Exponential-e Ltd

Data-loss Security (SecureCircle)

Secure Circle protects data regardless of where it is created, consumed and stored without impacting the end user. Secure Circle follows data, automatically securing all derivative works, and providing a complete audit-able log satisfying many regulatory compliance requirements.


  • Data protection at rest, in use and in transit
  • Data protection on third party cloud solutions
  • No network overhead
  • Easy to install
  • Easy to set-up and administer


  • Data-centric 1st line of defence
  • Protects data at rest, in transit, and in use
  • Protection automatically follows the content
  • Mitigates both external and internal threat vectors
  • Cost savings through operational efficiency
  • Helps to fulfil many data compliance
  • Data is always protected by default requirements
  • Provides a comprehensive, auditable sys-log output


£10 per user per month

  • Education pricing available
  • Free trial available

Service documents

G-Cloud 11


Exponential-e Ltd

Kay Sugg



Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to Dropbox, Salesforce, Onedrive etc.
Cloud deployment model
  • Public cloud
  • Private cloud
  • Hybrid cloud
Service constraints N/A
System requirements
  • Network connectivity between cloud/s
  • Access to Admin console with administration rights etc
  • Installation of appliances via pre-configured containerisation to the cloud
  • On-premise or VMware platform

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Normal response times are within 24 hours – 7 Days a week (Business hours are
8.30am to 5.30pm) of a support call / trouble ticket being raised. Escalation procedures
are applied due to the severity of the issue. Bespoke SLA's are negotiable for custom
Support. Support is via phone, email or online.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), 7 days a week
Web chat support No
Onsite support Yes, at extra cost
Support levels First line Support for SecureCircle is via phone, email, online account. Support Desk
access from 8.30 a.m. to 5.30p.m. local time, Monday through Friday. When a trouble
tickets is opened, it will be acknowledged by electronic mail and /or via online account
access. Response as follows: Severity 1: 1 business hour Severity 2: 4 business hours
Severity 3: 8 business hours Severity 4: 12 business hours For cases received outside
the 12-hour local-time window, we will respond no later than the next business day.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Provision of various sources of on-boarding assistance including,
remote tutoring, professional service installation and location
specific training are all supported by excellent online and printed
documentation and resources.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction The Secure Circle solution doesn’t require any end of contract data
extraction as no data is held.
End-of-contract process The SecureCircle application is simply uninstalled and/or Circle of
trust, users and or devices are deleted.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
Application to install Yes
Compatible operating systems
  • Android
  • IOS
  • Linux or Unix
  • Windows
Designed for use on mobile devices Yes
Differences between the mobile and desktop service All functionality remains the same.
Service interface Yes
Description of service interface Via web browser link to Secure Circle console.
Accessibility standards None or don’t know
Description of accessibility Not known
Accessibility testing Not applicable.
Customisation available No


Independence of resources Each instance is stand-alone and is bespoke to each customer.


Service usage metrics Yes
Metrics types This is reported via associated SIEM platforms for network logs
and installed LDAP services for Directory Management reports.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Reseller (no extras)
Organisation whose services are being resold Secure Circle

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations No
Datacentre security standards Supplier-defined controls
Penetration testing frequency At least once a year
Penetration testing approach In-house
Protecting data at rest Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach In-house destruction process

Data importing and exporting

Data importing and exporting
Data export approach We do not hold data.
Data export formats Other
Other data export formats Not applicable- no data held
Data import formats Other
Other data import formats Not applicable - no data held.

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks Other
Other protection between networks SecureCircle encrypts a client’s data and is
protected in transit at rest and in use between
Data protection within supplier network Other
Other protection within supplier network Not applicable - data does not travel through our network.

Availability and resilience

Availability and resilience
Guaranteed availability SecureCircle operates at a 99% plus service rate. The solution once installed within an organisation / as a SaaS Service and with all suitable devices authorised to open encrypted data, runs in the background. All activity is logged from a network level and alerts and alarms notify of issues subject to applied policies (Security / Business).
Approach to resilience Information available on request.
Outage reporting This is reported via client’s associated SIEM platforms for network logs and
actions taken to report issues in line with Support Levels.

Identity and authentication

Identity and authentication
User authentication needed No
Access restrictions in management interfaces and support channels SecureCircle doesn’t require user authentication as this is applied at an authorised administration level internally within an organisation to match security policy.
Access restriction testing frequency At least once a year
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification Yes
Who accredited the PCI DSS certification Blackmores UK
PCI DSS accreditation date 19/3/2019
What the PCI DSS doesn’t cover Hosting Provider – Applications, Storage, Security Services, shared hosting, Online Hosting, Managed Services – System Security, IT Support, Backup, Cloud Services
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes SecureCircle operates an ISO Quality Management System aligning
internal security information policy and process. As the solution
encrypts an organisations data by access, all personal, sensitive,
critical and business data that an organisation has, is unchanged.
SecureCircle is a proactive solution that works with an organisations
security policy and Data Protection Legislation, as well as
demonstrable compliance with the likes of GDPR.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach This is operated by the client or SaaS service provider and
reflected in the delivery of encryption of data via associated
SIEM platforms and /or installed LDAP services and key
management systems.
Vulnerability management type Supplier-defined controls
Vulnerability management approach This is operated by the client or SaaS service provider and
reflected in the delivery of encryption of data via associated
SIEM platforms and /or installed LDAP services and key
management systems.
Protective monitoring type Supplier-defined controls
Protective monitoring approach This is operated by the client or SaaS service provider and
reflected in the delivery of encryption of data via associated
SIEM platforms and /or installed LDAP services and key
management systems.
Incident management type Supplier-defined controls
Incident management approach This is operated by the client or SaaS service provider and
reflected in the delivery of encryption of data via associated
SIEM platforms and /or installed LDAP services and key
management systems.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No


Price £10 per user per month
Discount for educational organisations Yes
Free trial available Yes
Description of free trial Trial and POC available on time agreed basis.

Service documents

pdf document: Pricing document pdf document: Skills Framework for the Information Age rate card pdf document: Service definition document pdf document: Terms and conditions pdf document: Modern Slavery statement
Service documents
Return to top ↑