i2N Ltd

Education Manager

Education Manager, is a secure managed service to deliver enterprise-scale educational services to organisations operating inside and outside the custodial estate(Prisons, Young Offender Institutions, Secure Training Centres, Secure Children’s Homes, etc). This includes education offerings from both Microsoft and Google. Chromebooks or Secure Linux Devices can be provided for access.

Features

  • Secure management of Chromebooks across all enterprise locations.
  • Organisation-wide management of User Accounts, with delegation.
  • Many options - configured at the enterprise level.
  • Based on Google for Education, with millions of users worldwide.
  • Scheduling and management of physical and virtual classrooms.
  • Full control of G-Suite components (docs, sheets etc) provided.
  • 2 factor authentication for Admins, SuperUsers and students (if reqd)
  • Comprehensive reporting and analytics across the estate.
  • Full ITIL managed service, telephone, email and chat remote support.
  • Ecosystem of add-ons (SmoothWall, LanSchool, Yubikey).

Benefits

  • Scalable, accreditable managed security model from trusted supplier.
  • Utilises Chromebooks: the most cost effective devices available.
  • Utilises Chromebooks: every one under central control.
  • Based on Google for Education: no charge for students.
  • Based on Google Classroom: no charge for students.
  • Based on G-Suite: no charge for students.
  • Attainment, performance history stays with the student everywhere.

Pricing

£4000 per unit per month

  • Education pricing available

Service documents

G-Cloud 10

464294812171914

i2N Ltd

Marco Fiorentino

01473 731230

marco.fiorentino@i2n.com

Service scope

Service scope
Software add-on or extension Yes
What software services is the service an extension to Education Manager is based on Chromebooks, Google for Education, Google Classroom and G-Suite, and other add-ons from 3rd party providers. Globally, there are tens of millions of Users of environments like this. i2N provides an overarching managed service, designed for institutions with specific security requirements in the provision of education.
Cloud deployment model Public cloud
Service constraints Education Manager is a fully managed service. the i2N Service Desk is currently 08:00 to 18:00 on working days. Extended support up to 24/7 can be provided on request.
System requirements
  • Customers must use Chromebooks.
  • Chromebooks require internet access for central management.

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Incidents can be raised with the Service Desk by email or telephone and will be responded to within 15 minutes during office hours. Normal office hours are 08:00 to 18:00 weekdays (except public holidays), calls or emails received outside of these hours will be responded to within 15 minutes of the start of the next working day. Extended cover up to 24/7 can be arranged if required with the same response times as working days.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support Web chat
Web chat support availability 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard WCAG 2.0 AA or EN 301 549 9: Web
Web chat accessibility testing Web Chat support is provided by a COTS product that has been extensively tested for assistive technology support and conforms to W3C AA Standards for Accessibility. AT compliance of Web Chat is verified with each IM release and tested with a variety of AT Users including some who are visually impaired.
Onsite support Yes, at extra cost
Support levels Our Software-as-a-Service products come with Service Desk, Hosting and Infrastructure Support included in the cost. Standard Service Desk support is the same for all customers: Service Desk hours are 08:00 to 18:00 on weekdays (except public holidays), which can be accessed via email, customer portal (with Web Chat support) or phone. We respond within 15 minutes with severity one incidents resolved within 4 hours (see detailed SLA). The i2N Service Desk is staffed with ITIL trained, SC Cleared Analysts, fully trained on all i2N applications and will be able to resolve the majority of incidents on the first call. Extended Service hours up to 24/7 quoted on request at individual customer rate depending on requirements.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Below we illustrated the steps required to prepare the enterprise infrastructure:
- Setup Google Apps and Enterprise accounts according to requirements.
- Create profiles

Then for each establishment, at the system level:
- Enroll Chrome devices
- Add Users
- Add Tutors

Training:
Tutor training can be provided directly, or online
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction Data is extracted using Google's tools.
End-of-contract process At the end of the contract, if required, customers will be provided with their production data during deprovisioning of customer’s organisation. The data is extracted from the production organisation in a number of formats including various open formats. Alternatively, data can be migrated to another solution of the Customers choice. Once the data has removed all customer access to Education Manager will be removed. If the data is considered sensitive, we will protect it in-line NCSC guidance regarding data-at-rest and data-at-transit.Because Education Manager is designed to host large volumes of data, if the Customer wishes to remove and retain the data, then fees will have to be agreed.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install Yes
Compatible operating systems Other
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Education manager is delivered on Chromebooks. If you have a Chromebook device, you can run Education Manager.
Accessibility standards WCAG 2.0 AA or EN 301 549
Accessibility testing I2N and Google utilises modern frameworks and technologies which deliver the basic set of requirements for semantic and accessible UI code. Both Google and i2N conduct exhaustive assistive technology testing using array the latest software including JAWS, NVDA, System Access to Go and ZoomText and ensure we are in compliance of W3C AA Standards for Accessibility. With each new deployment of education manager, we engage with AT users to get feedback and respond to any concerns identified. Custom plugin can be deployed if require.
API Yes
What users can and can't do using the API The Google Classroom API manages classes, rosters, and invitations in Google Classroom.

Full details can be found at:
https://developers.google.com/classroom/reference/rest/
API documentation Yes
API documentation formats Other
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Extensive customisation is available, on a site by site basis:

Scaling

Scaling
Independence of resources Education Manager is provisioned using the hugely scalable Google infrastructure. For this reason, the risk of Education Manager performance being impacted by User demand is extremely low.

Further, Education Manager has the capability to be used in standalone mode. Therefore, if there is site-level network congestion (for whatever reason), Users can work offline and later reconnect to the network to upload their work (when the network is back to operating at satisfactory levels of performance).

Analytics

Analytics
Service usage metrics Yes
Metrics types Google Analytics is the most widely used analytics tool on the web today.

Google Analytics can be easily enabled to operate across a Customer's Google for Education environment.
Reporting types
  • API access
  • Real-time dashboards
  • Reports on request

Resellers

Resellers
Supplier type Reseller providing extra features and support
Organisation whose services are being resold Google for Education

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Other
Other data at rest protection approach Data at rest is protected according to the solution selected by the customer. All cloud providers support as a minimum AES-256 encryption of data. i2N encourage its customers to protect their own data using encryption technologies where they are the sole decryption key owners. In this way, our customers are assured that their data can never be accessed by a third party. i2N own data is encrypted when the service requires it.
Data sanitisation process No
Equipment disposal approach In-house destruction process

Data importing and exporting

Data importing and exporting
Data export approach Customers can make use of the full array of Google tools in order to export data from Classroms and from G-Suite Applications.
Data export formats
  • CSV
  • ODF
Data import formats
  • CSV
  • ODF

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection between networks All remote or working scenarios should use a typical remote access architecture based on the "Walled Garden Architrctural Pattern". This is where services required by endpoints are presented within a protected zone. This concept helps to ensure that a compromised remote endpoint is limited in the demage it can inflict on a system.
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
  • Other
Other protection within supplier network Segmentation between Chromebook network and internal networks which isolate critical business systems. We use defence in depth approach, we logically segment networks where possible, configure several firewall layers, IPSs, deep packet inspection and real time security event correlation monitoring.

Availability and resilience

Availability and resilience
Guaranteed availability I2N has guaranteed high levels of availability by partnering with Google for Education. As most readers will know, Google provides outstanding uptimes, and Google for Education is no different.

The minimum uptime requirement that we consider acceptable is 99.9%. We strive to ensure that on the rare occasions that downtime does occur, the root cause of the problem is identify to prevent future occurrences. Our commitment to above and beyond levels of availability help us to ensure the highest levels of end user availability.
Approach to resilience Our service relies on Google for Education's core resiliency. This is architected on datacentres deployed across a number of zones (local replication), sites (datacenter replication) and regions (geo replication) offering very high levels of resilience. Each zone is designed to eliminate single points of failure (such as power, network and hardware). Load balancing and autofailover are delivered as part of that service.
Outage reporting Outages are identified as Planned maintenance, Emergency maintenance, and platform issues. Service outage portals provide customer feedback on outages allowing them to be aware of system status in real time without having to call the i2N support desk (although we will respond to any call made). Email is also sent out for Planned maintenance, Emergency maintenance, and platform issues. The designated Technical Account Manager will proactively contact customers as appropriate.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels Access to the Management Interfaces for Education Manager are specifically controlled by i2N’s Access Control Policy. Administration and Support staff must be SC cleared, and must use privileged super user/administrative accounts, which are granted on the basis of least privilege.

The activities of all privileged accounts are fully tracked and recorded, clearly identifying the access and actions undertaken.

Specifically:
- two factor authentication is enforced under all circumstances
- all access is routed over a secure enterprise VPN
- privileged users must themselves use controlled chromebooks (management devices)
- arbitrary third-party application installation is not permitted on management devices
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 Bureau Veritas UK
ISO/IEC 27001 accreditation date 22/01/2013
What the ISO/IEC 27001 doesn’t cover The scope of the Information Security Policy includes the entire company. Specifics are: all identified company assets, based in Suffolk office, the corporate communications infrastructure that supports all company business areas and functions. All staff -all employees and all Associates contracted to i2N at any time.​ All company assets are listed within the i2N Configuration Management database are considered to be within the scope of the information security policy. All company assets are included in scope of ISO27001 accreditation apart from 2 Meeting rooms located in Unit 1A, Copdock.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications
  • Cyber Essentials Certificate of Compliance
  • I2N PSN Connection Compliance Certificate
  • Formerly MoJ-CESG PGA i2N dev, test and AGN network

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes I2N has a number of inter-connected governance frameworks in place which control how the company operates and provides its services to customers. The most relevant of these is certification to ISO/IEC27001:2013, the international standard for Information Security Management Systems. Various policies refer to: SPG016P-Acceptable use of i2N resources & assets; SIM009P – User account security instructions and password management; SIM033P-User access control instructions; SPG017P-Physical security procedures; SPG018P-Data handling procedures; SPG019P-Data access procedures; SPG020P Network access procedures; SPG022P-Change management; SPG026P-Incident management; SPG027D- Business and service continuity; SPG032P-Backup procedures; SIM011P – i2N Network Administrator SyOps; SIM039N – i2N Infrastructure Group Policies; SIM020N – Log Monitoring Guide; SPG023P Internal IS Audit Procedures; SPG029P Document Management Procedure; SPG030P Compliance Checking Procedures; SPG036P Software Patching Procedures; SPG037P Hardware Lifecycle Management; SPG038P Software Lifecycle Management; SPG042P Software Development - Testing; SPG045P Agile Software Development Policy; SPG046P Secure Services Engineering; SIM003P Illegal Working checklist; SIM034P Staff Recruitment Checklist; SIM041P Infrastructure Outage Instructions; SIM043P Acceptance into Service Checklist There are several other Technical server builds, client builds, vulnerability management, firewall controls baselined documents. All policies are covered by i2N review procedure. Policies for critical assets are reviewed six monthly and other are reviewed at least annually.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach I2N fully tracks the status, location and configuration of service components throughout their lifetime to industry best practice. Security considerations are mandatory prior to its submission for review by the Change Advisory Board, including: User service(s), team or location impacted Risk and impact assessed. Identification of the applicable assets involved in the proposed change. Plan for change testing activities and regression testing. Assignment of appropriately qualified resources, in-line with change impact assessment tasks. Changes are only permitted where the above criteria are met, and any potential security issues are identified and properly prepared for.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach I2N has a process to identify threats and vulnerabilities which could have impact on the loss of the confidentiality, integrity or availability of data assets. Information with regard to technical vulnerability is sought from various sources. These include; Regular independent ITHC check, Nessus vulnerability scans and goolge alerts. Patches are deployed via automated processes. i2N technical services team prioritise the mitigation of vulnerabilities based on its severity. Evidence of vulnerability management is independent validated by ISO 27001 auditors and status of the action taken against vulnerabilities is periodically assessed as part of the ITHC checks.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach I2N G-cloud services are protected by the i2N Secure Operations Centre (iSOC). The iSOC delivers a full GPG-compliant logging service. All application and system logs are reviewed and checked, based on twelve core control areas documented within GPG13. The iSOC team monitors alerts displayed on consoles in the secure area, allowing i2N G-cloud Services to support active monitoring, incident identification and active response and investigative activities. Potential threats are analysed with clear escalation paths to second-level support for specific threats. Evidence of an effective protective monitoring service has been validated, assessed, and certified, multiple times by the MOJ Accreditors.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach I2N has formal policies and procedures for incident management activities to identify, remediate & resolve incidents. i2N’s service desk is ISO27001 accredited and all staff are SC cleared. i2N provides ITIL compliant support for service desk tickets. The Incident Management Process are published within the on-line Customer Portal all provide clear information to customers on what a incident is and how it should be reported to the Service Desk. The Service Desk will provide a triage service for all calls and route them to i2N Application/Infrastructure Support, or third party Service Desks for incident analysis and resolution.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £4000 per unit per month
Discount for educational organisations Yes
Free trial available No

Documents

Documents
Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Terms and conditions document View uploaded document
Return to top ↑