Xalient Holdings Limited

Managed SSE Services (Secure Service Edge)

By providing secure access to the internet, cloud services, and private apps regardless of the user's location, SSE is a single-vendor, cloud-centric integrated solution that speeds up digital transformation. Threat detection and response, platform support, and setup are all included in the service. Xalient utilises: Netscope, HPE Aruba, and Zscaler.

Features

• 24x7 Dedicated NOC and Infrastructure support teams
• Operational support and platform management
• Configuration and policy management
• Flexible and transparent pricing model that maps to your needs
• Regularly review risk indicators, business value, and security maturity
• 24x7 Security incident investigation, analysis, and management
• Service delivery management providing service oversight, reporting, governance, and CSI

Benefits

• One solution providing CASB, SWG, ZTNA, FWaaS, other security services
• Unified agent or agentless deployment models
• Centralised console to provide unified security services
• Secures access and data across the web, cloud, private apps
• From any location, any application, and any device

£0 a unit

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidmanagement@xalient.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

172302362899168

Contact

Sherry Vaswani
+44 (0)207 096 3100
bidmanagement@xalient.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: All vendor solutions can be used as a standalone solution, however parts of the solution can be used as an add-on to public cloud and private applications
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Hybrid cloud
• Service constraints: Management and support are provided remotely, using secure and encrypted management connections.; Engineer-to-site can be facilitated in emergency situations.
• System requirements:
  • Network provider access provision on customer sites
  • Physical environment space and power required on sites

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: In line with our SLA's i.e. from 30 minutes to 1 day depending on priority
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AAA
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Yes, at an extra cost
• Web chat support availability: 24 hours, 7 days a week
• Web chat support accessibility standard: WCAG 2.1 AAA
• Web chat accessibility testing: Microsoft Teams
• Onsite support: Yes, at extra cost
• Support levels: All service support levels are supported by specialist service management support and cloud engineering.; Severity - P1; Key site or multi-site outage, or loss of service for an application.; An issue that significantly affects all staff not able to perform their role.; An issue that significantly affects the activities of the business.; The impact on the reputation of the business is high.; An issue that poses a significant risk to the customer’s applications and data security.; 30 mins 2 Hours Next Business Day; Availability – 24x7x365; ; Severity P2; Standard site outage or lose Critical functionality or network access interrupted or degraded.; An issue that significantly affects a moderate number of staff, with an impact on performing their role.; An issue that will moderately affect activities of the business.; The impact on the reputation of the business is moderate.; Poses some risk to the customer’s data security.; 60 mins 4 Hours Next Business Day; Availability – 24x7x365; ; Severity P3; Causes no significant impact on business activities.; Affects a minimal number of staff, minimal impact; An issue that will minimally affect business activity; 4 hours 8 Hours Next Business Day; Availability – 24x7x365; ; Severity P4; 12 hours 2 Days 5 Business Days
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Training can be delivered onsite, or offsite. Training is 1-day in duration. Further training can be provided at additional cost. User documentation can be provided if required which can be customised specifically for the customers services being protected. Engineers can be deployed to assist with configuration and resolution of onboarding issues.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Configuration can be extracted from the Orchestrator platform in .csv and other exportable formats
• End-of-contract process: Service is disabled / decommissioned. All data is destroyed Data can be returned to the customer

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Chrome
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: WCAG 2.1 AAA
• Description of service interface: We will provide a web interface to the solution dashboard in read only mode. This will allow customers to gain full visibility of the service and help to plan for any additional requirements.; ; No changes will be possible through the solution dashboard. Any change management requests will be done through our ITSM system
• Accessibility standards: WCAG 2.1 AAA
• Accessibility testing: We have carried out testing with accessible users for our solution and service management dashboards
• API: No
• Customisation available: Yes
• Description of customisation: Numbers of users, any additional add ons

Scaling

• Independence of resources: Each solution is per customer and hosted on a separate virtual platform to maintain security requirements and availability of the platform, therefore not impacted by other users

Analytics

• Service usage metrics: Yes
• Metrics types: CPU; Disk; Memory; Network; Number of active instances
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Service is disabled / decommissioned. All data is destroyed Data can be returned to the customer
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: 99.9% system availability. This is accomplished via load balancing and failover resources.
• Approach to resilience: To ensure the 99.9% system availability, Xalient uses failover processes with disaster prevention mechanisms in place.
• Outage reporting: Dashboard.; All users will also receive email alerts informing them of the problem, estimated outage time and a further email once fully restored.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
• Other user authentication: API token and oauth 2.0
• Access restrictions in management interfaces and support channels: Access to support channels is only granted to administrative users and security check is carried out when a user raises a support ticket. Management interfaces is also locked down to administrative users.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
• Description of management access authentication: API token and oauth 2.0

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: Between 1 month and 6 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: Between 1 month and 6 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 22/2/2024
• What the ISO/IEC 27001 doesn’t cover: Development and secure areas are out of scope (such as a SOC), we have secure offices however.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: List Below of all Xalient’s Information Security Policies:; • Information security manual; • Nonconformity and corrective action; • Non-Conformance, IS Incident, Improvement and Action Report Log; • Document control; • Effectiveness measurement; • Risk assessment and Treatment; • Information security policy; • Management review; • Personnel screening; • Employee Joiners, Movers, Leaver; • Asset inventory and ownership; • Acceptable Use Policy; • Media Handling; • Hardware, Software, Information and Intangible assets; • Access control policy; • Access Control Rules and Use Access Management; • Cryptographic Control and Key Management; • Physical and Environmental Security; • Operations Security; • Change Management; • Network Access Control procedure; • Supplier Information Security Procedure; • Supplier risk; • Information Security Incident Management; • Collection of evidence; • Information security continuity plan (Business Continuity); • Compliance with Legal and Contractual Requirements

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: All changes are submitted and reviewed weekly on CAB meetings.; ISO20000 aligned
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: We have full endpoint management provided by Sophos, we also use Mimecast and Impersonation Protection. The ISC (information security steering community) assesses threats and risks on a monthly basis. The Information Security Manager assesses threats daily. Our users are all individually firewalled also (zScaler).; Security patches within one week (although they are assessed), all other patches with 45 days.; Vendors, the Government (NCSC), Sophos, Bulletins, the ICO
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: We have no infrastructure, only laptops. We use Sophos endpoint protection which uses realtime analysis of all laptops against the latest malware definitions. This is monitored by our IT team and IT Manager; Alerts are flagged to the individual and they should escalate, however the same alerts are sent to the IT team who would follow up immediately. Any potential threats are quarantined until they can be assessed and traced.; Immediately (in core business hours), outside of business hours it’ll be the following business day.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Everything is flagged and treated the same. We have very few incidents due to our technical controls for automatically restricting and blocking.; Security Team (Information Security Manager, Internal Systems Manager and Chief Operational Officer).; The ISC will co-ordinate breach reporting to the Information Commissioners Office within 72 hours of becoming aware of a relevant breach. They will also evaluate whether the breach is ‘likely to result in a high risk to the rights and freedoms’ of the data subject. If this is determined to be the case the incident will also be reportable to the data subjects without undue delay.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  We take our responsibilities towards sustainability very seriously, encouraging all staff members to adopt sustainable practices. Our aim is to engage our staff and stakeholders in identifying and delivering environmental objectives which will eliminate, or at least minimize as far as possible any impact we have on the environment.; To date, we have offset 100 tonnes of Co2, partnering with Make It Wild who have planted trees on our behalf. We plan to offset a further 100 tonnes again this year, as we work towards achieving a carbon-neutral status.; Alongside this, we apply a ‘circular economy’ approach to the re-use of IT equipment, scalability of solutions, flexibility of services and reduction of e-waste as well as operating a paperless office environment.; Furthermore, we are helping our customers migrate their existing power-hungry, on-premise workloads to the cloud, providing scalable, secure solutions that enable them to achieve ESG compliance

  Tackling economic inequality

  Skill Development Culture; ; We focus on attracting, engaging, developing and retaining talented individuals, providing opportunities for career-long learning and development and safe workplaces within an inclusive culture that values diversity.; ; Educational Collaboration; ; Xalient commits to working with educational establishments in the area, in 2021 we collaborated with teams from Leeds University to support and guide c.20 graduates with supervised project work to bring a real-world perspective and experience to their studies.; ; Xalient’s can evidence the following inclusive growth commitments:; ; • Inspire the next generation by working with schools and/or colleges; ; • Develop a Skills Plan including Apprenticeships; ; • Offer training to low paid staff to help them progress; ; • Offer more sustainable ‘green travel’ options to employees; ; • Pay small business suppliers in accordance with the Prompt Payment Code - including a commitment to pay all suppliers within 60 days and to commit to 30 days as the norm; ; • Commit to paying staff the Real Living Wage within an agreed timescale; ; • Other inclusive growth commitments bespoke to the company’s own policies, considered sufficient by the Combined Authority

  Equal opportunity

  Diversity & Inclusion has especially been at the core of the Company’s principles, since its inception, not least as the Company’s own CEO and Founder is a woman of ethnic origin, in a Technical industry. The Company’s subsequent growth and global expansion has presented the opportunity to further enhance our workforce with the benefits of diversity in every respect. This commitment is implemented and maintained through a number of structured and progressive programmes, such as Development & Mentoring, Training and Performance Management and, more recently, a global ‘Culture & Inclusion Programme’. The Culture & Inclusion Programme is many faceted and carries several initiatives which ensure that all employees ‘have a voice’ across the business and all geographies – an opportunity to influence the shape of the Company and continually improve. Integral to this is the ‘Career Hub’ which provides all employees with learning programmes, career roadmaps, guidance and support to progress within the Company. Communication, shared multicultural recognition and celebrations and wellbeing initiatives, are all also part of the Culture & Inclusion Programme. Workshops are conducted to familiarise and gain commitment to the programme and continual activity retains the interest, knowledge and understanding across the business. We are proud that our diversity statistics are far higher than the Industry average for gender and ethnic origin, at all levels in the Company.

  Wellbeing

  We recognise how important it is that our staff have a healthy work/life balance and offer several wellbeing activities to ensure we support each and every member:; Xalient provide an Employee Assistance programme to which employees can access an app called My healthy advantage. The health and wellbeing app provides proactive wellbeing tools and engaging features. Each feature has been carefully built with the user’s wellbeing in mind. Designed to improve the mental and physical health of the users by using personal metrics to set bespoke goals and achievements.; We provide monthly wellness seminars the most recent being: A practical guide to reducing stress. We have an external NLP coach who heads theses seminars and offers help and support if needed. All seminars are recorded for staff who are unable to attend to view when they have time.; ; Members of Xalient are MHFA’s (Mental Health First Aider’s) ensuring a point of contact for other staff to reach out and always be available to offer help and support or just to talk.; ; All office staff are given the option of hybrid working with a 60/40 split ensuring they have equal amount of work/life balance. This has been part of our working contract since the pandemic and we will continue to offer this to all employees it is vital that all members of staff feel they have a healthy work/life balance.; For our new starters we offer a ‘buddy’ system to which we pair new staff with someone who is outside their team and someone who can support, reach out to and help new members to relax during the nerve-wracking first few months, we believe our buddy system helps our employees feel supported and valued. Making employees feel like they're part of the Xalient team which improves both morale and retention.

Pricing

• Price: £0 a unit
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidmanagement@xalient.com. Tell them what format you need. It will help if you say what assistive technology you use.