Grove Information Systems

Mimecast - Email Security, Archiving, Continuity and Anti Phishing Training

Mimecast Unified Email Management and Cyber Resilience platform is an always-on, cloud-based service that offers organisations the unique benefits of fully integrated email security, business and operations-critical cyber continuity; and archiving solutions.

Features

• Multi-layered malware protection against known and zero-day threats.
• 100% virus protection; 99% spam protection; 0.0001% spam false positives
• Immediate enforcement of email security and DLP policies.
• Sandbox email attachments to protect against malicious scripts.
• Transcribe attachments in real-time delivering 100% safe file to users
• On-click URL scanning protects against good websites turning bad.
• Protection against social engineering attacks like whaling or CEO fraud.
• Perpetual, journal email archive backed by 7 sec search SLA.
• Always-on email continuity from Outlook, Mac, Mobile and Browser.
• Detailed audit, logging and reporting with roles based access control

Benefits

• Comprehensive email security- protection from malware-less social-engineering attacks
• Continuity service- RPO/RTO close to zero and 100% service availability
• SLA-backed protection from spam and malware.
• Full email/attachment scanning to control or block sending sensitive information.
• All features managed through a single, web-based console.
• Mimecast plug-in for Outlook™ and apps available- iOS™/Android™/Windows Phone/BlackBerry
• Highly secure and resilient offsite, cloud-based perpetual email archive.
• Comprehensive email security- protection from weaponized attachments/malicious URLs
• Fast search for e-discovery, compliance and litigation

£20 to £79 a user a year

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at pwitheridge@groveis.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

148809262596039

Contact

Philip Witheridge
+44 207 493 6741
pwitheridge@groveis.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Mimecast Awareness Training
• Cloud deployment model: Private cloud
• Service constraints: None
• System requirements:
  • The core service does not have any system requirements
  • Various add on product require certain Outlook Pre requisites.

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: We operate in a non-stop, global business environment —24 hours a day, 365 days a year—offering a range of specially tailored support packages. Grove’s Premier Support options include dedicated technical success managers, priority responses, customised escalations, weekly and monthly reports as well as clear service level agreement (SLA) guidelines.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: P1 ; - Critical business impact or critical loss of service; - The issue must be logged via telephone; A resolution of a next-steps action plan will be relayed within four hours for all support cases received from customers during each annual support period.; ; P2; - Major or partial loss of service, where a work-around does not exist; - Issue must be logged via telephone or the support portal; A resolution or an initial next-steps action plan will be relayed within five hours, provided the customer provides all requested information in a timely manner.; ; P3; - Questions, how-to queries or minor service impact; - The issue must be logged via telephone or the support portal; - A resolution plan will be relayed within eight hours, provided the customer provides all requested information in a timely manner.; ; P4; - Documentation and enhancement requests; - Issue must be logged via telephone or the support portal; A resolution plan will be relayed within 24 hours, provided the customer provides all requested information in a timely* manner.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: We deploy the service and configure service to customers requirements.; We then provide Admin training either on site or online depending on the customers requirements.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
  • Other
• Other documentation formats: EML
• End-of-contract data extraction: Mimecast professional services can extract data for a pre-agreed fee or users can export the data themselves via pst or eml
• End-of-contract process: Mimecast will stop providing services to the customer and data will be deleted.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Accessible via browser
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Full Administrative Console
• Accessibility standards: WCAG 2.1 AAA
• Accessibility testing: Used interface extensively with no issues
• API: Yes
• What users can and can't do using the API: There is a wide range of functionality offered via the API, this detail can be found on the below link. - https://www.mimecast.com/developer/
• API documentation: Yes
• API documentation formats:
  • HTML
  • Other
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Administrators can customise user settings, filters, rules, mail routing etc

Scaling

• Independence of resources: The MIME|OS platform is designed to ensure that load is equally balanced across services.

Analytics

• Service usage metrics: Yes
• Metrics types: Dashboard provides metrics of uptime, mailflow usage etc
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: Mimecast

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: In-house
• Protecting data at rest: Other
• Other data at rest protection approach: See security pack
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Administrators can export their users data via web interface
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • XLS
  • EML
  • PST
  • Exchange Journal
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • Xls
  • PST

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: Other
• Other protection within supplier network: See security pack.

Availability and resilience

• Guaranteed availability: 100% service uptime SLA (this is not a guarantee)
• Approach to resilience: Multiple data centres with no single point of failure.
• Outage reporting: Via the administration centre or via customer success representitives.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: Multiple Admins roles with limited or reduced access levels as required
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: See security pack
• ISO/IEC 27001 accreditation date: See security pack
• What the ISO/IEC 27001 doesn’t cover: See security pack
• ISO 28000:2007 certification: No
• CSA STAR certification: Yes
• CSA STAR accreditation date: See security pack
• CSA STAR certification level: Level 1: CSA STAR Self-Assessment
• What the CSA STAR doesn’t cover: See security pack
• PCI certification: Yes
• Who accredited the PCI DSS certification: See security pack
• PCI DSS accreditation date: See security pack
• What the PCI DSS doesn’t cover: See security pack
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: https://www.mimecast.com/company/mimecast-trust-center/

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: See security pack
• Information security policies and processes: https://www.mimecast.com/company/mimecast-trust-center/

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: See security pack
• Vulnerability management type: Undisclosed
• Vulnerability management approach: Details can be provided upon request
• Protective monitoring type: Undisclosed
• Protective monitoring approach: Details can be provided upon request
• Incident management type: Undisclosed
• Incident management approach: Details can be provided upon request

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Tackling economic inequality

  Tackling economic inequality

  The solutions and services we offer to G Cloud procurement organisations typically require new skill sets for which we provide employment and follow on mentorship training and growth opportunities.

Pricing

• Price: £20 to £79 a user a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: New accounts have a 30 day opt out.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at pwitheridge@groveis.com. Tell them what format you need. It will help if you say what assistive technology you use.