Skip to main content

Help us improve the Digital Marketplace - send your feedback

  1. Digital Marketplace
  2. Lot 1: Cloud hosting
  3. PNN - PND Secure Government Gateway - PNN - PND Service - Platform FLEX
Nine23

PNN - PND Secure Government Gateway - PNN - PND Service - Platform FLEX

FLEX- A fully managed Nine23 UK-owned enterprise infrastructure(PASF), PNN-PND Confidential-Restricted gateway service accredited (NCSC/GPG) to OFFICIAL-SENSITIVE providing secure connection to PSN government networks from any device or service. PSN Mobile-tablet-laptop devices, hosted applications and services, can connect securely with government services-networks, such as PSN/FN4G/RLI/PNN/PND/HSCN/ESN/LEDS/LECN over standard internet/SD WAN/corporate/PSN-Police connections.

Features

  • Secure scalable Nine23 owned UK hosted managed platform accredited OFFICIAL-SENSITIVE
  • Walled garden boundary protection NCSC Secure by default PNN/PND/LEDS/LECN AP17
  • Secure remote PSN access to sensitive data using always-on VPN
  • NCSC Cloud security principles in fully managed scalable IaaS/PaaS/public/hybrid environments
  • NCSC secure End User Device Guidance profiles UEM/MDM/EMM enterprise mobility
  • Complete secure turnkey solution for managing PSN/PNN/PND/LECN endpoints at Official-Sensitive
  • Management/Service reporting provided on platform usage and performance
  • AV, Patching, Monitoring, Base OS Management, security monitoring, DR management
  • Built-in scaling cloud hosting requirements VMWare cloud architecture Android/Apple/Linux/Windows
  • Secure connection government networks & accessible to internet capability PNN/PND/LEDS

Benefits

  • Native mobile experience for end-users from fully accredited cloud infrastructure
  • Complete end-to-end secure managed solution set-up and in service quickly
  • Connect mobile users to secure services on PSN/PNN/PND via platform
  • Complete end-to-end secure managed solution set-up and in service quickly
  • Secure PSN Code of service/code of connection accredited gateway provider
  • Fully Managed secure official-sensitive service NCSC Cloud Security Principles
  • Secure-container App Secure-messaging Secure-calls Secure-endpoint secure-cloud Remote Device-wipe
  • The service is within the scope of certified ISO27001
  • Secure remote access to enable the remote worker connectivity PSN/PNN/PND/LEDS
  • Samsung-Knox iOS Windows 10 & Android deployments Secure containerisation

Pricing

£2,500 an instance a month

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@nine23.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

2 1 1 0 7 3 7 2 3 0 1 7 4 6 4

Contact

Nine23 Stuart McKean
Telephone: +44 (0) 23 8202 0300
Email: gcloud@nine23.co.uk

Service scope

Service constraints
No service contraints yet identified.
System requirements
  • System outline will be discussed with client
  • No pre-conditions or extra licences required outside the service

User support

Email or online ticketing support
Email or online ticketing
Support response times
Within one hour
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Onsite support
Support levels
We provide a standardised SLA for clients to ensure the service is understood by you, and is sufficiently supported by our engineers. You will be able to interact directly with engineers who know your account and can deal with issues directly without having to first negotiate an unskilled Helpdesk.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Clients can follow documentation on how to initiate and start receiving our services. This can be augmented with training onsite, or delivered remotely. We deliver a standardised service, honed during deliveries to existing public sector clients, meaning a low risk and swift deployment without unexpected consultancy costs.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
Client will provide secure physical media to Nine23, which will then be populated with the specified client data and returned to the client.
End-of-contract process
The client will have been given the data they need to keep for archive or transition purposes. Any managed devices are taken off management which will wipe enterprise and managed data from the devices. The client is then free to undertake any disposal requirements that may be stipulated under IS5. Hosted areas are then made inaccessible to the internet and deleted. This is all provided without cost to the client. Any additional services will be charged based on the day rates on our SFIA rate card.

Using the service

Web browser interface
No
API
No
Command line interface
No

Scaling

Scaling available
Yes
Scaling type
  • Automatic
  • Manual
Independence of resources
Technical separation of resources to client areas is achieved at virtualisation level so that one client is not competing for the same resources as another; client areas are independent private clouds so processing is not shared. Our ITIL aligned service processes have defined scaling markers to ensure the service team is not short-staffed.
Usage notifications
Yes
Usage reporting
Email

Analytics

Infrastructure or application metrics
Yes
Metrics types
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
  • Other
Other metrics
GPG13 compliant reports
Reporting types
Regular reports

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2019
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
Physical access control, complying with CSA CCM v3.0
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Hardware containing data is completely destroyed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery
Yes
What’s backed up
  • Virtual Machines
  • Configuration of machine, firewalls and applications dependent on VSS compliance
  • Profiles
Backup controls
Standard back ups are taken for client data and platforms. Additional requirements are discussed at the outset of the service so that more frequent, or longer archiving of backups can take place, which may be required for the client accreditation.
Datacentre setup
  • Multiple datacentres with disaster recovery
  • Multiple datacentres
  • Single datacentre with multiple copies
Scheduling backups
Supplier controls the whole backup schedule
Backup recovery
Users contact the support team

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
We provide SLAs to each client outlining the expected availability of each service. Unplanned outages that lead to decreased availability from the levels set out in the SLAs lead to credits on those services during the next period.
Approach to resilience
Architectural resiliency is designed into the hosted environment and is backed by the Tier 3+ UK Data Centre (List X and PASF). Details can be given to clients upon request.
Outage reporting
Email alerts to nominated client representatives, with quantitative and qualitative detail.

Identity and authentication

User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
Other user authentication
Multi-Factor authentication solutions
Access restrictions in management interfaces and support channels
We restrict mangement interface access to known personnel on known devices that are authenticated with 2FA and connect via vpn to secured management hosts with limited permissions.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Devices users manage the service through
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device on a government network (for example PSN)
  • Dedicated device over multiple services or networks

Audit information for users

Access to user activity audit information
Users receive audit information on a regular basis
How long user audit data is stored for
Between 1 month and 6 months
Access to supplier activity audit information
Users receive audit information on a regular basis
How long supplier audit data is stored for
Between 1 month and 6 months
How long system logs are stored for
Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
UKAS
ISO/IEC 27001 accreditation date
01/07/2022
What the ISO/IEC 27001 doesn’t cover
14.1.1 Information security requirements analysis and specification
14.1.2 Securing applications services on public networks
14.1.3 Protecting application services transactions
14.2.1 Secure development policy
14.2.6 Secure development environment
14.2.7 Outsourced development
14.3.1 Protection of Test Data
16.1.7 Collection of evidence
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
Yes
Other security certifications
Yes
Any other security certifications
  • Government Ministries' accreditations at OFFICIAL-SENSITIVE (available on request)
  • Cyber Essentials Plus
  • 14 Cloud Security Principles
  • NPPV3 Vetting
  • NHS DSP IG Toolkit - Passed
  • SC Clearances for all Engineering, Project Helpdesk staff
  • NCSC Secure Communications Principles

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
Independently tested and accredited by existing government clients. References available on request.
Information security policies and processes
We are ISO 20000 certified for Service Management, we provide a standardised SLA for clients to ensure the service is understood by you and is sufficiently supported by our engineers. You will be able to interact directly with engineers who know your account and can deal with issues directly without having to first negotiate an unskilled Helpdesk.
All helpdesk staff are SC and NPPV3 cleared.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Services are configured and documented for reference. Changes are initiated with internal or external requests that start a Change Acceptance Process, during which the business imperative, security risks, user impact, and costs are considered. A lightweight process is adopted for agility of service, but If necessary, a full security impact assessment is undertaken and when the requisite authorisations are received, the change is effected and documentation updated.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
We subscribe to a number of vulnerability and threat monitoring agencies including the NCSC threat newsletter. A baseline patching process is maintained monthly for all services, and emergency responses to critical threats are evaluated and actioned appropriately.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Our protective monitoring tools examine SIEM data from our platform and client areas, including GPG13 compliant reporting. Incidents are responded to appropriately based on the severity of the event.
Incident management type
Supplier-defined controls
Incident management approach
Our SyOPs and Security Management Plan outline procedures for incident management and reporting. Our SMP is ISO27k controls and verified by a CCP qualified IA lead.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
Yes
Who implements virtualisation
Supplier
Virtualisation technologies used
VMware
How shared infrastructure is kept separate
Each client instance is separated at the virtualisation layer to private cloud instances, which are further segregated by multiple separation technologies including CPA firewalls and walled garden architectural patterns.

Energy efficiency

Energy-efficient datacentres
Yes
Description of energy efficient datacentres
UKFast were the first UK hosting company to achieve PAS2060 Carbon Neutral standard, enabling us to offer 100% carbon neutral solutions. Our data centres achieve a PUE of <1.3 at full design load. This means that when the data centre is fully occupied, for every 1.3KW of power input into the data centre, 1KW is delivered to the IT equipment. As a data centre operator with a low PUE we reduce our running costs with efficient technologies, that use less power. We pass these cost savings on to our customers. As part of our commitment to energy efficiency, UKFast are certified to the environmental standards of ISO 14001:2015. UKFast has a voluntary Climate Change Agreements (CCA) which a agreement is made with the Environment Agency to reduce energy use and carbon dioxide (CO2) emissions. Although UKFast are not members of the EU code of conduct for data centres, they do adhere to the requirements of the code of conduct.

Social Value

Fighting climate change

Fighting climate change

One of our key objectives for 2022 is to complete certification of ISO 14001:2015 – Environmental Management. This internationally agreed standard sets out the requirement for businesses to review all areas of their organisation and improve their environmental performance through more efficient use of resources and waste reduction. Nine23 are anticipating certification by the end of May 2022. We welcome queries as to the status of this

For an SME it is harder to make a larger strides in reducing the causes of Climate Change; therefore we have joined forces with a number of other global hi-tech companies to set collective goals . The first is with the Trust X Alliance; which brings a number of SME’s together to look at the United Nations Sustainable Development Goals. There are a total of 17 Goals aimed at transforming our world, with Good Health and Wellbeing, Gender Equality, Decent Work and Economic Growth and Climate Action being our main focus.

In addition, Nine23 are part of a pilot group of technology companies working with Net Zero to create a consensus across the Tech industry as to what Net Zero means for businesses in the sector and to provide an industry standard against which business claiming to be Net Zero can be assessed. The goal is to create a pragmatic, effective and publicly available guide for Tech firms to achieve Net Zero. This “protocol” will be practical and easy to use, whilst remaining comprehensive in its scope and ambitious in its scientific robustness - offering businesses a realistic method of achieving credible sustainability goals, in line with the global climate goals required by the Paris Agreement.
Covid-19 recovery

Covid-19 recovery

Nine23 are working hard to help build a stronger economy by supporting Local businesses and creating jobs, apprenticeships and training opportunities within the local community where employees reside.  We work closely with a number of local businesses to supply key areas of support. Accounting, telephony, and the University of Southampton Park - in addition, all hands-on trades are locally based. Where possible we also prefer to use SMEs for hardware or software procurement. We are also members of the living wage foundation and aim to raise living standards of our staff, in addition to paying our taxes.

Nine23 are a firm supporter of the apprenticeship scheme and graduate work placements and have provided numerous opportunities for developing roles through the service desk and marketing departments, into more senior positions.  We are proud our business has a part to play in the wider health of the UK economy.
Tackling economic inequality

Tackling economic inequality

Nine23 Ltd are passionate about tackling economic inequality. We are members of the Living Wage foundation and have moved from being office based, to hybrid working. This has enabled us to recruit further afield, broadening our reach of potential employees and giving us more diverse candidates. We now have staff based in various locations around the UK.

We strongly believe in the 5 foundational principles of quality work as outlined in the Governments Good Work Plan and closely align our culture, processes, and values in support of these. A continual focus on job satisfaction, safety wellbeing & security, fair pay, participation & progression, and voice & autonomy help to attract and retain staff from all backgrounds, minimise staff turnover, increase capability and maximise efficiency. Targeted plans are implemented to ensure continuous improvement in these key areas.

Continued focus alongside ongoing skill development, enables our workforce to reach their potential. Removing their (real or perceived) barriers to success, providing support for educational attainment, including providing training schemes to access professional qualifications ensures that their unique and valuable perspectives and skills are nurtured. Active engagement with the recruitment and development of existing staff and apprentices and offer posts specifically to those seeking to re-train into Digital and Cyber Security related roles. Our most recent apprentice joined Nine23 with a clear path for personal growth whilst learning on the job skills in the highly technical sector of IT support. We will be recruiting more individuals into our Cyber Security apprentice scheme.

We provide support for the existing workforce by providing careers advice, mentoring, coaching, training and development, mock interviews, and CV advice. We give them support for in-house progression and development into high growth areas or known skills shortages.
Equal opportunity

Equal opportunity

Even as a SME we aim to ensure opportunities are available to all. We are actively working to monitor, influence and improve our workforce diversity and social mobilisation efforts.
Nine23 are working hard to help build a stronger economy by supporting Local businesses and creating jobs, apprenticeships and training opportunities within the local community where employees reside.  We work closely with a number of local businesses to supply key areas of support. Accounting, telephony, and the University of Southampton Park - in addition, all hands-on trades are locally based. Where possible we also prefer to use SMEs for hardware or software procurement. We are also members of the living wage foundation and aim to raise living standards of our staff, in addition to paying our taxes.

Nine23 are a firm supporter of the apprenticeship scheme and graduate work placements and have provided numerous opportunities for developing roles through the service desk and marketing departments, into more senior positions.  We are proud our business has a part to play in the wider health of the UK economy.
Wellbeing

Wellbeing

Employee wellbeing has always been a priority - especially during the 2020 – 2022 Pandemic. Whilst all staff have been working from home we have increased our daily check-in calls and staff one2ones to ensure any issues are picked up and support provided as soon as possible.
We have provided free counselling sessions for any member of staff that needs it and supported those that have taken time off work due to sickness.
Nine23 have adapted working hours to fit with the real life situations people have to deal with – from child to caring or the elderly.

Pricing

Price
£2,500 an instance a month
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@nine23.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.