Levett Consultancy Ltd

Sophos Central Security Products

Levett Consultancy provides the range of Sophos Central products, including;

Sophos Central -
Sophos XG Firewall & Wireless Products
Sophos Endpoint, Encryption, Mobile 8, & Server.
Sophos Phish Threat


  • Sophos Central - Powerful Platform for centralised Security Management
  • Intercept X - Next-Gen endpoint protection
  • Sophos Mobile 8 Secure Unified Endpoint Management
  • Safeguard Encryption - Full disk & file encryption
  • Secure Email Gateway - Block Phishing, spam & malware
  • Phish Threat - Phishing email simulation and training
  • Server Protectin - virtual and physical Server Security


  • Reduce the risk of attack by improving user knowledge.
  • Secure your network from end to end
  • Train internal personnel through Phish Threat
  • Peace of Mind that your Network and Users are secure


£2.38 to £53 per person per year

  • Education pricing available
  • Free trial available

Service documents

G-Cloud 10


Levett Consultancy Ltd

Joanne Levett

01279 799256


Service scope

Service scope
Software add-on or extension Yes
What software services is the service an extension to Sophos Central.
Cloud deployment model Private cloud
Service constraints None
System requirements An internet connection will be required

User support

User support
Email or online ticketing support Yes, at extra cost
Support response times Levett Consultancy provides dedicated Google support from 8am-5pm Monday to Friday, excluding bank holidays. Support is provided by our 1st, 2nd and 3rd line service teams using a defined service level agreement. Our service works in conjunction with Google 24/7 hour email and online chat support where initial responses are within 1 business day or less.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels In addition to standard Sophos support, Levett Consultancy provides support as part of our G Cloud 10 Cloud support service. Levett Consultancy also provides a dedicated technical account manager and Sophos certified support engineers.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started Levett Consultancy is long-term Sophos Partner with a proven track record of deploying Sophos into Central & Local Government, Education, 3rd Sector and Private sector. Levett Consultancy provides a full end to end Sophos service detailed within G Cloud 10 Cloud Support services, that includes consultancy, deployment, training and support. Levett Consultancy uses and enhances the Sophos setup through its knowledge, experience and services.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction Sophos is a security element and will only hold user data. This can be extracted from the system and then deleted at the end of the contract.
End-of-contract process Access to the Sophos instance and the Security protocols it ensures will be terminated and ALL data will be removed from the Sophos systems within 180 business days.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install Yes
Compatible operating systems
  • Android
  • IOS
  • MacOS
  • Windows
  • Windows Phone
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Using the service on a mobile is application based, rather than browser-based.
Accessibility standards None or don’t know
Description of accessibility Through browser and application. The application is supported on Android and iOS.
Accessibility testing None.
Customisation available No


Independence of resources This will be site specific and will have no impact on usage elsewhere.


Service usage metrics Yes
Metrics types The reporting lists the number of users this has been sent to and their specific individual behaviors.
Reporting types Real-time dashboards


Supplier type Reseller providing extra features and support
Organisation whose services are being resold Sophos

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Managed by a third party
Penetration testing frequency Never
Protecting data at rest Physical access control, complying with another standard
Data sanitisation process No
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach Data is exported through the online portal.
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network Legacy SSL and TLS (under version 1.2)

Availability and resilience

Availability and resilience
Guaranteed availability The service will have a 99.9% uptime, there are no reimbursements if SLA's are not met.
Approach to resilience This sits on Sophos's Cloud Platform where all usual DC resilience is built in. This information would be available upon request from Sophos.
Outage reporting Email alerts

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels XXX
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information No audit information available
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards CSA CCM version 3.0
Information security policies and processes XXX

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach Notifications, alerts and Change Management will be provided directly from Sophos through their cloud system.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach The Sophos senior management team has overall responsibility for this policy, and for reviewing the effectiveness of actions taken in response to concerns raised under this policy. Various officers of Sophos have day-to-day operational responsibility for this policy, and must ensure that all managers and other staff who may deal with concerns or investigations under this policy receive regular and appropriate training.

Sophos’ Chief Technology Officer and General Counsel reviews our Vulnerability Disclosure policy from a legal and operational perspective on a yearly basis.

More information can be found here: https://www.sophos.com/legal/sophos-responsible-disclosure-policy.aspx
Protective monitoring type Supplier-defined controls
Protective monitoring approach Sophos utilises, within their system a product called - Process Monitor. This is a free tool from Windows Sysinternals, which is part of the Microsoft TechNet website. The tool monitors and displays in real-time all file system activity on a Microsoft Windows operating system. Process Monitor is useful for troubleshooting issues when we need to identify the files or registry keys an application is accessing.
Incident management type Supplier-defined controls
Incident management approach Automated Incident Response
Security information is shared and acted on automatically across the system. It isolates infected endpoints before the threat can spread, slashing incident response time by 99.9%.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No


Price £2.38 to £53 per person per year
Discount for educational organisations Yes
Free trial available Yes
Description of free trial Free Trial for 30 days for up to 100 users.


Pricing document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑