Six Degrees Technology Group Limited

Mimecast - Email Security, Targeted Threat Protection and Email Business Continuity Service

Our Mimecast service extends traditional gateway security with Targeted Threat Protection that addresses ransomware, impersonation, spear-phishing and other advanced threats. Continuity keeps employees sending/ receiving email even if your email system or Office 365 exchange, has an outage. Our security services eliminates the infrastructure and management requirements for on-premises solutions.


  • Multi layered malware protection against known and zero day threats
  • 100% virus protection; 99% spam protection; 0.0001% spam false positives
  • Immediate enforcement of email security and DLP policies
  • Sandbox email attachments to protect against malicious scripts
  • Transcribe attachments in realtime for 100% safe file to user
  • On click URL scanning protects against good websites turning bad
  • Protection against social engineering attacks like whaling or CEO fraud
  • Always on email continuity from Outlook, Mac, Mobile and Browser
  • Detailed audit, logging and reporting with roles based access control


  • Comprehensive email security including malware less social engineering attacks
  • Protect against weaponized attachments and malicious URLs
  • Continuity service with RPO / RTO close to zero
  • SLA backed protection from spam and malware
  • Email and attachment scanning controls and blocks sending sensitive information
  • All features managed through Six Degrees
  • Mimecast plug-in for Outlook and mobile devices
  • Apps available for iOS, Android, Windows Phone and BlackBerry
  • Highly secure and resilient offsite, perpetual email archive


£18.40 per user per month

  • Education pricing available

Service documents

G-Cloud 10


Six Degrees Technology Group Limited

Andrew Mellish

07825 795 381

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Community cloud
Service constraints No
System requirements
  • The core service does not have any system requirements
  • Various add on product require certain Outlook Pre requisites.

User support

User support
Email or online ticketing support Email or online ticketing
Support response times *Priority / Platinum support = 1 hour for Priority 1, 6 working hours for Priority 2
*Gold / Platinum success = 1 hour for Priority 1, 6 working hours for Priority 2
* Business Support = 2 hours for P1, 12 working hours for P2
* Silver Success = 2 hours for P1, 12 working hours for P2
* Standard Support = 2 hours for P1, 12 working hours for P2
* Bronze Success = 2 hours for P1, 12 working hours for P2
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.0 AA or EN 301 549
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Yes, at extra cost
Support levels * Priority / Platinum Support = 24x7 telephone support. Email support via business hours.
* Gold . Platinum Success = 24x7 telephone support. Email support via business hours. Prioritised support for P1 issues.
* Business Support = Telephone and email support during working hours (8am - 6pm).
* Silver Success = Telephone, online and email support during working hours (8am - 6pm).
* Standard Support = Email support during working hours (8am - 6pm).
* Bronze Success = Online and email support during working hours (8am - 6pm).
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started On boarding – Connect Application, managed by Six Degrees.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction Off Boarding – managed and supported by Six Degrees with Mimecast support if required
End-of-contract process Gateway services would cease to function. Customer data is retained until data extraction is complete.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service None
Accessibility standards WCAG 2.0 AA or EN 301 549
Accessibility testing Unsure - developed by Mimecast
What users can and can't do using the API There is a wide range of functionality offered via the API, this detail can be found on the below link. -
API documentation Yes
API documentation formats HTML
API sandbox or test environment No
Customisation available No


Independence of resources The MIME|OS platform is designed to ensure that load is equally balanced across services.


Service usage metrics Yes
Metrics types Search speeds
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Reseller providing extra features and support
Organisation whose services are being resold Mimecast

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least every 6 months
Penetration testing approach ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest Other
Other data at rest protection approach Customer's archived data is encrypted at rest using AES256 bit encryption. Each customer is assigned a unique encryption key generated though a FIPS 140-2 aligned crypto library which is stored securely in a centralized key management system and used to encrypt data written to storage or decrypt data read from the storage grid. The Customer's encryption key is further encrypted with a master key stored within a centralized and restricted key management system.
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Users can export the data themselves via pst or eml. Alternatively managed by Six Degrees via secure FTP download or the provision of an encrypted disk.
Data export formats Other
Other data export formats
  • PST
  • EML
Data import formats Other
Other data import formats
  • PST
  • EML

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Other
Other protection between networks Perimeter firewalls, TLS encryption 1.2 in communication
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Other
Other protection within supplier network Perimeter firewalls, TLS encryption 1.2 in communication

Availability and resilience

Availability and resilience
Guaranteed availability 100% service uptime SLA. Due to the complexity of the service, full details of all credits and how this works for each element is available at:
Approach to resilience Multiple data centres with no single point of failure.
Outage reporting Via the administration centre or via your service delivery manager as part of the standard 6DG service reporting process.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication 2-factor authentication
Access restrictions in management interfaces and support channels Web applications do not give support staff the ability to read email content unless granted by the administrator.
Example: customer open’s a ticket our support can view Meta data for trouble shooting. If further analysis is required, customer would have to manually grant access to view the content of the email.
Data is encrypted using AES256. Customer has a unique encryption key which is stored securely.
Encryption key is further encrypted.
To access customer data, unique encryption keys are generated through the key management system following a strict approval. These encryption keys is limited to Sr. Engineers and is logged.
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 LRQA
ISO/IEC 27001 accreditation date 19/11/2015 – last surveillance visit from LRQA: 22/03/2018
What the ISO/IEC 27001 doesn’t cover N/A
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications
  • Cyber Essentials
  • PSN Protect
  • PSN Assured

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes Mimecast’s information security policies and processes are in alignment with ISO27001 and NIST

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach High impact changes (e.g. Firewall/ switches) have been identified and are subject to a documented change control procedure which includes support tracking, approved workflows, and fall back procedures. Updates to the service follow a regular schedule and the impact is communicated to relevant parts of the business and customers.
Changes to systems that could impact or compromise existing security and control procedures are subject to review by the Information Security Team prior to acceptance.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach Monitors vendor security bulletins for vulnerabilities to platforms in use and utilizes several vulnerability scanners both continually scan and provide analysis of the environment for new vulnerabilities. Results are correlated against events and suspicious activities within the organizations SIEM.

Severity of vulnerabilities are assessed based on their impact and risks are adjusted accordingly against both manual analysis and system events. Discovered vulnerabilities are discussed within one working day. We have the capability to roll out patches within minutes. Patches are thoroughly tested and then follow a phased implementation to make sure there are no unexpected consequences from the patch.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach System and network logs are aggregated to a centralized SIEM and configured for alerting and monitoring by the Security team.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach 6DG operate an ITIL aligned incident management process with associated procedures for security related incidents. The process has a clearly defined governance framework, including roles & responsibilities, clear policies and associated KPIs. This process conforms to PCI-DSS.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks Yes
Connected networks
  • Public Services Network (PSN)
  • Police National Network (PNN)
  • New NHS Network (N3)
  • Joint Academic Network (JANET)


Price £18.40 per user per month
Discount for educational organisations Yes
Free trial available No


Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Terms and conditions document View uploaded document
Return to top ↑