Skip to main content

Help us improve the Digital Marketplace - send your feedback

Ultima Business Solutions Ltd

Ultima AvePoint Compliance Guardian

Identify and automatically manage risks associated with content across structured and unstructured data in cloud and on-premise systems. Satisfy internal or external requirements for information management and data governance, including GDPR and the Data Protection Act. Complete DSARs (Data Subject Asset Requests) and Right to be Forgotten requests quickly

Features

  • Scan On-Premises platforms, SharePoint, File System, Database, Exchange, Website
  • Scan platforms on many popular cloud platforms including Office365
  • Rules-based file analysis & classification with automated tagging
  • Discover and resolve regulatory violations using standard or custom checks
  • Search and export personal data for data subject access requests.
  • Automated remediation actions including quarantine, delete, move, encrypt, redact, pseudonymise.
  • Block, delete, lock, or redact offending social content
  • Automated and user-assisted reviews and incident management
  • Reports, dashboards and heatmap on scan results over time.
  • Integration with other platforms-Office365 DLP feeds, SIEM systems.

Benefits

  • Automatically identify and report privacy, information management, and security violations
  • Standardise and enforce content classification based on context and ownership
  • Prevent data loss with automated data monitoring and security management
  • Efficiently resolve violations with automated actions to secure threats
  • Effectively prioritise risks based on organisational requirements
  • Assist in regulatory compliance (GDPR, Eprivacy, etc)
  • The framework evaluates and mitigates privacy and security risks
  • Gain dynamic insight into data with integrated Power BI reports
  • Monitor the effectiveness of technical controls based on risk analysis
  • Understand & assess risk based on confidentiality, availability and integrity

Pricing

£1.93 a user a month

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at publicsectorbids@ultima.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

1 6 4 9 0 0 2 7 1 7 0 7 5 9 9

Contact

Ultima Business Solutions Ltd Ultima Bid Office
Telephone: +44333 0158000
Email: publicsectorbids@ultima.com

Service scope

Software add-on or extension
No
Cloud deployment model
Hybrid cloud
Service constraints
No
System requirements
Requirements are defined in the user guide.

User support

Email or online ticketing support
Email or online ticketing
Support response times
Telephone requests are immediate, other methods will be within 2 hours or more dependant on the severity of the request. For more information https://avepoint.com/products/support.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 A
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
Web chat
Web chat support availability
24 hours, 7 days a week
Web chat support accessibility standard
WCAG 2.1 A
Web chat accessibility testing
This is available through https://www.avepoint.com/products/support
Onsite support
Yes, at extra cost
Support levels
We provide - Low, Medium, High and Very High levels, more information can be found at https://www.avepoint.com/products/support
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Onboarding services are defined and agreed in a Statement of Work
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Customers own their own data. Compliance Guardian is run in fully customer controlled environments, and stores data in designated locations.
End-of-contract process
The functionality will stop working and the customers obligations will end. Where applicable customer data can be exported.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Firefox
  • Chrome
  • Opera
Application to install
Yes
Compatible operating systems
Windows
Designed for use on mobile devices
No
Service interface
Yes
User support accessibility
WCAG 2.1 A
Description of service interface
The interface is menu-driven and provides access to all the functionality provided by Compliance Guardian.
Accessibility standards
WCAG 2.1 A
Accessibility testing
Access via URL where management interface is installed
API
Yes
What users can and can't do using the API
APIs will allow configuration and scanning against data sources that are not available out of the box.
API documentation
Yes
API documentation formats
HTML
API sandbox or test environment
No
Customisation available
No

Scaling

Independence of resources
The deployment architecture is designed based on specific demand forecast on a per customer basis.

Analytics

Service usage metrics
Yes
Metrics types
Compliance Guardian works with AvePoint's extended Compliance Solutions to provide a heat map that provides additional actionable context about the document including: how old is the document, who authored it, how many times has it been accessed, who can access it, who has accessed it, and what have they done with it. In this way, organizations can take specific steps to protect and mitigate their risk.
Reporting types
Real-time dashboards

Resellers

Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
AvePoint

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
User control over data storage and processing locations
Yes
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Yes
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Not applicable
Data export formats
Other
Other data export formats
Not applicable
Data import formats
Other
Other data import formats
Not applicable

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Availability is set within the SLA
Approach to resilience
AvePoint leverages Microsoft Azure for hosting it's cloud services. For components of Compliance Guardian that are deployed within the customers network, availability will be reliant upon redundancy and disaster recovery planning.
Outage reporting
AvePoint will notify customer's of any outages or service interruptions.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
All authentication is carried out against Microsoft Azure or any support Azure authentication method
Access restriction testing frequency
At least every 6 months
Management access authentication
Identity federation with existing provider (for example Google Apps)

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
Between 6 months and 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
Between 6 months and 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
ControlCase
ISO/IEC 27001 accreditation date
29/06/2018
What the ISO/IEC 27001 doesn’t cover
Everything within scope of this product is covered by the certification.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
No
Cyber essentials plus
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
ISO27001 and Cyber Essentials

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Change Management is documented, requested, reviewed, approved, tested, and finally followed out during off hours in order to have minimal effect on customers.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
We subscribe to security bulletins and stay abreast of recent 0 day vulnerabilities as well as maintaining an active patch cycle
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
We leverage the Azure Health Status page as well as service monitoring. Please refer to Azure documentation https://docs.microsoft.com/en-us/azure/best-practices-network-security for details. Customers are notified via Administrative Console alerts or directly by Customer Success as threats are identified, with proposed course of action.
Incident management type
Supplier-defined controls
Incident management approach
Long standing experienced help-desk available 24x7, backed by breach management procedures to notify customers, post information publicly when necessary, and dedicate development resources to a swift resolution.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Social Value

Social Value

Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity

Fighting climate change

Fighting climate change

AvePoint are a Cloud based delivery organisation therefore reduce the impact of running Datacenters in the organisations

Covid-19 recovery

Covid-19 recovery

AvePoint are helping raising the Digital Skills in the region through education platforms

Tackling economic inequality

Tackling economic inequality

AvePoint are offering a Digital Inclusion for the digital deprived in the region to raise the skills and ability to find employment

Equal opportunity

Equal opportunity

AvePoint is a UK employer who has a full equal opportunity approach

Pricing

Price
£1.93 a user a month
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
It is possible to trial the product for a limited period.
Link to free trial
https://www.avepoint.com/uk/products/hybrid/compliance-guardian Please contact Sales_UK@AvePoint.com to initiate trial.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at publicsectorbids@ultima.com. Tell them what format you need. It will help if you say what assistive technology you use.