Skip to main content

Beta Help us improve the Digital Marketplace - send your feedback

INTEGRITY360 LIMITED

Claroty Medigate

The Medigate Platform is the industry’s leading healthcare cyber-physical systems protection platform that enables healthcare organisations to safely deliver connected care while enhancing efficiencies across the clinical environment. The Medigate Platform spans the entire healthcare cybersecurity journey regardless of the scale or maturity of your environment through:

Features

  • Device Discovery
  • Vulnerability & Risk Management
  • Network Protection
  • Threat Detection
  • Device & Lifecycle Management
  • Operational Intelligence

Benefits

  • Extends cybersecurity across industrial-XIoT: PLCs, RTUs, actuators, smart HVAC, lighting.
  • Supports your industrial cybersecurity journey: automate asset-discovery, combat zero-day attacks
  • Designed for scalability, flexibility, and ease-of-use
  • SaaS solution with a flexible UI
  • Built to adapt to all OT, security, and executive needs

Pricing

£72 a licence

  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidreviewboard@integrity360.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

2 7 6 7 5 0 2 3 6 2 9 9 7 9 2

Contact

INTEGRITY360 LIMITED Paul Momirovski
Telephone: +44 20 3397 3414
Email: bidreviewboard@integrity360.com

Service scope

Software add-on or extension
No
Cloud deployment model
  • Public cloud
  • Private cloud
  • Hybrid cloud
Service constraints
None
System requirements
See pricing document for more info

User support

Email or online ticketing support
Email or online ticketing
Support response times
Claroty’s response times will be prioritised based on the Severity Levels
https://claroty.com/support-policy
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
9 to 5 (UK time), 7 days a week
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Severity Levels dictate the need for a TAM or CSE
Severity 1 - Critical: Product is entirely inaccessible < 4 hours
Severity 2 - High: Operational but missing features are impacting operation < 8 hours
Severity 3 - Medium: Operational but degraded < 1 business day
Severity 4 - Low: Questions and/or defects noted but minimal disruption < 2 business day
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Onboarding documents are available via web. Paid for onboarding services also available.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Delete instance of Medigate
End-of-contract process
Delete instance of Medigate

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
No
Designed for use on mobile devices
No
Service interface
No
User support accessibility
None or don’t know
API
Yes
What users can and can't do using the API
We use an open API standard
API documentation
Yes
API documentation formats
  • Open API (also known as Swagger)
  • HTML
  • ODF
  • PDF
API sandbox or test environment
No
Customisation available
No

Scaling

Independence of resources
Automated scaling

Analytics

Service usage metrics
Yes
Metrics types
Service usage.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
Claroty

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
European Economic Area (EEA)
User control over data storage and processing locations
No
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least every 6 months
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
CSV
Data export formats
CSV
Data import formats
Other
Other data import formats
None

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Other
Other protection between networks
SSH
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
SaaS Service Level: Claroty’s Medigate and xDome service will be available 99.5% of the time, except during
Weekly scheduled upgrades (between Sunday 08:00 AM GMT - Sunday 9:00 PM GMT);
Emergency maintenance to address a critical vulnerability or to address a customer impacting defect. These are typically < 5 minutes in duration;
Collection server outages due to hardware issues and/or customer environment or network communication issues;
Any Amazon Web Service (AWS) downtime or scheduled maintenance;
Any network communication issues between the customer’s users or systems and Claroty’s systems;
Other outages outside of the control of Claroty such as a force majeure event;
Customer suspension due to customer’s breach of their agreement.
Approach to resilience
Available on request
Outage reporting
Portal alerts

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels
RBAC is used
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
ICQ - Institute of Quality and Control
ISO/IEC 27001 accreditation date
25/02/2016
What the ISO/IEC 27001 doesn’t cover
N/A
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
No
Cyber essentials plus
No
Other security certifications
Yes
Any other security certifications
  • SOC 2
  • ISO/IEC 27017
  • ISO/IEC 27018

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
ISO27001:2013 (we are also SOC2 Type2 compliant/certified)

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
"
Our configuration and change mangement policy contains the foillowing elements:
Scope/Impact
Roles and responsibilities
Change control process
Configuration management
Version Control
Testing And Validation
Backout Procedures
Documentation"
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
We have continuous scanning in place which directly automates with tickets for our IT and devops teams to patch vulnerabilities based on SLA.
Our SLA's are: Critical within 7 business days, Highs 30 days, Medium 90 days, Low/Informational - depending on risk
We also perform annual third party penetration tests on our developed applications by an accredited third party.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
"Claroty has a defense in depth approach to security threat management. Security and system logs are sent to a Secrity Information Event Management (SIEM) system to correately, analyze, and alert on potential security events/incidents. Alerts from the SIEM are handled by a dedicated 24x7x365 security operations center (SOC).
"
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
"We have a formal process which will focuses on the below phases/steps of incident
management and response:
- Identification
- Logging/Categorization
- Initial triage/response
- Investigation
- Resolution
- Communication
- Documentation
- Post incident response review

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Social Value

Social Value

Social Value

Equal opportunity

Equal opportunity

We put each other ahead of work, knowing that if we care for each other, the results will follow.
We hold ourselves and each other to the highest standards of professionalism, ethics, and integrity.

Pricing

Price
£72 a licence
Discount for educational organisations
No
Free trial available
Yes
Description of free trial
PoV Proof of Value offered
Time limited as agreed with the prospect

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidreviewboard@integrity360.com. Tell them what format you need. It will help if you say what assistive technology you use.