Nowcomm Limited

Endpoint 2FA

Passwords alone are not strong enough to protect against unauthorised use of credentials. Multi factor authentication enables users to receive SMS, telephone calls or a push notification to mobile phones.

Features

  • Secondary level of authentication
  • SMS, telephone calls or a push notification to mobile phones

Benefits

  • Protects on premise and cloud applications
  • Trained engineers

Pricing

£2.30 per user per month

  • Free trial available

Service documents

G-Cloud 11

286289306878047

Nowcomm Limited

Corinne Stott

0133 2821106

gcloud@nowcomm.co.uk

Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to Any cloud based application. Can be enabled for endpoint MFA .
Cloud deployment model Hybrid cloud
Service constraints No
System requirements
  • Cloud based or on premise applications
  • Deployment of a virtual machine if on premise infrastructure exists

User support

User support
Email or online ticketing support Yes, at extra cost
Support response times Questions are all acknowledged within 5 minutes and depending on the priority are responded to from 5 minutes when it is priority 1, to 8 hours with a priority 4 ticket
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Yes, at extra cost
Support levels There are 4 main support levels which Nowcomm offer which can be stacked to create the best fit for your organisation. Nowcomm’s Service Desk operates 24*7. 1) Remote Service Desk - providing technical assistance, advice and guidance. 2) Break Fix Support - providing minor software patches and upgrades. Our engineering resources can either be remote or onsite. 3) Monitoring Service - providing proactive monitoring of devices with downtime alerts. 4) Managed Service - providing Moves, Adds, Changes and Deletes, monthly backups and storage, vulnerability scanning, patching and monthly reporting.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Nowcomm onboards customers by gathering all key information required to bring the service live. All system information and supporting documentation is developed and distributed to the customer as part of the onboarding process. Detailed design documentation is derived from this initial documentation. The detailed design is agreed and signed off by both parties prior to implementation.
A full copy of the system documentation is provided following user acceptance testing.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction Data is provided upon request by Nowcomm once the contract has ceased. The tenant will be deleted following sign off from the customer. Some customers may want to retain read only copies of some data, this can be arranged following conversations with our technical team.
End-of-contract process All Software functionality is provided for the duration of the contract with Nowcomm. Once the contract has ceased, the organisation will be off - boarded, information securely deleted from the Nowcomm database, and tenant is removed at no extra cost. Bespoke off-boarding requirements can be purchased via "Nowcomm Specialist Cloud Consultancy Services".

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service None
Accessibility standards WCAG 2.1 AAA
Accessibility testing Testing performed by vendor
API Yes
What users can and can't do using the API The auth API is a low level restful API for adding strong two factor idenfication to your website or application. Please refer to the 2 factor SaaS solution guide for full details.
API documentation Yes
API documentation formats
  • HTML
  • PDF
API sandbox or test environment No
Customisation available Yes
Description of customisation Users can customise the branding for the solution by importing their own company logo and graphics.

Scaling

Scaling
Independence of resources Nowcomm are authorised MSP resller of the global Duo Platform so organisations are not at service risk. Duo hold a validated design guide detailing configuration maximum's and minimums to enable customers to scale from small to large enterprise deployment. Nowcomm have a mature staff scaling strategy enabling a response to the demands of our clients from small to enterprise scales.

Analytics

Analytics
Service usage metrics Yes
Metrics types Standard usage metrics include number of users on the platform, number of authentications and type, location of authentication and policy adherence reporting. Summary or detailed monthly reports can be provided for an extra cost.
Reporting types Reports on request

Resellers

Resellers
Supplier type Reseller providing extra support
Organisation whose services are being resold Duo

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach In-house
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach Data can be exported at request from the Nowcomm Support Team
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability 99.999%
Approach to resilience Available on request
Outage reporting Email and portal alerts

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels All management interfaces are made available via the management VLAN only.
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications Cyber Essentials

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach Nowcomm is a Cyber Essentials Certified organisation and follows the processes set out within it. Nowcomm are actively working towards Cyber Essentials Plus and 27001 and operates within the guidelines set out.
Information security policies and processes Nowcomm follow the processes from Cyber Essentials as well as key processes and procedures from 27001, 9000 and 14001.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach All changes and configuration management follow ITIL V3 best practice.
Vulnerability management type Supplier-defined controls
Vulnerability management approach All external facing services are subject to monthly vulnerability scans. Patching takes place monthly with emergency patching taking place within 1 week of the vulnerability detection. In extreme circumstances and to protect the security of the organisation and customer, Nowcomm will patch on the same day. Vulnerability information is obtained from Cisco's TALOS platform and Cisco TAC. We use independent feeds using QUALSYS scanning engine, correlating all known CVE's, enabling us to establish impact for all managed assets scanned by the platform. Further support can be purchased under the "Nowcomm Monitor, Manage, Support and Optimise" GCloud service.
Protective monitoring type Undisclosed
Protective monitoring approach All external facing services are subject to monthly vulnerability scans. Patching takes place monthly with emergency patching being performed within 1 week of the vulnerability detection. In extreme circumstances and to protect the security of the organisation and customer, Nowcomm may patch on the same day. Vulnerability information is obtained from Cisco's TALOS platform and Cisco TAC. We use independent feeds using QUALSYS scanning engine, correlating all known CVE's, enabling us to establish impact for all managed assets scanned by the platform. Further support can be purchased under the "Nowcomm Monitor, Manage, Support and Optimise" GCloud service.
Incident management type Supplier-defined controls
Incident management approach Incidents are logged with a unique case reference number and tracked from triage through to resolution via our service desk platform. We have pre-approved processes / changes for certain tasks, however day to day operation is bespoke per customer and may change depending on the organisation’s needs. Users can report incidents via email, web or telephone. Reports are provided via email upon request. Major incident reports are provided within 48 hours of the incident resolution. Updates available upon request. All service management follows ITIL best practice.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £2.30 per user per month
Discount for educational organisations No
Free trial available Yes
Description of free trial 30 day trial, full features

Service documents

pdf document: Pricing document pdf document: Skills Framework for the Information Age rate card pdf document: Service definition document pdf document: Terms and conditions
Service documents
Return to top ↑