Jisc Services Ltd

Govroam

Federated roaming for the wider public sector, providing seamless connectivity for the end user. Geolocation support from the govroam app allows users to locate govroam enabled venues, for quick and easy access. Jisc operates the central service that joins regional roaming initiatives into a standardised national-scale service.

Features

  • Provides a national standard for federated roaming design
  • Technical trust enforced by end-to-end encrypted protocols
  • Service design built on a fabric of trust between participants
  • Guaranteed minimum service capability to allow effective remote working.
  • Support venue discovery through geolocation app.
  • Device and infrastructure agonistic supporting BYOD
  • Explicitly national in scope, with potential international integration
  • Support model reuses existing processes
  • Free at point of service to end user.

Benefits

  • Reuses existing network infrastructure already in place
  • Configure once for ‘Zero touch” experience for the end user.
  • Promotes standardisation to best practices of guest WLAN provision
  • Authentication incorporates a real-time “member in good standing” check
  • Reduces overhead of providing guest connectivity
  • Eliminates temporary credentials, therefore reducing attack surface
  • Reduces/eliminates need for costly SIM based data products
  • Encourages collaboration and increases productivity when roaming
  • Allows real-time control of roaming behaviour of your staff
  • Enables audit of offsite connectivity usage

Pricing

£300 to £3000 per unit per month

  • Education pricing available
  • Free trial available

Service documents

G-Cloud 9

293592646781674

Jisc Services Ltd

Emma Smith

govroam@jisc.ac.uk

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Community cloud
Service constraints Scheduled maintenance is under the control of Jisc, and will be announced at least 7 days in advance and will be scheduled into the next available maintenance window.

Unscheduled maintenance, which is only undertaken in an emergency, of the govroam central service, as well as the other servers and services under control of Jisc, will be announced as early as possible.
System requirements
  • Standards based RADIUS Server
  • Compliant Enterprise WiFi Deployment
  • Compliant access control
  • Compliant support process
  • IoS or Android (for use with govroam App)

User support

User support
Email or online ticketing support Email or online ticketing
Support response times 24/7
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Yes, at extra cost
Support levels Technical boarding, B2B troubleshooting and security incident management is included as standard. Enhanced RADIUS federation design consultancy at SFIO rates. (see service definition for SLA)
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started There is a defined technical boarding process supported by both deployment and operations training, an extensive documentation package and unlimited telephone/email support.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction Service operations do not require holding end user data. Any business contacts etc will be deleted in accordance with our data protection policy.
End-of-contract process Trust relationship between customer and central RADIUS servers are removed. All public references to customer as a participant are removed.

Using the service

Using the service
Web browser interface No
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service None
Accessibility standards None or don’t know
Description of accessibility Please refer to our service definition document for more information
Accessibility testing N/A - Relies on built-in elements of device operating systems only
API No
Customisation available Yes
Description of customisation Please refer to our service definition document for more information

Scaling

Scaling
Independence of resources Resilience and redundancy in depth across all service elements. Normative use of the service by customers creates minimal load as authentication services are light touch.

Analytics

Analytics
Service usage metrics Yes
Metrics types Please refer to our service definition document for more information

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Supplier-defined controls
Penetration testing frequency At least every 6 months
Penetration testing approach Another external penetration testing organisation
Protecting data at rest Other
Other data at rest protection approach Physical access control, very little data to protect
Both datcentres are ISO/IEC 27001:20013 certificated
Data sanitisation process No
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach No data to export
Data export formats Other
Other data export formats N/A
Data import formats Other
Other data import formats N/A

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks Other
Other protection between networks Combination of end to end 802.11i AES encryption, RADIUS shared secrets, customer operated EAP methods and use of a private network (Janet)
Data protection within supplier network Other
Other protection within supplier network Combination of end to end 802.11i AES encryption, RADIUS shared secrets, customer operated EAP methods and use of a private network (Janet)

Availability and resilience

Availability and resilience
Guaranteed availability The availability of the central service is targeted as 99.9%.
Approach to resilience There are multiple load-balanced instances to handle load in the event of an outage. These are hosted in geographically redundant facilities, with redundant backups of infrastructure.
Outage reporting We have RADIUS heartbeat monitoring of customer servers. In addition email alerts are generated against central service as part of the major incident handling process.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels Support channels are restricted to named contacts. Management interfaces are authenticated with per-user logins with 2 factor access implemented.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Username or password
  • Other

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 Please contact us for more information
ISO/IEC 27001 accreditation date Please contact us for more information
What the ISO/IEC 27001 doesn’t cover Please contact us for more information
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification Yes
Who accredited the PCI DSS certification Please contact us for more information
PCI DSS accreditation date Please contact us for more information
What the PCI DSS doesn’t cover Please contact us for more information
Other security accreditations No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation Yes
Security governance standards ISO/IEC 27001
Information security policies and processes ISO27001, ISO 9000

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Change management controls are applied to industry best practice. In particular, we are aware of the change management principles in ITILv3 and align our processes with these.
Vulnerability management type Supplier-defined controls
Vulnerability management approach We have a long-established vulnerability management process which is managed through our ISO27001 certified ISMS. Whilst govroam is not yet formally part of that certification (due early May 2017), education version of govroam is, and govroam it is subject the ISMS and this process.
Protective monitoring type Supplier-defined controls
Protective monitoring approach We deploy a variety of effective systems and process; including fire-walling, IDS, inline DDOS prevention, regular internal and external vulnerability scanning, penetration testing, flow logging and centralised logging and authentication.

our incidence response process is modelled in NIST/SAN principles. It is managed via dedicated incident response lead and backup roles. This process mandates engagement with CSIRT, SIRO and Infisec security manager.

JISC CSIRT works to a 2hr response SLA on Incidents.
Incident management type Supplier-defined controls
Incident management approach We have a long-established incident management process which is managed through our ISO27001 certified ISMS. Whilst govroam is not yet formally part of that certification (due early May 2017), education version of govroam is, and govroam it is subject the ISMS and this process.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £300 to £3000 per unit per month
Discount for educational organisations Yes
Free trial available Yes
Description of free trial Please refer to our service definition document

Documents

Documents
Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑