Avantis Performance Ltd

Secure Bearer of Opportunity (SBOO)

SBoO is a resilient, transportable communication solution, designed to support mission-critical systems. Complying with MOD connectivity doctrine and HMG security standards, it ensures high availability of critical data. With low Size, Weight, and Power needs, it’s deployable as on-board cabin luggage, providing immediate connectivity for deployed personnel.

Features

• Dual Encrypted Software Defined Cryptography to NCSC standards.
• Low Size, Weight, and Power
• Minimal Training Requirement, plug and play concept endorsed.
• Samsung Mobile phone with Mobile Device Management installed.
• Integrated secure telephony to support engineering.
• Utilises commercial internet bearers: Wi-Fi, 5G, LTE, 4G, 3G.
• Dual firewalls with real time event monitoring.
• Uses Public Key Infrastructure (PKI).
• Dedicated Point to Point (P2P) connectivity.

Benefits

• Provides a “Virtual Cable” between two points globally.
• Ease of use and secure
• Portable by an individual
• Resilient and reliable
• Supports mission critical systems
• Designed to operate in high threat environments

£10,000 a unit a month

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tony.purpuri@avantisperformance.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

237996817799285

Contact

Tony purpuri
07535612630
tony.purpuri@avantisperformance.com

Service scope

• Service constraints: The SBoO requires a connection to the internet to enable the Once Encrypted Secure Private Network (OE-SPN). The SBoO throughput is limited by the commercial bearers available to the customer in their region of operation. This is a consideration point for the planning phase.
• System requirements:
  • Power – 240V AC socket per SBoO device.
  • Internet connectivity.
  • Pre-defined SIM requirement for country of operation.
  • Planned bearer type to support ancillary options.
  • Primary and Secondary Encryption Keys and Tokens.
  • Authorised user must be minimum SC security vetted.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: An email and phone ticketing system is maintained and managed by APOQ Ltd Mon to Fri 0900 until 1700 but on customer request can be extended to a 24/7/365 basis, enabling support of Operations and exercises. Customers can call the customer support number to log or track incidents. The customer support will provide updates via phone or email, dependant on the customer’s needs. The customer support aims to answer all questions within the hour however, if required, a priority matrix is used based on users’ operational urgency and impact.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Bronze – Mon to Fri 0900 to 1700hrs, technical phone support and product replacement within 2 weeks.; ; Silver (on demand in normal package) – 24/7/365 technical phone support, product replacement within 7 days and deployed support.; ; Gold (enhanced support that can be tailored to user requirements, at additional cost requirement dependant) – 24/7/365 technical phone support, product replacement within 48hrs and deployed support.; ; Our team is a flexible and agile approach to support and are prepared and trained for a variety of support mechanisms and user engagement is critical to our business vision to enable the support our user community requires.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Training can be provided but this service has been designed for simplicity. The user takes the equipment out of the packaging and assembles as per the instruction manual provided. Once set up, powered on, connected to the internet the first tunnel establishes, then once the paired SBoO comes online the second tunnel will establish across the cloud tunnels giving the user an official sensitive cleared layer 2 pipe to connect across.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: No data is held within the SBoO, it is used to route data not store.
• End-of-contract process: The units will be picked up by our engineers and assessed for damage and equipment care. Once completed a declaration form will be sent to the user to ensure the logistics loop is closed and any missing or damaged equipment can be replaced.

Using the service

• Web browser interface: No
• API: No
• Command line interface: No

Scaling

• Scaling available: Yes
• Scaling type: Manual
• Independence of resources: This is a point to point system therefore the only burden from external agencies is the amount of data the user wants to put across the service.
• Usage notifications: Yes
• Usage reporting: Other
• Other usage reporting: There are no service limits, the package encompasses unlimited data throughput to enable the user to deploy utilise and return without being concerned of any additional funding requirements. This also includes SIM cards and star link connectivity.

Analytics

• Infrastructure or application metrics: Yes
• Metrics types: Other
• Other metrics:
  • Round trip time
  • Throughput
  • Packet loss
• Reporting types: Reports on request

Resellers

• Supplier type: Reseller (no extras)
• Organisation whose services are being resold: APOQ Ltd part of Avantis Consulting Group

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: In-house
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

• Backup and recovery: No

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection between networks: The SBOO uses extensive security zoning to maintain device security. This is achieved through the use of quad firewalls on each SBoO link.. The SBOO utilises security certificates to ensure the Confidentiality, Integrity and Availability of user data; ; Each link uses multiple TLS IPSEC tunnels operating independently to maintain security.
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: 100% spares can be provided if requested by the user. The help and support is 365/24/7 and support days can be used to rectify any questions or queries. We aim to have all faults resolved within 4 hours, and if not, a new pair will be deployed to any UK address within 12 hours of the fault not being resolved.
• Approach to resilience: Our company provides resilience through a multifaceted approach to safeguarding IT assets, data, and customers. This is achieved by implementing protective measures to protect against outside threats, ensuring the integrity and availability of data through backups, access limits, and resilience measures, and enforcing rules and policies at the code level to reduce the risk of breaches and data leaks. By maintaining a strong security posture, the company minimises vulnerabilities and secures access for individuals working for different organisations, thereby instilling confidence and trust throughout the organisation and community.
• Outage reporting: Customers will be made aware of any planned service outages a minimum of 7 days in advance of the outage through the nominated customer liaison officer. APOQ routinely deconflict outages between the various bearers the SBOO supports to maintain maximum service uptime.

Identity and authentication

• User authentication: Other
• Other user authentication: Our user authentication is completed over the phone through verification of caller and serial number ID from the deployed equipment, from a technical perspective there is no need for this authentication as the units and configuration a sealed.
• Access restrictions in management interfaces and support channels: To restrict access in management interfaces and support channels, we use Interface Management Profiles to limit access, avoid enabling management access from untrusted zones, isolate management interfaces on separate networks, implement Access Control Lists (ACLs) to define specific rules, apply technical and procedural controls such as strong authentication and role-based access, restrict IPMI access to specific management IP addresses, and implement secure web access using access control lists (ACLs) based on IP addresses. These practices enhance overall security posture, ensuring that only authorised personnel can access critical interfaces and channels.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Limited access network (for example PSN)
  • Username or password
• Devices users manage the service through: Dedicated device on a segregated network (providers own provision)

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: Yes
• Who accredited the ISO 28000:2007: Cyber Defence & Risk (CyDR)
• ISO 28000:2007 accreditation date: 25/05/2023
• What the ISO 28000:2007 doesn’t cover: This certificate is for data up to Official Sensitive.
• CSA STAR certification: Yes
• CSA STAR accreditation date: 25/05/2023
• CSA STAR certification level: Level 3: CSA STAR Certification
• What the CSA STAR doesn’t cover: This certificate is only valid up to Official Sensitive
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: ISO/IEC 27001/27002/27017/27018:; The ISO/IEC 27000 family of standards provides an internationally recognised framework for information security management systems. WE follow standards such as ISO/IEC 27001 for information security management, ISO/IEC 27002 for code of practice for information security controls, and ISO/IEC 27017/27018 for cloud security standards.
• Information security policies and processes: Defence Standard 05-138 (Def Stan 05-138): This standard outlines the measures that defence suppliers must achieve at each of the five levels of cyber risk associated with a contract. It covers aspects such as information security policies, roles and responsibilities, and risk assessment.; Cyber Security for Defence Suppliers (Def Stan 05-138): Defining and Implementing Information Security Policies: Establishing clear policies related to information security, including processes and procedures.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Defence Standard 05-138 (Def Stan 05-138): This standard outlines measures that defence suppliers must achieve at each of the five levels of cyber risk associated with a contract. It covers aspects such as information security policies, roles and responsibilities, and risk assessment.; ; Cyber Security for Defence Suppliers (Def Stan 05-138): Defining and Implementing Information Security Policies: Establishing clear policies related to information security, including processes and procedures.; ; Defence Cyber Protection Partnership (DCPP): The DCPP Cyber Security Model (CSM) provides guidance for both buyers and suppliers in the defence industry. It includes risk acceptance processes and emphasises the importance of cybersecurity.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: When a high threat vulnerability is published the development team assesses the threat and identify if the current SBOO build is vulnerable. If vulnerable the accreditor may direct a non-routine key change, this will provide an updated (patched) authentication token and crypto key.; If a hardware vulnerability is identified the development team is to assess the threat and identify if the current SBOO hardware is suspectable. If any hardware is vulnerable the accreditor may direct a non-routine key change, this will provide an updated authentication token and crypto key which when installed will automatically upgrade the firmware of the SBOO.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Identifying potential compromises, is critical to us as company supplying the Ministry of Defence (MOD) with equipment and services would utilise advanced security technologies such as Endpoint Detection and Response (EDR) and Extended Detection and Response (XDR). These technologies provide comprehensive threat detection and response capabilities, focusing on monitoring endpoints like laptops, desktops, and mobile devices for signs of security incidents. Additionally, they expand coverage to include network traffic, cloud environments, and other potential attack vectors, enhancing the ability to detect, investigate, and respond to advanced threats quickly and effectively.
• Incident management type: Supplier-defined controls
• Incident management approach: Our incident management processes enable efficiently handling of incidents and ensure a swift/effective response. By having pre-defined processes, we can streamline the management of incidents, reducing response times and ensuring consistency in addressing security events this includes:; Reporting Incidents by Users - Users report incidents through a centralised incident reporting system, which includes dedicated communication channels, currently supported through emails and the help desk function.; Providing Incident Reports - After an incident has been managed and eradicated, providing incident reports that detail the actions taken to recover the affected systems, areas for improvement, effective measures, and lessons learned.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: No

Energy efficiency

• Energy-efficient datacentres: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  At Avantis we believe that small businesses play a crucial role in the battle against climate change. ; We aim to support local businesses, in particular environmentally friendly ones, building an ethical supply chain. We evaluate suppliers and collaborators against their environmental impact and their commitment to continuous improvements. By ensuring that we collaborate with responsible businesses, we can reduce the overall carbon footprint of the business.; At Avantis we encourage low-carbon commuting using public transport and car sharing where possible. As a business we are continuously reviewing how we can reduce our carbon footprint.; We have established an annual green campaign where we encourage all our staff to take part in, we ask them which environmental targets they care about most and if practicable create a scheme to hit these goals. Our campaign is created each December and rolled out the following year.; Energy performance is at the heart of our buying decisions, and we will monitor modern technology efficiencies and ensure that the team has suitable IT equipment to do their work. We commit to recycling old equipment, extending the use of assets.

  Covid-19 recovery

  Avantis understands that the impacts of COVID 19 have been long lasting and far reaching. At Avantis we are committed to supporting SMEs overcoming the economic strain placed on them through the disruption that COVID 19 had on business. We do this by guiding small businesses to develop and deliver on growth strategies and gain entry to the defence sector.

  Tackling economic inequality

  One of Avantis’ Values is “Fairness,” where we ensure that everyone has the same opportunities. This is reflected in the hiring process at Avantis, where the business is comprised of individuals from a wide range of backgrounds and specialisations. As part of the Armed forces Covenant, we are committed to supporting military leavers to establish a prosperous career on their retirement from the forces, presenting opportunities for social and economic mobility.; Avantis plays a key role in the Southwest Regional Defence and Security Cluster, where the founders have engaged with similar Small Medium Enterprise (SME) companies sharing knowledge of how to access government contracts and grow their business. Supporting small businesses brings a wide range of benefits to the Southwest region, including the creation of jobs and opportunities for people living in the area.; We support local initiatives, such as the promotion of STEM (Science, Technology, Engineering and Mathematics) to young people. We encourage people from all economic backgrounds to pursue a career in a STEM field and promote a level playing field for all.

  Equal opportunity

  Avantis strives to create a diverse workforce that recognises both the need for equal opportunities as well as recognising the strengths in its differences and remaining inclusive. Discrimination in any form is unacceptable. Equality of opportunity and respect for others is synonymous with Avantis Group’s values and standards. To reinforce this, we have adopted a formal Diversity, Inclusion and Equality policy which is communicated to all employees, associates, and recruitment agencies.; At Avantis we understand that people are at the heart of a business and recognise the necessity for a diverse workforce to bring innovative ideas and perspectives to solve business and social problems. We are committed to ensuring that everyone’s voice is heard at Avantis and provide everyone with the same opportunities.; As a corporate sponsor of Women Empowering Defence, Avantis is committed to fostering diversity within its workforce and the wider defence sector.

  Wellbeing

  Avantis understands that an individual's health and wellbeing contribute to their ability to perform at their best to deliver results to clients. By establishing a flexible working arrangement and remote working options, the team at Avantis can deliver on client projects and programmes while maintaining a healthy work-life balance. Individuals are encouraged to set boundaries on working time, to ensure that time is made for the important things in life.; We recognise that it is important for individuals to spend time with their families, and they are encouraged to work around family commitments. Avantis strongly believe that everyone needs to make use of their entitled annual leave, and we urge the team to take at least one two-week block of leave a year to ensure that they can pursue their passions, spend time with family and are suitably rested and relaxed.; Avantis promotes healthy lifestyles and provide their employees and associates with opportunities to take part in healthy, social, activities as a team outside of work, including family days, to improve the wellbeing of the individuals, and build greater bonds within the team.; Our commitment to improving the health and wellbeing of our team has resulted in a fit, healthy, and motivated group of individuals who are able to perform at their best to support clients achieving their objectives.

Pricing

• Price: £10,000 a unit a month
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tony.purpuri@avantisperformance.com. Tell them what format you need. It will help if you say what assistive technology you use.