INTEGRITY360 LIMITED

Gytpol validator

Automatic misconfiguration detection and zero-disruption remediation

Features

• Detect misconfigurations,
• perform automatic remediations
• identify usage

Benefits

• Perform automatic,
• zero impact remediation actions

£50 a unit

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidreviewboard@integrity360.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

273889516897725

Contact

Paul Momirovski
+44 20 3397 3414
bidreviewboard@integrity360.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: Its a private service, each customer has his own cloud tenant, completely isolated from any other company
• System requirements:
  • Endpoints to Gytpol cloud tenant, based on ssl/443
  • Connectivity from customers servers

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Support@gytpol.com
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 A
• Phone support: No
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: See SLA's
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Customers have access to detailed knowledge based and are also assisted by customer success managers
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: Data is not extracted. however it is permantly deleted upon termination of contract.
• End-of-contract process: All relevant data is permenantly deleted.

Using the service

• Web browser interface: Yes
• Supported browsers: Chrome
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Web UI
• Accessibility standards: None or don’t know
• Description of accessibility: The service is accessed via a web GUI, with the option to connect it to SAML
• Accessibility testing: None, it's in the roadmap
• API: Yes
• What users can and can't do using the API: List existing misconfiguraitons based on criteria, add users to groups
• API documentation: Yes
• API documentation formats:
  • HTML
  • Other
• API sandbox or test environment: No
• Customisation available: No

Scaling

• Independence of resources: Every tenant is isolated and dedicated to the customer

Analytics

• Service usage metrics: Yes
• Metrics types: Service usage
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Gytpol

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: The export to CSV/PDF
• Data export formats:
  • CSV
  • Other
• Other data export formats: PDF
• Data import formats: Other
• Other data import formats: N/a

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: 99.9%
• Approach to resilience: Marked "Internal Confidential", disclosure will require an NDA.
• Outage reporting: Within the dashboard and social media posts.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Identity federation with existing provider (for example Google Apps)
  • Other
• Other user authentication: AWS Cognito and AWS IAM users
• Access restrictions in management interfaces and support channels: Role based access is available to control users and access to different areas of the platform.; Support is available to those with a support contract.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • Public key authentication (including by TLS client certificate)
  • Other
• Description of management access authentication: AWS cognito with the option for local users and SAML; "Role based access is available to control users and access to different areas of the platform.; Support is available to those with a support contract. "

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: Less than 1 month

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: Gytpol comply with a number of Security frameworks such as NIST and MITRE ATT&CK.
• Information security policies and processes: Company confidential

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Marked "Internal Confidential", disclosure will require an NDA.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Marked "Internal Confidential", disclosure will require an NDA.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Marked "Internal Confidential", disclosure will require an NDA.
• Incident management type: Supplier-defined controls
• Incident management approach: Marked "Internal Confidential", disclosure will require an NDA.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Equal opportunity

  Equal opportunity

  Gytpol are an equal opportunities employer and have taken measures to reduce gender pay gap and offer transparency to all employees.

Pricing

• Price: £50 a unit
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Limited functionality to ensure to prove the value of the solution.
• Link to free trial: https://gytpol.com/free-trial

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidreviewboard@integrity360.com. Tell them what format you need. It will help if you say what assistive technology you use.