Sota Solutions Ltd

SotaPROTECT Suite

SotaPROTECT Suite provide managed anti-virus, email security gateway, web security gateway, Multi-Factor Authentication and cyber security awareness training for staff.
This provides an essential level of protection against cyber bad actors.

Features

• EndPoint Security antivirus software deployed to EUD and servers
• Email Security Gateway to manage and filter all email traffic
• Sandbox technology deployed to identify malicious email content
• Intelligent antispam filtering with quarantine function
• Web security gateway to manage and filter browser traffic
• MFA to verify the identity of users accessing corporate network
• Automated cyber security training programme
• Access to online cyber security training course library
• Access to security policy templates to simplify internal governance
• Cyber awareness management reports

Benefits

• Aids Cyber Essentials compliance
• Provides multiple layers of defence
• Staff education on how to stay cyber safe
• Managed service, removing the burden of inhouse support

£10 a user

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@sota.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

289848790821989

Contact

Sales Enquiries
01795 413500
tenders@sota.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
• Service constraints: There are no service constraints
• System requirements:
  • Internet connectivity
  • Any supported OS

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: User Support Essentials - Mon-Fri 08:00-18:00; High Priority Incident Response < 2 Hours; Standard Priority Incident Response < 4 Hours; User Support PRO - 24/7; High Priority Incident Response < 1 Hours; Standard Priority Incident Response < 2 Hours
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 A
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Sota provide four levels of user support, SotaSupport User Essentials, Essentials +, PRO and PRO +.; Essentials provides Monday to Friday 08:00 - 18:00 support and so is ideal for non-business critical service. PRO provides 24/7 support as well as customer 3rd party vendor collaboration and engineer managed patching. See SotaSupport User Matrix for full details of service levels and costs.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We will walk you through our tried and tested onboarding process. This starts with a detailed discovery step, followed by a Prince2 planning & implementation stage, User Acceptance Testing ending with Handover To Support.; ; Requirements Discovery; Sota will work with you to ensure that the scope of works is fully understood. This includes products to be implemented, target devices and users.; ; Implementation planning; We assign an experienced dedicated Project Manager to review the requirements and map the design brief to a formal project plan. All Risk, Issues, Assumptions & Dependencies are logged and tracked throughout the delivery of the project. As a minimum, weekly project progress meetings will be chaired by the PM with you, providing an update on progress and future deliverables.; ; Implementation; Our dedicated project delivery team will work with the nominated customer lead(s) in the rollout of the services.; Following formal sign-off by the customer, the services will be handed over to support.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: All data is the property of the customer and we apply no restrictions on the extraction of such data. During the offboarding process we will actively support both the customer and new provider in the transfer of all data and configurations. As a minimum, we allow for a month’s grace period for all live environments for the purpose of offboarding, allowing for post go-live issues to be easily resolved. Longer cutover periods can be provided at an agreed cost. Offboarding support is provided free of charge.
• End-of-contract process: We will assign and appropriate technical resource to act as a single point of contact for both the customer and new service provider. They will ensure that the required project deliverables are fulfilled to ensure a successful transfer.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • MacOS
  • Windows
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Layout changes necessary to cater for differences in screen sizes and orientation
• Service interface: No
• User support accessibility: WCAG 2.1 A
• API: No
• Customisation available: Yes
• Description of customisation: The pre-sales engagement will identify specific customer requirements and the service configured accordingly.

Scaling

• Independence of resources: Management consoles are provided by each service vendor. These are tried and tested enterprise standard platforms supporting many thousands of customers.; ; Services such as anti-virus will autonomously protect devices if the central management console is unavailable.

Analytics

• Service usage metrics: Yes
• Metrics types: Monthly invoices provide a detailed breakdown of licences in use by the customer
• Reporting types: Regular reports

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: Microsoft

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Requests must be submitted to the Service Desk for any data extractions.
• Data export formats:
  • CSV
  • ODF
  • Other
• Other data export formats: Dependent on the service data being extracted
• Data import formats: Other
• Other data import formats: Depended on the service being implemented

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: As per service providers Cloud platform SLA.
• Approach to resilience: As per service providers Cloud implementation approach.
• Outage reporting: The Sota NOC will issue updates on any affected service issues.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: All accounts are dedicated to individual users, and username and password is a minimum requirement.
• Access restriction testing frequency: Never
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 12/10/2016
• What the ISO/IEC 27001 doesn’t cover: All aspects of the business are in scope
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: IASME Cyber Assurance Level 2

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: Cyber Essentials Plus
• Information security policies and processes: All aspects of Sota's operations are governed by Sota's ISO27001 Information Security Management System.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Sota conforms to ITIL's Change Management along with our Information Security Management System change management processes.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Sota will monitor all alerts issued by vendors relating to the services and respond accordingly.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Conducted by appropriate service vendor.; The Sota NOC will notify customers of any potential compromise as appropriate.
• Incident management type: Supplier-defined controls
• Incident management approach: The Sota Service Desk processes are closely aligned to ITIL processes and procedures.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Our datacentre is powered by 100% renewable energy. By using our services, customers do not have to replicate the same facilities and services and so reduce their carbon footprint in building, running and maintaining their own facilities.

  Tackling economic inequality

  Our services allow start-up businesses to purchase a single Cloud instance. The business can then scale up resources as it grows. This negates the need for the business to invest in hardware infrastructure, reducing the need for fund seeding for the start-up.

  Equal opportunity

  Our Cloud based services allow for people to work from any location. this approach supports people with mobility issues to function from home, so negating the need negotiate transport challenges to and from offices.

  Wellbeing

  Cloud services enable people to work from any location other than a traditional office environment. This provides people with the flexibility to work in an environment of their choosing. This enables people to perform their duties in a way that supports their needs, whether this is caring duties or dealing with mental health issues away from an office environment.

Pricing

• Price: £10 a user
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@sota.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.