Bridgeway Security Solutions

IronWorks: scheduled compliance and operational reporting for MobileIron

MobileIron is the world's leading mobility management and security solution for large organisations. IronWorks unleashes the power of MobileIron's data to enable: scheduled reports providing actionable insights, long-term trend analysis, identification and location of missing or unused devices, and granular visibility of your most cost-effective MobileIron licensing model.


  • Mobility project key performance indicator (KPI) charting
  • Automated, scheduled emailed PDF reports aligned to line-of-business
  • Automatic data ingestion from MobileIron via API integration
  • Comprehensive trend analysis and charting of your mobility project
  • Compliance reporting for GDPR, ISO27001, IG Toolkit and PSN CoCo
  • Daily MobileIron security health-check and operational dashboard
  • Aggregated lost and missing device out-of-contact map views
  • Integrated MobileIron licence tracking and efficiency calculator
  • Identify and list inactive users present on your MobileIron estate
  • List mobile devices vulnerable to Spectre and Meltdown attacks


  • Measure, track and evidence the success of your mobility project
  • Disseminate team mobility reports directly to their team managers
  • Ensures complete and consistent information for mobility project reporting
  • Plan and budget for mobile growth with insightful trend analysis
  • Evidence your continuous work towards reaching and maintaining compliance
  • Identify potential MobileIron issues before they become a problem
  • Locate, recover and repurpose missing mobile devices to cut costs
  • Identify optimum MobileIron licensing split and save money
  • Highlight inactive mobile users to reduce attack surface area
  • Track and manage your mobile security risks and exposure


£6.30 to £9 per device per year

Service documents


G-Cloud 11

Service ID

6 9 4 9 8 9 1 8 3 0 0 6 3 7 4


Bridgeway Security Solutions

Jason Holloway

01223 979 090

Service scope

Software add-on or extension
What software services is the service an extension to
IronWorks is a reporting solution that integrates with MobileIron (MDM/EMM/UEM) deployments, whether these have been deployed as cloud or on-premises.
IronWorks provides data driven decision making for MobileIron mobility projects.
Cloud deployment model
Public cloud
Service constraints
IronWorks integrates via API calls with MobileIron deployments. Mobility projects that do not use MobileIron as the security MDM/EMM/UEM are not supported at present.
System requirements
  • MobileIron Core v9.1 or greater for integration
  • Alternatively, MobileIron Connected Cloud, also v9.1 or greater
  • A local user with (read-only) API roles on MobileIron
  • A modern web browser and internet connection
  • An email address for delivery of optional emailed PDF reports

User support

Email or online ticketing support
Email or online ticketing
Support response times
Bridgeway SLAs guarantee a first considered response within 1 hour from initial ticket being logged, and progress updates start from within 3 hours from receipt of all relevant information. Different SLAs apply according to mutually-agreed priority level.
User can manage status and priority of support tickets
Online ticketing support accessibility
None or don’t know
Phone support
Phone support availability
24 hours, 7 days a week
Web chat support
Yes, at an extra cost
Web chat support availability
24 hours, 7 days a week
Web chat support accessibility standard
WCAG 2.1 AA or EN 301 549
Web chat accessibility testing
Our support service (Bridge Support) is typically provided as phone and email support, but optionally - at an agreed extra cost - we can integrate into existing customer processes and systems. For example, using customer's existing Zendesk, JIRA or SalesForce support tools, knowledge bases and escalation processes.
These services have their own WCAG compliant interfaces for user web chat support, which we would leverage in the support service delivery.
Onsite support
Yes, at extra cost
Support levels
Our Bridge Support services are flexible: we can augment your existing support arrangements, or provide a complete outsourced support function. Standard support is available during UK office hours and can be extended to include full 24x7 and/or onsite consultancy visits.
Support available to third parties

Onboarding and offboarding

Getting started
IronWorks on-boarding is fast and easy to do, and typically takes five minutes in total to achieve. Bridgeway will assist a prospective or new customer to integrate by providing a list of the necessary settings prior to a joint webinar call. This call then connects the customer's MobileIron solution with IronWorks, and the connection is tested.
Online training in the main IronWorks features then follows, and short videos describing the main features are also available for e-Learning and self-education.
24x7 technical support is also available as part of the service.
Service documentation
End-of-contract data extraction
Users can request data extraction upon which we would create and share a copy of their underlying database data.
End-of-contract process
At the end of the term, the customer is welcome to renew their licence and the service would continue.
Alternatively, if the customer verifies in writing their preference not to continue, their account and associated data are deleted. The customer would be expected to remove the local API user from their MobileIron solution at this stage.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
None, all functionality present on both device types and across all form-factors
Service interface
Description of service interface
Accessible from a web browser, an intuitive reporting dashboard delivers critical insights via real-time reporting on mobile device use. Alongside trend charting and insightful analysis, with IronWorks you can monitor how staff and devices comply with your mobile IT policies and recover lost devices.
Accessibility standards
None or don’t know
Description of accessibility
No testing has been carried out.
Accessibility testing
No testing has been carried out.
What users can and can't do using the API
IronWorks collects data from MobileIron instances through the use of APIs. IronWorks also has APIs available for customer integration of the resulting computed information into existing business intelligence tools (e.g. Power BI and similar).
Full documentation of all the available API calls is available and integration consultancy services are available at extra cost.
API documentation
API documentation formats
  • HTML
  • PDF
API sandbox or test environment
Customisation available
Description of customisation
Customers can set their preferred organisation name, which users can access the service and their respective roles. Additionally, the organisation administrator can add email report recipients and choose from pre-defined template reports, or custom build their own.

Optionally, IronWorks can also be customer branded at extra cost.


Independence of resources
IronWorks was designed and developed with scalability, availability and confidentiality in mind. Built with NodeJS and on Docker containers, the solution is self-healing and self-managing through the use of Kops and Kubernetes for enterprise- and carrier-grade deployment, with reliability and scaling configurations automatically ensuring a smooth customer experience.


Service usage metrics
Metrics types
This is a mobility project reporting solution, so it is precisely designed to provide service usage metrics across many mobility project measurements, including but not limited to: number of devices, number of users, OS split, mission-critical application versions and split, number of out-of-contact devices, number and reasons for non-compliance of devices, active and inactive user lists, etc., etc.
In addition to which, operational dashboard metrics also cover certificate expiry notices, internet-exposed administration consoles, devices at risk from known security vulnerabilities, administrator roles and service access statistics.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least every 6 months
Penetration testing approach
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Other
Other data at rest protection approach
Security vetting of consultancy personnel (SC and NPPV3 by default, other vetting options available upon request). ISO27001 approved datacentre. Documented processes and internal policies. Physical and electronic security systems and controls. Encryption of data at rest (AES-256). Role-based access controls of personnel data access. GDPR-ready data handling processes, policies and user training.
Data sanitisation process
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
IronWorks includes automated PDF report emailing on a scheduled basis, as well as user-initiated (on-demand) CSV export of all charts, tables and map data.
Extracting the tenant's data from the underlying IronWorks database is an optional service.
Data export formats
  • CSV
  • Other
Other data export formats
  • PDF
  • Native database
Data import formats
Other data import formats
Not applicable

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection within supplier network

Availability and resilience

Guaranteed availability
Service part-refund for non-performance. SLAs determined by chosen option, customer need and mutual agreement.

Bridgeway's support SLAs for Bridge Support are listed here:
Approach to resilience
Location and configuration of the service components are tracked and monitored through existing AWS, Kubernetes and Kops tools.
Changes to the service are discussed internally at initial design, during development and before implementation.
Security changes are discussed amongst a wider group, including the consultancy team and SMT to identify any weaknesses before implementation
Outage reporting
Email alerts and customer ingest logs/dashboards track service outages (whether these are IronWorks outages or those on customer equipment).

Identity and authentication

User authentication needed
User authentication
Username or password
Access restrictions in management interfaces and support channels
IronWorks authenticates users to the web portal using strong passwords.
Bridgeway support only accepts support tickets to be raised by recognised administrators of the IronWorks platform
Access restriction testing frequency
At least every 6 months
Management access authentication
Username or password

Audit information for users

Access to user activity audit information
Users receive audit information on a regular basis
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users receive audit information on a regular basis
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
EY Certify Point
ISO/IEC 27001 accreditation date
18/11/2010, with latest re-issue on 15/12/2017
What the ISO/IEC 27001 doesn’t cover
Scope covers datacentre services and facilities, does not cover on-premises installations or customer's own processes/implementations.
ISO 28000:2007 certification
CSA STAR certification
CSA STAR accreditation date
CSA STAR certification level
Level 1: CSA STAR Self-Assessment
What the CSA STAR doesn’t cover
As per service scope definition
PCI certification
Other security certifications
Any other security certifications
Cyber Essentials

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
Other security governance standards
Cyber Essentials currently, but moving to ISO27001 compliance in 2019.
Information security policies and processes
We follow ISO27001 and industry best-practice, with a few additional bespoke controls and policies of our own.
Contact details and reporting structure available on request.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Location and configuration of the service components are tracked and monitored through existing AWS, Kubernetes and Kops tools.
Changes to the service are discussed internally at initial design, during development and before implementation.
Security changes are discussed amongst a wider group, including the consultancy team and SMT to identify any weaknesses before implementation
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Bridgeway monitor numerous security sources to remain abreast of the latest threats and attacks.
Risks are assessed, prioritised and alerted to relevant personnel so that remedial action can be planned, change control process applied, and systematically implemented
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
IronWorks user access logs are gathered and retained, along with usage data to allow for forensic examination of any suspicious activity.
Bridgeway is planning to integrate IronWorks logging into its existing protective monitoring solution (implementation date TBC)
Incident management type
Supplier-defined controls
Incident management approach
Incident management and support escalation processes are in place and proven.
Bridgeway recommends customers report any possible security incidents or concerns through our logged and tracked 24x7 telephone and email support service.
Security incidents are notified immediately - day or night - to the Bridgeway SMT

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
Connected networks
  • Public Services Network (PSN)
  • NHS Network (N3)


£6.30 to £9 per device per year
Discount for educational organisations
Free trial available
Description of free trial
A fully-featured service available for a jointly-agreed but time-limited period.
Link to free trial

Service documents

Return to top ↑