Email Security

Send and receive clean, safe and compliant documents. Simple and flexible to deploy. Customers are completely protected from sophisticated malware, such as ransomware and zero-day attacks, that bypass anti-virus and sandbox defences.


  • Receive clean, safe emails and compliant documents
  • Prevent weaponised documents entering or leaving your enterprise via email
  • Scalable, real time document processing
  • Simple and quick deployment at your email gateway or sandbox
  • Free no-obligation, non-intrusive (or service affecting) trial


  • Automatically protect your organisation from unknown threats
  • meet policy objectives - receive compliant-only documents
  • Simple, non-intrusive FREE trial with threat detection report


£1.31 to £3.15 per user per month

  • Free trial available

Service documents

G-Cloud 9



Steve Walker

0345 880 0808

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints None that we are aware of.
System requirements
  • Email server must support SMTP
  • Email relay required

User support

User support
Email or online ticketing support Email or online ticketing
Support response times CATEGORY 1: first response 1 working hour.
CATEGORY 2: first response 1 working hour.
CATEGORY 3: first response 1 working hour (9am-5pm).
Information Request: first response: 4 hrs 0900 – 1700 hrs (GMT) Mon to Fri excluding public holidays.
TCR (Technical Change Request): first response: 8 hrs 0900 – 1700 hrs (GMT) Mon to Fri excluding public holidays.
NSR (New Service Request): first response: 1 day 0900 – 1700 hrs (GMT) Mon to Fri excluding public holidays.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Yes, at extra cost
Support levels Technical Support is arranged as Levels, based on severity; commencing at Level 1 with escalation to Level 3 to ensure effective resolution. Technical Change requests can also be submitted using Ciptex Support systems.

Ticket Submission: Users raise a support Ticket, which is assigned a unique number for tracking through to resolution. Users can email and a tracking ID will be assigned; Users can call Ciptex Technical Support on 0345 8800 808 option 1. All associated communications will require Ticket ID to ensure timely resolution. Only authorized Users may raise support tickets/requests.

Hours of Operation: Technical Support for Apollo is available Standard Hours, included within the Service Package pricing quoted in the pricing document.

Additional, Extended Hours, and 24x7 Support is available to Apollo Clients; Extended - 12% of monthly rental, minimum charge £900 per month. 24X7 - 24% of monthly rental, minimum charge £1800 per month.

A Cloud Specialist Technical Account Manager is provided.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started 1/ Free 3-week proof-of-concept that runs in passive mode (non-invasive) with weekly training.
2/ Post proof-of-concept analysis.
3/ Service is switched to 'live' and pro-active email sanitisation begins.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction Off boarding is designed to be as quick and seamless as possible. Ciptex can provide data extraction following contract termination. An output file (in relevant format) containing call records can be provided if required by the Client. Up to six calendar months of historical call records can be extracted. Ciptex can also provide Client’s Announcements and Call Recordings in available format.
End-of-contract process Ciptex can provide data extraction following cancellation. A relevant output file (in available format) can be provided if required by the Client.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 10+
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service User functionality is available on mobile, access to the administration portal is not available on mobile.
Accessibility standards None or don’t know
Description of accessibility We are currently unaware of accessibility features available via the service.
Accessibility testing We are currently unaware of accessibility features available via the service.
Customisation available Yes
Description of customisation Email delivery rules can be customised, and bespoke white lists and black lists can be built.


Independence of resources Ciptex provide a guaranteed margin of capacity beyond a maximum number of users on the platform, which is proactively monitored with system alerts.
Our cloud platform automatically scales to enable resource sufficiency, with proactive monitoring and system alerts for the external resources.


Service usage metrics Yes
Metrics types A full suite of email related metrics, including but not limited to for example number of emails scanned. Number of viruses quarantined derived from multiple filters.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Reseller providing extra features and support
Organisation whose services are being resold Glasswall Solutions

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Supplier-defined controls
Penetration testing frequency At least every 6 months
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach In-house destruction process

Data importing and exporting

Data importing and exporting
Data export approach Nominated system Administrators can raise an information request using the online portal. Ciptex support engineers will ensure all requested/available data is exported typically in .csv format and delivered to a system administrator.
Data export formats
  • CSV
  • Other
Other data export formats
  • Xlsx
  • Pdf
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability The service has an SLA of 99.99% up-time per calendar month. Refunds in the form of a credit note will be provided for any breach. The percentage up-time is calculated as Up-time (U) = Total minutes in month less minutes of downtime dividend by total minutes times 100. Where U is > 99% but < 99.99% 10% of the monthly service fee will be credited. Between 98% and 99% 15% is credited. Between 97% and 98% it is 20%, 96% and 97% it is 25%, 95% and 96% it is 30% and less than or equal to 95% a credit of 35% of the monthly fee will be credited.
Approach to resilience Our email security solution is operated in a virtualised environment running on clustered/duplicated high availability platforms to provide no single point of failure. The entire environment is then subject to a continuous block level replication of both application and data to the secondary location, thus protecting against both component and location failure.
Outage reporting Notification of outages, and scheduled maintenance, are reported primarily by service email alerts that are delivered to nominated account representatives (administrators). Depending upon the nature of the outage or scheduled maintenance, notifications are also placed in the online portal.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels A strong Username and Password combination with active directory synchronisation.
Access restriction testing frequency At least every 6 months
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for Between 6 months and 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for Between 6 months and 12 months
How long system logs are stored for Between 1 month and 6 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security accreditations No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation No
Security governance approach We are working toward cyber essentials,
undertaken work to be compliant -
Information security policies and processes Ciptex has in place an Information Security Management System which includes policies for Information Security Management and IT Security. We currently operate to the Cyber Essentials standards and are in the process of achieving ISO27001 with the help of 4 Secure an external security consultancy. All staff are actively engaged in IT Security . The Operations Team have day to day responsibility for implementing policy, reporting through the Operations Manager to the Managing Director. Data Security is a fixed agenda item at management and board meetings. Every new employee is inducted in our policies and procedures. Our policies and procedures are subject to constant review and all updates and suggested improvements are discussed at quarterly all employee meetings.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Agile development processes
proactive patching
all components kept up to date with firmware releases
engineers subscribe to the latest security bulletins and are active in the software security community
all patching and config is done outside standard UK business hours
Vulnerability management type Supplier-defined controls
Vulnerability management approach Engineers subscribe to security bulletins active in the security community
close relationship with all suppliers
Full assessment of threat
based on level of access from public internet
rapid time to patch and emergency maintenance.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Ciptex have a log scanning management processes in place that quickly identifies anomolies. Together with proactive network monitoring via service sensors that deliver key service statistics. Part of this includes access-control login monitoring. Our incident response time is 15 minutes.
Incident management type Supplier-defined controls
Incident management approach Ciptex supplier defined process includes: Level 3 engineers alerted Proactive customer notifications, with 30-minute email updates to customers. Depending on the nature of the incident and its threat assessment, notification will be available in the portal. Tickets replied to in standard SLA times. Our escalation process includes director level contacts including suppliers.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks Yes
Connected networks
  • Public Services Network (PSN)
  • New NHS Network (N3)
  • Joint Academic Network (JANET)


Price £1.31 to £3.15 per user per month
Discount for educational organisations No
Free trial available Yes
Description of free trial Set up full service but in listen only mode - provides a report at the end of the three week trial period on volume of potentially unsafe file attachments and associated etails


Pricing document View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑