Exponential-e Ltd

Remote Access as a Service

Organisations require secure remote access mechanisms connecting users to infrastructure, applications and networks aligning to Government and Industry standards .We provide Remote Access (RAS) Encryption, Identity Management and Data flow controls using;

1. Encrypted Data
2. Certificate Authority URL verification
3. 2-Factor authentication
4. Endpoint control

Features

  • Remote Access over Internet: Broadband, 3/4G, corporate, public hotspot
  • Virtual Private Network based security using strong encryption
  • Stand Alone or Customer Active Directory Integration
  • Multi-Factor Authentication for strong data and access controls
  • Works with TLS and SSL based applications
  • Connects users to Corporate, WAN, LAN and HSCN services
  • Aligns to NCSA 10 Security Principles, meets ISO27001 and CAS(T)
  • Web based client options with low device footprint
  • Integrated Network Admission Control (NAC) options
  • Self Service password reset and tiered user management

Benefits

  • Enables mobile and home working
  • Increases productivity allowing access to sensitive data securely
  • Provides in-flight data security and integrity
  • Enables security goverance and compliance to government standards
  • Allows cost effective access to services of a sensitive nature
  • Simplifies data and process auditing
  • Flexible Access Control and Identify management to adjust to requirements
  • Provides scalability without upfront investment
  • Reduces time to deliver and project complexity
  • Provides Peace of Mind

Pricing

£8.50 per user per month

Service documents

Framework

G-Cloud 11

Service ID

2 8 6 6 9 9 8 2 7 3 2 5 2 9 3

Contact

Exponential-e Ltd

Kay Sugg

02034358835

psbids@exponential-e.com

Service scope

Service constraints
The service may be subject to planned maintenance outages, customers may be required to upgrade components on-line (in line with security best practice).

The service may preclude the use of previously acceptable weak security practices.

When used in conjunction with Public Sector Networks such as the HSCN, some use cases will also need to align to those network standards.

Legacy versions of Windows, OSX and Android may not be supported
System requirements
  • A compatible opperating system such as windows
  • Hardware meeting Windows 7 or better CPU/RAM specification
  • An Internet connection
  • Local Firewall eg.Bitdefender (Network Access Control only)
  • Disk Encryption eg. Bitlocker (Netowork Access Control only)
  • Anti Virus Software

User support

Email or online ticketing support
Email or online ticketing
Support response times
1 Hour
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
99.9% availability
24x7 operation
We may provide a technical account manger based on size of requirement.
Support available to third parties
No

Onboarding and offboarding

Getting started
We provide a product description, product manual and quick start guidance.

We may provide onsite training and additional documentation at cost

Project management, co-ordination, integration services and data security audits are available at cost should they be needed.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
The system holds Meta-Data only and not data therefore this is not applicable
End-of-contract process
The price includes the basic connectivity service with a soft token, priced on a per user basis.

Optional extras will be charge accordingly and can include;

1. Multi-factor authentication
2. Hard Tokens
3. Network Admission Control
4. Customisation of User experience
5. Single Sign-on

Using the service

Web browser interface
Yes
Using the web interface
Users are added to the system via a web portal and can use a number of mechanisms including a Comma Separated List (CSV), manual user addition, AD Join and other mechanisms.

User interaction with the web interface is provided using Role Based Security profiles and allows users management capabilities ranging from Admin to Self-Service depending on the given profile.

Users may make changes via the Web portal via the internet and only via a supported browser using a secure (SSL/HTTPS) transport.
Web interface accessibility standard
None or don’t know
How the web interface is accessible
TBA
Web interface accessibility testing
TBA
API
No
Command line interface
No

Scaling

Scaling available
Yes
Scaling type
  • Automatic
  • Manual
Independence of resources
This is maintained via contractual mechanisms
Usage notifications
No

Analytics

Infrastructure or application metrics
Yes
Metrics types
Other
Other metrics
  • Log on
  • Active users
  • Historical audit
Reporting types
Real-time dashboards

Resellers

Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
Microsoft, Fortigate, Okta, Symantec

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations
No
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Hardware containing data is completely destroyed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery
No

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
TBA
Approach to resilience
Available on Request
Outage reporting
Dashboad and email

Identity and authentication

User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google apps)
  • Username or password
Access restrictions in management interfaces and support channels
Password, User, Role and 2Factor Authentication for front end systems.
Separate Management LAN where apropriate
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Devices users manage the service through
Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Less than 1 month
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
Less than 1 month
How long system logs are stored for
Less than 1 month

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
BSI
ISO/IEC 27001 accreditation date
13/04/2018
What the ISO/IEC 27001 doesn’t cover
Not applicable
ISO 28000:2007 certification
No
CSA STAR certification
Yes
CSA STAR accreditation date
13/04/2018
CSA STAR certification level
Level 3: CSA STAR Certification
What the CSA STAR doesn’t cover
Not applicable
PCI certification
Yes
Who accredited the PCI DSS certification
Blackmores UK
PCI DSS accreditation date
19/3/2019
What the PCI DSS doesn’t cover
Hosting Provider – Applications, Storage, Security Services, shared hosting, Online Hosting, Managed Services – System Security, IT Support, Backup, Cloud Services Payment Processes – All payment services
Other security certifications
Yes
Any other security certifications
CAS(T) NCSC-264868406-1689

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
The security of our Network is fundamental to our business and have implemented a wide range of security measures. Our network has undergone rigorous security assessments - undertaken by BSI - and has achieved ISO 27001 (tested every six months) and PCI-DSS (tested annually) certifications to ensure security standards. Most recently we became accredited to CAS-Telecommunications by the National Cyber Security Centre (NCC). This certifies our Connectivity (Smartwires - WAN, VPLS, Internet) and augments our HSCN status for Public Sector contracts. Exponential-e were the first HSCN Stage 2 supplier to also have attained CAS-T, and are actively progressing to Stage 3 accreditation. To become accredited, NCC had to conduct an IT Health Check across our Network and all Engineers were “CHECK” approved. The test took 25 days.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Available on Request
Vulnerability management type
Undisclosed
Vulnerability management approach
Available on Request
Protective monitoring type
Undisclosed
Protective monitoring approach
Available on Request
Incident management type
Undisclosed
Incident management approach
Available on Request

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
No

Energy efficiency

Energy-efficient datacentres
Yes
Description of energy efficient datacentres
TBA

Pricing

Price
£8.50 per user per month
Discount for educational organisations
No
Free trial available
No

Service documents

Return to top ↑