Academia Ltd

Content Filtering

Academia’s content filter helps protect organisations from Web borne threats and enables the control, monitoring and enforcement of Web acceptable use policies with minimal latency. Anti-malware layers block threats safely away from networks while URL filtering policies and Web traffic quota limits reduce Web misuse and help protect company bandwidth.

Features

  • Fully managed service
  • Granular services for different group/ages of users
  • Detects Threats as they are created
  • Uses context to cut false positives
  • IWF URL Filtering List

Benefits

  • Zero touch deployment and management
  • AD group policies mirrored into filtering services
  • Cuts management overhead through context filtering
  • Automatically enforces your organisations' security policies
  • Changes user behaviour through real-time education
  • Administrators are able to monitor, block or allow access

Pricing

£25 per person per month

  • Education pricing available

Service documents

G-Cloud 9

190373433515910

Academia Ltd

Academia Bids

01992 703900

bids@academia.co.uk

Service scope

Service scope
Software add-on or extension Yes
What software services is the service an extension to We offer full cloud server services to our client base, this includes our UK optical network where we can deliver an ISP optical circuit any where in the UK and connect through our private network, through our content filtering solution onto the internet.
Cloud deployment model Hybrid cloud
Service constraints No constraints on this Highly Available (HA) service.
System requirements
  • An ISP link from us
  • Access to Clients Windows Active Directory or Cloud ADFS

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Our standard Support Service Level Agreements (SLA) are: Priority Critical is within 2 Working Hours, Priority High is within 4 Working Hours, Priority Medium is within 6 Working Hours, Priority Low is within 8 Working Hours.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support Web chat
Web chat support availability 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard None or don’t know
How the web chat support is accessible Our web chat is designed as a pre-sales tool rather than a support mechanism and is linked directly with our sales and pre-sales teams. Our support department utilises team viewer for connecting to clients end machines to resolve any issues, this has a web chat element to it which can be used to chat regarding the current support ticket request.
Web chat accessibility testing None.
Onsite support Yes, at extra cost
Support levels Our standard Support Service Level Agreements (SLA) are: Priority Critical with a 2 Working Hours response to System Down, an error which occurs under normal operating conditions and halts the Client's production operations, prevents the current release or a module thereof from being run or causing substantial damage to the Client's data. Priority High with a 4 Working Hours response to an error which causes severe performance degradation, halting important operational tasks or placing the operation of such tasks at risk - i.e. the failure of a major feature. An error severely degrades a user application where no alternative exists or causes any damage to the Client's data. Priority Medium/Low with a 6/8 Working Hours response to any defect in the current release or any failure of the current release to perform in accordance with, and provide the facilities, function and capacity as set out in the Specification and Operating Documentation, other than a major or serious error. All our support contracts come with a Technical Account Manager including Quarterly Review meetings.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Once we have the optical ISP connection and access to Windows Active Directory and/or Cloud ADFS server, all the configurations come directly from clients group and security policies. During the initial Project Management and Service Delivery kick off meetings, we go into great detail around security policies to make sure that the correct levels of content filtering are applied.
Service documentation No
End-of-contract data extraction All data is securely dealt with to ISO27001, we delete all data and configurations from our cloud environment. All links to Clients' Windows Active Directory or Cloud based ADFS services are broken.
End-of-contract process At the end of the contract, the client has the right to cancel. At this point we can work directly with them or their new supplier; typically if a third party is involved, there new ISP connection becomes the primary line and we are instantly disconnected from the clients' network.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10+
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service If the end users are accessing the internet via internal WiFi linked to our ISP link, all traffic will run across our network, through our content filtering and onto the internet. We also have a mobile 3G SIM card on contract which can connect to inside our private network.
Accessibility standards None or don’t know
Description of accessibility This service is designed so that the user has no visibility of it, all the controls are based around the clients internal security and group policy which is normally ran from Windows Active Directory or other directory service.
Accessibility testing None.
API No
Customisation available No

Scaling

Scaling
Independence of resources Academia's Cloud Services have an uptime greater than 99.9% and is build on VMware virtual technology which auto scales for any peak times. Our 24/7 monitoring solution, 3 data centres and UK optical network work seamlessly together moving workloads around automatically, we have mitigated the risk to almost zero by having resources available with full capacity planning built into all our workflows.

Analytics

Analytics
Service usage metrics Yes
Metrics types Academia are an ISP and can fully configure our management console to be bespoke to the clients requirements; most organisations require a fairly comprehensive report for their compliance officers, which we are happy to tailor to individual needs.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance None

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations Yes
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach In-house destruction process

Data importing and exporting

Data importing and exporting
Data export approach As this service works directly from the clients Windows Active Directory or Cloud ADFS, we don't hold any client data.
Data export formats Other
Other data export formats No client data is held as part of this service
Data import formats Other
Other data import formats We require access to Windows AD or ADFS

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
  • Other
Other protection between networks As an ISP our network is fully protected at all borders to the internet and all our peered network connections are fully protected and monitored. We offer full optical IP solutions to our clients, which are normally tailored to meet the legal and compliance requirements of the vertical market we are serving. As an IWF and LINX member, we undertake every standard required to keep our network and client network separated, working from an everything locked down stand point and only opening ports which are required and used; this is monitored as part of our 24/7 monitoring solution.
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection within supplier network As an ISP our network is fully protected at all borders to the internet and all our peered network connections are fully protected and monitored. We offer full optical IP solutions to our clients, which are normally tailored to meet the legal and compliance requirements of the vertical market we are serving. As an IWF and LINX member, we undertake every standard required to keep our network and client network separated, working from an everything locked down stand point and only opening ports which are required and used; this is monitored as part of our 24/7 monitoring solution.

Availability and resilience

Availability and resilience
Guaranteed availability We offer 99.9% uptime across all Cloud & network services, with credits for service unavailability applied to customer accounts for future use.
Approach to resilience This information is available on request.
Outage reporting A public dashboard is available at status.academia.co.uk, and email alerts are automatically provided to the named contact for each Cloud Server to advise when planned maintenance is to occur that may affect service availability, or when we have detected an issue that affects one or more Cloud Servers in operation.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels Access to restricted in management interfaces and support channels to identified internal users of the systems team. User access is restricted to only the systems they have purchased through a combination of VLAN / VPN / AD authentication and 2FA if required to avoid unwanted cross access to systems, Underlying network infrastructure control is only available to Systems Team members without exception.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 SN Registars (Holdings) Limited
ISO/IEC 27001 accreditation date 28/02/2016
What the ISO/IEC 27001 doesn’t cover All aspects of our system infrastructure and product offerings are covered by our ISO certification.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security accreditations No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation Yes
Security governance standards ISO/IEC 27001
Information security policies and processes Compliance with ISO27001 is a written requirement of employment at our company and is regularly assessed by our in-house auditing team as well as through six monthly externally led audits. We alos operate through the premise of least available privilege for all system users, including a named and vetted system team whose higher level access to systems is fully monitored and subject to 2FA throughout. The systems team report to the Technical Director who is entirely responsible as a Board member for the technical infrastructure. We also operate our entire company systems on the same infrastructure - fully separated from client instances - and as such our company DR and BCP apply to the same infrastructure.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach All system components are subject to 24/7 monitoring for performance and tracked issues, and are proactively replaced if their performance shows signs of future degradation. We also operate an N+N redundant system in most areas, with a fallback to N+1 to avoid a single failure impacting on system availability. Changes are fully assessed for security impact in line with ISO27001 security controls and tested on internal development systems before rollout.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Our technical team are alerted to potential threats directly by our hardware and software partners, and will deploy threat responses immediately based on industry information or detected issues within our infrastructure. Patches are deployed based on the level of threat and impact on our infrastructure - as we operate a fully redundant series of systems, we can inspect the performance as patches are deployed and continue rollout or roll back as needed.
Protective monitoring type Supplier-defined controls
Protective monitoring approach As with all system level impacts, we monitor the system 24/7 to ensure that all operating parameters are within expected levels, and our automated monitoring systems will raise an alert to our systems team if this is not the case. Patches and updates to the system are communicated to all affected users directly and also published on our status page for our cloud servers.
Incident management type Supplier-defined controls
Incident management approach Incidents can be reported to our systems team through our ticketing system and will automatically be raised to priority 1 if a cloud based system is affected. Our team also apply standard processes for the resolution of system issues against a known good backup and rollback procedure. Incident reports - both ongoing and previous - are available through our status page at status.academia.co.uk.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks Yes
Connected networks
  • Public Services Network (PSN)
  • Police National Network (PNN)
  • New NHS Network (N3)
  • Joint Academic Network (JANET)
  • Scottish Wide Area Network (SWAN)
  • Other

Pricing

Pricing
Price £25 per person per month
Discount for educational organisations Yes
Free trial available No

Documents

Documents
Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Terms and conditions document View uploaded document
Return to top ↑