GRC Ltd

SCYTALE Armour Comms

Armour Mobile is a CPA certified encryption application for secure (voice, video, IM, group chat and data) available on iOS and Android devices. Offering to customers a cost-effective, easy to use technology combined with advanced security techniques available in cloud-based and on premise architectures, available up to UK SECRET.

Features

  • Runs on Scytale enterprise
  • Simple to use/deploy robust government grade end to end encryption
  • Runs on Android IOS Blackberry and Windows devices
  • Compatible with Samsung Knox, Trustzone and dual factor authentication
  • Advanced features for potential use up to UK SECRET
  • High connection quality with low latency
  • Secure connection to landlines and voice services
  • Secure voice, video, instant messaging, group chat and conferencing
  • Compatible with complementary technologies MDM/EMM
  • CPA accredited solutions to Official Sensitive

Benefits

  • Accessible globally through Scytale Tactical Cloud
  • Manage governance, risk and compliance
  • Flexible accredited secure communications for mobile workers and hot desking
  • Enhance team output through secure group chat functionality
  • Reduce your team's travel costs
  • Shared ‘up to minute’ information flow
  • Maximise your communications investments by connecting through your mobile environment

Pricing

£2 to £17 per unit per month

Service documents

Framework

G-Cloud 11

Service ID

8 7 2 5 6 8 9 4 2 2 6 0 1 1 5

Contact

GRC Ltd

steve slater

01432 373824

steve.slater@grcltd.net

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
Armour Mobile Application can be ran as a standalone instance or can be used with the Scytale Tactical Cloud
Cloud deployment model
Private cloud
Service constraints
Armour Comms is supported to run on various smart phones such as iOS and Android, and can be operated on Windows desktops. The application is regularly updated this focus as well as ensuring security is maintained is to streamline application on the most recent devices, development of the application for the older models is likely to cease as the older models hit their end of life from the manufactures.
System requirements
  • COTS Apple devices - iOS Version 8+
  • COTS Android devices - OS Version 4.3+
  • Windows 10 Desktop

User support

Email or online ticketing support
Email or online ticketing
Support response times
GRC Ltd. has a Network Monitoring Centre (NMC) that operates 9-5 Mon to Fri. Out of hours and at weekends we have an engineer on immediate call via telephone. The NMC is contactable via a freephone number, email and mobile number. Calls are immediately answered and are ticketed via customer support software to enable an audit trail and to support Service Level Agreements. We have defined escalation and rectification processes that enable issues to be dealt with direct to service providers and the ticketing support can be merged with other ticketing systems and emailed to customer and service providers.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
Webchat to end users available globally using Wickr application.
Web chat accessibility testing
None
Onsite support
Yes, at extra cost
Support levels
GRC Ltd shall provide Level 1 and Level 2 support from its NMC at its UK location and manage Level 3 support to/with the OEM as required. To support the relevant support levels, GRC has a number of formal process flow charts for initial triage of the issue, resolution and as appropriate, escalation. All flow charts are shared with the customer. The support offered also allows for Request for Change of Services which will be actioned in accordance with the contract terms and conditions. There is no difference in cost for the support at level 1 and 2. AWS Business Level Support will be included with the contract costs. Level 2 and 3 support will have more expertise assigned and made available, with level 1 providing end user advice for the initial fault finding. For contracts, we provide both Technical Account Manager and a Cloud Support Engineer and as necessary engagement with our Cloud Service Architect.
Support available to third parties
No

Onboarding and offboarding

Getting started
Web portal tutorials can be offered.
Training solutions can be tailored to the customer’s requirement and can be quoted on request.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
The application should be removed from each device at the end of contract. Armour specific information Contact data can be exported, this file will be made available to the customer if required.
End-of-contract process
A discussion will occur before the end of the contract about renewing. If the customer does not wish to renew the application will cease to communicate after the end of contract date. The application will remain on the device, unless uninstalled, and will retain all the information held within.

Using the service

Web browser interface
No
Application to install
Yes
Compatible operating systems
  • Android
  • IOS
  • Windows
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Armour Mobile is designed to offer the same functionality with a similar look and feel on all platforms.
Service interface
No
API
No
Customisation available
No

Scaling

Independence of resources
Usage is monitored on a continual basis and scaled accordingly to meet demand.

Analytics

Service usage metrics
No

Resellers

Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
Armour Comms

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
Less than once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Other
Other data at rest protection approach
Armour secure data at rest on mobile devices is encrypted. Data at rest on servers is protected by multiple security zone server architecture with database encrypted and physical access controls.
Data sanitisation process
Yes
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
For security reasons the only data that can be exported form the device is the contact data. A user can export their contacts to an encrypted file and store or email it off their device. (This functionality is platform dependant)
Data export formats
Other
Other data export formats
Encrypted file
Data import formats
Other
Other data import formats
Encrypted file

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Other
Other protection between networks
Armour secure services are protected by at least AES-128 with PKI using MIKEY-SAKKE between end user devices and up to AES-256 with TLS1.2+ in client/server interactions.
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Other
Other protection within supplier network
All inter-server communications within the Armour Secure service use at least TLS1.2+ with AES-256, multi-zone server security, firewalling, intruder detection and monitoring.

Availability and resilience

Guaranteed availability
Armour service is dependent on the full availability of the data service over mobile bearers provided by third party cellular systems. The recommended use with Scytale Tactical Cloud will also help to mitigate the reliance on third party vendors.
SLAs are available to the customer on request.
Approach to resilience
Resilience information is available on request.
Outage reporting
Monthly Uptime Percentage data can be available to users through GRC's NMC. Scheduled maintenance outages will be conveyed to the user via e-mail. All bar essential maintenance will be conducted at a time acceptable to the user. Essential maintenance will be conducted by activating the BCP, to minimise impact on the user's information flow

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
Other user authentication
End user clients are password protected, based on the unique end point identity used in the MIKEY-SAKKE cryptography, the client itself also authenticates to the servers. Additional user authentication such as two factor is available at additional cost although should be based on the user's requirements.
Access restrictions in management interfaces and support channels
Access to the user management system is restricted to authorised administrators using passwords and certificates.
Support staff can have DV clearance.
Access restriction testing frequency
At least once a year
Management access authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
Cyber Essentials Scheme

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
Other
Other security governance standards
GRC is an SME and as such is accredited to Cyber Essentials Scheme (CES)
Information security policies and processes
The GRC IT Security Policy is designed around the core principles of Confidentiality, Integrity and Availability, with the primary objective of asset protection, prevention of unauthorized access and ensuring the availability of systems and information for GRC and our customers. Within the GRC domain these principles are achieved via a range of mediums, including centrally monitored anti-virus and malware protection, network level hardware and client level software firewalls and Active Directory controlled user accounts, with senior management approved role-specific permissions. Due to our requirement to work with evolving technologies, we make clear distinction between the GRC domain and Engineering tasks, which can only be performed on specialist off-domain clients, further minimizing risks to our network. Familiarization of this IT Security Policy is part of all employee’s induction and its acceptance is mandatory

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
The Cloud configuration for both live and any development instances is administered from the NMC. Configurations are based on template documents to ensure implementations are standardized across the end-to-end solution. Configuration variables (eg. IP addressing) are managed to enable digital resources to be assigned efficiently without duplication. All documents and configurations are version controlled with changes approved, accounted for and audited by user/date/reason. Configurations are stored with separation between the configurations for each customer’s specific solutions. Change management includes but is not limited to: Change requests with corresponding impact assessments, implementation and corresponding change monitoring and Authorisation for change
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
We operate continuous vulnerability management. We use both technical scans; with Microsoft Baseline Security Analyser and Panda Adaptive Defense 360, and prevention; with hardware and software firewalls, file access controls, limited administrator rights, staff training and physical security. All company activities are appraised for risks, with potential vulnerabilities assessed and categorized as either manageable risk or deemed unacceptable. Technical vulnerability management across the system will be conducted using Cloud applications such as AWS GuardDuty and AWS CloudTrail. These services alert our 24/7 NMC team who will immediately cease the vulnerability and highlight to the customer.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Technical protective monitoring will be designed in house by our architects to enable the managed service to use Cloud applications such as CloudWatch, AWS Shield plus and AWS WAF. These services alert our 24/7 NMC team who will immediately cease the vulnerability and highlight to the customer. In the event of an incident being identified or being notified of an IP address/instance compromise by the customer, cloud accounts or virtual private clouds shall be removed and reinstated within ~1hr utilizing existing configurations and saved AMI's. Close liaison with the customer will take place throughout the process.
Incident management type
Supplier-defined controls
Incident management approach
Incident Management for both common issues and ad hoc problems, whether identified proactively by the NMC or reported directly from an end user, utilizes GRC's existing ITIL compliant processes. Users are able to contact GRC support staff directly via freephone 24x7, whether in the NMC during business hours or on-call out of hours. Contact is regularly maintained through to incident resolution and user approved closure via phone, webchat and email. Service Review Meetings with the GRC Account Team, including consolidated incident reports, occur regularly, with a frequency as agreed with each customer.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
No

Pricing

Price
£2 to £17 per unit per month
Discount for educational organisations
No
Free trial available
No

Service documents

Return to top ↑