BT One Mobile Secure Access Cloud

Customer facing Secure Socket Layer Virtual Private Network service (SSL-VPN). This allows customers to securely access intranet connected systems and applications.


  • Cloud based SSL VPN service
  • Provides secure access intranet access via the Internet
  • Delivers user traffic directly to BT Connect UK platform
  • Based on Industry-leading SSL VPN technology
  • Device-compliance based access
  • Secure application layer gateway
  • Provides SSL/HTTPS 128-bit or 168-bit encryption
  • Provides client, clientless and browser based access
  • Fully managed service
  • Resilient connections and locations


  • Ensures the right levels of security for all your stakeholders
  • Supports wired, wireless, and remotely connected endpoints
  • Scalable service based on BT Compute virtualised infrastructure
  • Supports virtually all platforms and devices
  • Deliver comprehensive Layer-2 admission control, Layer-3 access control, or both
  • Simple concurrent user price model
  • Moves all operational overheads to BT
  • Protects clouds and networks from unauthorized access


£7.97 per licence

Service documents

G-Cloud 11



Neil Harmes

0800 3288077

Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to BT IP Connect
Cloud deployment model Private cloud
Service constraints The service is accessed by remote end-users from the public internet.

The service has network connectivity to BT core MPLS services (IP Connect Global and IP Connect UK) for termination to the customer WAN services, and for management purposes to an internal IP Connect Global WAN.
System requirements Customer has to be BT IPCG or IPC UK customer

User support

User support
Email or online ticketing support No
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support No
Support levels The following target resolution times are applied:
Priority 1 Incidents - 5 Business Hours Restoration,
Priority 2 Incidents - 12 Business Hours Restoration,
Priority 3 Incidents - 24 Business Hours Restoration,
Priority 4 Incidents - 72 Business Hours Response.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started We support customers IT team to complete initial service configuration and connectivity, however end user implementation is down to customers IT team.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction Data extraction is not applicable to this service
End-of-contract process Virtual SSL servers are deleted and all connectivity is decommissioned.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install Yes
Compatible operating systems
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
  • Windows Phone
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Same service offering supported on both laptop and mobile devices, however for client based access a specific client / app depending on OS being used.
Customisation available No


Independence of resources The system is engineered with resources dedicated to each customer instance, and sized to support the design load in terms of user count and bandwidth.

Each customer implementation is a private cloud, with dedicated virtual server builds(s) and connectivity into the core MPLS networks.

Please refer to the LLD provided.


Service usage metrics Yes
Metrics types Usage on multiple system events, including connection attempts, session counts, platform utilisation.
Reporting types
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance None

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
User control over data storage and processing locations No
Datacentre security standards Supplier-defined controls
Penetration testing frequency At least once a year
Penetration testing approach In-house
Protecting data at rest Other
Other data at rest protection approach Not applicable, we do not support or hold user data at rest.
Data sanitisation process No
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Data export is not applicable to this service.
Data export formats Other
Data import formats Other

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Other
Other protection within supplier network Internal traffic is delivered over VLAN and internal BT connections directly into BT Connect, IP Connect IPCG and/or IPC UK WAN services.

Availability and resilience

Availability and resilience
Guaranteed availability BT SLA Cat D Greater than or equal to 99.80%
Approach to resilience The service is built in a high-availability virtual data centre.

Resilient connections are utilised into the core MPLS network. Resilient locations with inter-location load-balancing may be configured.
Outage reporting Services are monitored 24/7 by the BT support team. Servers generate alarms to indicate outages. Locations are probed routinely to verify reachability.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels The service supports multiple authentication architectures, as defined by the customer.
Access restriction testing frequency At least every 6 months
Management access authentication Other
Description of management access authentication No non-BT parties, customer or otherwise, have access to the management ports of the service

Customers do not have physical access to the management network.

Audit information for users

Audit information for users
Access to user activity audit information No audit information available
Access to supplier activity audit information No audit information available
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 Lloyd's Register
ISO/IEC 27001 accreditation date 20/04/2016
What the ISO/IEC 27001 doesn’t cover Any service element not defined as within the scope of the ISO certification.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications BT SECS SACS

Security governance

Security governance
Named board-level person responsible for service security No
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes ISO 27001 & BT Corporate security policies as defined in BT SECS SACS.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach Product accredited to ISO 27001
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach Product accredited to ISO 27001
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Product accredited to ISO 27001
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Product accredited to ISO 27001

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No


Price £7.97 per licence
Discount for educational organisations No
Free trial available No

Service documents

pdf document: Pricing document pdf document: Service definition document pdf document: Terms and conditions pdf document: Modern Slavery statement
Service documents
Return to top ↑