Exponential-e Ltd

Remote Access as a Service

Organisations require secure remote access mechanisms connecting users to infrastructure, applications and networks aligning to Government and Industry standards .We provide Remote Access (RAS) Encryption, Identity Management and Data flow controls using;

1. Encrypted Data
2. Certificate Authority URL verification
3. 2-Factor authentication
4. Endpoint control

Features

  • Remote Access over Internet: Broadband, 3/4G, corporate, public hotspot
  • Virtual Private Network based security using strong encryption
  • Stand Alone or Customer Active Directory Integration
  • Multi-Factor Authentication for strong data and access controls
  • Works with TLS and SSL based applications
  • Connects users to Corporate, WAN, LAN and HSCN services
  • Aligns to NCSA 10 Security Principles, meets ISO27001 and CAS(T)
  • Web based client options with low device footprint
  • Integrated Network Admission Control (NAC) options
  • Self Service password reset and tiered user management

Benefits

  • Enables mobile and home working
  • Increases productivity allowing access to sensitive data securely
  • Provides in-flight data security and integrity
  • Enables security goverance and compliance to government standards
  • Allows cost effective access to services of a sensitive nature
  • Simplifies data and process auditing
  • Flexible Access Control and Identify management to adjust to requirements
  • Provides scalability without upfront investment
  • Reduces time to deliver and project complexity
  • Provides Peace of Mind

Service scope

Service scope
Service constraints The service may be subject to planned maintenance outages, customers may be required to upgrade components on-line (in line with security best practice).

The service may preclude the use of previously acceptable weak security practices.

When used in conjunction with Public Sector Networks such as the HSCN, some use cases will also need to align to those network standards.

Legacy versions of Windows, OSX and Android may not be supported
System requirements
  • A compatible opperating system such as windows
  • Hardware meeting Windows 7 or better CPU/RAM specification
  • An Internet connection
  • Local Firewall eg.Bitdefender (Network Access Control only)
  • Disk Encryption eg. Bitlocker (Netowork Access Control only)
  • Anti Virus Software

User support

User support
Email or online ticketing support Email or online ticketing
Support response times 1 Hour
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Yes, at extra cost
Support levels 99.9% availability
24x7 operation
We may provide a technical account manger based on size of requirement.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started We provide a product description, product manual and quick start guidance.

We may provide onsite training and additional documentation at cost

Project management, co-ordination, integration services and data security audits are available at cost should they be needed.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction The system holds Meta-Data only and not data therefore this is not applicable
End-of-contract process The price includes the basic connectivity service with a soft token, priced on a per user basis.

Optional extras will be charge accordingly and can include;

1. Multi-factor authentication
2. Hard Tokens
3. Network Admission Control
4. Customisation of User experience
5. Single Sign-on

Using the service

Using the service
Web browser interface Yes
Using the web interface Users are added to the system via a web portal and can use a number of mechanisms including a Comma Separated List (CSV), manual user addition, AD Join and other mechanisms.

User interaction with the web interface is provided using Role Based Security profiles and allows users management capabilities ranging from Admin to Self-Service depending on the given profile.

Users may make changes via the Web portal via the internet and only via a supported browser using a secure (SSL/HTTPS) transport.
Web interface accessibility standard None or don’t know
How the web interface is accessible TBA
Web interface accessibility testing TBA
API No
Command line interface No

Scaling

Scaling
Scaling available Yes
Scaling type
  • Automatic
  • Manual
Independence of resources This is maintained via contractual mechanisms
Usage notifications No

Analytics

Analytics
Infrastructure or application metrics Yes
Metrics types Other
Other metrics
  • Log on
  • Active users
  • Historical audit
Reporting types Real-time dashboards

Resellers

Resellers
Supplier type Reseller providing extra features and support
Organisation whose services are being resold Microsoft, Fortigate, Okta, Symantec

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations No
Datacentre security standards Supplier-defined controls
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Hardware containing data is completely destroyed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery
Backup and recovery No

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability TBA
Approach to resilience Available on Request
Outage reporting Dashboad and email

Identity and authentication

Identity and authentication
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google apps)
  • Username or password
Access restrictions in management interfaces and support channels Password, User, Role and 2Factor Authentication for front end systems.
Separate Management LAN where apropriate
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Devices users manage the service through Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for Less than 1 month
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for Less than 1 month
How long system logs are stored for Less than 1 month

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 BSI
ISO/IEC 27001 accreditation date 13/04/2018
What the ISO/IEC 27001 doesn’t cover Not applicable
ISO 28000:2007 certification No
CSA STAR certification Yes
CSA STAR accreditation date 13/04/2018
CSA STAR certification level Level 3: CSA STAR Certification
What the CSA STAR doesn’t cover Not applicable
PCI certification Yes
Who accredited the PCI DSS certification Blackmores UK
PCI DSS accreditation date 19/3/2019
What the PCI DSS doesn’t cover Hosting Provider – Applications, Storage, Security Services, shared hosting, Online Hosting, Managed Services – System Security, IT Support, Backup, Cloud Services Payment Processes – All payment services
Other security certifications Yes
Any other security certifications CAS(T) NCSC-264868406-1689

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes The security of our Network is fundamental to our business and have implemented a wide range of security measures. Our network has undergone rigorous security assessments - undertaken by BSI - and has achieved ISO 27001 (tested every six months) and PCI-DSS (tested annually) certifications to ensure security standards. Most recently we became accredited to CAS-Telecommunications by the National Cyber Security Centre (NCC). This certifies our Connectivity (Smartwires - WAN, VPLS, Internet) and augments our HSCN status for Public Sector contracts. Exponential-e were the first HSCN Stage 2 supplier to also have attained CAS-T, and are actively progressing to Stage 3 accreditation. To become accredited, NCC had to conduct an IT Health Check across our Network and all Engineers were “CHECK” approved. The test took 25 days.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Available on Request
Vulnerability management type Undisclosed
Vulnerability management approach Available on Request
Protective monitoring type Undisclosed
Protective monitoring approach Available on Request
Incident management type Undisclosed
Incident management approach Available on Request

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart No

Energy efficiency

Energy efficiency
Energy-efficient datacentres Yes
Description of energy efficient datacentres TBA

Pricing

Pricing
Price £8.50 per user per month
Discount for educational organisations No
Free trial available No

Service documents

pdf document: Pricing document pdf document: Skills Framework for the Information Age rate card pdf document: Service definition document pdf document: Terms and conditions pdf document: Modern Slavery statement
Service documents
Return to top ↑