ICON Secure is a cloud-based managed network security service, encompassing a holistic range of protection services, delivered, managed & operated by Maintel. The service is built upon proven Maintel solutions, providing customers with consistent and high-quality operation security. The service comes with guaranteed Service Level Agreements and cost-effective monthly charges.
- Network Managed Firewall service, with IPSEC site-to-site VPN service
- Maintel Security Operations Centre, providing 24x7 monitoring and support services
- Maintel’s secure web portal for policy enforcement & visibility
- Distributed Denial of Service mitigation service (DDoS)
- IDS/IPS Intrusion Prevention Service monitoring and blocking malicious network activity
- Network Antivirus Service providing real-time protection against malicious software installation
- Web filtering service blocking access to harmful inappropriate online content
- Application control service allowing you to control network applications
- Secure remote access for end-users, with 2 Factor Authentication Service
- ‘Always on’ Threat intelligence service
- Reduce Threat exposure: prevent data theft & security breaches
- Improve user productivity: enforce extensive security policies per group
- Gain better visibility & control: policy enforcement, board level dashboard
- Take advantage from Maintel’s Emergency Team, 24x7x365
- Maintain GDPR compliance and manage risk effectively
£650 per unit per month
- Education pricing available
- Free trial available
Maintel Europe Limited
Helena Ostlin Hope
|Service constraints||The service applies to internet communications, using IP protocol, over a data network (WAN) proposed by the Supplier preferably.|
|Email or online ticketing support||Email or online ticketing|
|Support response times||Trouble Tickets submitted are acknowledged within 1 hour; response to questions is dependant on severity. GTR 4 hours applies to Severity 1 trouble tickets.|
|User can manage status and priority of support tickets||Yes|
|Online ticketing support accessibility||None or don’t know|
|Phone support availability||24 hours, 7 days a week|
|Web chat support||No|
|Onsite support||Onsite support|
|Support levels||We provide a single support level, described with SLAs associated to trouble tickets raised. GTR 4 hours applies to Severity 1 trouble tickets.|
|Support available to third parties||Yes|
Onboarding and offboarding
Via Service Delivery Management.
Via questions raised to Support.
Via engineering during deployment phase.
|Other documentation formats||
|End-of-contract data extraction||Through self-service portal.|
|End-of-contract process||Icon Secure environment is destructed.|
Using the service
|Web browser interface||Yes|
|Using the web interface||
Trouble ticketing management.
Create / update / close a case.
Report on cases.
|Web interface accessibility standard||None or don’t know|
|How the web interface is accessible||Through Secure website (SSL) with user authentication.|
|Web interface accessibility testing||
Icon Secure self-service portal.
Visibility on threat exposure.
Board level security KPIs
|Command line interface||No|
|Independence of resources||Customer and users are using a dedicated environment on the platform.|
|Infrastructure or application metrics||Yes|
|Reporting types||Real-time dashboards|
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||Up to Security Clearance (SC)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||No|
|Datacentre security standards||Managed by a third party|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider|
|Protecting data at rest||
|Other data at rest protection approach||
User Access Control / Role Based Access Control.
Security Incident and Event Monitoring.
|Data sanitisation process||Yes|
|Data sanitisation type||Explicit overwriting of storage before reallocation|
|Equipment disposal approach||Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001|
Backup and recovery
|Backup and recovery||Yes|
|What’s backed up||All policies configurations and customer's dedicated environment|
|Backup controls||Thanks to our Backup and Recovery Policy, certified to ISO27001 standards.|
|Datacentre setup||Multiple datacentres with disaster recovery|
|Scheduling backups||Supplier controls the whole backup schedule|
|Backup recovery||Users contact the support team|
|Data protection between buyer and supplier networks||
|Other protection between networks||
IP VPN with dedicated VRF per customer.
Network Segmentation with AAA server for remote management.
Role Based Access control in the Supplier's environment.
|Data protection within supplier network||
Availability and resilience
|Guaranteed availability||Up to 99.999%, monthly.|
|Approach to resilience||
Nominal-Backup engineering rules is implemented for the service.
Service is deployed over 4 different data centres.
Connections between data centres are always resilient.
|Outage reporting||Through real-time network and security monitoring.|
Identity and authentication
|Other user authentication||Through user/password and SSL certificate of user's device. User's Password must comply with password management policy (strong passwords).|
|Access restrictions in management interfaces and support channels||They are only accessible throughout the Domain. Users must be authenticated on the Domain first.|
|Access restriction testing frequency||At least once a year|
|Management access authentication||
|Devices users manage the service through||Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)|
Audit information for users
|Access to user activity audit information||Users contact the support team to get audit information|
|How long user audit data is stored for||Between 1 month and 6 months|
|Access to supplier activity audit information||Users contact the support team to get audit information|
|How long supplier audit data is stored for||Between 1 month and 6 months|
|How long system logs are stored for||Between 6 months and 12 months|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||Externally assessed and certified by "DAS Certification"|
|ISO/IEC 27001 accreditation date||18/03/2016|
|What the ISO/IEC 27001 doesn’t cover||Supplier's ISO27001:2013 certificate covers the whole business.|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Who accredited the PCI DSS certification||Audited and certificed by a QSA from IT Governance|
|PCI DSS accreditation date||05/09/2016|
|What the PCI DSS doesn’t cover||PCI-DSS scope of applicability covers Icon Communicate with Mitel and Icon Connect offers.|
|Other security certifications||Yes|
|Any other security certifications||CyberEssentials+|
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||
|Other security governance standards||
CyberEssentials+, PCI-DSS, N3, HSCN (ongoing).
Security governance is in place throughout the whole business and managed regularly with a recurring Information Security Steering Group.
|Information security policies and processes||ISO27001:2013 policies and procedures.|
|Configuration and change management standard||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Configuration and change management approach||The Change Management Policy details the mechanisms in place to manage changes within Software and Software/System Upgrades and Registered Processes and Forms.|
|Vulnerability management type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Vulnerability management approach||The Management of Technical Vulnerabilities Policy sets the scope for managing and preventing potential vulnerabilities. By managing these we aim to better protect our infrastructure against a potential attack that could affect not only our internal IT infrastructure, but also that of our customers.|
|Protective monitoring type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Protective monitoring approach||The Network Management Policy details types of networks deployed within Maintel and the effective monitoring and measuring of the networks for reliability and efficiency. This is an overview of the method in which we manage aspects of the network.|
|Incident management type||Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402|
|Incident management approach||The Information Security Incident Management policy details how security incidents are categorised, the reporting mechanisms and actions to be taken should an event occur. Please note, as technology and information grows, the type and level of potential security incidents evolves respectively. As such, this policy should be considered as guidance only. The policy shall be subject to change.|
|Approach to secure software development best practice||Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)|
Separation between users
|Virtualisation technology used to keep applications and users sharing the same infrastructure apart||Yes|
|Who implements virtualisation||Supplier|
|Virtualisation technologies used||KVM hypervisor|
|How shared infrastructure is kept separate||With engineering rules, segmentation and virtual firewalling.|
|Price||£650 per unit per month|
|Discount for educational organisations||Yes|
|Free trial available||Yes|
|Description of free trial||The service can be tested during the CyberThreat Assessment Program|
|Pricing document||View uploaded document|
|Terms and conditions document||View uploaded document|