Six Degrees Technology Group Limited

Mimecast - Email Security, Targeted Threat Protection and Email Business Continuity Service

Our Mimecast service extends traditional gateway security with Targeted Threat Protection that addresses ransomware, impersonation, spear-phishing and other advanced threats. Continuity keeps employees sending/ receiving email even if your email system or Office 365 exchange, has an outage. Our security services eliminates the infrastructure and management requirements for on-premises solutions.

Features

  • Multi layered malware protection against known and zero day threats
  • 100% virus protection; 99% spam protection; 0.0001% spam false positives
  • Immediate enforcement of email security and DLP policies
  • Sandbox email attachments to protect against malicious scripts
  • Transcribe attachments in realtime for 100% safe file to user
  • On click URL scanning protects against good websites turning bad
  • Protection against social engineering attacks like whaling or CEO fraud
  • Always on email continuity from Outlook, Mac, Mobile and Browser
  • Detailed audit, logging and reporting with roles based access control

Benefits

  • Comprehensive email security including malware less social engineering attacks
  • Protect against weaponized attachments and malicious URLs
  • Continuity service with RPO / RTO close to zero
  • SLA backed protection from spam and malware
  • Email and attachment scanning controls and blocks sending sensitive information
  • All features managed through Six Degrees
  • Mimecast plug-in for Outlook and mobile devices
  • Apps available for iOS, Android, Windows Phone and BlackBerry
  • Highly secure and resilient offsite, perpetual email archive

Pricing

£18.40 a user a month

  • Education pricing available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at publicsector.sales@6dg.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

2 7 1 9 5 9 0 6 0 0 7 0 3 3 8

Contact

Six Degrees Technology Group Limited Rob Walton
Telephone: 07813303485
Email: publicsector.sales@6dg.co.uk

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
Exchange, Office 365, G-Suite
Cloud deployment model
Private cloud
Service constraints
Package option M3R supports inbound, outbound and internal email flow. Data can be retained for 58 days or 1 year. Greater than 1 year requires a full implementation of Mimecast Archive and tools such as M3RA.
System requirements
  • The core service does not have any system requirements
  • Various add on product require certain Outlook Pre requisites.

User support

Email or online ticketing support
Email or online ticketing
Support response times
Six Degrees has a 30 minutes first response SLA for Priority 1 incidents logged via our service desk. This is 1 hour for Priority 2 incidents.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 A
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
Web chat
Web chat support availability
24 hours, 7 days a week
Web chat support accessibility standard
WCAG 2.1 A
Web chat accessibility testing
None.
Onsite support
Yes, at extra cost
Support levels
* Platinum Support = 24x7 telephone support. Email support via business hours. Bi Annual service reviews. Immersion and early adopter access.
* Gold = 24x7 telephone support. Email support via business hours. Prioritised support for P1 issues. Annual service review
* Silver Success = Telephone, online and email support during working hours (8am - 6pm).
* Bronze Success = Online and email support during working hours (8am - 6pm).
Support available to third parties
Yes

Onboarding and offboarding

Getting started
On boarding – Connect Application, managed by Six Degrees.
Service documentation
Yes
Documentation formats
HTML
End-of-contract data extraction
All customer data is deleted from the Mimecast Cloud service. Off Boarding is managed and supported by Six Degrees with Mimecast support if required.
End-of-contract process
Gateway services would cease to function. Customer data is retained until data extraction is complete.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
Yes
Compatible operating systems
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
  • Windows Phone
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
None
Service interface
Yes
Description of service interface
Users can raise support tickets and change requests etc. through Six Degrees' online customer portal, which is provided via our chosen IT Service Management tool.
Single Web Based Administration console allowing access to all required controls and settings.
Accessibility standards
WCAG 2.1 A
Accessibility testing
None.
API
Yes
What users can and can't do using the API
Update polcies, users, block lists, integrate with 3rd party systems such as SIEM and SOAR. There is a wide range of functionality offered via the API, this detail can be found on the below link. - https://www.mimecast.com/developer/
API documentation
Yes
API documentation formats
HTML
API sandbox or test environment
No
Customisation available
Yes
Description of customisation
Branding, various policies, settings, notifications, email signatures and disclaimers, authentication requirements options.

Scaling

Independence of resources
There are a number of operational level agreements that include acceptable response times for search as an example. As well as a number of service level agreements.

Analytics

Service usage metrics
Yes
Metrics types
Emails processed, rejected emails, and communication flows; for outbound, inbound and internal, as well as email bandwidth and rejected traffic; sent, rejected, and the data volumes being transmitted.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
Mimecast

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Other
Other data at rest protection approach
Customer's archived data is encrypted at rest using AES256 bit encryption. Each customer is assigned a unique encryption key generated though a FIPS 140-2 aligned crypto library which is stored securely in a centralized key management system and used to encrypt data written to storage or decrypt data read from the storage grid. The Customer's encryption key is further encrypted with a master key stored within a centralized and restricted key management system.
Data sanitisation process
Yes
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Mimecast provides exgestion/extraction services along with the ability for administrators to export content directly from the Administration Console in pdf, csv or xls and Emails and attachments can be exported from the Archive in Zipped EML or PST formats.
Alternatively managed by Six Degrees via secure FTP download or the provision of an encrypted disk.
Data export formats
  • CSV
  • Other
Other data export formats
  • PST
  • EML
Data import formats
  • CSV
  • Other
Other data import formats
  • EML
  • XLS

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Other
Other protection between networks
TLS Encryption (version 1.2 or above), A combination of TLS, SSL (HTTPS), LDAPS, SMTPS is used as well to secure all types of data in transit.
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Other
Other protection within supplier network
TLS Encryption, encryption of data at rest, encryption of all physical media, physical access controls.

Availability and resilience

Guaranteed availability
Email Delivery Credit Fee
<100% but >=99% 10%
<99% but >=98% 20%
<98% but >=97% 30%
<97% but >=96% 40%
<96% 50% and Customer may terminate the Agreement and receive a pro-rata refund of any unused pre-paid fees.
https://www.mimecast.com/globalassets/documents/termsandconditions/sla_and_support_terms.pdf
Approach to resilience
The platform is completely resilient with data replicated across diverse physical locations ensuring no single points of failure.
Outage reporting
Via the administration centre or via your service delivery manager as part of the standard Six Degrees service reporting process.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
  • Other
Other user authentication
Users may interact with an authentication form requring username and password input and optionally a second factor. Integrated Windows Authentication requires no interaction by the end user. Public key authentication usually requires no interaction by end users. SAML can vary based on a customer's own deployment as this is a third party product brokering the authenticaiton but usually SAML products primarily authenticate using username and password prompt.
Access restrictions in management interfaces and support channels
The management interface is granular in allowing access on a per user basis for predefined rights. Authorised users are allowed to log support queries.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Other
Description of management access authentication
Username and password. SMS, EMAIL or Authenticator application supplying the 2nd factor.

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
Certification Europe
ISO/IEC 27001 accreditation date
02/08/2017
What the ISO/IEC 27001 doesn’t cover
ISO covers the email security, continuity and archiving cloud services for the protection of personally identifiable information in the cloud and ISO 27001 is globally recognised as the best framework to demonstrate audited and continual improvement and on-going security management.

The ISO covers the platform in operation and support mechanisms.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
Cyber Essentials

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
Mimecast is accredited with ISO 22301:2012 and ISO 27018:2014 and follows strict policies and procedures to maintain the highest levels of information security.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Stringent change control procures are in place to maintain operational and service level agreements. All changes are fully documented including roll back procedures.
Updates to the service follow a regular schedule and the impact is communicated to relevant parts of the business and customers. Changes to systems that could impact or compromise existing security and control procedures are subject to review by the Mimecast Information Security Team prior to acceptance.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Mimecast reviews vendor security bulletins and utilise the corporate SIEM system to log and identify any possible issues.
The severity of vulnerabilities are assessed on impact vs likelihood and risks are adjusted accordingly for manual analysis and system events. Critical vulnerabilities can be deployed globally throughout the Mimecast infrastructure within minutes.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
The entire platform is monitored 24 x 7 and system and network logs are entered into a centralised system. The monitoring platform provides mealtime information as well as automated alerting.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Six Degrees operate an ITIL aligned incident management process with associated procedures for security related incidents. The process has a clearly defined governance framework, including roles & responsibilities, clear policies and associated KPIs. In escalation Mimecast has a formal Incident reporting process activated by monitoring and staff awareness.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Pricing

Price
£18.40 a user a month
Discount for educational organisations
Yes
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at publicsector.sales@6dg.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.