Ultima AvePoint Compliance Guardian
Identify and automatically manage risks associated with content across structured and unstructured data in cloud and on-premise systems. Satisfy internal or external requirements for information management and data governance, including GDPR and the Data Protection Act. Complete DSARs (Data Subject Asset Requests) and Right to be Forgotten requests quickly
Features
- Scan On-Premises platforms, SharePoint, File System, Database, Exchange, Website
- Scan platforms on many popular cloud platforms including Office365
- Rules-based file analysis & classification with automated tagging
- Discover and resolve regulatory violations using standard or custom checks
- Search and export personal data for data subject access requests.
- Automated remediation actions including quarantine, delete, move, encrypt, redact, pseudonymise.
- Block, delete, lock, or redact offending social content
- Automated and user-assisted reviews and incident management
- Reports, dashboards and heatmap on scan results over time.
- Integration with other platforms-Office365 DLP feeds, SIEM systems.
Benefits
- Automatically identify and report privacy, information management, and security violations
- Standardise and enforce content classification based on context and ownership
- Prevent data loss with automated data monitoring and security management
- Efficiently resolve violations with automated actions to secure threats
- Effectively prioritise risks based on organisational requirements
- Assist in regulatory compliance (GDPR, Eprivacy, etc)
- The framework evaluates and mitigates privacy and security risks
- Gain dynamic insight into data with integrated Power BI reports
- Monitor the effectiveness of technical controls based on risk analysis
- Understand & assess risk based on confidentiality, availability and integrity
Pricing
£1.93 a user a month
- Education pricing available
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
1 6 4 9 0 0 2 7 1 7 0 7 5 9 9
Contact
Ultima Business Solutions Ltd
Ultima Bid Office
Telephone: +44333 0158000
Email: publicsectorbids@ultima.com
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Hybrid cloud
- Service constraints
- No
- System requirements
- Requirements are defined in the user guide.
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- Telephone requests are immediate, other methods will be within 2 hours or more dependant on the severity of the request. For more information https://avepoint.com/products/support.
- User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- WCAG 2.1 A
- Phone support
- Yes
- Phone support availability
- 24 hours, 7 days a week
- Web chat support
- Web chat
- Web chat support availability
- 24 hours, 7 days a week
- Web chat support accessibility standard
- WCAG 2.1 A
- Web chat accessibility testing
- This is available through https://www.avepoint.com/products/support
- Onsite support
- Yes, at extra cost
- Support levels
- We provide - Low, Medium, High and Very High levels, more information can be found at https://www.avepoint.com/products/support
- Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- Onboarding services are defined and agreed in a Statement of Work
- Service documentation
- Yes
- Documentation formats
-
- HTML
- End-of-contract data extraction
- Customers own their own data. Compliance Guardian is run in fully customer controlled environments, and stores data in designated locations.
- End-of-contract process
- The functionality will stop working and the customers obligations will end. Where applicable customer data can be exported.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Firefox
- Chrome
- Opera
- Application to install
- Yes
- Compatible operating systems
- Windows
- Designed for use on mobile devices
- No
- Service interface
- Yes
- User support accessibility
- WCAG 2.1 A
- Description of service interface
- The interface is menu-driven and provides access to all the functionality provided by Compliance Guardian.
- Accessibility standards
- WCAG 2.1 A
- Accessibility testing
- Access via URL where management interface is installed
- API
- Yes
- What users can and can't do using the API
- APIs will allow configuration and scanning against data sources that are not available out of the box.
- API documentation
- Yes
- API documentation formats
- HTML
- API sandbox or test environment
- No
- Customisation available
- No
Scaling
- Independence of resources
- The deployment architecture is designed based on specific demand forecast on a per customer basis.
Analytics
- Service usage metrics
- Yes
- Metrics types
- Compliance Guardian works with AvePoint's extended Compliance Solutions to provide a heat map that provides additional actionable context about the document including: how old is the document, who authored it, how many times has it been accessed, who can access it, who has accessed it, and what have they done with it. In this way, organizations can take specific steps to protect and mitigate their risk.
- Reporting types
- Real-time dashboards
Resellers
- Supplier type
- Reseller providing extra features and support
- Organisation whose services are being resold
- AvePoint
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Security Clearance (SC)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
-
- United Kingdom
- European Economic Area (EEA)
- Other locations
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Supplier-defined controls
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- Another external penetration testing organisation
- Protecting data at rest
-
- Physical access control, complying with SSAE-16 / ISAE 3402
- Encryption of all physical media
- Scale, obfuscating techniques, or data storage sharding
- Data sanitisation process
- Yes
- Data sanitisation type
- Explicit overwriting of storage before reallocation
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
- Not applicable
- Data export formats
- Other
- Other data export formats
- Not applicable
- Data import formats
- Other
- Other data import formats
- Not applicable
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- Private network or public sector network
- TLS (version 1.2 or above)
- Data protection within supplier network
- TLS (version 1.2 or above)
Availability and resilience
- Guaranteed availability
- Availability is set within the SLA
- Approach to resilience
- AvePoint leverages Microsoft Azure for hosting it's cloud services. For components of Compliance Guardian that are deployed within the customers network, availability will be reliant upon redundancy and disaster recovery planning.
- Outage reporting
- AvePoint will notify customer's of any outages or service interruptions.
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Dedicated link (for example VPN)
- Username or password
- Access restrictions in management interfaces and support channels
- All authentication is carried out against Microsoft Azure or any support Azure authentication method
- Access restriction testing frequency
- At least every 6 months
- Management access authentication
- Identity federation with existing provider (for example Google Apps)
Audit information for users
- Access to user activity audit information
- Users contact the support team to get audit information
- How long user audit data is stored for
- Between 6 months and 12 months
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- Between 6 months and 12 months
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- ControlCase
- ISO/IEC 27001 accreditation date
- 29/06/2018
- What the ISO/IEC 27001 doesn’t cover
- Everything within scope of this product is covered by the certification.
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- No
- Cyber essentials plus
- No
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
- ISO27001 and Cyber Essentials
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
- Change Management is documented, requested, reviewed, approved, tested, and finally followed out during off hours in order to have minimal effect on customers.
- Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
- We subscribe to security bulletins and stay abreast of recent 0 day vulnerabilities as well as maintaining an active patch cycle
- Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
- We leverage the Azure Health Status page as well as service monitoring. Please refer to Azure documentation https://docs.microsoft.com/en-us/azure/best-practices-network-security for details. Customers are notified via Administrative Console alerts or directly by Customer Success as threats are identified, with proposed course of action.
- Incident management type
- Supplier-defined controls
- Incident management approach
- Long standing experienced help-desk available 24x7, backed by breach management procedures to notify customers, post information publicly when necessary, and dedicate development resources to a swift resolution.
Secure development
- Approach to secure software development best practice
- Conforms to a recognised standard, but self-assessed
Public sector networks
- Connection to public sector networks
- No
Social Value
- Social Value
-
Social Value
- Fighting climate change
- Covid-19 recovery
- Tackling economic inequality
- Equal opportunity
Fighting climate change
Fighting climate change
AvePoint are a Cloud based delivery organisation therefore reduce the impact of running Datacenters in the organisationsCovid-19 recovery
Covid-19 recovery
AvePoint are helping raising the Digital Skills in the region through education platformsTackling economic inequality
Tackling economic inequality
AvePoint are offering a Digital Inclusion for the digital deprived in the region to raise the skills and ability to find employmentEqual opportunity
Equal opportunity
AvePoint is a UK employer who has a full equal opportunity approach
Pricing
- Price
- £1.93 a user a month
- Discount for educational organisations
- Yes
- Free trial available
- Yes
- Description of free trial
- It is possible to trial the product for a limited period.
- Link to free trial
- https://www.avepoint.com/uk/products/hybrid/compliance-guardian Please contact Sales_UK@AvePoint.com to initiate trial.