Bridgeway is proud to offer a unique co-managed, fully-hosted MobileIron service. This service includes our own IronWorks reporting solution to evidence project success, our Bridge Train for MobileIron administrator and help-desk training, and our market-leading 24x7 Bridge Support service for peace of mind. UK hosted, supported and data residency.
- MobileIron hosting in PSN, N3 and HSCN connected secure datacentre
- Support, hosting and training all delivered from within the UK
- Only UK Authorised Training Partner (ATP) for MobileIron
- Service credits, administrator training and MobileIron reporting included
- Mobility project key performance indicator (KPI) charting
- Automated, scheduled emailed PDF reports aligned to line-of-business
- Comprehensive trend analysis and charting of your mobility project
- Compliance reporting for GDPR, ISO27001, IG Toolkit and PSN CoCo
- Daily MobileIron security health-check and operational dashboard
- Integrated MobileIron licence tracking and efficiency calculator
- Data residency and secure interconnections for UK public sector
- Key delivery personnel vetted to SC, DV available via sponsorship
- Maximise the value and the capabilities of your MobileIron investment
- Only MobileIron true one-stop-shop hosting provider in UK
- Measure, track and evidence the success of your MobileIron project
- Disseminate bespoke MobileIron reports directly to team leaders
- Complete and consistent historical MobileIron information for mobility project reporting
- Evidence your continuous improvement towards reaching and maintaining compliance
- Identify potential mobility project issues before they become a problem
- Save money by identifying optimum MobileIron licensing model and split
£20 to £32 per person per year
- Education pricing available
Bridgeway Security Solutions
01223 979 090
Bridge Host is bound by current published and supported MobileIron virtual machine specifications, for which guidance is available as part of the service.
IronWorks integrates via API calls with MobileIron deployments.
Mobility projects that do not use MobileIron as the security MDM/EMM/UEM are not supported at present.
One training course candidate place included per annum, any additional candidates at usual training course cost.
|Email or online ticketing support||Email or online ticketing|
|Support response times||Bridgeway SLAs guarantee a first considered response within 1 hour from initial ticket being logged, and progress updates start from within 3 hours from receipt of all relevant information. Different SLAs apply according to mutually-agreed priority level.|
|User can manage status and priority of support tickets||Yes|
|Online ticketing support accessibility||None or don’t know|
|Phone support availability||24 hours, 7 days a week|
|Web chat support||Yes, at an extra cost|
|Web chat support availability||24 hours, 7 days a week|
|Web chat support accessibility standard||WCAG 2.0 AA or EN 301 549 9: Web|
|Web chat accessibility testing||
Our support service (Bridge Support) is typically provided as phone and email support, but optionally - at an agreed extra cost - we can integrate into existing customer processes and systems. For example, using customer's existing Zendesk, JIRA or SalesForce support tools, knowledge bases and escalation processes. These services have their own WCAG compliant interfaces for user web chat support, which we would leverage in the support service delivery.
No testing has been directly performed, but again, we can (optionally) integrate into customer's existing service support tools, so presume usability testing has been carried out by customer organisation.
|Onsite support||Onsite support|
|Support levels||Our Bridge Support services are flexible: we can augment your existing support arrangements, or provide a complete outsourced support function. Bridge Host includes full 24x7 Bridge Support tickets and/or onsite consultancy visits, which would consume a pre-agreed number of service credits. Additional service credits available in different pricing bands, if so required.|
|Support available to third parties||Yes|
Onboarding and offboarding
Bridge Host includes the migration (lift-and-shift) of an existing MobileIron deployement, or the creation of a brand new instance, according to customer's needs.
Part of this set-up service also includes a health-check and consultancy work to address the most serious and pressing identified challenges. All such consultancy work to take place under jointly-agreed Statements of Work (SoWs) and implementation plans.
Bridge Host also includes one administrator training course (Bridge Train) candidate place per annum. Bridge Train courses take place regularly in Cambridge, on the dates published on our website.
|Other documentation formats||
|End-of-contract data extraction||
Backups of the live MobileIron servers can be extracted through the GUI. Full device fleet details can be obtained via API and/or CSV export. Devices can be backed up (if policy allows).
IronWorks users can request data extraction upon which we would create and share a copy of their underlying database data.
|End-of-contract process||At the end of the term, the customer is welcome to renew their contract and the service would continue. Alternatively, if the customer verifies in writing their preference not to continue, their account and associated data are deleted.|
Using the service
|Web browser interface||Yes|
|Using the web interface||
Customers can access the MobileIron management and administration portal via web interface. All the MobileIron administration functions are available, except for the System Manager portal, which is reserved for Bridge Host operations team.
Customers can also access IronWorks for reporting and configuration needs.
|Web interface accessibility standard||None or don’t know|
|How the web interface is accessible||No testing has been carried out.|
|Web interface accessibility testing||No testing has been carried out.|
|What users can and can't do using the API||
MobileIron API provides programatic access to a whole host of device control and reporting APIs for integration with other solutions. For organisations looking for augmented operational dashboards, historical trend reporting, management reports and/or compliance reporting, we recommend Bridgeway's IronWorks, which is included in this service.
IronWorks collects data from MobileIron instances through the use of APIs. IronWorks also has APIs available for customer integration of the resulting computed information into existing business intelligence tools (e.g. Power BI and similar). Full documentation of all the available API calls is available and integration consultancy services are available at extra cost.
|API automation tools||Other|
|Other API automation tools||IronWorks|
|API documentation formats||
|Command line interface||No|
|Independence of resources||
MobileIron instances are architected with reasonable project growth in mind, so as not to become resource bound. VM and infrastructure performance are monitored by the Bridge Host team at Bridgeway, to ensure service availability and responsiveness.
IronWorks was designed and developed with scalability, availability and confidentiality in mind. Built with NodeJS and on Docker containers, the solution is self-healing and self-managing through the use of Kops and Kubernetes for enterprise- and carrier-grade deployment, with reliability and scaling configurations automatically ensuring a smooth customer experience.
|Infrastructure or application metrics||Yes|
|Supplier type||Reseller providing extra features and support|
|Organisation whose services are being resold||MobileIron|
|Staff security clearance||Conforms to BS7858:2012|
|Government security clearance||Up to Developed Vetting (DV)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||Yes|
|Datacentre security standards||Managed by a third party|
|Penetration testing frequency||At least every 6 months|
|Penetration testing approach||In-house|
|Protecting data at rest||
|Other data at rest protection approach||Security vetting of consultancy personnel (SC and NPPV3 by default, other vetting options available upon request). ISO27001 approved datacentre. Documented processes and internal policies. Physical and electronic security systems and controls. Encryption of data at rest (AES-256). Role-based access controls of personnel data access. GDPR-ready data handling processes, policies and user training.|
|Data sanitisation process||Yes|
|Data sanitisation type||
|Equipment disposal approach||Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001|
Backup and recovery
|Backup and recovery||Yes|
|What’s backed up||
|Backup controls||Different backup and storage arrangements are available on request. A charge may be incurred by alternate arrangements.|
|Datacentre setup||Multiple datacentres with disaster recovery|
|Scheduling backups||Supplier controls the whole backup schedule|
|Data protection between buyer and supplier networks||
|Data protection within supplier network||
|Other protection within supplier network||SSH|
Availability and resilience
Service part-refund for non-performance. SLAs determined by chosen option, customer need and mutual agreement. Current MobileIron technical support SLAs are covered here: https://www.mobileiron.com/en/legal/support-maintenance-SaaS-products
Bridgeway's support SLAs for Bridge Support are listed here: https://www.bridgeway.co.uk/services/support-services
|Approach to resilience||
Bridge Host resilience available on request.
IronWorks resilience: Location and configuration of the service components are tracked and monitored through existing AWS, Kubernetes and Kops tools. Changes to the service are discussed internally at initial design, during development and before implementation. Security changes are discussed amongst a wider group, including the consultancy team and SMT to identify any weaknesses before implementation
|Outage reporting||Email alerts and customer ingest logs/dashboards track service outages (whether these are IronWorks or MobileIron outages or those on hosting equipment).|
Identity and authentication
|Access restrictions in management interfaces and support channels||Access restricted by Role Based Access Control (RBAC). Devices authenticate with centrally managed (and issued) digital certificates. 2FA and SAML SSO available.|
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||
|Devices users manage the service through||
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||At least 12 months|
|Access to supplier activity audit information||Users have access to real-time audit information|
|How long supplier audit data is stored for||At least 12 months|
|How long system logs are stored for||At least 12 months|
Standards and certifications
|ISO/IEC 27001 certification||No|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||Yes|
|Any other security certifications||Cyber Essentials|
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||Other|
|Other security governance standards||Cyber Essentials currently, but moving to ISO27001 compliance in 2019.|
|Information security policies and processes||We follow ISO27001 and industry best-practice, with a few additional bespoke controls and policies of our own. Contact details and reporting structure available on request.|
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||Location and configuration of the service components are tracked and monitored through existing service management, Kubernetes and Kops tools. Changes to the service are discussed internally through change advisory board process at initial design, during development and before implementation. Security changes are discussed amongst a wider group, including the consultancy team and SMT to identify any weaknesses before implementation.|
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||Bridgeway monitor numerous security sources to remain abreast of the latest threats and attacks. Risks are assessed, prioritised and alerted to relevant personnel so that remedial action can be planned, change control process applied, and systematically implemented|
|Protective monitoring type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Protective monitoring approach||Bridgeway's own approach available on request. Integration with customer's GPG-13 compliant protective monitoring service also available. Please contact us for further details and pricing.|
|Incident management type||Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402|
|Incident management approach||Available on request|
|Approach to secure software development best practice||Conforms to a recognised standard, but self-assessed|
Separation between users
|Virtualisation technology used to keep applications and users sharing the same infrastructure apart||Yes|
|Who implements virtualisation||Supplier|
|Virtualisation technologies used||VMware|
|How shared infrastructure is kept separate||Independent instances run in dedicated VMs, ensuring segregation of data. For sensitive data, we would use a single, i.e. dedicated, VM per host server instead - this may incur an additional charge.|
|Price||£20 to £32 per person per year|
|Discount for educational organisations||Yes|
|Free trial available||Yes|
|Description of free trial||Full service, but time-limited and without on-boarding service.|
|Link to free trial||https://www.bridgeway.co.uk/bridgehost-trial|
|Pricing document||View uploaded document|
|Skills Framework for the Information Age rate card||View uploaded document|
|Service definition document||View uploaded document|
|Terms and conditions document||View uploaded document|