HANDD Business Solutions

Spirion DSPM Data Discovery & Classification - From HANDD Business Solutions

Spirion's Sensitive Data Platform (SDP) provides Privacy Grade™ data discovery and purposeful classification in a highly scalable SaaS hybrid architecture, that thoroughly scans both on-premises endpoints/servers and cloud repositories at enterprise scale. It automatically discovers, classifies, and remediates almost any form of sensitive data anywhere on-premises, the cloud, and endpoints.

Features

• Data Discovery, File Classification, Remediation.
• Data Risk Assessment, Data Governance, Data Compliance

Benefits

• Discover and Classify Sensitive Data
• Protect Sensitive Data via Remediation and Encryption options

£49,999.00 a licence a year

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at matt.parkinson@handd.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

144843457246103

Contact

Matthew Parkinson
07779150169
matt.parkinson@handd.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: Typically requires a separate Professional Services engagement for implementation. The solution is hosted on Azure or AWS.
• System requirements:
  • Support for Windows, MacOS and Red Hat Linux.
  • Leverages perimeter cyber security solutions, DLP, NGFW, CASB

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Four (4) hours, typically, less than two (2) hours.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Standard Support, 9:00am - 5:00pm, Monday through Friday, except Holidays is included with a product subscription license. ; ; Technical Account Manager provides single point of contact, priority routing, strategic advice, detailed product/feature information, configuration advice, customized support and Quarterly health checks, Up to $44,500.00 annual fee
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: User Documentation and Online Training, typically provided by a Certified Implementation Partner.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Our Solution does not store extractable data, nor does it allow for traditional file uploading. Spirion stores "data instances" (data element and file classification data) for customer reporting only, i.e. dashboards and custom reports. Users can download reports and export the data instances information. As a final stage at the end of contract, all stored data will be deleted.
• End-of-contract process: The contract includes a subscription license and support services as elected by the customer for a specific term, typically 12 - 36 months. ; Professional Services would be an add-on to the contract, but is usually part of the initial term in total cost.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: No
• User support accessibility: None or don’t know
• API: No
• Customisation available: No

Scaling

• Independence of resources: The solution performance is not affected by a user number per se, it operates autonomously in the background, not as a user-facing application. The solution is accessed via a web console and is typically managed by one, sometimes two users.

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Spirion

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: The Spirion solution does not store data in the traditional sense. It stores snippets of information as the result of data discovery and classification that are used to build reports. There is no true data export requirement, only reports.
• Data export formats: CSV
• Data import formats: Other
• Other data import formats: Data is not uploaded by users.

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • Bonded fibre optic connections
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Spirion warrants to Customer that Spirion will use commercially reasonable efforts to maintain the availability of the Service; https://www.spirion.com/customer-services#phase-4
• Approach to resilience: HA and weekly/hourly increments to ensure no more than one (1) hour data loss.
• Outage reporting: Email alerts, internal team alerts, support engineering.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
• Access restrictions in management interfaces and support channels: Isolated segmented network only accesses via as needed VPN's.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

• Access to user activity audit information: You control when users can access audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: You control when users can access audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: 360 Advanced
• PCI DSS accreditation date: 16/05/2023
• What the PCI DSS doesn’t cover: Not Applicable.
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: SOC2 Type II, Trust Services Criteria

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • CSA CCM version 3.0
  • Other
• Other security governance standards: SOC 2
• Information security policies and processes: Primary focus is on SOC 2 alerting, auditing, and security policies.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Feature Idea; Ticket creation, SCRUM acceptance; Component created/updated, checked into source control; CICD, with QA validation and testing, including automated regression; Change Management board approval; Staggered deployment
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Third-party Pen Testing; Palo Alto firewall; System monitoring; Within 24-hours; Third-party notices derived from code scanning software (MEND)
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Irregular activity, excessive load, etc.; Remedy the compromise followed by RCA, then by corporate analysis of alert level.; Immediately upon detection
• Incident management type: Supplier-defined controls
• Incident management approach: Yes, we have a predefined process via support engineers and alerting systems.; User log support incidents; Reports provided via secured email

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Equal opportunity
  • Wellbeing

  Equal opportunity

  The Company provides equal employment opportunities to all employees and applicants for employment without regard to race, color, ancestry, national origin, sex, pregnancy, sexual orientation, transgender status, marital status, religion, creed, age, physical or mental handicap or disability, gender identity, gender expression, results of genetic testing, genetic information, past, present or prospective service in the military, or any other characteristic or activity protected under federal, state, or local law. Equal employment opportunity applies to all terms and conditions of employment, including but not limited to hiring, placement, promotion, termination, layoff, recall, transfer, leave of absence, compensation, and training.

  Wellbeing

  The Company recognizes the value of benefits to employees and their families. The Company supports employees by offering a comprehensive and competitive benefits program. For more information regarding benefit programs, please refer to the Company Summary Plan Descriptions (SPD) accessible through the online portals of each benefit carrier. To the extent the information provided here conflicts with the SPD or full plan document, the full plan document will control.; ; The Company offers a benefits package that includes health care, dental, vision, life and accidental death and dismemberment insurance, long-term disability, optional supplemental term life insurance, and others. ; ; Spirion offers an unrestricted paid time off (PTO) policy to provide employees with flexibility in managing their work-life balance. Under this policy, employees are not limited to a specific number of vacation days and are encouraged to take time off as needed, provided that it does not disrupt the workflow or negatively impact their job responsibilities.

Pricing

• Price: £49,999.00 a licence a year
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at matt.parkinson@handd.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.