Endpoint Security

A range of Cloud Services to provide security and compliance around users and endpoints - Desktops, Laptops, Tablets and Mobile Phones - managed under one supplier.

The services include Web protection, Advanced Threat protection, Mobile Device management, Two-Factor Authentication, Device Encryption Management.


  • Web Filtering and Web Threat Protection
  • Advanced Next Generation Threat Protection and Response
  • Device Encryption Management
  • Secure Remote Access - VPN Client
  • Two-Factor Authentication
  • Mobile Device Management
  • Phone and Email Support
  • Option to take individual services or all
  • All services Implemented, configure and managed by Oncore IT


  • Uniformed Security - set policies across your user estate
  • Centralised Management and Control
  • Secure Access to your Network and Cloud Applications
  • Full Forensic trail of attacks, deep clean and endpoint isolation
  • Keep corporate/patient data protected and personal data private
  • Simplicity – Easy to configure, manage, and maintain
  • Ease of Management - all services managed by one provider


£1.25 a user a month

  • Education pricing available
  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 12

Service ID

6 4 6 9 1 1 5 5 3 2 1 1 1 3 1


Telephone: 02038183411

Service scope

Software add-on or extension
Cloud deployment model
Public cloud
Service constraints
System requirements
Please refer to Service Definition document

User support

Email or online ticketing support
Email or online ticketing
Support response times
07:30 to 18:30 Monday to Friday as standard. 24x7x365 support available at additional cost.
User can manage status and priority of support tickets
Phone support
Phone support availability
24 hours, 7 days a week
Web chat support
Onsite support
Onsite support
Support levels
07:30 to 18:30 Monday to Friday as standard, extended support for 24x7x365 P1 and P2 incidents available on request.
P1 - 30 minutes
P2 - 30 minutes
P3 - 30 minutes
P4 - 45 minutes
These are standard response times for our Support services.
Each account is assigned an Account Manager and Technical Lead.
Support available to third parties

Onboarding and offboarding

Getting started
Oncore IT provide a complete onboarding process for each service, training is provided and user documentation.
Service documentation
Documentation formats
End-of-contract data extraction
User data is not processed. Log data can be extracted at any time from the central console using reports or SIEM event data. Logs are held for 90 days before automatically expiring.
End-of-contract process
Provided as subscription services which can only be used when in contract. If the contract is not renewed all software is uninstalled from the user devices, the company is removed from management consoles. Oncore IT will engage with the Client prior to end of contract to confirm whether services will be continued.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Compatible operating systems
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
  • Windows Phone
  • Other
Designed for use on mobile devices
Differences between the mobile and desktop service
Duo is designed as a mobile app.
Sophos Mobile - the access to all features and functions is available in low resolution (Mobile) browsers as well as high resolution (Desktop) browsers.
Sophos Management Console adapts to different resolution screens.
Service interface
Description of service interface
Management Console
Accessibility standards
None or don’t know
Description of accessibility
Accessed through a number of supported browsers over a secure HTTPS connection.
Accessibility testing
What users can and can't do using the API
SIEM API capability to enable Event Reporting to be collected in a 3rd party SIEM solution / Security Dashboard
API documentation
API documentation formats
  • Open API (also known as Swagger)
  • HTML
API sandbox or test environment
Customisation available


Independence of resources
Platforms use automated scaling features to automatically adjust capability as scope demands. This is all done transparently to the user so no customer process is required. Certain functions can also be cached locally by the customer to enhance local connectivity / performance (e.g. updating).


Service usage metrics
Metrics types
Number of users active,inactive or unprotected
Number of computers that are active, inactive or unprotected
Number of peripherals allowed, read-only or blocked
Top blocked applications
Data Loss Prevention Policy Violators
Sophos generated and Admin generated Threat cases
Users who tried to download malware
Top blocked website categories
Policy Violators
Blocked malware and potentially unwanted applications
Compliance status (Android, IOS, MacOS and Windows)
Compliance violation severity
Number of devices managed and unmanaged
Software Version (MacOS, Windows, ChromeOS, Android and IOS)
Devices per group
Threat events
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
Sophos, Cisco Umbrella, Cisco Duo

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Encryption of all physical media
Data sanitisation process
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
The only data retained is status (e.g. usernames from AD sync, machine names) and events (e.g. malware detected on PC at time). Report data can be exported in various formats on demand, SIEM event data can be exported on schedule.
Data export formats
  • CSV
  • Other
Other data export formats
  • PDF
  • SIEM log events - API in json, cef or Splunk
Data import formats
Other data import formats
N/A - no user-uploaded data

Data-in-transit protection

Data protection between buyer and supplier networks
Other protection between networks
Public Cloud hosted services, accessed by the Internet and as such, does not directly connect to any Public Services Network.
Data protection within supplier network
Other protection within supplier network
Communication from the client to the Cloud is performed over HTTPS to secure the data and to enable the client to trust the server.
All stored data is encrypted and all applications are secured and running on secured operating systems. The system is load balanced across multiple sites.

Availability and resilience

Guaranteed availability
Sophos aims for 99.9% up time. They do not commit to a Cloud Service SLA however both updating and live lookups are hosted independently as a failsafe and endpoint protection will continue to work. Realtime uptime information can be found at
Duo - Duo web admin interface and web services will be operational and available to Customer at least 99.9% of the time in any calendar month (the "Duo Security SLA").
Cisco Umbrella- 99.999% Service Availability
Approach to resilience
Available on request
Outage reporting
Email alerts

Identity and authentication

User authentication needed
Access restrictions in management interfaces and support channels
Access is restricted by Username, Password and 2FA/One time passcode. In addition it is possible to configure role-based administration to further restrict what management capabilities and Admin has.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Between 1 month and 6 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
Between 1 month and 6 months
How long system logs are stored for
Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
Approachable Certification
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
Certification covers all Oncore IT activities
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications
Any other security certifications
  • Cyber Essentials
  • GDPR

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes
Cyber Essentials

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Change Management Control with full risk assessment, requires digital signature from Client and Oncore IT
All changes are given a unique reference and recorded in our PSA System
Authorised Client contact for change
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
ISMS Procedures as part of our ISO27001 accreditation
Patch Management is automated
Information about Potential Security Threats - Security partners and automated software
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Operational Security Measures are confidential to the Vendor
Oncore IT are ISO27001 accredited which covers these processes
Incident management type
Incident management approach
Operational Security Measures are confidential to the vendor
Oncore IT are ISO 27001 accredited which covers these processes

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks


£1.25 a user a month
Discount for educational organisations
Free trial available
Description of free trial
A full version is provided for a 30 day trial period
Link to free trial
Contact Oncore IT for access to the trial version

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.