Email Security

Protect email accounts, content and communications against unauthorised access, loss or compromise of data. Being one of an organisation's largest attack surfaces, securing your organisation emails against phishing, spam and spoofing will prevent the spread of malware and viruses throughout your IT landscape. ISO27001 certified.


  • Block known spam email domains through filtering techniques
  • Identify and block malicious URL’s and attachments
  • Centralise your whole email network within one admin dashboard
  • Use domain name validation to spot and prevent sender spoofing
  • Encrypt emails by default to protect data from being exposed
  • Training & development of internal staff


  • Maintain communication confidentially through email encryption
  • Avoid compromised accounts and identity theft
  • Supports compliance and governance guidelines
  • Prevent phishing attacks through increased knowledge and understanding
  • Secures the largest attack surface of your IT landscape
  • Control device access
  • Prevent total access to sensitive emails on unmanaged devices
  • Identify suspicious user behaviour through indicators of compromise


£350 to £1,600 a unit

  • Education pricing available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 13

Service ID

3 4 6 0 2 7 1 9 3 4 5 8 6 0 5


Telephone: 07738619533

Service scope

Service constraints
Any service constraints will be highlighted within the client contract where applicable
System requirements

User support

Email or online ticketing support
Email or online ticketing
Support response times
Response times will be defined within SLA's
User can manage status and priority of support tickets
Online ticketing support accessibility
None or don’t know
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Onsite support
Support levels
Account Manager, Client services manager & service delivery manager are all available depending on the scope of the project
Support available to third parties

Onboarding and offboarding

Getting started
Onsite training, online training and user documentation are all provided by Mondas before the service goes live should the service be required by the client
Service documentation
Documentation formats
End-of-contract data extraction
All data will be provided in the requested readable format which will be agreed with the client at the point of termination.
End-of-contract process
For contracts of 3 years or above all handover work is included in the price of the contract. For shorter contracts, handover work will be charged at our standard daily rates as per our SFIA matrix.

Using the service

Web browser interface
Command line interface


Scaling available
Scaling type
Independence of resources
We have a dedicated team defined with SLAs for each of our clients. Regular service reviews are also built into our contract as defined by the client. Each customer has their own single tenancy instance with our service so that performance can not be effected by the demand of other users.
Usage notifications
Usage reporting
  • API
  • Email
  • Other


Infrastructure or application metrics
Metrics types
Number of active instances
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type
Reseller providing extra features and support
Organisation whose services are being resold

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery
Backup controls
Backup schedules are defined and agreed upon as part of the onboarding process
Datacentre setup
Multiple datacentres
Scheduling backups
Supplier controls the whole backup schedule
Backup recovery
Users contact the support team

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Guarantee 99.99% availability with service credits available should we fail to meet this target.
Approach to resilience
Available on request
Outage reporting
Our outages are reported via an API directly to our clients service centre or via an email.

Identity and authentication

User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels
Access is provisioned on the basis of least privilege and roles specific
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Username or password
Devices users manage the service through
Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
Annex A Ref 14 and 12.1.4
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Cyber essentials
Cyber essentials plus
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes
Cyber Essentials certified
Cyber Essentials Plus certified
ISO27001 certified
Work to SOC II Type 2
Align to the NIST framework

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
We follow ITIL best practise and our change management programme also falls within our ISO27001 audit programme
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
We have a robust risk management programme in place which is audited both internally and externally
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
We have a robust risk management programme in place which we audit both internally and externally. We also use our own SIEM tool to monitor our in house systems.
Incident management type
Supplier-defined controls
Incident management approach
We have a company wide incident management policy and process which is regularly tested and audited both internally and externally. Further information is available on request.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart

Energy efficiency

Energy-efficient datacentres
Description of energy efficient datacentres
We utilise AWS datacentres

Social Value

Covid-19 recovery

Covid-19 recovery

Our strategy through and post Covid-19 is to continue to grow our business to create more roles for staff both in the UK and Spain. From March 2020 to date we have increased our employee base over 70% and we are actively in the process of growing by another 30% in 2022. We have committed to developing our employees skills with training courses and providing growth opportunities. We enabled shielding with our working from home strategy, one which we continue to operate alongside our physical office for those that wish to go back to an office environment to regain social interactions.
We have also carried out an office improvement plan which has improved the facilities and also offered this to our staff working from home whereby if they have wanted to improve their office set up we have funded this so that everyone feels valued and comfortable in their working environment. In addition we held remote social engagement events so that whilst everyone was on lockdown they were still able to access social engagements in an online manner to keep up the team inclusion and ensure no one felt isolated. This is something we have continued with remote and in person team events.
Tackling economic inequality

Tackling economic inequality

Mondas empowers all staff to have an equal voice within the organisation, which is something we pride ourselves on. We encourage everyone to seek opportunities for new business but also to develop and grow an existing business contract, department or service. We operate a One Team approach so that everyone has an equal voice in business direction and services.
Where we have a skills shortage we in the first instance took to existing staff members to understand if it is a role they would like but with training and development before we look to the market. We also have training and development plans to grow staff and keep them engaged in their role and in the company.
All staff are encouraged and supported to become SME’s in their area of expertise but also reach outside of their comfort zone and strive to achieve the SME status in a different area. Which provides the business with greater resilience but also the member of staff. No one regardless of client support is left to feel isolated, we value the social aspects of a workplace to encourage staff to feel part of Mondas and our end goals. Where possible we also seek to support local businesses instead of going to a larger organisation as part of our social responsibility targets.


£350 to £1,600 a unit
Discount for educational organisations
Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.