Beyond Encryption

Mailock

We provide an end to end encrypted email service with identity secure verification. This ensures that emails can be sent securely and only opened by the intended recipient.

Features

• Secure mechanism for sensitive and confidential email content.
• Secure mechanism for sensitive and confidential email attachments.
• Email can only be opened by intended recipient
• Integral Tracking reports opening of email by the recipient

Benefits

• allows to send and recieve secure email across multiple platforms.
• allows to send and receive secure email across multiple devices
• can be a simple add in to an exisiting browser
• Build up a secure network authentication is only required once

£0.00 to £9.30 a licence a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at huw.thomas@beyondencryption.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

617531825842304

Contact

Huw Thomas
0208 1234546
huw.thomas@beyondencryption.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Existing email services.
• Cloud deployment model: Private cloud
• Service constraints: None; ; Email Add in does not work with Mac but have a work around that can be used in a browser
• System requirements:
  • Outlook Add-In 2010,2013, 2016 and 2019 and 365 supported
  • Office 365 requires Outlook to be installed (Add-in)
  • Windows 7 or higher required (for Outlook Add in)
  • For Mobile version: IOS version 9 x onwards
  • For Mobile version: Android 4.4 onwards
  • For Mailock Web: Chrome, Edge, Safari and FireFox

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Mon - Friday 9.00 to 5.00pm all "tickets" are responded to within 30 minutes; ; There is no service desk currently at the weekend
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: On site support and set up provided as required via a technical account manager.; ; "paid users + priority support"
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: On line step by step instruction guides, knowledge base on website onsite training if required to supplement this.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: We have a Subject Access Request (SAR) Process and Policy.; ; Process for holding and safely securing data as per data retention policy.
• End-of-contract process: All users remain in control of their data - at the end of the contract they will lose the encryption facility

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • Windows
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: No outlook add-in for the mobile app
• Service interface: No
• API: Yes
• What users can and can't do using the API: Ask MW
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Own branded logo; text footer; ; Can be performed in Company Admin Tool which gives company owners full functionality; ; Can be customised by account administrators.

Scaling

• Independence of resources: On demand cloud scaleability

Analytics

• Service usage metrics: Yes
• Metrics types: Upon request and if compliant with GDPR.
• Reporting types: Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Normal email process as per saving etc
• Data export formats: Other
• Other data export formats:
  • .EML
  • .MSG
• Data import formats: Other
• Other data import formats:
  • .EML
  • .MSG

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Target is 98% accessibility.
• Approach to resilience: Available on request
• Outage reporting: Would alert users to any outage via our website

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: We have defined company owners and users. Access system by user name and password authentication
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: British Assessment Bureau
• ISO/IEC 27001 accreditation date: 20/12/2019
• What the ISO/IEC 27001 doesn’t cover: All areas covered
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Other security certifications: Yes
• Any other security certifications: Cyber Essentials Plus - June 2020

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: All ISO

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: - via code management and deployment tools such as TeamCity and Octopus.; Security Impact assessed via peer code reviews, internal penetration test tools and periodic external penetration testing.
• Vulnerability management type: Undisclosed
• Vulnerability management approach: - periodic external penetration testing.; - regular internal penetration tests.; - applying appropriate staff during detailed code reviews ; ; - patches deployed dependent upon risk, capability exists to patch within a 24 hour period.
• Protective monitoring type: Undisclosed
• Protective monitoring approach: - via network monitoring, auditing and reporting tools providing real time updates.; - immediate investigation where compromise has been identified.; - response times would depend on nature of compromise
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Wer

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Pricing

• Price: £0.00 to £9.30 a licence a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: 2 week free trial

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at huw.thomas@beyondencryption.com. Tell them what format you need. It will help if you say what assistive technology you use.