TECHNOLOGY SERVICES GROUP

Mimecast Email Security

Email Security with Targeted Threat Protection
Organizations and employees are targets for increasingly sophisticated cyberattacks designed to steal money, credentials, customer data, and other valuable intellectual property. Mimecast Targeted Threat Protection defends against spear-phishing, ransomware, impersonation, and other targeted email attacks.

Features

• URL Protection
• Attachment Protection
• Impersonation Protection
• Browser Isolation
• Internal Email ProtectionPh

Benefits

• Phishing protection
• URL protection
• Protection against email impersonation
• Interrogates attachments

£2.60 a user a month

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@tsg.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

307985140929598

Contact

Marketing Team
03332200777
info@tsg.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: Planned maintenance arrangements
• System requirements:
  • Microsoft Windows 8, 8.1, 10, 11
  • Outlook

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: 08:00 - 18:00 Weekdays Excluding Bank Holidays and 24x7 cover if the client has TSG SystemCare support add-on. 1 to 4 hour response dependent on priority call, P1 - 30 mins, P2 - 1 hour, P3 - 4 hours, and P4 - 1 day.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: Interface has a compliant contrast ratio: 11.3 as well as WCAG compliant features which enable the use of page readers and keyboard navigation.
• Onsite support: Yes, at extra cost
• Support levels: 08:00 - 18:00 Weekdays Excluding Bank Holidays, and 24x7 cover if relevant SystemCare agreement is in place
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: User needs to provide TSG with a guide to the potential number of users and levels on security required,
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: End users could utilise the export image functions to relevant supported devices.
• End-of-contract process: Upfront costs for appliance and implementation services; Monthly cost for Mimecast service

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: No
• User support accessibility: None or don’t know
• API: No
• Customisation available: No

Scaling

• Independence of resources: The Mimecast cloud offering would be reviewed, through their control process

Analytics

• Service usage metrics: Yes
• Metrics types: Report can be generated via the Mimecast portal. These reports cover blocked emails, security threats and screenshot verifications.
• Reporting types:
  • Real-time dashboards
  • Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Mimecast

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: No
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: N/a
• Data export formats: Other
• Other data export formats: N/a
• Data import formats: Other
• Other data import formats: N/a

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: None specified.
• Approach to resilience: TBC
• Outage reporting: Email alerts

Identity and authentication

• User authentication needed: Yes
• User authentication: 2-factor authentication
• Access restrictions in management interfaces and support channels: MFA can be enabled and reviewed accordingly.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Lloyd's Register
• ISO/IEC 27001 accreditation date: 22/07/2021
• What the ISO/IEC 27001 doesn’t cover: N/a
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Information security policies and processes TSG follow our own Information Security policy, more info available on request. Ultimate responsibility for ensuring Information Security rests with TSG’s Senior Management Team. They are responsible for ensuring a culture where Information Security is taken seriously by all employees and third parties acting on behalf of TSG. Responsibility for securing specific IT systems rests with the Head of IT, the Group Applications Director and the Service Delivery Director depending whether the systems are internal to TSG or are hosted on behalf of a customer.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: The components of services are tracked through their lifetime Services are defined in conjunction with customer requirements at the point of initial engagement and as part of the onboarding process. During this definition of service, change management and service lifecycle management processes are designed around customer requirements and specific service needs. Changes are assessed for potential security impact All service changes are evaluated by a technical resource with focus on service performance, availability and security impacts.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Annual penetration tests carried out by a verified tester. We have an industry std Anti-Virus package deployed, utilise std tools such as threat management tools, anti ransomware etc. TSG also have a documented Disaster recovery policy. Patches are deployed weekly to end user devices/servers after been through internal testing. TSG have bespoke reporting and management software to assist in identifying potential threats.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Protective monitoring approach All devices have a monitoring agent on them which can identify potential issues and report back to our service desk. If an issue is identified we have an internal 4HR SLA to ensure remedial actions are carried asap, the seriousness of an incident will be assessed on discovery so that any priority issues can be responded to quickly. The internal SLA on a P1 is 30 minutes.
• Incident management type: Supplier-defined controls
• Incident management approach: TSG have a pre-defined incident process for common events. Users can report incidents via the Support desk. Incident reports are also provided via Support desk and/or Account management team. Benefits The benefits of a robust Incident Management process include: • Higher end user satisfaction through improved resolution time and quality of services. • Better performance against agreed service levels through higher service availability. • Higher efficiency and productivity for the customer due to fewer hours lost to interruptions to IT service. • Better alignment and collaboration between internal TSG departments.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Fighting climate change

  Fighting climate change

  TSG are actively working to reduce their own Carbon output and evolving services and practices to support our customers on this journey as well.

Pricing

• Price: £2.60 a user a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@tsg.com. Tell them what format you need. It will help if you say what assistive technology you use.