MEDICARE NETWORK LIMITED

Mobile Secure Communications Platform

Our integrated (Al-powered) Secure Communications solution with Closed-User Group functionality enables you to fully secure and manage your complete enterprise communications stack, from PABX to Mobile calls, Email, Instant Messaging, Video calls and File sharing, whilst giving accurate voice to text transcription and indexing, simplifying, reducing effort, time and cost.

Features

  • Peer-to-Peer Triple Layered Encryption backed by RSA4096
  • Video Encryption. Secure video communications.
  • Encrypted Private IM. Secure, encrypted and completely private texts.
  • Secure Pryvate Email. Ensuring complete privacy and security for email
  • Secure File Transfer. Encrypted and completely private images and files.
  • Secure File Storage. Secure encrypted files stored locally or externally
  • Screenshot notifications and automated remote wipe
  • Extends automated GDPR compliancy to all Personally Identifiable Information
  • Connects via 3G/4G, EDGE, GPRS, LTE, UMTS, HSPA, W-CDMA, Wi-Fi
  • Enables encrypted group chat and voice

Benefits

  • Collaborate and communicate securely at enterprise level
  • Ensure messages in IM conversations cannot be monitored.
  • Safely transfer files without them being intercepted by someone else
  • Manage and Administrate Closed User Group membership and features efficiently
  • Real time secure communications (IM, Voice, Video, Email, Web)
  • Crystal clear voice and HD video quality calls
  • Extends organisational efficiency whilst maintaining GDPR compliancy
  • Simple to deploy and easy to use
  • Photos taken with mobile phone are encrypted and shared securely
  • Remote wipe of data when required

Pricing

£3 to £9.95 a person a month

  • Education pricing available
  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at clientservices@mednetsec.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

6 4 3 3 2 3 7 8 1 8 9 0 2 1 1

Contact

MEDICARE NETWORK LIMITED Customer Services
Telephone: 0203 355 3785
Email: clientservices@mednetsec.com

Service scope

Software add-on or extension
No
Cloud deployment model
Private cloud
Service constraints
In some circumstances where very old mobile operating systems are deployed on devices, there may from time to time be issues with the compatibility of the application with the mobile device. Therefore we recommend clients have operating systems deployed that are updated regularly, and no more than 1 year old from original release to avoid any constraints. In rare situations where this is not possible, we can work with the client to overcome specific custom requirements.
System requirements
  • Android
  • IOS
  • Windows

User support

Email or online ticketing support
Email or online ticketing
Support response times
24x7x365 with support levels aligned with customer needs and with flexible options at additional costs.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
No
Web chat support
Yes, at an extra cost
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
Web chat is a customisable option at additional cost and can align with customer specific requirements.
Web chat accessibility testing
Internal only no specific use cases
Onsite support
Yes, at extra cost
Support levels
Support services can be aligned with specific customer requirement at additional cost.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Onboarding of our solution is typically very simple and straight forwards.

Help is offered in two ways:

1/ We provide a user manual as part of the end user application download, so any end user can look up the user process for any feature included in the application

2/ We provide training (online) to the Administrators of the Closed User Group. Training typically takes no more than a couple of hours to help the administrators understand how to structure groups and manage them on an ongoing basis
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
End of contract planning would commence on receipt of client termination notice this would include arrangements for the appropriate exportation of any data held on the system. Dependent on specific requirements additional charges may be incurred for this ie integration of data interface and transfer into new client solution.
End-of-contract process
Reasonable export of data into a file(s) stored securely and with secure access made available to the client for an agreed period.

Using the service

Web browser interface
No
Application to install
Yes
Compatible operating systems
  • Android
  • IOS
  • Windows
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Mobile only - specific desktop interface and integration available for client solutions as an option
Service interface
No
API
No
Customisation available
Yes
Description of customisation
Client assigns admin privileges which are configurable. These enable management and control of Group or sub-group membership as well as adding/deleting Group Members and remote wipe of data.

Scaling

Independence of resources
Utilisation monitoring, threshold reporting and flexible availability of cloud resources

Analytics

Service usage metrics
Yes
Metrics types
Customised reporting aligned to client requirements can optionally be provided via user interface access or distributed reports
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
Criptyque

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
Data sanitisation process
No
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
Directly via the solution or by means of optional integration into client own system or secure storage solution.
Data export formats
CSV
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection between networks
ZRTP encryption on calls LIME end to end encryption on Instant Messaging
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection within supplier network
ZRTP encryption on calls LIME end to end encryption on Instant Messaging

Availability and resilience

Guaranteed availability
99.99% availability guaranteed via service credits
Approach to resilience
Information available on request
Outage reporting
Service reporting is aligned with client requirements and may comprise email alerts or an integration into existing client support systems.

Identity and authentication

User authentication needed
Yes
User authentication
2-factor authentication
Access restrictions in management interfaces and support channels
Access to our services are via web applications or APIs and are restricted based on permissions that relate to a specific administrators tasks thus reducing the risk of damage that can be caused by malicious users, compromised credentials or compromised devices. Subsequent goals of these controls are: We should; have confidence that other users cannot access, modify or otherwise affect your service management manage the risks of privileged access using a system such as the ‘principle of least privilege’ understand how management interfaces are protected and what functionality they expose
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
No
Security governance approach
Currently, we are adopt and are aligned to ISO/IEC 27001 and NIST Cyber Security Framework (CSF). We have a statement of intent to be ISO 27001 and ISO 90001 certified within the next 18 months.
Information security policies and processes
The company internal security organisation is aligned to ISO27001 and NIST whilst complying and adhering to contractual, legal and regulatory obligations as required. Our operating standards and procedures include personal, sensitive, critical and business data and where required comply to GDPR directive and any other data security requirements. The board is responsible for ALL obligations relating to Governance, Risk and Compliance across the company ensuring regular audits, assessments and security testing are carried out, (e.g. quarterly, bi-annually and annually).

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Changes in relation to the Server OS and the running packages are verified with the System Administrator to assess impact. User based restrictions will block changes not performed by the System Administrator, and audit trail logs ensure that all user actions are logged. The System Administrator will perform the required changes on the secondary setup, and the relevant parties will perform testing on the systems to ensure that the changes did not impact the operations. Once confirmed, changes are scheduled and implemented on live servers during low peak hours. Documentation is kept for every change performed.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Continuous vulnerability assessments are performed on the Server Operating System and the running packages. Security updates are checked weekly and scheduled if any are found. The System Administrator also keep up to date with daily vulnerability updates issues through trustworthy third parties and checked to ensure if any apply to the software being used on the servers.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
A monitoring system is installed and configured which is checking all servers, and its services. The monitoring system is based on Trending and Real Time alerting. Real time E-mail alerts are sent out to the System Administrator as soon as either a system goes offline or one of the configured services goes outside of a preconfigured threshold. The System Administrator will immediately start to troubleshoot the problem once the e-mail notification is received.
Incident management type
Supplier-defined controls
Incident management approach
Incidents will be classified depending on severity. Incidents can be classified as cosmetic, partial or critical. Cosmetic = isolated system impact with no effect to the end user. Partial = part of the system is offline and not fully functional. Critical = system down. Upon detection, the System Administrator advises the Product Owner, and start to troubleshoot or chase the third party involved (if the incident is outside of the System Administrator’s control). Upon resolution, an Incident Report issued by the System Administrator which will explain what went wrong, the steps taken to rectify the problem, and the timelines.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Pricing

Price
£3 to £9.95 a person a month
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
A limited functionality version of the solution is available with unlimited scale for use by prospective client. The solution is operationally functional and is an open solution without administration functionality to support a user group configuration.
Link to free trial
Www.mednetsec.com/contact-us

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at clientservices@mednetsec.com. Tell them what format you need. It will help if you say what assistive technology you use.