Skip to main content

Help us improve the Digital Marketplace - send your feedback

Exponential-e Ltd

Remote Access as a Service

Organisations require Secure Remote Access (SRA) mechanisms connecting users to infrastructure, applications and networks aligning to Government and Industry standards .We provide Remote Access (RAS) Encryption, Identity Management and Data flow controls using;

Encryption, Admission Control, 2 Factor Authentication
Certificate Authority URL verification
Connectivity to Internet, Cloud, WAN and HSCN

Features

  • Remote Access over Internet: Broadband, 3/4G, corporate, public hotspot
  • Virtual Private Network with strong transport encryption (AES256)
  • Stand Alone or Customer Active Directory Integration
  • Multi-Factor Authentication, NAC and 2nd factor (Hard and soft Token)
  • Works with TLS and SSL based applications
  • Connects users to Cloud, Corporate, WAN, LAN and HSCN services
  • Aligns to NCSC 14 Security Principles, meets ISO27001
  • Web based client options with low device footprint
  • Integrated Network Admission Control (NAC) options
  • Self Service password reset and tiered user management

Benefits

  • Enables mobile and home working
  • Increases productivity allowing access to sensitive data securely
  • In-flight data security and integrity, with rigid security controls
  • Security goverance and compliance to government standards
  • Cost effective access sensitive services including Health and Social Care
  • Simplifies data and process auditing
  • Flexible Access Control and Identify management to adjust to requirements
  • Provides scalability without upfront investment
  • Reduces time to deliver and project complexity
  • Provides Peace of Mind and Distaster Continuity of employee working

Pricing

£14.79 a user a month

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at psbids@exponential-e.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

1 1 0 6 7 5 0 7 0 8 1 6 2 4 1

Contact

Exponential-e Ltd Kay Sugg
Telephone: 02034358835
Email: psbids@exponential-e.com

Service scope

Service constraints
The service may be subject to planned maintenance outages, customers may be required to upgrade components on-line (in line with security best practice).

The service may preclude the use of previously acceptable weak security practices.

When used in conjunction with Public Sector Networks such as the HSCN, some use cases will also need to align to those network standards.

Legacy versions of Windows, OSX and Android may not be supported
System requirements
  • A compatible opperating system such as windows, android, IOS
  • Hardware meeting Windows 7 or better CPU/RAM specification
  • An Internet connection and/or 3g connection
  • Local Firewall eg.Bitdefender (Network Access Control only)
  • Disk Encryption eg. Bitlocker (Network Access Control only)
  • Anti Virus Software
  • A valid HSCN connection agreement (when connecting to HSCN)

User support

Email or online ticketing support
Email or online ticketing
Support response times
1 Hour
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
99.9% availability
24x7 operation
We may provide a technical account manger based on size of requirement.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
We provide a product description, product manual and quick start guidance.

We may provide onsite training and additional documentation at cost

Project management, co-ordination, integration services and data security audits are available at cost should they be needed.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
The system holds Meta-Data only and not data therefore this is not applicable
End-of-contract process
The price includes the basic connectivity service with a soft token, priced on a per user basis.

Optional extras will be charge accordingly and can include;

1. Multi-factor authentication
2. Hard Tokens
3. Network Admission Control
4. Customisation of User experience
5. Single Sign-on

Using the service

Web browser interface
Yes
Using the web interface
The service consists of a user administration portal that provides on-boarding of users and self-service password resets.

Users are added to the system via a web portal and can use a number of mechanisms including a Comma Separated List (CSV), manual user addition, AD Join and other mechanisms.

User interaction with the web interface is provided using Role Based Security profiles and allows users management capabilities ranging from Admin to Self-Service depending on the given profile.

Users may make changes via the Web portal via the internet and only via a supported browser using a secure (SSL/HTTPS) transport.
Web interface accessibility standard
None or don’t know
How the web interface is accessible
Access is governed by role. There are two roles - user and administrator.

Administrators are allowed to manage and add users.
Users may only perform password resets and changes.
Web interface accessibility testing
The service works with standard screen readers and colour scheme based desktop profiles.
API
Yes
What users can and can't do using the API
The service comes with a default API and utilised the OKTA and Citrix Netscaler integration capabilities.

Customers may choose to use their own identity agent, in which case they will connect directly to the Netscaler orchestration API.

In order to maintain best value, we may at our discretion provide alternatives API interfaces, however by default, the service provided will utilise the OKTA API.

Integration with OKTA API may be achieved, but is not a standard component of the service. Features and functions available will vary between customers, solution elements and adjacent requirement. Please contact us for further details
API automation tools
Other
API documentation
Yes
API documentation formats
  • HTML
  • ODF
  • PDF
Command line interface
No

Scaling

Scaling available
Yes
Scaling type
  • Automatic
  • Manual
Independence of resources
Maintained via contractual mechanisms including SLA
Maintained through technical mechanisms including provisioning and platform scaling.
Usage notifications
No

Analytics

Infrastructure or application metrics
Yes
Metrics types
Other
Other metrics
  • Log on
  • Active users
  • Historical audit
Reporting types
Real-time dashboards

Resellers

Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
Microsoft, Fortigate, Okta, Symantec, RSA, Gemalto, Yubico

Staff security

Staff security clearance
Conforms to BS7858:2019
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Hardware containing data is completely destroyed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery
No

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection between networks
Firewall controls including ACL and boundary separation
Virtual Domains
Network Address Translation, filtering and Access Controls (ACL)
Network edge content control (via HSCN SBS - HSCN services only )
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection within supplier network
Firewall Controls and Access Lists (ACL)
Virtual Domains
Network Address Translation
Inspection of Edge Traffic

Availability and resilience

Guaranteed availability
TBA
Approach to resilience
Available on Request
Outage reporting
Dashboad and email

Identity and authentication

User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google apps)
  • Limited access network (for example PSN)
  • Username or password
  • Other
Other user authentication
Users provide first factor authentication using Username and Password
Second Factor authentication is then required using both Hard Token and Soft Token Mechanisms
Soft Token Mechanisms include SMS, Application and Email
Hard Token Mechanisms include Yubikey (and NFC), Gemalto and RSA
Network admission control is then applied and the user is checked for Disk Encryption, Local persistent firewall and Anti-Virus.
Access restrictions in management interfaces and support channels
Password, User, Role and 2Factor Authentication for front end systems.
Network Admission Control
Separate Management LAN where appropriate
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Username or password
Devices users manage the service through
Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Less than 1 month
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
Less than 1 month
How long system logs are stored for
Less than 1 month

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
BSI
ISO/IEC 27001 accreditation date
13/04/2021
What the ISO/IEC 27001 doesn’t cover
Details available on request.
ISO 28000:2007 certification
No
CSA STAR certification
Yes
CSA STAR accreditation date
13/04/2021
CSA STAR certification level
Level 3: CSA STAR Certification
What the CSA STAR doesn’t cover
Details available on request.
PCI certification
Yes
Who accredited the PCI DSS certification
Blackmores UK
PCI DSS accreditation date
19/3/2019
What the PCI DSS doesn’t cover
Hosting Provider – Applications, Storage, Security Services, shared hosting, Online Hosting, Managed Services – System Security, IT Support, Backup, Cloud Services Payment Processes – All payment services
Cyber essentials
Yes
Cyber essentials plus
Yes
Other security certifications
Yes
Any other security certifications
  • ISO 27017
  • SOC2 Type 2 Report
  • BS 10012 Personal Information Management
  • ISO 22301
  • ISO 20000
  • ISO 9001
  • ISO 50001
  • ISO 14001
  • SOC Check

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
The security of our Network is fundamental to our business and have implemented a wide range of security measures.

Our network has undergone rigorous security assessments - undertaken by BSI - and has achieved ISO 27001 (tested every six months) and PCI-DSS (tested annually) certifications to ensure security standards. These audits and controls are continuous and executed in-line with the appropriate HMG data security standards.

Exponential-e are currently at HSCN Stage 3 accreditation.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Available on Request
Vulnerability management type
Undisclosed
Vulnerability management approach
Available on Request
Protective monitoring type
Undisclosed
Protective monitoring approach
Available on Request
Incident management type
Undisclosed
Incident management approach
Available on Request

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
No

Energy efficiency

Energy-efficient datacentres
Yes
Description of energy efficient datacentres
TBA

Social Value

Fighting climate change

Fighting climate change

MAC 4.1: Delivering environmental benefits
Exponential-e is committed to continually improving environmental performance and monitoring environmental effects from our activities to identify potential areas for improvement.
We are accredited and operate within internationally recognised management standards (9 ISO’s) of which two are focused on Environment Management (ISO 14001:2015) and Energy Efficiency (ISO 50001:2015). This standard specifies the requirements for establishing, implementing, maintaining and improving an energy management system with a systematic approach in achieving continual improvement of energy performance, including energy efficiency, energy security, energy use and consumption.
Critical to our core operation is our national network infrastructure, and cloud infrastructure. Thanks to unique cooling technology, our Data Centres are the most environmentally efficient in the UK. They save customers on average around £1.1 million per megawatt and 6,000 tonnes of taxable carbon annually compared with an average Data Centre facility.
Some of the practices deployed to achieve carbon footprint include:
• All our Data Centres are ISO 14001 accredited with robust environmental management systems
• Procuring consumed energy from sustainable energy sources wherever possible
• Ensuring the use of hot/cold aisle cooling design in our Data Centres, which reduces energy consumption as the cooling is more efficient and helps our customers to reduce their carbon footprint
• Using the latest virtualisation (VDC) technologies to ensure the most efficient utilisation of hardware resulting in the overall optimisation of our client’s infrastructure. Our VDC delivers dedicated processing instead of having multiple, underutilised physical servers, which helps minimise our environmental impact
• The business considers the environmental impact of goods and services within procurement processes. Working with suppliers, contractors and indeed clients to lessen the environmental impact of their operations.
• Homeworking practices have been developed to allow homeworking whilst preserving security of company data and access to IT systems.
Covid-19 recovery

Covid-19 recovery

MAC 1.5: Improvements to workplace conditions
Exponential-e operates to ISO22301 – Business Continuity Management System (BCMS) standard. This means our critical business functions have existing and proven business continuity plans which are reviewed, exercised and/or tested regularly.
In line with this standard, we have taken the following steps:
• Implemented flexible working arrangements for any high-risk employees, or employees who are unable to travel due to other reasons relating to the coronavirus (Covid-19)
• Conducted a full Business Impact Analysis (BIA), considering shift patterns, physical segregation and cover arrangements across all of our core 24*7 service operations to maintain the appropriate resource levels
• Implemented ongoing monitoring of our workforce and skills capability to ensure all our personnel are multi-skilled and have monitoring in place to address any weakness or gaps
• Completed capacity planning and forecasting of the current and future levels of resource utilisation, taking into consideration the enactment of multiple Business Continuity scenarios
• Introduced enhanced presence of our on-site cleaning personnel throughout the day and evening to ensure the cleanliness of our facilities is maintained
• Initiated a change freeze across our core platforms to allow our key resources to focus on service availability and reacting to changes our customers may require
• Limited any non-essential travel to customer or vendor sites, making the best use of remote technology to ensure we maintain our quality of service and open engagement throughout this period of uncertainty.
Exponential-e has since initiated remote working at a larger scale in a controlled manner. Our Head Office has implemented a Hybrid working model for all staff who are able to work remotely for two days a week and in the office for maximum of three days a week. This also reduces our carbon emissions through travelling and heating/lighting of office premises.
Tackling economic inequality

Tackling economic inequality

MAC 3.1: Diverse supply chain
Exponential-e maintains a policy of working with diverse partners and SME organisations where there is a defined benefit to our customers, and where the limitations of the contract or security requirements are not at risk in any way, which must be our overriding consideration. We reach out to our wider supply chain partners should any subcontracting opportunities arise during the contract duration.
If any strategic supplier fails to deliver and thus breaches the terms of their contract, we will invoke the use of alternative and pre-qualified suppliers. We plan for these contingencies and maintain a supply chain that does not rely on any single source of fulfilment.
MAC 3.2: Supporting innovation & disruptive technologies
We will hold regular engagements, in which we will review, present, and collaborate on new technology and commercial initiatives throughout the life of the contract, and (when applicable), driving equality throughout our supply chain.
MAC 3.3: Scalable & future-proofed methods to modernise delivery/increase productivity
We work with innovative and agile supplier organisations who bring innovative technology solutions to market, by providing a framework to enable the deployment of their services within our stable and risk-controlled corporate environment.
MAC 3.5: Manage cyber security risks
Exponential-e maintains Cyber Essentials Plus and ISO 27001 accreditations. Additionally, Exponential-e operates a 24 x 7 x 365 CSOC desk to alert for any cyber security issues and potential risks. Our CSOC is built using trusted Unified Security Management (USM) technology, which unlike other SIEM software, combines powerful SIEM and log management capabilities with other essential security tools such as asset discovery, vulnerability assessment, intrusion detection (NIDS and HIDS) to provide a centralised security monitoring of networks and endpoints, all through a single pane of glass.
Equal opportunity

Equal opportunity

MAC 5.1 Provision of inclusive working environment
As a commitment to reducing the disability employment gap Exponential-e has adopted a hybrid working model that allows flexibility. Hybrid working, sometimes referred to as "blended working", is a form of flexible working that allows employees to split their time between attending the workplace and working remotely (typically from home).
MAC 6.1: Tackling inequality in the contract workforce
We are committed to equal pay for the contract workforce. To address our gender pay gap, we have a number of initiatives in place, to not only attract more female talent, but to encourage a more balanced, and rewarding workplace:
• Working with educational institutions to help attract more women into STEM focused roles
• The data shows that the disparity in the bonuses paid is due to the fact there a very few women in senior sales positions. We have a junior sales mentoring programme for both men and women, equally, to encourage progression into senior sales roles, especially for women
• Training is available to cover areas like Equality & Diversity, Unconscious Bias
• We have established a Women’s Working Group who will assist in supporting the attraction, retention and promotion of our female talent across the business
• Flexible working arrangements for all staff to encourage work life balance.
Placement Programme & Apprenticeships
Every year Exponential-e offers placements and apprenticeships to students whose degrees would benefit from working in an operational technical environment. The students are paid, which allows them to practice the theory learnt in the classroom in a real world environment; while also supporting themselves financially.
As part of our commitment to the Government’s Apprenticeships Levy Programme we actively work with registered apprenticeship companies to provide upskilling opportunities to employees across a range of subjects.
Wellbeing

Wellbeing

MAC 7.1: Support health and wellbeing in the workforce
All staff are eligible to join our Private Health scheme (on completion of probationary period) run by Vitality which actively encourages physical and mental wellbeing through a broad variety of programmes design to promote and incentivise wellbeing.
Exponential-e has also implemented the six standards in the Mental Health at Work commitment and where possible follows the mental health enhanced standards in Thriving at Work, as follows:

1. Prioritise Health Wellbeing Through Systematic Programme of Activities
Exponential-e partnered with Care first as an Employee Assistance Programme (EAP) to provide online and counselling services to all our employees.
2. Work Design & Culture Drives Mental Health Outcomes
Exponential-e offers the following benefits package for all eligible employees - Life Assurance, Private Medical Scheme, Employee Assistance Programme, Ride to Work Scheme, Season Ticket Loan, Employee Referral Scheme and Purchase of Holiday Scheme.
3. Promote Open Culture Around Mental Health
Exponential-e has seen a huge shift in attitudes to mental health and we promote and support employees to think and talk about their mental health which subsequently helps the organisation to thrive.
4. Increase Organisational Confidence & Capability
Exponential-e recognises the importance of leadership and management development and provides programmes designed to upskill our managers and strengthen our leadership capabilities.
5. Provide Mental Health Tools & Support
Exponential-e partners with Care first as an Employee Assistance Programme (EAP) to provide online and counselling services to all our employees, including a series of webinars including stress awareness, social anxiety, long Covid, how weather can affect mood and behaviour, financial wellbeing, and breaking bad habits.
6. Increase Transparency/Accountability Through Reporting
Annual Employee Opinion Surveys are used to drive improvements. A monthly Employee Engagement Pulse Survey helps to keep our finger on the pulse of the organisation.

Pricing

Price
£14.79 a user a month
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at psbids@exponential-e.com. Tell them what format you need. It will help if you say what assistive technology you use.