Altiatech Ltd

Cyber Security as a Service

Cyber Security as a Service (CSaaS) provides you with the peace of mind that a team of independent experts are constantly monitoring for unusual behaviour on your systems, warning you of threats and keeping your systems patched and backed up.

Features

  • Remote Access
  • Calendar
  • Browser based access to applications
  • E-mail

Benefits

  • Work from anyware
  • Full Office 365 functionality
  • Secure access to documents

Pricing

£50 to £250 per person per month

  • Education pricing available
  • Free trial available

Service documents

G-Cloud 10

342673475817213

Altiatech Ltd

Fuad Uddin

03303325842

innovate@altiatech.com

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints No constraints.
System requirements
  • Device must have a modern (html5) browser
  • Network connectivity

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Standard 4 hour response time Monday to Fridays, 8 hour at weekends
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 9 to 5 (UK time), 7 days a week
Web chat support Web chat
Web chat support availability 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard None or don’t know
How the web chat support is accessible No known accessibility issues
Web chat accessibility testing Ad-hoc testing with assistive technology users
Onsite support Yes, at extra cost
Support levels 08:00 – 18:00 Monday to Friday as standard remote support
24/7/365 options available on negotiation with pre-purchasable on-site man days.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started We follow our own process to identify the scope and build a personalised plan to onboard all users and applications.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction Files can be backed up and provided to users upon request when the service ends
End-of-contract process All pricing details are including in the pricing document. The standard service and support are included. Additional configuration or management can be requested if the scope is outside the standard service

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Awingu reformats itself for the self for the screen size of the device being used by the user to ensure experience is optimal
Accessibility standards None or don’t know
Description of accessibility Our software is driven through the browser, so we can conform to any standards that the browser supplies.
Accessibility testing Adhoc testing
API Yes
What users can and can't do using the API Can do everything with the API
API documentation Yes
API documentation formats HTML
API sandbox or test environment No
Customisation available Yes
Description of customisation The look and feel of the application can be customised, as can the applications and links. This customisation happens at the tenant level for look and feel changes and at the user level for applications and services

Scaling

Scaling
Independence of resources The system is sized in accordance with Microsoft recommendations with some headroom. As the numbers of users increases additional resources are provisioned to ensure existing users are not impacted.

Analytics

Analytics
Service usage metrics Yes
Metrics types We provide information on the applications, servers and concurrent usage of the system
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Resellers
Supplier type Reseller providing extra features and support
Organisation whose services are being resold Microsoft

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Data can be stored on file servers provided by Altiatech, the end customer or other cloud service providers. If the data is stored via Altiatech then this can be provided on a USB disk drive if required
Data export formats Other
Other data export formats
  • Native file format
  • Logs as CSV files
Data import formats Other
Other data import formats Native file formats

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability Our SLAs provide service credits to customers should the monthly uptime fall below 99.5% availability,
Approach to resilience We ensure that the architecture does not contain single points of failure. These are duplicated to ensure that should a node fail, the system will continue to function
Outage reporting We will e-mail users if there is an outage to keep them informed of the progress to resolve.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels Administration users cannot access user data or application within the Unify Work.Space environment. Strict administration controls are in place to ensure user data protection
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for Between 6 months and 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for Between 6 months and 12 months
How long system logs are stored for Between 6 months and 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications Cyber Security Essentials

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes We have pre-defined processes for events, reporting processes and incident reports that are aligned to ISO27001

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach The Unify Work.Space product tracks all changes made to the configuration by any administrator. These logs are kept for a minimum of 6 months. Changes are reviewed to ensure they do not compromise security.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach Altiatech is protected by SentinelOne, which provides endpoint protection and remediation. SentinelOne uses multiple AI engines to protect against threats. This signature-less approach requires no daily/weekly updates, recurring scans and performs better than other AV management solutions. Altiatech uses Windows Defender, which comes natively with Windows 10 Enterprise is also installed on all computers with definitions set to update regularly for our support engineers. Our devices have restricted access based on user access controls and functionality and elevated admin credentials. Patches are deployed to services readily though our patch management tools. We acquire information of threats from existing AV solutions.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Using proactive network monitoring tools and threat detection and containment tools, we are able to identify compromised points within our services.
Our responses are immediate with threat management tools and immediately trigger notifications to support engineers for investigation within 15 minutes.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach We have pre-defined processes for events, reporting processes and incident reports that are aligned to ISO27001

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks Yes
Connected networks
  • Public Services Network (PSN)
  • New NHS Network (N3)
  • Other

Pricing

Pricing
Price £50 to £250 per person per month
Discount for educational organisations Yes
Free trial available Yes
Description of free trial Trial versions are for a 30 day period of the standard version. We include a maximum of 2 licences and 5 apps.

Documents

Documents
Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑