Wavenet

Microsoft Purview DLP (SaaS) - Data Loss Prevention

Microsoft 365 (M365) Business or Enterprise addon for identifying and labelling sensitive data within the M365 environment.

Features

• Automatic identification and classification of sensitive data
• Custom sensitivity labels
• Alerts and notifications when sensitive data is deleted
• Integration with Microsoft and third-party applications
• Compliance with regulations such as GDPR, CCPA, and HIPAA
• Auditing of data access and usage
• End user notifications and education
• Single portal for policy management
• Compliance improvement aids aligned with regulations
• Protection of data in emails, files, chat and endpoint devices

Benefits

• Safeguards all data within one solution
• Interactively educates end users about the data being accessed
• Improves the response process for potential data loss incidents
• Easy to deploy and scale alongside the M365 ecosystem
• Easily compare current environment against regulartory requirements
• Provides a high level view of data for informed decision-making
• Assists the business in meeting the compliance requirements
• Facilitates the creation and implementation of effective DLP strategies
• Enhances the security of company owned data
• Customise sensitive data types to align with the business systems

£1,000 to £1,250 a unit a day

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at publicsector@wavenet.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

320145228894423

Contact

Joe Ewins
0333 234 0011
publicsector@wavenet.co.uk

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: MS Purview DLP requires Microsoft 365 (M365) Business or Enterprise licensing
• Cloud deployment model: Public cloud
• Service constraints: Service is best suited for data located in cloud environment.
• System requirements:
  • Microsoft 365 (M365) Business or Enterprise license
  • Microsoft 365 Apps
  • Windows 10,11 and last 3 versions of MacOS
  • Intune and Defender required for Endpoint DLP

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: Wavenet support - 1 hour response time inside core working hours 9-5 Monday-Friday UK time. Extended hours 8-8 Monday-Friday available with same SLA. Out of Hours support available with 1 hour response for critical issues. Microsoft infrastructure-level support is 24/7/365 for underlying, abstracted hardware
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Any customers on managed support will have a dedicated account manager and will be assigned a support team of engineers ranging from 1st line to 3rd line in ability. With further escalation points available outside of support team, to follow through with issues until resolution.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: A Wavenet Consultant will work with the business to assess the current environment and business goals and compliance requirements. They will then design, implement, test and deploy the DLP policies
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Customers own their Microsoft 365 environment and all the data that resids within it. at the point of contract termination Wavenet will cease to have access to the M365 portal and DLP, which will then become under the sole management of the customer. If there is a requirement to terminate the contract with Microsoft, then the Purview eDiscovery tool can be utilised to export data into the relevant formats'
• End-of-contract process: A costed offboarding project will be scoped to identify the data and policies within the MS Purview DLP environment and their requirements at the end of a contract.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: WCAG 2.1 A
• Description of service interface: Microsoft Purview DLP is accessible via the Compliance web portal within the Microsoft 365 environment. This is interface allows for the configuration and monitoring of DLP policies alongside access to aid tools and integrations with other M365 compliance tools.
• Accessibility standards: WCAG 2.1 A
• Accessibility testing: Not known
• API: Yes
• What users can and can't do using the API: Users can extend their compliance capabilities by utilising the Microsoft Graph API, Develop Apps to listen to and apply actions to Teams Messages
• API documentation: No
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: Each Purview DLP deployment is unique and customised based on the company requirements. This includes the identification and definition of sensitivity labels, and the locations, actions and reporting of the data types. all configuration tasks can be completed via the compliance web portal. due to the complexity and risk to productivity, it is recommended that such customisations are carried out by a qualified Wavenet consultant.

Scaling

• Independence of resources: Microsoft's robust SaaS solution provides a 99.9% availably for Purview ensuring that users are unaffected by the demands of other tenants.

Analytics

• Service usage metrics: Yes
• Metrics types: Monitor the compliance, health and activity of DLP policies across your organisation (Metrics include DLP Rule matching, label application, file deletion).
• Reporting types:
  • API access
  • Reports on request

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: Microsoft

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest: Physical access control, complying with SSAE-16 / ISAE 3402
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: If there is a requirement to export data from the M365 environment, then an admin user can raise a case in the Purview Compliance portal under eDiscovery. This allows the extraction of data from email and files locations
• Data export formats: Other
• Other data export formats:
  • Files exported based on file type
  • Emails exported as PST files
• Data import formats: Other
• Other data import formats:
  • DLP can be applied to DOCX, XLSX
  • PPTX, PDF, TXT, CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: Other
• Other protection between networks: All customer data and resources are protected within the Microsoft 365 environment, which is never linked to the Wavenet network.
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: Wavenet's network is protected with additional Role-based Access Control (RBAC) and Multifactor Authentication (MFA).

Availability and resilience

• Guaranteed availability: Microsoft provide a 99.9% SLA for M365 services including Purview.
• Approach to resilience: The service resiliency is provided by the Microsoft cloud architecture, this includes redundant hardware, data replication and automated integrity checking.
• Outage reporting: The Microsoft 365 Service Health Portal will report any service health issues.

Identity and authentication

• User authentication needed: Yes
• User authentication: Other
• Other user authentication: Conditional Access Polices are used during the user authentication process. This can involve checking the users IP address and device compliance as well as requesting 2-factor authentication.
• Access restrictions in management interfaces and support channels: Roles-Based Access Controls (RBAC) are implemented to control which management portals authorised users have access to. These controls can reside within the customers environment or the Wavenet Partner Portal via Granular delegated administrative privileges (GDAP)
• Access restriction testing frequency: At least once a year
• Management access authentication: Other
• Description of management access authentication: Conditional Access Polices are used during the user authentication process. This can involve checking the users IP address and device compliance as well as requesting 2-factor authentication

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: URS
• ISO/IEC 27001 accreditation date: June 2023
• What the ISO/IEC 27001 doesn’t cover: A10.1.2 (we do not create encryption keys)
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: Crest certified (January 2024)

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Wavenet is an ISO27001 certified company and we adhear to the standard, we are audited on this standard annually, Wavenet is also a CE+ certified company

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Wavenet conform to ISO2000
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Wavenet conform to and follow the NIST standard and ISO27002
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We have continual monitoring with EDR solution feeding into a SIEM that is monitored 24/7 that is monitored by SOC
• Incident management type: Supplier-defined controls
• Incident management approach: Wavenet is ISO27001 certified and we follow the playbook as part of our certification.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  At Wavenet we recognise that we are accountable to more than just our shareholders. As a large business with a significant workforce and offices nationwide, we are working hard to incorporate considerations around sustainability into every business process, reducing our impact on the world around us. ; ; We understand our responsibility to society and the environment. Achieving the Ecovadis Gold certification validates our comprehensive approach spanning environmental concerns, ethical business practices, human rights, and sustainable procurement. Our journey towards Ecovadis Platinum by 2024 underscores our ongoing commitment to progress.; ; Innovation at Wavenet is synonymous with sustainability. Our product portfolio prioritises eco-conscious solutions, empowering customers to embrace sustainable technologies. Whether it's our hardware-free hosted voice systems or energy-efficient cloud computing solutions, we facilitate choices that minimise environmental impact and enhance operational efficiency. Our stringent processes ensure sustainability throughout the product lifecycle, from ethical sourcing practices to responsible disposal of legacy equipment in compliance with UK regulations.; ; People and processes are pivotal in our sustainability mission. Through a formal Carbon Reduction Plan, we rigorously monitor and mitigate our environmental footprint, engaging our workforce in initiatives aimed at conserving natural resources. Despite pandemic-induced reductions in business travel, we remain committed to sustainable mobility solutions. Our transition to hybrid and electric vehicles, coupled with employee incentives like the electric car scheme and Cycle to Work program, reflects our dedication to greener commuting alternatives.; ; Crucially, sustainability isn't just a top-down directive; it's ingrained in our corporate culture. Our workforce actively participates in planning and executing sustainability initiatives, with dedicated champions driving eco-friendly practices both in our offices and beyond. From recycling initiatives to lifestyle changes promoting environmental consciousness, our employees play a pivotal role in fostering a sustainable future, both within Wavenet and in their communities.

  Covid-19 recovery

  In the wake of the UK's exit from lockdown restrictions, Wavenet initiated a more flexible approach to workplace dynamics. Departing from the conventional mandate of requiring colleagues to be physically present in the office five days a week, the company encouraged a shift towards a hybrid model. Initially, colleagues were urged to return to the office for two days weekly, a measure subsequently extended to three days. This adjustment has yielded numerous benefits, notably fostering enhanced collaboration and bolstering team cohesion.; ; Acknowledging the concerns of colleagues hesitant to resume office attendance, Wavenet proactively conducted welfare meetings with them. These discussions served to elucidate individual apprehensions and collaboratively devise strategies to facilitate a smooth transition back to the office environment.; ; The employment environment has changed as the company has adopted a more flexible working style, with employees spending less hours in the office each week. This adjustment has reduced office congestion, making it easier to follow health-related social distancing guidelines. With fewer people in the workspace at once, colleagues may keep safe distances, reducing the risks of close contact. While new recruits are contractually designated the office as their permanent place of work, they are expected, in practice, to be physically present for a maximum of three days per week.; ; In response to the challenges precipitated by the COVID-19 pandemic, Wavenet has expanded its benefits package. Notably, the introduction of an Employee Assistance Programme underscores the company's commitment to supporting the holistic well-being of its workforce. Furthermore, recognising the importance of nurturing emerging talent and contributing to community development, Wavenet has embarked on an initiative to onboard apprentices. This endeavour not only fuels the company's growth trajectory but also offers invaluable work experience and formal qualifications to aspiring individuals seeking entry into the job market.

  Tackling economic inequality

  Wavenet's commitment to economic equality and social responsibility was solidified in 2023 when we became a Living Wage Employer, guaranteeing all employees a wage that aligns with the actual cost of living in the UK. This dedication was reaffirmed in May 2024 when the company implemented a 10% increase in line with rising living costs.; ; The Living Wage Foundation's meticulous methodology is the bedrock of our fair wage practices. Each year, they rigorously compute the cost of a standard shopping basket, encompassing essentials like groceries, energy bills, childcare, and transportation. This thorough analysis enables them to determine the actual cost of living, guiding Living Wage Employers like Wavenet in setting appropriate pay rates for our employees.; ; As advocates for the Living Wage movement, Wavenet and the Living Wage Foundation empower individuals and families to break free from poverty cycles and flourish with dignity. This partnership not only champions fair compensation but also encourages other businesses to adopt equitable wage practices, fostering community upliftment.; ; Recognising the importance of nurturing talent, Wavenet has welcomed apprentices into its ranks, providing opportunities for young individuals struggling to find their career paths. Emphasising workplace diversity, the company acknowledges the role of varied perspectives in driving growth and prosperity. With core values centred on innovation, change embracement, diversity appreciation, and social and environmental responsibility, Wavenet collaborates with clients across sectors, both large and small, to innovate products and enhancements that spur growth opportunities.; ; By prioritising fair compensation, talent development, and diversity, Wavenet not only upholds its values but also enhances employee motivation, productivity, and societal equity. This holistic approach underscores the company's commitment to fostering a fair and thriving workplace environment while actively contributing to broader social and economic betterment.

  Equal opportunity

  Wavenet proudly upholds the principles of equal opportunity employment, actively encouraging individuals from diverse backgrounds to apply for positions within the company. Embracing inclusivity, we provide support to colleagues with disabilities and long-term health issues, fostering an environment where every individual feels valued and empowered to contribute their unique perspectives and talents.; ; Internal progression is a cornerstone of our organisational culture, as evidenced by our practice of advertising vacant roles internally and providing comprehensive support for colleagues' career development endeavours. We prioritise the advancement of our workforce by funding qualifications and offering tailored training programs aimed at enhancing skills and competencies.; ; As champions for equitable compensation, Wavenet pays all employees the real living wage, above the government-mandated minimum wage, to help them afford rising costs. Our true living wage employer certification shows our commitment to economic fairness and employee well-being.; ; With a workforce exceeding 950 individuals, Wavenet is obligated to report and publish our annual gender pay gap, a responsibility we take seriously. Over the past year, concerted efforts have resulted in a marginal reduction of the gender pay gap, reflecting our ongoing commitment to fostering gender equality within the workplace.; ; Prior to commencing employment, Wavenet diligently verifies that all prospective staff are legally entitled to work in the United Kingdom, adhering to regulatory requirements and ethical standards. Our policies and procedures are meticulously crafted to ensure a non-discriminatory and respectful working environment, where every employee feels valued and safe to voice concerns without fear of reprisal.; ; Embedded within our organizational ethos is a steadfast commitment to ethical conduct and integrity, as outlined in the The Wavenet Code of Conduct. This commitment extends to interactions with employees, partners, and customers alike, reinforcing our dedication to upholding the highest standards of professionalism and ethical behaviour in all facets of our operations.

  Wellbeing

  At Wavenet, the wellbeing of our colleagues is at the heart of everything we do. We're committed to providing a supportive environment where every team member can thrive both personally and professionally. Our comprehensive range of employee benefits and schemes reflects this dedication to nurturing a holistic sense of wellbeing.; ; One of the cornerstones of our approach is ensuring access to top-tier healthcare through our private medical care program. This ensures that our employees and their families have access to prompt medical attention whenever needed. Additionally, our life assurance coverage offers peace of mind, providing financial security to our team members and their loved ones.; ; We understand the importance of work-life balance, which is why we offer a holiday buying scheme. This empowers our employees to tailor their time off to suit their individual needs, enabling them to recharge and return to work refreshed. Our cycle to work scheme not only promotes physical activity but also supports eco-friendly commuting options, contributing to personal and environmental wellbeing simultaneously.; ; In alignment with our commitment to sustainability, we've implemented an electric car scheme to incentivise the adoption of greener transportation alternatives, reducing emissions and supporting environmentally conscious choices.; ; Mental health support is paramount, which is why we've established an employee assistance programme. This confidential counselling service provides resources to navigate personal and professional challenges, ensuring that our team members feel supported and valued.; ; Furthermore, we've trained Mental Health First Responders in each office. These individuals are equipped to offer immediate support and guidance to colleagues in times of need, ensuring that mental health remains a priority throughout our organisation.; ; We also provide fresh fruit in each office, promoting wellbeing through healthy eating habits. Additionally, we welcome dogs into the office every Friday, recognising the positive impact they have on morale and stress relief.

Pricing

• Price: £1,000 to £1,250 a unit a day
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at publicsector@wavenet.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.