would be managed according to a defined major incident management process.|
|Approach to secure software development best practice||Supplier-defined process|
Public sector networks
|Connection to public sector networks||No|
|Price||£0 to £1495 per licence per year|
|Discount for educational organisations||No|
|Free trial available||Yes|
|Description of free trial||RM Unify Basic is a free service offering restricted functionality for an indefinite period. Full detail rm.com/products/rm-unify|
|Pricing document||View uploaded document|
|Service definition document||View uploaded document|
|Terms and conditions document||View uploaded document|