Prolinx Ltd

Prolinx Assured Cloud Services (PACS) Deployed Bearer of Opportunity (DBoO)

An early entry, remotely configurable (24x7x365 Service Desk supported) capability providing connectivity for disadvantaged and edge users. A secure, low SWaP, UK Sovereign platform providing VPN via multiple mobile internet-connection options, providing access to OS (MCN) and Secret Cloud. Data in transit protected and meeting NCSC 14 cloud security principles.

Features

  • Connection to Bearer of Opportunity, Internet, 3G/4G LTE, BGAN.
  • Low Size, Weight and Power(SWaP) technology for initial entry capability
  • Encrypted rear-link connection with over the air rekeying
  • Secure and highly scalable hosting service with UK-based 24/7 support
  • Delivered as a fully managed secure deployable end-to-end service
  • Available to accredit at various Government Security Classification Standards (Official/SECRET)
  • ISO9001, ISO20000, ISO27001 certified organisation and ITIL service management framework
  • Integrates seamlessly with host network infrastructure.
  • Security tiers distinguished by keymat separation for relevant protective classification

Benefits

  • Reduces cost and complexity of managing technology and resources
  • Reduced Low Size, Weight and Power (SWaP) capability
  • Access to core network central services by any internet-connected bearer
  • Secure Wireless offers a reduction in cable cost and footprint
  • Can be adapted to be compliant with future MoD networks
  • Enabling secure remote working and migration to Cloud services
  • Securely operated in UK by SC/DV Cleared Personnel
  • 'Active' and 'Warm-Blanket' costing model; providing value for money
  • Minimal user training overhead, as issues can be resolved remotely
  • Scalability options to achieve various deployment use cases

Pricing

£750 a unit a month

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Sam.howells@prolinx.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

7 6 4 9 9 2 7 5 5 9 4 2 6 1 2

Contact

Prolinx Ltd Sam Howells
Telephone: +44 (0) 330 180 0099
Email: Sam.howells@prolinx.co.uk

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
Prolinx Assured Cloud Services (PACS) - Secure Infrastructure as a Service (IaaS)
Prolinx Assured Cloud Services (PACS) - Secure Platform as a Service (PaaS)
Prolinx Assured Cloud Services (PACS) - Secure Software as a Service (SaaS)
Cloud deployment model
Hybrid cloud
Service constraints
Crypto Security Paperwork (CAPS) must be completed and approved before Crypto can be delivered, this will be the responsibility of the customer to complete.
End User device is not delivered as part of this service and will be the responsibility of the customer to order.
System requirements
  • Customer must have an RLI Accredited UAD
  • Customer will need a sponsor for CAPS paperwork

User support

Email or online ticketing support
Email or online ticketing
Support response times
Service Level response times are one hour for all levels of support, which are managed by a 24x7x365 Service Desk. Same service for both weekdays and weekends.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
BRONZE TIER.
Support level included (as the minimum level) in the overall service fee and is agreed during the requirements gathering phase.

SILVER TIER / GOLD TIER- Passive Business Continuity / Disaster Recovery (BCDR).
Support level can be included in the overall service fee and is agreed during the requirements gathering phase.

GOLD TIER- Production / Active BCDR.
Support level can be included in the overall service fee and is agreed during the requirements gathering phase.

Additional cloud engineer support provided via SFIA Rate Card model.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Prolinx operate our secure On Boarding process within the following interaction categories -
Design, Agree, Deliver, Manage and Accredit (DAD MA) -
 The Design phase will encompass a formal design and discovery project which will create a solution that meets the technical, security and business process requirements of the customer.
 This design phase is then formally Agreed with the customer and this then initiates the parallel security Accreditation process and if necessary the service transition model from the “As Is” instance to the “To Be” operating model.
 The agreed design is then formally Delivered by the assigned project manager to the customer, taking account of the site and customer specific requirements. Stage 2 of the accreditation process is initiated.
 The service is then formally taken on as a Live Managed service into the Prolinx Secure Service Management facility.
 The Go-LIVE of the service will then leverage the existing security accreditation of Prolinx to finalise the full Accreditation of the service for the customer. At this point, additional users, services and applications will be managed using change management and service fulfilment processes.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
Data can be extracted in a variety of formats including XML, CSV and TXT.
End-of-contract process
Termination or migration will necessitate a four week period prior to any expiry of the contractual agreement; Prolinx and the customer will agree an exit plan which will include a mandatory service migration meeting covering -
The return of user generated data most appropriate to meet the exit and security requirements

Whether they wish their data to remain available for future use (i.e.; persistent storage). If the data is not required, it will be purged and destroyed in accordance with the requirements associated with the data BIL rating.

Whether they wish to extract their data. If the data is rated at Official including caveats (BIL3) or ABOVE, precautions will need to be put in place to ensure that the security of the data is not compromised. Data can be extracted in a variety of formats including XML, CSV and TXT.

Exit project plan

The compliance requirements for secure destruction of important data and storage media

Risk Assessments and agreed service cessation milestones

Final commercial reconciliation.

Prolinx will agree a price for delivering the exit plan and will have fifteen days to transfer or destroy all user generated data within the Prolinx Assured Cloud Service.

Using the service

Web browser interface
No
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
The DBoO service provides customers with the ability to connect into various bearers. The DBoO is agnostic to the MOD approved End User Device that is connected to complete the service.
Service interface
No
API
No
Customisation available
No

Scaling

Independence of resources
Customer environments are logically segregated to prevent users and customers from accessing resources not assigned to them. Services which provide virtualized operational environments to customers ensure that customers are segregated via security management processes/controls at the network and hypervisor level. Prolinx continuously monitors service usage to project infrastructure needs to support availability commitments/requirements. Prolinx maintains a capacity planning model to assess infrastructure usage and demands at least monthly, and usually more frequently. In addition, the Prolinx capacity planning model supports the planning of future demands to acquire and implement additional resources based upon current resources and forecasted requirements.

Analytics

Service usage metrics
Yes
Metrics types
Need Help with this one
Reporting types
  • Real-time dashboards
  • Regular reports

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Physical access control, complying with CSA CCM v3.0
Data sanitisation process
Yes
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
N/A for this Service. The DBoO provides customers with the ability to connect to the required network and, therefore, does not store any data.
Data export formats
Other
Other data export formats
N/A
Data import formats
Other
Other data import formats
N/A

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
The service shall be operational and available to customers for 99.95% of the time during each calendar month. (This shall not include any scheduled maintenance periods, but customers shall be given one calendar months’ notice of any intended maintenance periods).
Approach to resilience
Prolinx utilises a secondary Data Centre facility to provide full resilience and Disaster Recovery (DR) capability.
In summary our primary Data Centre attributes include -
Tier 2 (Enhanced) Data Centres (N+1, power and air conditioning)
24/7 Security with Alarm Response
Independent Fire Suppression and Alarm Systems
Official including caveats (IL0 and IL3) Data connections established and operational
Official and Sensitive workloads (IL3) Data connection capability
Outage reporting
Emails

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
Prolinx make use of trusted roles and have separation of duty and limits on each transactional privilege set. All these measures combine to an accepted standard practise which has satisfied already provisioned MoD and other Government contracts.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)

Audit information for users

Access to user activity audit information
Users receive audit information on a regular basis
How long user audit data is stored for
Between 1 month and 6 months
Access to supplier activity audit information
Users receive audit information on a regular basis
How long supplier audit data is stored for
Between 1 month and 6 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
BSI
ISO/IEC 27001 accreditation date
20/06/2018
What the ISO/IEC 27001 doesn’t cover
There are no exceptions and our certificate covers the following: The provision of IT infrastructure solutions and IT managed services, which includes consultancy, design and implementation services. This in accordance with the ISMS statement of applicability dated 20/06/2018.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
Cyber Essentials Plus

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
CSA CCM version 3.0 ISO/IEC 27001

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Prolinx has a variety of methods already in use to support change and configuration management to track and identify components from cradle to grave. The design and change of any function is managed via key stages from initiation, planning and co-ordination through to validation and testing and early life support. This will be managed using ITIL methodologies and best practices.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
The Prolinx monitoring platform can provide real-time views of availability statistics, as well as detailed monitoring and analysis of data from virtual switches, routers, servers and any other SNMP-enabled devices. The Prolinx monitoring platform which includes availability, security and integrity monitoring of the applications and VMware horizon environment. Prolinx also use Fortigate firewalls and Fortigate wireless hardware for its architectures. These products are best of breed within the market and can be fully managed, supported and monitoring by Prolinx service desk. Every incident that requires escalation we engage the relevant parties taking any necessary action reporting directly to the GOSCC
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
The Prolinx monitoring platform can provide real-time views of availability statistics, as well as detailed monitoring and analysis of data from virtual switches, routers, servers and any other SNMP-enabled devices. The Prolinx monitoring platform which includes availability, security and integrity monitoring of the applications and VMware horizon environment. Prolinx also use Fortigate firewalls and Fortigate wireless hardware for its architectures. These products are best of breed within the market and can be fully managed, supported and monitoring by Prolinx service desk. Every incident that requires escalation we engage the relevant parties taking any necessary action reporting directly to the GOSCC
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
The Service Desk manages incidents using a dedicated service management tool suite these can be raised by a telephone call, email or from an automated alerting system. Incidents are classified and prioritised in accordance with the agreed SLAs. There are multiple types of classification and several levels of prioritisation that can have different response and resolution characteristics ranging from 30 minute responses with 4 hour resolutions to 4 hour responses with 48 hour resolutions with several levels in between. Incidents are managed to ensure that any impact is minimised and the situation is dealt with appropriately.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
Yes
Connected networks
  • Public Services Network (PSN)
  • Joint Academic Network (JANET)

Pricing

Price
£750 a unit a month
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Sam.howells@prolinx.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.