Maintel Europe Limited

Cloud managed network security service – ICON Secure

ICON Secure is a cloud-based managed network security service, encompassing a holistic range of protection services, delivered, managed & operated by Maintel. The service is built upon proven Maintel solutions, providing customers with consistent and high-quality operation security. The service comes with guaranteed Service Level Agreements and cost-effective monthly charges.

Features

  • Network Managed Firewall service, with IPSEC site-to-site VPN service
  • Maintel Security Operations Centre, providing 24x7 monitoring and support services
  • Maintel’s secure web portal for policy enforcement & visibility
  • Distributed Denial of Service mitigation service (DDoS)
  • IDS/IPS Intrusion Prevention Service monitoring and blocking malicious network activity
  • Network Antivirus Service providing real-time protection against malicious software installation
  • Web filtering service blocking access to harmful inappropriate online content
  • Application control service allowing you to control network applications
  • Secure remote access for end-users, with 2 Factor Authentication Service
  • ‘Always on’ Threat intelligence service

Benefits

  • Reduce Threat exposure: prevent data theft & security breaches
  • Improve user productivity: enforce extensive security policies per group
  • Gain better visibility & control: policy enforcement, board level dashboard
  • Take advantage from Maintel’s Emergency Team, 24x7x365
  • Maintain GDPR compliance and manage risk effectively

Pricing

£650 per unit per month

  • Education pricing available
  • Free trial available

Service documents

G-Cloud 10

345323952977940

Maintel Europe Limited

Helena Ostlin Hope

02074014613

gcloud@maintel.co.uk

Service scope

Service scope
Service constraints The service applies to internet communications, using IP protocol, over a data network (WAN) proposed by the Supplier preferably.
System requirements
  • Supports Windows and Macintosh Environments
  • Supports Apple IOS and Google Android mobile environments

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Trouble Tickets submitted are acknowledged within 1 hour; response to questions is dependant on severity. GTR 4 hours applies to Severity 1 trouble tickets.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Onsite support
Support levels We provide a single support level, described with SLAs associated to trouble tickets raised. GTR 4 hours applies to Severity 1 trouble tickets.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Via Service Delivery Management.
Via questions raised to Support.
Via engineering during deployment phase.
Service documentation Yes
Documentation formats
  • PDF
  • Other
Other documentation formats
  • Microsoft Office
  • Microsoft Visio
End-of-contract data extraction Through self-service portal.
End-of-contract process Icon Secure environment is destructed.

Using the service

Using the service
Web browser interface Yes
Using the web interface Trouble ticketing management.
Create / update / close a case.
Report on cases.
KPIs.
Web interface accessibility standard None or don’t know
How the web interface is accessible Through Secure website (SSL) with user authentication.
Web interface accessibility testing Icon Secure self-service portal.
Policy enforcement.
Visibility on threat exposure.
Board level security KPIs
API No
Command line interface No

Scaling

Scaling
Scaling available No
Independence of resources Customer and users are using a dedicated environment on the platform.
Usage notifications Yes
Usage reporting
  • Email
  • Other

Analytics

Analytics
Infrastructure or application metrics Yes
Metrics types
  • Network
  • Other
Other metrics
  • Security metrics
  • User productivity metrics
  • Network application metrics
Reporting types Real-time dashboards

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Encryption of all physical media
  • Other
Other data at rest protection approach User Access Control / Role Based Access Control.
Security Incident and Event Monitoring.
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery
Backup and recovery Yes
What’s backed up All policies configurations and customer's dedicated environment
Backup controls Thanks to our Backup and Recovery Policy, certified to ISO27001 standards.
Datacentre setup Multiple datacentres with disaster recovery
Scheduling backups Supplier controls the whole backup schedule
Backup recovery Users contact the support team

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • Other
Other protection between networks IP VPN with dedicated VRF per customer.
Network Segmentation with AAA server for remote management.
Role Based Access control in the Supplier's environment.
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability Up to 99.999%, monthly.
Approach to resilience Nominal-Backup engineering rules is implemented for the service.
Service is deployed over 4 different data centres.
Connections between data centres are always resilient.
Outage reporting Through real-time network and security monitoring.

Identity and authentication

Identity and authentication
User authentication
  • Public key authentication (including by TLS client certificate)
  • Other
Other user authentication Through user/password and SSL certificate of user's device. User's Password must comply with password management policy (strong passwords).
Access restrictions in management interfaces and support channels They are only accessible throughout the Domain. Users must be authenticated on the Domain first.
Access restriction testing frequency At least once a year
Management access authentication
  • Public key authentication (including by TLS client certificate)
  • Other
Devices users manage the service through Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for Between 1 month and 6 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for Between 1 month and 6 months
How long system logs are stored for Between 6 months and 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 Externally assessed and certified by "DAS Certification"
ISO/IEC 27001 accreditation date 18/03/2016
What the ISO/IEC 27001 doesn’t cover Supplier's ISO27001:2013 certificate covers the whole business.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification Yes
Who accredited the PCI DSS certification Audited and certificed by a QSA from IT Governance
PCI DSS accreditation date 05/09/2016
What the PCI DSS doesn’t cover PCI-DSS scope of applicability covers Icon Communicate with Mitel and Icon Connect offers.
Other security certifications Yes
Any other security certifications CyberEssentials+

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards CyberEssentials+, PCI-DSS, N3, HSCN (ongoing).

Security governance is in place throughout the whole business and managed regularly with a recurring Information Security Steering Group.
Information security policies and processes ISO27001:2013 policies and procedures.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach The Change Management Policy details the mechanisms in place to manage changes within Software and Software/System Upgrades and Registered Processes and Forms.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach The Management of Technical Vulnerabilities Policy sets the scope for managing and preventing potential vulnerabilities. By managing these we aim to better protect our infrastructure against a potential attack that could affect not only our internal IT infrastructure, but also that of our customers.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach The Network Management Policy details types of networks deployed within Maintel and the effective monitoring and measuring of the networks for reliability and efficiency. This is an overview of the method in which we manage aspects of the network.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach The Information Security Incident Management policy details how security incidents are categorised, the reporting mechanisms and actions to be taken should an event occur. Please note, as technology and information grows, the type and level of potential security incidents evolves respectively. As such, this policy should be considered as guidance only. The policy shall be subject to change.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart Yes
Who implements virtualisation Supplier
Virtualisation technologies used KVM hypervisor
How shared infrastructure is kept separate With engineering rules, segmentation and virtual firewalling.

Energy efficiency

Energy efficiency
Energy-efficient datacentres Yes

Pricing

Pricing
Price £650 per unit per month
Discount for educational organisations Yes
Free trial available Yes
Description of free trial The service can be tested during the CyberThreat Assessment Program

Documents

Documents
Pricing document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑