Enterprise Mobility Management - UEM - Teamwire / Workspace ONE / MobileIron
Mobility management provided as a service using VMWare/Airwatch/MobileIron/MDM software. Deployed on-prem, from VMWare/Airwatch/MobileIron cloud, FLEX private cloud and managed as a service for you to administer devices from a single console, or have the service fully managed for you. App Store,PSN remote working, in-tune onboarder EMM migration. UK Hosted Offical-sensitive
Features
- Mobile Device Management (MDM / UEM)
- Mobile Application Management (MAM)
- Mobile Content Management (MCM)
- Secure email
- Secure browsing
- Management and compliance reporting
- Cell usage reporting
- in-tune onboarder EMM migration tool
- UK Hosted
- Teamwire
Benefits
- Maintain oversight of CYOD / COPE mobile device fleet
- Provide access to organisation's services for BYOD devices
- Secure data from private network to wireless enabled mobile devices
- App Store
- PSN
- EMM migration
- Offical Sensitive classification
- Teamwire secure messaging
Pricing
£8.57 to £216 a device a year
Service documents
Request an accessible format
Framework
G-Cloud 10
Service ID
2 4 8 5 2 4 0 4 9 5 8 3 0 7 3
Contact
Nine23
Stuart McKean
Telephone: +44 (0) 23 8202 0300
Email: gcloud@nine23.co.uk
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Private cloud
- Service constraints
- No service constraints yet identified.
- System requirements
-
- System outline will be discussed with client
- No pre-conditions or extra licences required outside the service
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- A response will be given within 15 minutes of service requests during business hours.
- User can manage status and priority of support tickets
- No
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- No
- Onsite support
- Onsite support
- Support levels
- We provide a standardised SLA for clients to ensure the service is understood by you, and is sufficiently supported by our engineers. You will be able to interact directly with engineers who know your account and can deal with issues directly without having to first negotiate an unskilled Helpdesk.
- Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- Clients can follow documentation on how to initiate and start receiving our services. This can be augmented with training onsite, or delivered remotely. We deliver a standardised service, honed during deliveries to existing public sector clients, meaning a low risk and swift deployment without unexpected consultancy costs.
- Service documentation
- Yes
- Documentation formats
- End-of-contract data extraction
- Client will provide secure physical media to Nine23, which will then be populated with the specified client data and returned to the client.
- End-of-contract process
- The client will have extracted the data they need to keep for archive or transition purposes. Any managed devices are taken off management which will wipe enterprise and managed data from the devices. The client is then free to undertake any disposal requirements that may be stipulated under IS5. Hosted areas are then made inaccessible to the internet and deleted. This is all provided without cost to the client. Any additional services will be charged based on the day rates on our SFIA rate card.
Using the service
- Web browser interface
- No
- Application to install
- Yes
- Compatible operating systems
-
- Android
- IOS
- MacOS
- Windows
- Windows Phone
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- Limited feature differences from wireless devices but usefulness of service for devices fixed in place and on known, secured, networks is limited.
- Accessibility standards
- WCAG 2.0 AA or EN 301 549
- Accessibility testing
- Nil
- API
- No
- Customisation available
- Yes
- Description of customisation
- Customisation is based on discussion of client requirements for the service.
Scaling
- Independence of resources
- Technical separation of resources to client areas is achieved at virtualisation level so that one client is not competing for the same resources as another; client areas are independent private clouds so processing is not shared. Our ITIL aligned service processes have defined scaling markers to ensure the service team is not short-staffed.
Analytics
- Service usage metrics
- Yes
- Metrics types
- Service usage and performance statistics are provided as regular reports outlined in the SLA. These include but are not limited to numbers of users/devices, volume of traffic, requests within and outside compliance from end users, and system performance metrics.
- Reporting types
- Regular reports
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Conforms to BS7858:2012
- Government security clearance
- Up to Developed Vetting (DV)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- No
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- ‘IT Health Check’ performed by a CHECK service provider
- Protecting data at rest
- Physical access control, complying with CSA CCM v3.0
- Data sanitisation process
- Yes
- Data sanitisation type
- Explicit overwriting of storage before reallocation
- Equipment disposal approach
- In-house destruction process
Data importing and exporting
- Data export approach
- Data able to be extracted through the administration interface will be taken by client before the service is closed. Other data may be passed to the client in their requested format for additional cost based on the requirement.
- Data export formats
- CSV
- Data import formats
- CSV
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- Private network or public sector network
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
Availability and resilience
- Guaranteed availability
- We provide SLAs to each client outlining the expected availability of each service. Unplanned outages that lead to decreased availability from the levels set out in the SLAs lead to credits on those services during the next period.
- Approach to resilience
- Architectural resiliency is designed into the hosted environment and is backed by the Tier 3+ UK Data Centre. Details can be given to clients upon request.
- Outage reporting
- Email alerts to nominated client representatives, with quantitative and qualitative detail.
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Dedicated link (for example VPN)
- Username or password
- Access restrictions in management interfaces and support channels
- We restrict management interface access to known personnel on known devices that are authenticated with 2FA and connect via VPN to secured management hosts with limited permissions.
- Access restriction testing frequency
- At least once a year
- Management access authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Dedicated link (for example VPN)
- Username or password
Audit information for users
- Access to user activity audit information
- Users receive audit information on a regular basis
- How long user audit data is stored for
- Between 1 month and 6 months
- Access to supplier activity audit information
- Users receive audit information on a regular basis
- How long supplier audit data is stored for
- Between 1 month and 6 months
- How long system logs are stored for
- Between 1 month and 6 months
Standards and certifications
- ISO/IEC 27001 certification
- No
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Other security certifications
- Yes
- Any other security certifications
- Government Ministries' accreditations at OFFICIAL-SENSITIVE (available on request)
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- Other
- Other security governance standards
- Independently tested and accredited by existing government clients. References available on request.
- Information security policies and processes
- We apply NCSC and industry best practice to ensure 14 Cloud Security Principles are applied during design, deployment, operation, and decommission. We provide IS1&2 compliant RMADS and maintain our own Security Management Plan which is integral to our ISO9001 accreditation, which is independently audited every year.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
- Services are configured and documented for reference. Changes are initiated with internal or external requests that start a Change Acceptance Process, during which the business imperative, security risks, user impact, and costs are considered. A lightweight process is adopted for agility of service, but If necessary, a full security impact assessment is undertaken and when the requisite authorisations are received, the change is effected and documentation updated.
- Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
- We subscribe to a number of vulnerability and threat monitoring agencies including the NCSC threat newsletter. A baseline patching process is maintained monthly for all services, and emergency responses to critical threats are evaluated and actioned appropriately.
- Protective monitoring type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Protective monitoring approach
- Our protective monitoring tools examine SIEM data from our platform and client areas, including GPG13 compliant reporting. Incidents are responded to based on the severity of the event and can be immediate notification to clients to allow fixes to be effected straight away.
- Incident management type
- Supplier-defined controls
- Incident management approach
- Our SyOPs and Security Management Plan outline procedures for incident management and reporting. Our SMP is aligned with ISO27k controls and verified by a CCP qualified IA lead.
Secure development
- Approach to secure software development best practice
- Conforms to a recognised standard, but self-assessed
Public sector networks
- Connection to public sector networks
- Yes
- Connected networks
-
- Public Services Network (PSN)
- Police National Network (PNN)
- New NHS Network (N3)
- Joint Academic Network (JANET)
Pricing
- Price
- £8.57 to £216 a device a year
- Discount for educational organisations
- No
- Free trial available
- No