Platform FLEX Onboarder - MDM UEM EMM Migration Tool

The Platform FLEX / EBF Onboarder service enables efficient migration from one EMM or MDM Platform to another. Flex Onboarder replaces the manual process of migrating a Device with an automated User notification and a guidance process supported by a central Administration Console.


  • UEM/MDM/EMM Migration Tool
  • Automated process
  • Changing to new UEM system takes a matter of minutes
  • Optimization of resource
  • Cost savings: Downtimes and the risk of errors are minimal
  • User-friendliness
  • Automated migration
  • Microsoft Intune migration
  • UK Cloud platform, UK based and PASF
  • Operated by SC/NPPV 3 cleared personnel


  • Switch quickly/easily to one of the leading UEM systems
  • Changeover with minimal effort
  • initiate the process on mobile devices at a suitable time
  • Microsoft Intune migration
  • EBF Onboarder
  • Secure UK Cloud accrediable to Official Sensitive


£2.50 a device

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 12

Service ID

3 1 9 6 7 8 3 2 3 8 7 2 3 8 5


Nine23 Stuart McKean
Telephone: +44 (0) 23 8202 0300

Service scope

Software add-on or extension
Cloud deployment model
  • Private cloud
  • Community cloud
  • Hybrid cloud
Service constraints
No service constraints yet identified
System requirements
  • System outline will be discuss with client
  • No pre-conditions or extra licenses required outside the service

User support

Email or online ticketing support
Email or online ticketing
Support response times
Within one hour
User can manage status and priority of support tickets
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Onsite support
Support levels
We are ISO 20000 certified for Service Management, we provide a standardised SLA for clients to ensure the service is understood by you and is sufficiently supported by our engineers. You will be able to interact directly with engineers who know your account and can deal with issues directly without having to first negotiate an unskilled Helpdesk.
All helpdesk staff are SC and NPPV3 cleared.
Support available to third parties

Onboarding and offboarding

Getting started
Clients can follow documentation on how to initiate and start receiving our services. This can be augmented with training onsite, or delivered remotely. We deliver a standardised service, honed during deliveries to existing public sector clients, meaning a low risk and swift deployment without unexpected consultancy costs.
Service documentation
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Client will provide secure physical media to Nine23, which will then be populated with the specified client data and returned to the client.
End-of-contract process
The client will have extracted the data they need to keep for archive or transition purposes. Any managed devices are taken off management which will wipe enterprise and managed data from the devices. The client is then free to undertake any disposal requirements that may be stipulated under IS5. Hosted areas are then made inaccessible to the internet and deleted. This is all provided without cost to the client. Any additional services will be charged based on the day rates on our SFIA rate card.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Compatible operating systems
  • Android
  • IOS
  • MacOS
  • Windows
  • Windows Phone
Designed for use on mobile devices
Differences between the mobile and desktop service
Limited feature differences from wireless devices but usefulness of service for devices fixed in place and on known, secured, networks is limited.
Service interface
Customisation available
Description of customisation
Customisation is based on discussion of client requirements for the service.


Independence of resources
Technical separation of resources to client areas is achieved at virtualisation level so that one client is not competing for the same resources as another; client areas are independent private clouds so processing is not shared. Our ITIL aligned service processes have defined scaling markers to ensure the service team is not short-staffed.


Service usage metrics
Metrics types
Service usage and performance statistics are provided as regular reports outlined in the SLA. These include but are not limited to numbers of users/devices, volume of traffic, requests within and outside compliance from end users, and system performance metrics.
Reporting types
Regular reports


Supplier type
Reseller providing extra features and support
Organisation whose services are being resold

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
Data sanitisation process
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Data able to be extracted through the administration interface will be taken by client before the service is closed. Other data may be passed to the client in their requested format for additional cost based on the requirement.
Data export formats
Data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
We provide SLAs to each client outlining the expected availability of each service. Unplanned outages that lead to decreased availability from the levels set out in the SLAs lead to credits on those services during the next period.
Approach to resilience
Architectural resiliency is designed into the hosted environment and is backed by the Tier 3+ UK Data Centre. Details can be given to clients upon request.
Outage reporting
Email alerts to nominated client representatives, with quantitative and qualitative detail.

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
We restrict management interface access to known personnel on known devices that are authenticated with 2FA and connect via VPN to secured management hosts with limited permissions.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
Users receive audit information on a regular basis
How long user audit data is stored for
Between 1 month and 6 months
Access to supplier activity audit information
Users receive audit information on a regular basis
How long supplier audit data is stored for
Between 1 month and 6 months
How long system logs are stored for
Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
14.1.1 Information security requirements analysis and specification
14.1.2 Securing applications services on public networks
14.1.3 Protecting application services transactions
14.2.1 Secure development policy
14.2.6 Secure development environment
14.2.7 Outsourced development
14.3.1 Protection of Test Data
16.1.7 Collection of evidence
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications
Any other security certifications
  • Government Ministries' accreditations at OFFICIAL-SENSITIVE (available on request)
  • Cyber Essentials Plus
  • 14 Cloud Security Principles
  • NPPV3 Vetting
  • NHS DSP IG Toolkit - Passed
  • NCSC Secure Communications Principles
  • SC Clearances for all Engineering, Project Helpdesk staff

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
Independently tested and accredited by existing government clients. References available on request.
Cyber Essentials Plus

NHS DSP IG Toolkit - Standards exceeded
Information security policies and processes
We apply ISO27001, 20000 and 9001, NCSC and industry best practice to ensure 14 Cloud Security Principles are applied during design, deployment, operation, and decommission. We provide IS1&2 compliant RMADS and maintain our own Security Management Plan which is integral to our ISO9001, 27001, 20000 accreditation, which is independently audited every year.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Services are configured and documented for reference. Changes are initiated with internal or external requests that start a Change Acceptance Process, during which the business imperative, security risks, user impact, and costs are considered. A lightweight process is adopted for agility of service, but If necessary, a full security impact assessment is undertaken and when the requisite authorisations are received, the change is effected and documentation updated.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
We subscribe to a number of vulnerability and threat monitoring agencies including the NCSC threat newsletter. A baseline patching process is maintained monthly for all services, and emergency responses to critical threats are evaluated and actioned appropriately.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Our protective monitoring tools examine SIEM data from our platform and client areas, including GPG13 compliant reporting. Incidents are responded to based on the severity of the event and can be immediate notification to clients to allow fixes to be effected straight away.
Incident management type
Supplier-defined controls
Incident management approach
Our SyOPs and Security Management Plan outline procedures for incident management and reporting. Our SMP is ISO27k controls and verified by a CCP qualified IA lead.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
Connected networks
  • Public Services Network (PSN)
  • Police National Network (PNN)
  • Health and Social Care Network (HSCN)
  • Other
Other public sector networks
  • PND R
  • PND Secure


£2.50 a device
Discount for educational organisations
Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.