Vizst Technology

Compliance and Archiving Solutions

Meet your legal, policy and compliance obligations including GDPR, Subject Access Requests and Freedom of Information. With solutions from leading vendors including Mimecast and Cryoserver, we offer comprehensive email and Microsoft Teams searching, security and archiving.

Features

• Transcribe email attachments in real time and deliver safe files
• Full scanning and searching of emails and attachments
• For Windows, MAC, iOS, Android.
• Accessible from any location for flexible working
• Role based searching – end users and administrators
• Secure, cloud-based perpetual email archive in an encrypted repository
• Real time archiving with indexing/tagging, de-duplication and compression
• Capture entire Teams conversations, screenshots and attachments
• Quickly search for specific interactions using key phrases, timeframes, names
• Detailed reporting with audit and logging

Benefits

• Single console for simplified management of all features
• Protection against malicious email attachments and URLs
• Control or block sending of sensitive/confidential information
• Protect your workforce from social engineering attacks
• Reduce email storage consumed by 30-40%
• Easily provide information for Subject Access Requests, FOI and Compliance
• Archive messages whilst preserving context
• Super fast and intuitive search to find emails in seconds
• Compatible with O365. Seamless integration with Outlook and Teams
• ISO27001, ISO9001 and ISO14001 accredited approach to services

£17 a user a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@vizst.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

243429066062686

Contact

Sonia Krishnan
03333442204
tenders@vizst.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Integrates with existing Teams and email services e.g. Microsoft Outlook.; ; We can design, install and support your archiving and compliance solution.
• Cloud deployment model:
  • Public cloud
  • Private cloud
• Service constraints: Existing email service eg Outlook.; Existing Teams service.; Service availability of solution is is dependent on vendor SLAs and availability.
• System requirements: None for cloud solution

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Vizst offers flexible support packages and levels based on customer requirements. ; ; Our standard Response Time SLAs are: P1 = 30 mins, P2 = 1 hour, P3 = 2 hours, P4 = 4 hours. ; Tickets can be logged by phone, email or online portal. Note P1 responses are immediate when logged by phone. ; ; Service Desk core hours 0830-1730 Mon-Fri and on call cover out of hours. 24x7 support available. Anything outside of the scope of the support agreement is not covered by the SLAs and will be considered on a case-by-case basis for all support packages.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Vizst offers flexible support packages and SLAs based on customer requirements, from break/fix through to fully managed service. Our standard Response Times are: P1 = 30 mins, P2 = 1 hour, P3 = 2 hours, P4 = 4 hours.; ; Service Desk core hours 0830-1730 Mon-Fri with on call cover out of hours. 24x7 support available. Anything outside of the scope of the support agreement is not covered by the SLAs and will be considered on a case-by-case basis for all support packages. ; ; All customers, regardless of their support package, have a dedicated account manager and access to technical pre-sales and support engineers.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Onboarding occurs for all managed service customers for the devices and users in scope. Documentation of every element is captured within our secure Configuration Management Database (CMDB) and data is classified to allow for easy support. A risk register is produced to identify and categorise potential service impacting events, how likely the event is, and the impact of the event happening. In addition, a full handover document to both the customer and the service support teams is created to allow the customer to understand how to engage our services, what SLAs are in place and what the escalation processes are. The support team are then provided with a handover document that details specific key information about the customer, what they do, what is supported, what the key services and priorities of those services are, and who the key points of contact are within a contract.; We can also provide customer training on the solution - this may be via work shadowing, vendor classroom based training, self paced online training or remote webinars depending on the customer's needs.; Full documentation of the solution including user guides and build documents will be provided.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: For ease for the customer, Vizst Technology can simply one-click export all of the data within our secure Configuration Management Database (CMDB) that creates a password encrypted zipped file with all of the data. This is classified in an order the customer can follow.
• End-of-contract process: Assuming the contract model is CAPEX, all data and licenses are handed to the customer. If the model is OPEX, a termination agreement will be drafted detailing the specifics of the contract, any termination fees, and options to purchase the equipment.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • MacOS
  • Windows
  • Windows Phone
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The mobile app provides access to essential services such as inbox and email archive however advanced administration and configuration options are only available via the desktop service.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: Intuitive and user-friendly service interface makes is easy to search and retrieve emails instantly.; Vendor user guides are available which describe the interface and navigation in detail.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: All accessibility testing and acceptance are done as part of vendor's own development
• API: Yes
• What users can and can't do using the API: All API requests require an application key pre-registered with the vendor. Existing vendor customer can manage their API keys through a self-provisioning tool.; ; Categories of API include:; Configuration & Administration; Security Insights; Threat Sharing; Orchestration & Remediation; Security Investigation; Archive
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Customers can customise their email compliance and archiving solution. Administrators can fine tune the following using advanced configuration settings:; SSO; Net Time Protocol; Web Certificates; Company specific settings; Retention limits; Report limies; SMPT settings; Web security settings; System alerts; LDAP search filers; Date formats; Instant messaging configuration; ; The Vizst Technology team can assist with customisations around specific customer requirements.

Scaling

• Independence of resources: The vendor's robust planning, testing, and redundancy measures ensure that user experience remains stable even during high demand or unexpected incidents.; ; Vizst's team work to a priority-based system meaning that depending on the severity of any incident, the team would assess the most urgent enquiry and respond accordingly. Additionally, we scale our teams based on booked and expected capacity and ticket trending. Using this information we can predict when we are likely to need new staff and recruit ahead of the curve ensuring users are not affected by increases in demand.

Analytics

• Service usage metrics: Yes
• Metrics types: The solution offers; • System alert history; • Daily processing report (eg email volumes, bandwidth, system performance, outbound/inbound/internal emails, rejected email traffic); ; Vizst also provides reports on:; • CPU; • Disk; • HTTP request and response status; • Memory; • Network; • Number of active instances
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Cryoserver, Mimecast

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Physical access control, complying with another standard
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Emails can be exported e.g. for compliance, legal requirements, backup via the search interface/user portal.
• Data export formats: Other
• Other data export formats:
  • PST
  • MSG
  • EML
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • PST
  • EML

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Service availability is backed off by vendor specific SLAs. ; ; Not all our customers require/request service credits. Where these are required we will discuss and agree on on a case by case basis. ; Our support is available 24x7 regardless of vendor support.
• Approach to resilience: This information is available upon request as it is backed off to specific cloud-based vendors.
• Outage reporting: Mimecast publish outages through a public Status Page. Customers can also subscribe to email or sms alerts.; Cryoserver maintain an online knowledge base where users can find technical information.; ; Additionally Vizst's service team pro-actively contact customers via email if monitoring detects outages. On average, the time taken from identification of an outage to notifying customers of the issue is under 1 hour.

Identity and authentication

• User authentication needed: Yes
• User authentication: 2-factor authentication
• Access restrictions in management interfaces and support channels: Access is restricted in management interfaces and support channels by either limiting or disabling the affected account. By restricting user permissions via limiting access to the account, we can limit the damage that is done if a customer account becomes compromised. RBAC permissions can be applied to achieve this. By disabling the account, users will be unable to use the account locally or remotely, ensuring the safety of the files/information.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: British Assessment Bureau
• ISO/IEC 27001 accreditation date: 04/03/2024
• What the ISO/IEC 27001 doesn’t cover: There are no limitations to our certification.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: Cyber Essentials Plus; ISO 9001; ISO 14001
• Information security policies and processes: Vizst Technology are ISO 27001, ISO 9001 and Cyber Essential Plus certified and compliant with GDPR and the Data Protection Act. All certificates held are current and we have a set of security policies and procedures which we operate via our security framework. Governance is achieved through centralised staff training which includes induction and regular ongoing training. Compliance is monitored by our Operations Director and line managers via our HR system.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: 1. Change Request: Request for Change (RFC) documented by the Change Initiator/Requestor within ticketing system by creating a change record. ; 2. Categorise/Prioritise: change urgency/impact on infrastructure, customer productivity, and budget assessed. ; 3. Analyse/Justify: develop change justification and identify potential infrastructure impacts (developing technical requirements, reviewing implementation steps, and roll-back plans). ; 4. Approve/Schedule: RFC submitted for Peer Review or to Change Advisory Board (CAB - including customer contacts) for approval/rejection. ; 5. Plan/Implement: minimising infrastructure and customer impact in line with RFC. ; 6. Post-Implementation Review: accepting, modifying, or backing-out the change; contacting customer to validate success; finalising change documentation within ITSM.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Potential threats are assessed through bespoke customer Risk Registers. On-boarding engineers create the RR at service start and continually review at service meetings with the AM/Client Strategy Manager. Notification of potential Common Vulnerabilities and Exposures (CVE) from any vendor is assessed within 1 working day as to who is affected, what stepped changes need to happen to resolve the concern, and the customer contact is made aware. A change record is created assessing risk and peer/management/customer approval is sought before change is implemented. Information about potential threats is taken from the CVE list of publicly disclosed computer security flaws.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Our Remote Monitoring Management (RMM) system is configured to allow us to know what is considered ‘normal’ and what is ‘abnormal’ for many specific monitors. If the system detects events outside these identified parameters, it will automatically log a ticket for the affected client, and depending on the type of event, will either: • Automatically run pre-designed automation scripts to remedy the event and automatically close the ticket; • Will log a ticket for a qualified engineer to resolve. Certain event types, such as compromises, are automatically categorised and set a high priority so engineers can act upon those instantly.
• Incident management type: Supplier-defined controls
• Incident management approach: Our incident management system uses complex workflows to automatically categorise and assess impact for many events, such as pre-defined and agreed thresholds being breached and the system automatically logging a ticket, running a script and the ticket being closed automatically if the threshold returns within normal parameters. End users can log tickets either via phone, self-service online portal (directly into the ticketing system), email. Incident reports are provided as part of scheduled reports/reviews with our customers and/or as live dashboards that the customer can access. We provide Root Cause Analysis for P1/critical incidents.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Vizst Technology is committed to promoting sustainability. Concern for the environment and promoting a broader sustainability agenda are integral to Vizst Technology’s professional activities and the management of the organisation. We are ISO14001 certified and aim to follow and to promote good sustainability practice, to reduce the environmental impacts of all our activities and to help our clients and partners to do the same. ; ; Our Sustainability Policy is based upon the following principles: ; • To comply with, and exceed where practicable, all applicable legislation, regulations, and codes of practice. ; • To integrate sustainability considerations into all our business decisions. ; • To ensure that all staff are fully aware of our Sustainability Policy and are committed to implementing and improving it. ; • To minimise the impact on sustainability of all office and transportation activities. ; • To make clients and suppliers aware of our Sustainability Policy and encourage them to adopt sound sustainable management practices.; • To review, annually report, and to continually strive to improve our sustainability performance. ; ; Specifically, we are committed, amongst other initiatives, to: ; • Efficient printing, for example by double-siding all paper used and only printing where necessary. ; • Reducing the amount of waste produced by the business by encouraging employees to utilise reusable bottles, lunch boxes etc. ; • Ensuring that water/electricity is used responsibly by our staff by making sure lights, computers, taps etc. are turned off when not in use. ; • Recycling materials as extensively as possible by making sure we have paper, glass, plastic, and carboard recycle bins throughout the office. ; • Using technology to lessen the need for travel and reduce our overall carbon footprint and use public transport wherever possible when travelling is unavoidable.

  Tackling economic inequality

  We are fully committed to the principle of Corporate Social Responsibility (CSR) and aim to ensure that no relevant policy decisions are made within the business, without first evaluating the potential CSR impact. ; ; To tackle economic inequality, Vizst are committed to apprentices and work placements throughout all areas of our business including HR, Technology, Finance, Support and Marketing. We recognise that employing apprentices is a valuable way to upskill the local labour market and provide training opportunities with several of our directors developing via the apprenticeship route. ; ; Where possible, we hope to drive our recruitment of people from low-income backgrounds, BAME communities and those from the NEET category. As such, we refer all opportunities to local Jobcentres and work with local recruitment agencies and colleges to ensure vacancies are circulated within the area. In the event a skills gap is identified when undergoing monthly employee reviews as part of employee personal development plans, Vizst will actively support the employee(s) to undergo relevant training courses. ; ; We utilise a DMAIC approach while developing and implementing social value principles, utilising the Six Sigma DMAIC approach to identify any shortfalls or methods for improvement. Summarised, the DMAIC approach will entail: ; • Define: the issue/area is defined ; • Measure: the extent is measured. ; • Analyse: Root cause analysis is undertaken through investigations, identifying potential causes ; • Improve: improvement measures are suggested and implemented.; • Control: increased frequencies Along with the DMAIC approach ; ; Vizst will utilise the ability to collect direct feedback in the form of community surveys or online comment sections. We will be able to identify any trending service shortfalls. The data will be kept safe and secure accessible only by our Head of HR who will review these on a weekly basis.

  Equal opportunity

  Documented in our Equal Opportunities Policy, as well as in staff handbooks, our approach to recruitment, training and promotion has been developed based on best practice and statutory requirements such as the Equality Act 2010 guidance from the Equality and Human Rights Commission. ; ; In terms of recruitment, we: ; • Conduct quarterly reviews of our workforce, striving to ensure it represents the demography of the areas in which we work. ; • Utilise pre-prepared, anonymous application packs to eliminate potential prejudice from the application process. ; • Offer guaranteed interview schemes for disabled and protected characteristic individuals should they meet the criteria of a given job. ; ; The above are enabled through our Recruitment Policy, in conjunction with our Equal Opportunities Policy. ; ; Mandatory equality and diversity training is delivered to all staff, covering: ; • Our equality and diversity policy and its principles. ; • What constitutes as discrimination and how to report it. ; • Protected characteristics under the Equality Act 2010. ; • Positive equality and language techniques. ; • Fair recruitment and selection. ; ; This is then promoted through our positive equality culture, via: ; • Noticeboards: Reiterating our commitment to equality and creating positive workspaces, noticeboards provide contact details for senior staff to raise any equality issues with, as well as our commitment to maintaining fair, positive workspaces. ; • Office talks: We hold equality talks to discuss new initiatives and contributing to a positive equality culture, with focus on topics such as our zero-tolerance policy to discriminatory behaviour and inclusiveness. ; • Subcontractors: Where utilised, subcontractors are required to evidence their own equality and diversity commitments and adhere to our policies and procedures, with equality training delivered by ourselves as part of our induction.; • Reviews: Our Equal Opportunities Policy is reviewed annually, following incidents or changes to best practice to ensure maximum effectiveness.

  Wellbeing

  Our people are the lifeblood of our business and so just as important as industry and vendor awards are the recognitions we have received from Great Place to Work UK and as a Real Living Wage employer. We keep our employees fully informed of our policies and procedures and encourage them to share their ideas with us on both internal processes and the way our service is provided to customers. ; ; Continuous feedback is critical to ensure we don’t get complacent as a business. We send a quarterly Employee Survey out and report back to the employees on the results and our action plan. This ensures complete transparency builds trust within the business, ensures we are continually supporting our staff and they are being fairly recompensed for their work. ; ; Our organisation is keen to support and become involved in community initiatives and charitable work. We currently do this in the form of sponsorship and donations to national and local charities, which may be suggested by our staff, and the funding of community projects. Every suggestion is given due consideration. We recognise the importance of education in our community and supporting individuals during this process is key to advancement. We actively encourage our employees to progress professionally, offering training courses which are often funded by ourselves. We also offer a number of work experience placements in partnership with local schools to help reduce the number of those who are Not in Education, Employment, or Training (NEET). ; ; We maintain an open and honest approach to all of our communications, both internally with staff and externally with clients and stakeholders.

Pricing

• Price: £17 a user a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Demos are available for a fixed period of time.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@vizst.com. Tell them what format you need. It will help if you say what assistive technology you use.