Oakford Internet Services Limited

Hosted Web Filtering

Our Cloud Hosted Web Filtering solution provides packet-level, real-time categorisation of websites and dynamic categorisation of web content. The solution integrates with Active Directory and Google Apps to provide granular filtering policies and detailed real time reports. The solution can be customised via a web app by the customers.

Features

High availability
Cloud Hosted
User Based Filtering
Logging and Monitoring
UK based
Internet Watch Foundation Member
Packet Level Filtering
Google Safe Search
ISO27001 Certified

Benefits

No need to manage an onsite appliance
Ssimply access the admin panel via a web browser
Our reporting module provides the information you require as ITadmin.
Create custom reports as required to suit your needs.
compliance with GDPR, data protection, security
Our solution integrates with Microsoft Active Directory and Google Apps
Protect your users from inappropriate material even within search engines
Create granular filtering policies by user, group, time and day,
Provides a safe and secure Internet experience for your users.
compliance with business, improved confidence,

£0.96 a user a month

Education pricing available

Service documents

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@oakfordis.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

Contact

Oakford Internet Services Limited OCS Contact Team
Telephone: 03302 230 230
Email: sales@oakfordis.com

Service scope

Service constraints: Our Web Filtering service is provided at packet level so will support any devices on your network. For further features the Windows and Google Chrome app is available.

Unplanned downtime is reduced by employing a strict change control process. Regular maintenance is performed in published slots with a regression plan always considered.
System requirements: Internet connection

User support

Email or online ticketing support: Email or online ticketing
Support response times: Response times to tickets within 4 hours during business hours.

Critical incidents prioritised but must be notified via telephone.
User can manage status and priority of support tickets: Yes
Online ticketing support accessibility: None or don’t know
Phone support: Yes
Phone support availability: 9 to 5 (UK time), Monday to Friday
Web chat support: No
Onsite support: Yes, at extra cost
Support levels: A Technical Account Manager is provided to all Web Filtering customers. The TAM is responsible for all commercial, consultancy and escalation matters.

The service platform is proactively monitored 24/7.

The Oakford service desk is available for escalation support via email and telephone during business hours.
Support available to third parties: Yes

Onboarding and offboarding

Getting started: Online training and user documentation are provided.
Service documentation: Yes
Documentation formats: HTML

PDF
End-of-contract data extraction: Users have unrestricted access to their data and are always in full control allowing data extraction at any point during their contract.
End-of-contract process: The off-boarding process is started when a de-provisioning request is received. This can be provided as a support request or directly to the account manager via email.

The same platform support is available during the off-boarding process. Additional off-boarding service may be requested at an additional cost if users require a full decommissioning service, data extraction or migration as well as support for 3rd parties. OIS is also able to offer planning advice as part of the additional service.

Using the service

Web browser interface: Yes
Using the web interface: Ability to set up new instances and virtual networks via web interface.

Ability to allocate assigned resources.

Ability to connect to console allowing to make any changes to own instances and networks.
Web interface accessibility standard: None or don’t know
How the web interface is accessible: Screen readers can process highlighted text within the portal.
Web interface accessibility testing: Tested Edge and Chrome screen readers in lab.
API: Yes
What users can and can't do using the API: All functionalities available via the web console are also available via API.
API automation tools: Ansible

Chef

Puppet

Other
Other API automation tools: Cloud Monkey

Any REST compatible automation tool
API documentation: Yes
API documentation formats: HTML
Command line interface: Yes
Command line interface compatibility: Linux or Unix
Using the command line interface: All functionalities available via the web interface are available via the command line.

Scaling

Scaling available: Yes
Scaling type: Manual
Independence of resources: Intelligent resource allocation is employed.
Usage notifications: Yes
Usage reporting: Email

Analytics

Infrastructure or application metrics: Yes
Metrics types: CPU

Disk

Memory

Network

Number of active instances
Reporting types: API access

Real-time dashboards

Resellers

Supplier type: Not a reseller

Staff security

Staff security clearance: Other security clearance
Government security clearance: Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations: Yes
Data storage and processing locations: United Kingdom
User control over data storage and processing locations: No
Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency: At least every 6 months
Penetration testing approach: In-house
Protecting data at rest: Physical access control, complying with CSA CCM v3.0

Physical access control, complying with another standard
Data sanitisation process: Yes
Data sanitisation type: Deleted data can’t be directly accessed
Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery: No

Data-in-transit protection

Data protection between buyer and supplier networks: Private network or public sector network

TLS (version 1.2 or above)

IPsec or TLS VPN gateway
Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability: 99.8% in accordance with the service terms.
Approach to resilience: Available on request
Outage reporting: In an unlikely event of a service outage OIS will follow a defined process of handling such incidents.

Service outages will be reported via a public dashboard and updated regularly.
Other methods will also be employed as appropriate; these include email, SMS or telephone communication.

Identity and authentication

User authentication: Dedicated link (for example VPN)

Username or password
Access restrictions in management interfaces and support channels: User access control.
Access restriction testing frequency: At least every 6 months
Management access authentication: Username or password

Other
Description of management access authentication: Limited access from within secure network.
Devices users manage the service through: Dedicated device on a segregated network (providers own provision)

Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)

Audit information for users

Access to user activity audit information: Users have access to real-time audit information
How long user audit data is stored for: User-defined
Access to supplier activity audit information: Users have access to real-time audit information
How long supplier audit data is stored for: User-defined
How long system logs are stored for: Less than 1 month

Standards and certifications

ISO/IEC 27001 certification: Yes
Who accredited the ISO/IEC 27001: QAS International
ISO/IEC 27001 accreditation date: 30/05/2017
What the ISO/IEC 27001 doesn’t cover: All processes are covered.
ISO 28000:2007 certification: No
CSA STAR certification: No
PCI certification: No
Cyber essentials: Yes
Cyber essentials plus: No
Other security certifications: No

Security governance

Named board-level person responsible for service security: Yes
Security governance certified: Yes
Security governance standards: ISO/IEC 27001
Information security policies and processes: ISO27001 certified Information Security Management System is in place covering all cloud services offered.

Operational security

Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach: All assets are tracked, risk assessed and managed.
Documented change management processed is followed with all configuration items controlled by the process. Change Requests are raised and reviewed by Change Advisory Board (CAB) considering the systems affected, time of the change, its urgency as well as any regression plans required.
Vulnerability management type: Undisclosed
Vulnerability management approach: An automated vulnerability scanning is performed according to a regular schedule on all elements of the core infrastructure.
Results are classified and all critical vulnerabilities are removed by patching or other relevant means as soon as it is possible in accordance with maintenance and changes processes.
Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach: All systems are constantly monitored and regularly scanned using industry leading AlienVault systems. Results are reviewed and appropriate action taken as a priority.
Response follows a documented process.
Incident management type: Supplier-defined controls
Incident management approach: OIS monitors all of its systems to proactively detect incidents as they arise. These are being evaluated using a priority matrix following ITIL methodology. Incidents can also be reported via email or telephone and undergo the same process.
Oakford follows an agreed process for handling any Major Service incidents including customer communication and regular updates.
Major incidents are always analysed with relevant actions taken as a result.

Secure development

Approach to secure software development best practice: Supplier-defined process

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
Who implements virtualisation: Supplier
Virtualisation technologies used: KVM hypervisor
How shared infrastructure is kept separate: Each organisation is assigned separate VLAN.

Energy efficiency

Energy-efficient datacentres: Yes
Description of energy efficient datacentres: Data centres adhere to EU Code of Conduct.

Pricing

Price: £0.96 a user a month
Discount for educational organisations: Yes
Free trial available: No

Service documents

Request an accessible format

Cookies on Digital Marketplace

Hosted Web Filtering

Features

Benefits

Pricing

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Backup and recovery

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Separation between users

Energy efficiency

Social Value

Pricing

Service documents