Academia Ltd

JAMF Pro Apple Mobile Device Management Service

Academia's JAMF Pro Software As A Service is a Mobile Device Management (MDM) solution was originally designed to help schools, colleges and universities manage large numbers of Apple devices across their estates. The solution is now used across all industries with our largest managed estate being 5,000 devices.

Features

  • Fully managed service
  • Full version control
  • Fully integrated with in house systems

Benefits

  • Zero touch deployment and management
  • All users on the same version of software and application
  • Total reduction in time to manage devices

Pricing

£5000 to £100000 per instance per year

  • Education pricing available

Service documents

G-Cloud 9

615670298759088

Academia Ltd

Academia Bids

01992 703900

bids@academia.co.uk

Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to We offer full cloud server services to our client base, this includes Windows Active Directory and Windows Systems Center Configuration Manager, which can be integrated with our JAMF Pro SaaS solution for ultimate end user support and management.
Cloud deployment model Hybrid cloud
Service constraints This Mobile Device Management (MDM) solution can ONLY be used with Apple equipment, we do offer other types of MDM for Windows, Chrome and Android devices.
System requirements
  • Onsite Wifi with internet connection
  • Apple devices

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Our standard Support Service Level Agreements (SLA) are: Priority Critical is within 2 Working Hours, Priority High is within 4 Working Hours, Priority Medium is within 6 Working Hours, Priority Low is within 8 Working Hours.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support Web chat
Web chat support availability 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard None or don’t know
How the web chat support is accessible Our web chat is designed as a pre-sales tool rather than a support mechanism and is linked directly with our sales and pre-sales teams. Our support department utilises team viewer for connecting to clients end machines to resolve any issues, this has a web chat element to it which can be used to chat regarding the current support ticket request.
Web chat accessibility testing None.
Onsite support Yes, at extra cost
Support levels Our standard Support Service Level Agreements (SLA) are: Priority Critical with a 2 Working Hours response to System Down, an error which occurs under normal operating conditions and halts the Client's production operations, prevents the current release or a module thereof from being run or causing substantial damage to the Client's data. Priority High with a 4 Working Hours response to an error which causes severe performance degradation, halting important operational tasks or placing the operation of such tasks at risk - i.e. the failure of a major feature. An error severely degrades a user application where no alternative exists or causes any damage to the Client's data. Priority Medium/Low with a 6/8 Working Hours response to any defect in the current release or any failure of the current release to perform in accordance with, and provide the facilities, function and capacity as set out in the Specification and Operating Documentation, other than a major or serious error. All our support contracts come with a Technical Account Manager including Quarterly Review meetings. Pricing is from £20 per person month based on an annual contract, discounts available for bulk quantities.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Our Mobile Device Management (MDM) solutions are designed so that the end user has zero touch, we manage everything for them, so they can just use the device with all the applications that they require to perform their responsibilities. Some users initially might require some support to find their "work" applications, which we can supply a "dummies guide" or perform some onsite knowledge transfer at an additional cost.
Service documentation No
End-of-contract data extraction Users are able to migrate all their data and configurations from our servers at the end of the contract. All data is securely dealt with to ISO27001, after clients have acknowledged receipt and verified their data; we delete all data and configurations from our cloud environment.
End-of-contract process At the end of the contract, the client has the right to cancel. At this point we can work directly with them or their new supplier; typically if a third party is performing the migration, there are no additional costs involved. If the client requires us to set up an onsite variant and migrate, there would be additional engineering and project management costs involved. Since we released this services many years ago, no one has left our managed service and have indeed added to it.

Using the service

Using the service
Web browser interface No
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service JAMF Pro is designed for both desktop (OSX) and mobile devices (iOS), although it is mainly used with mobile devices for Mobile Device Management (MDM).
Accessibility standards None or don’t know
Description of accessibility This service is designed for the management of devices, which are not connected directly to a wired LAN or connected without any additional authentication services. Apple devices are designed so that the user can change any of their personal setting, which includes changing the size and font for the visually impaired.
Accessibility testing None.
API No
Customisation available Yes
Description of customisation The whole purpose of our JAMF Pro Apple Mobile Device Management Service is that it is bespoke to every single client. During the initial Project Management and Service Delivery kick off meetings, we go into great detail as to how the client would like to configure the devices, group the devices and integrate with other software tools that they use for management purposes. As a managed service we keep the solution up to date, including any client changes/amendments as part of the support mechanism which is included.

Scaling

Scaling
Independence of resources Academia's Cloud Services have an uptime greater than 99.9% and is build on VMware virtual technology which auto scales for any peak times. Our 24/7 monitoring solution, 3 data centres and UK optical network work seamlessly together moving workloads around automatically, we have mitigated the risk to almost zero by having resources available with full capacity planning built into all our workflows.

Analytics

Analytics
Service usage metrics Yes
Metrics types Our JAMF Pro Apple Mobile Device Management Service has the ability to report on the all devices that it manages. This is a completely configurable solution which is fully discussed during our project management and service delivery kick off meetings, which we can link into present client systems through API's or offer real-time dashboards to your technicians or arrange regular reports sent out via email.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Resellers
Supplier type Reseller providing extra features and support
Organisation whose services are being resold JAMF

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance None

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations Yes
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach In-house destruction process

Data importing and exporting

Data importing and exporting
Data export approach As this is a Mobile Device Management (MDM), users do not have direct access to the management console. The solution has the configurations of their devices, but no access to the user's data. Onsite tech administrators can have access to the management console, although would need some knowledge transfer if performing configuration changes, although the changes can be dealt with by our support team which is included as part of the managed service.
Data export formats Other
Other data export formats All data is securely held in an embedded SQL database
Data import formats Other
Other data import formats
  • We can migrate the SQL database from an onsite server.
  • Normally a fresh installation is best advice.

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
  • Other
Other protection between networks As an ISP our network is fully protected at all borders to the internet and all our peered network connections are fully protected and monitored. We offer full optical IP solutions to our clients, which are normally tailored to meet the legal and compliance requirements of the vertical market we are serving. As an IWF and LINX member, we undertake every standard required to keep our network and client network separated, working from an everything locked down stand point and only opening ports which are required and used; this is monitored as part of our 24/7 monitoring solution.
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection within supplier network As an ISP our network is fully protected at all borders to the internet and all our peered network connections are fully protected and monitored. We offer full optical IP solutions to our clients, which are normally tailored to meet the legal and compliance requirements of the vertical market we are serving. As an IWF and LINX member, we undertake every standard required to keep our network and client network separated, working from an everything locked down stand point and only opening ports which are required and used; this is monitored as part of our 24/7 monitoring solution.

Availability and resilience

Availability and resilience
Guaranteed availability We offer 99.9% uptime across all Cloud Servers, with credits for service unavailability applied to customer accounts for future use.
Approach to resilience This information is available on request.
Outage reporting A public dashboard is available at status.academia.co.uk, and email alerts are automatically provided to the named contact for each Cloud Server to advise when planned maintenance is to occur that may affect service availability, or when we have detected an issue that affects one or more Cloud Servers in operation.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels Access to restricted in management interfaces and support channels to identified internal users of the systems team. User access is restricted to only the systems they have purchased through a combination of VLAN / VPN / AD authentication and 2FA if required to avoid unwanted cross access to systems, Underlying network infrastructure control is only available to Systems Team members without exception.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 SN Registars (Holdings) Limited
ISO/IEC 27001 accreditation date 28/02/2016
What the ISO/IEC 27001 doesn’t cover All aspects of our system infrastructure and product offerings are covered by our ISO certification.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security accreditations No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation Yes
Security governance standards ISO/IEC 27001
Information security policies and processes Compliance with ISO27001 is a written requirement of employment at our company and is regularly assessed by our in-house auditing team as well as through six monthly externally led audits. We alos operate through the premise of least available privilege for all system users, including a named and vetted system team whose higher level access to systems is fully monitored and subject to 2FA throughout. The systems team report to the Technical Director who is entirely responsible as a Board member for the technical infrastructure. We also operate our entire company systems on the same infrastructure - fully separated from client instances - and as such our company DR and BCP apply to the same infrastructure.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach All system components are subject to 24/7 monitoring for performance and tracked issues, and are proactively replaced if their performance shows signs of future degradation. We also operate an N+N redundant system in most areas, with a fallback to N+1 to avoid a single failure impacting on system availability. Changes are fully assessed for security impact in line with ISO27001 security controls and tested on internal development systems before rollout.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Our technical team are alerted to potential threats directly by our hardware and software partners, and will deploy threat responses immediately based on industry information or detected issues within our infrastructure. Patches are deployed based on the level of threat and impact on our infrastructure - as we operate a fully redundant series of systems, we can inspect the performance as patches are deployed and continue rollout or roll back as needed.
Protective monitoring type Supplier-defined controls
Protective monitoring approach As with all system level impacts, we monitor the system 24/7 to ensure that all operating parameters are within expected levels, and our automated monitoring systems will raise an alert to our systems team if this is not the case. Patches and updates to the system are communicated to all affected users directly and also published on our status page for our cloud servers.
Incident management type Supplier-defined controls
Incident management approach Incidents can be reported to our systems team through our ticketing system and will automatically be raised to priority 1 if a cloud based system is affected. Our team also apply standard processes for the resolution of system issues against a known good backup and rollback procedure. Incident reports - both ongoing and previous - are available through our status page at status.academia.co.uk.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks Yes
Connected networks
  • Public Services Network (PSN)
  • Police National Network (PNN)
  • New NHS Network (N3)
  • Joint Academic Network (JANET)
  • Scottish Wide Area Network (SWAN)
  • Other

Pricing

Pricing
Price £5000 to £100000 per instance per year
Discount for educational organisations Yes
Free trial available No

Documents

Documents
Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Terms and conditions document View uploaded document
Return to top ↑