PortSys UK Limited

Total Access Control

TAC-Cloud is an information security service that provides comprehensive access control for resources in both your local datacenter as well as the cloud. TAC also improves user productivity, strengthens and simplifies security and provides SSO and Portal-based access. TAC also provides VPN, SSL/VPN and MDM in one unified product.


  • Access control for application and data resources (local or cloud)
  • Secure access from any device
  • Mobile Device Access Management
  • Centralised administration and reporting
  • VPN and SSL/VPN access control
  • Multifactor Authentication
  • Single Sign On - SSO
  • Geographic IP Intelligence for Security
  • Phishing Protection
  • Device Validation and Approval process


  • End IT Security Sprawl, consolidate access control - comprehensive solution
  • Simplify security for end users and administrators
  • Centralise IT access control for local and cloud resources
  • Single Sign-On and Portal is easier for end users
  • Create multiple factors for authentication without impacting end users
  • Elminate security gaps between existing security products
  • Reduce complexity and cost
  • Define unique security policies for each resource
  • Protect outdated/Legacy applications and even add authentication/remote access
  • Enhanced RDP security for entire desktops or individual applications


£0.333 to £10 per user per month

  • Education pricing available
  • Free trial available

Service documents

G-Cloud 10


PortSys UK Limited

Michael Oldham

0208 196 2420


Service scope

Service scope
Software add-on or extension No
Cloud deployment model Hybrid cloud
Service constraints None
System requirements None

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Calls are responded within 1 hour, 24 hours a day.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support No
Support levels 24 x 7 x 365 support available as standard on all of our customer's deployments.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started We provide online training as needed as well as full documentation. We can also provide a test environment for training as desired for limited duration.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction Export of configuration files
End-of-contract process At the conclusion of the contract the cloud service for the customer is terminated and no further access through the cloud service to the customer's resources are possible.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Effectively, no difference although the organisation can have different security policies for mobile devices versus other device types.
Accessibility standards None or don’t know
Description of accessibility None
Accessibility testing None
Customisation available Yes
Description of customisation Entire solution is customised for the customer's environment. Specifically, they configure the applications they wish to publish through the gateway, the rules by which these applications can be accessed and the types of devices and users who are allowed to access (and under what circumstances) each resource.


Independence of resources Each customer has their own instance in the cloud, dedicated to their needs. Resources are dedicated to that specific customer and are not impacted by other systems.


Service usage metrics Yes
Metrics types Full reporting capability of all access to all resources. Customer can view in nearly limitless ways.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least every 6 months
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process No
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach A simple process to save their configuration information.
Data export formats Other
Data import formats Other

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability System is designed to run 24 x 7 x 365. Design is subject to customer management of implementation (security configurations) so availability is up to the customer.
Approach to resilience Multiple virtual appliance instances across different network segments and potentially across different geographies can all be designed depending on specific customer needs and budgetary restrictions.
Outage reporting Dashboard, email alerts, log files and interface to SIEM systems are all configurable

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels Access is strictly controlled and limited to people whom the customer has authorised. Interfaces may include RDP and/or web-based access with strong authentication, device validation and more.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information You control when users can access audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach As this service is not covered by any current standard we do extensive testing, penetration testing and work with customers world-wide to ensure the highest levels of security and assurance for our customers. We also develop our products to the highest standards of security with detailed code reviews to ensure proper adherence to quality and security.
Information security policies and processes As a security company, our livelihood depends on the highest levels of security and quality in our products. All code is security reviewed, tested and approved by the Lead Developer of each section and then approved by the Product Director. If any security issues are found, all code is reviewed and updated accordingly and feedback is provided directly to the developer and the management chain.

Penetration testing is also done regularly by ourselves as well as our customers who have the technology deployed. Penetration testing is done in many different forms and to different standards and our technology continues to pass each of these tests with excellent scores.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach As this is a security product managing access control for the customer's environment, customer's are responsible for their own configuration. Extensive documentation and support are available to assist the customer in the review of security policies and their potential impact
Vulnerability management type Supplier-defined controls
Vulnerability management approach As described before, since there are no specific standards covering this type of security product, we extensively test and update our systems as required. The systems are tested routinely via penetration testing and code review.

We provide routine patch guidance along with specific instructions about applying patches. We do this because the customer's cloud environment is independent and under the customer's control. This allows the customer full discretion over their system.
Protective monitoring type Undisclosed
Protective monitoring approach The security appliance instances are under the customer's control. Therefore, the monitoring approach is managed by the customer unless specific arrangements are made.
Incident management type Undisclosed
Incident management approach Security incidents are reported by the customer to our support organization. Each incident is evaluated thoroughly and a determination of root cause is found. This information is shared directly with the customer. If the incident involves any identification of a security flaw, remediation is begun immediately and will be delivered as soon as possible. It is our goal to remedy the issue within 1 - 7 business days based on the severity of the situation.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No


Price £0.333 to £10 per user per month
Discount for educational organisations Yes
Free trial available Yes
Description of free trial Cloud-based demonstration environment with full lab walk through of product functionality. Limited to 7 days but can be extended if required.


Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑