QuoVadis Online Security Limited

s/mime Certificate Service

Managed PKI service for the issue of s/mime digital certificates for eMail signing & encryption.

Features

  • Issue of standard -class s/mime certificates
  • Authentication, Signing and Encryption certificates
  • Signing & encryption of eMail

Benefits

  • Signing & encryption of eMails
  • Integration with eMail clients
  • Integration with Office 365
  • Integration with some free eMail systems (e.g. gmail)

Pricing

£30 per unit per year

  • Free trial available

Service documents

Framework

G-Cloud 11

Service ID

7 0 1 7 4 8 2 5 0 6 8 0 9 7 0

Contact

QuoVadis Online Security Limited

Tanya Davis

0333 666 2000

uk.sales@quovadisglobal.com

Service scope

Software add-on or extension
No
Cloud deployment model
Private cloud
Service constraints
No constraints
System requirements
Any current, up-to-date browser is supported

User support

Email or online ticketing support
Email or online ticketing
Support response times
Sub 1-hour during office hours. 24x7 emergency support outside of office hours.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
No
Onsite support
No
Support levels
24 x 7 support online, telephone, eMail - NO ADDITIONAL COSTS
Use of GoToMeeting and similar systems for additional support if required Emergency 24 x 7 telephone support
Ticketing system
Knowledgebase
PKI widgets (several tools to help with managing certificates)
Dedicated account manager for every customer
Support available to third parties
Yes

Onboarding and offboarding

Getting started
On-boarding process includes online training & user documentation
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
All certificate data can be extracted via XML from our certificate management portal (Trust/Link).
End-of-contract process
Certificate management portal will remain active until all certificates have naturally expired.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
No
Designed for use on mobile devices
No
Service interface
No
API
Yes
What users can and can't do using the API
An API is available for automation of certificate issue
API documentation
Yes
API documentation formats
PDF
API sandbox or test environment
Yes
Customisation available
No

Scaling

Independence of resources
Our technology is fully scalable and we regularly upgrade any aspect of the infrastructure to cope with peak demand.

Analytics

Service usage metrics
Yes
Metrics types
Dashboard provides information on certificates issued/revoked etc
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
None

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • European Economic Area (EEA)
  • Other locations
User control over data storage and processing locations
No
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
At least every 6 months
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
Run a report and export via XML
Data export formats
Other
Other data export formats
XML
Data import formats
  • CSV
  • Other
Other data import formats
  • XML
  • Excel

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Availability of Services. The QuoVadis Trust/Link Service will be operational 24 hours per day, 7 days per week, and 365 days per year. The services will be deemed operational if they are available 99.5 % of the time on a monthly basis. Scheduled downtime will not exceed seven hours per month, and will occur (i) between 6:00 p.m. on Saturday evening and 6 a.m. on Sunday morning, Atlantic Time, or (ii) at such other times and days as QuoVadis may deem necessary, provided QuoVadis gives Client at least three calendar days advance written notice of such other time and day for scheduled downtime.
Approach to resilience
Available upon request. Standard meets all requirements of our industry accreditations - baseline, Webtrust, EV, AATL, Qualified certificate, eIDAS accreditations.
Outage reporting
EMail alerts, and dashboard information. Also available through the API if used.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
Access restrictions in management interfaces and support channels
Subscribers have to be 'invited' to register by an Administrator. It's a closed system, the link is specific to their eMail address. They then login using a username:password combination. Administrators are issued with an AdminID (PKI certificate) to authenticate. Access rights are then permissions-based. Optional dual control for all certificates issued.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
Quality Management Services International (QMS)
ISO/IEC 27001 accreditation date
14/2/2012
What the ISO/IEC 27001 doesn’t cover
Nothing
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
Industry specific accreditations: Webtrust, EV, AATL, Qualified, eIDAS

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
We are required to follow strict information security policies and processes to attain and retain our industry accreditations.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
We are required to follow strict configuration and change management processes to attain and retain our industry-specific accreditations.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
We are required to strictly manage vulnerability to attain and retain our industry-specific accreditations.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
We are required to use lots of protective (pro-active) monitoring processes to attain and retain our industry specific qualifications.
Incident management type
Supplier-defined controls
Incident management approach
We are required to have very strict incident management processes to attain and retain our industry specific accreditations.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
No

Pricing

Price
£30 per unit per year
Discount for educational organisations
No
Free trial available
Yes
Description of free trial
30-day free production certificate(s) for pilot projects

Service documents

Return to top ↑