Echoworx Email Encryption
A boundary-based high-performance email data encryption service providing effortless secure delivery for confidential or sensitive information to any email recipient in the world; with multiple encryption levels, flexible authentication support, and the ability to encrypt a wide range of information types.
Features
- Unlimited branding
- Cloud certificate encryption/decryption
- Multiple standards-based encryption delivery
- Extensive authentication options
- Detailed message tracking and audit reporting
- Modern UI experience
- Multiple language support (28)
- Secure guest messaging
- Self-provisioning management
- High-volume output
Benefits
- Share secure email with diverse users, anywhere
- Protect inbound information business
- Easily track and recall encrypted messages to maintain compliance
- 24x7 hosted services for increased efficiencies and cost savings
- Visual brand identity for increased customer trust
- Biometric and social logins for faster access
- Password self-management reduces service desk complaints
- Quickly enable PGP encryption/decryption in the cloud to eliminate costs
- Consolidate encryption into a single platform to increase revenue
- Support multiple languages to increase customer loyalty and retention
Pricing
£36.62 a licence a year
- Education pricing available
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 13
Service ID
3 5 0 6 2 2 7 4 7 9 1 3 4 3 5
Contact
Echoworx Corporation
Neill Crompton
Telephone: 44 808.134.9538
Email: info@echoworx.com
Service scope
- Software add-on or extension
- No
- Cloud deployment model
-
- Private cloud
- Hybrid cloud
- Service constraints
- None
- System requirements
-
- Existing email gateway, either on-premises or cloud based
- Service access is restricted to using TLS only for connection
- Inbound email must pass through mail security flows (AV/AS)
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- 24 hours
- User can manage status and priority of support tickets
- No
- Phone support
- Yes
- Phone support availability
- 24 hours, 7 days a week
- Web chat support
- No
- Onsite support
- No
- Support levels
- Echoworx makes available qualified personnel responsible for supporting the service and provides response times for incidents based on severity levels.
- Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
-
Echoworx offers full onboarding services. Training with an Echoworx
System Engineer is included. Full administrator and user documentation
is provided in HTML and PDF formats along with “train-the-trainer”
materials. - Service documentation
- Yes
- Documentation formats
-
- HTML
- End-of-contract data extraction
-
There is no need to extract data from the Echoworx platform. The email
messages stored in Echoworx are temporary in nature. Echoworx
removes all User and Administrator accounts upon expiry. - End-of-contract process
-
At the end of the contract, the customer will update their mail flow rules
to stop routing emails to Echoworx for encryption. The secure portal will
remain active for 30 days, allowing any messages stored there to be
collected by the recipient and/or expire naturally. After 30 days, the
branded tenant is deleted along with all recipient accounts. There are no
additional costs.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Opera
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- Echoworx can be used to read and send messages from iPhone, Android, Blackberry and Windows Mobile devices. With it, you can send confidential messages and be sure that the recipient can read and reply securely, no matter what they are using. No mobile app, additional software or special setup is required. Secure Portal users are provided a mobile experience that is consistent with desktop users and optimized for small screens and data plans. Our tailored interface, rated AA level for Web Content Accessibility, ensures experience is not affected.
- Service interface
- Yes
- User support accessibility
- WCAG 2.1 AA or EN 301 549
- Description of service interface
- Senders of secure email (the internal employee) will work in their native corporate mail client to send secure emails. There is an optional add-in to Outlook that provides an Encrypt button for easy tagging of secure email. Recipients of secure email will use the web-based secure portal to read messages and manage their account. Both senders and recipients will receive branded notification emails to inform them of secure email activity and provide a link to the web-based secure portal.
- Accessibility standards
- WCAG 2.1 AA or EN 301 549
- Accessibility testing
- Each release of the software is tested for compliance against the WCAG 2.1 AA accessibility standards. Assistive technology tools that integrate with the supported browsers (and devices) are used as required.
- API
- No
- Customisation available
- Yes
- Description of customisation
-
8 message delivery options that can be changed at anytime. Extensive branding control of logo, colors and other specific imagery. Customizable messages in header and footer including per-language template-sets. Advanced branded pickup portal and online help centre. Support of vanity domains. 28 configurable language options. 7 authentication options. Administrators have full access to system management and profile customization through the easy to use web admin console including system-level and per user multi-factor
authentication enablement. End users have full control of their language and message delivery options.
Scaling
- Independence of resources
- Echoworx' services are load balanced across multiple datacenters, each provisioned to handle all load independently to ensure all email volume is processed without delay. Additional instances of the encryption engine and/or the secure web portal can be deployed without any service interruption.
Analytics
- Service usage metrics
- Yes
- Metrics types
-
Scheduled reports can be configured to send the desired data to the
customer on a daily, weekly, or monthly basis. This can include
admin activity audit, secure message log, and/or list of active
accounts. Reports are emails (securely) to the customer as a CSV
attachment. - Reporting types
-
- Regular reports
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Conforms to BS7858:2019
- Government security clearance
- Up to Developed Vetting (DV)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
-
- United Kingdom
- European Economic Area (EEA)
- Other locations
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- Another external penetration testing organisation
- Protecting data at rest
-
- Physical access control, complying with CSA CCM v3.0
- Physical access control, complying with SSAE-16 / ISAE 3402
- Other
- Other data at rest protection approach
- All emails are encrypted and can only be access by the intended recipient.
- Data sanitisation process
- Yes
- Data sanitisation type
- Deleted data can’t be directly accessed
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
-
Customers (i.e. senders of secure email) do not need to export their data
because the source email will reside in the organization's mail server and/or email archive. A recipient of secure email, who is collecting a message in the secure portal has several different options in the user-interface to download and save the message. They can choose to save a message as an Outlook format (.msg), Windows Mail format (.eml), PDF, or TXT. - Data export formats
- Other
- Other data export formats
-
- Outlook format (.msg)
- Windows Mail format (.eml)
- Plain Text
- Data import formats
- Other
- Other data import formats
- N/A
Data-in-transit protection
- Data protection between buyer and supplier networks
- TLS (version 1.2 or above)
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
Availability and resilience
- Guaranteed availability
- 99.95%, assured by contractual commitment. Failure to meet availability entitles customer to service credits.
- Approach to resilience
- Available on request.
- Outage reporting
- Email and text alerts.
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Identity federation with existing provider (for example Google Apps)
- Username or password
- Access restrictions in management interfaces and support channels
- Access is limited by multi-factor authentication, IP Allow Lists, role segregation, account idle timeouts, and account password lockouts.
- Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- 2-factor authentication
- Dedicated link (for example VPN)
- Username or password
Audit information for users
- Access to user activity audit information
- Users contact the support team to get audit information
- How long user audit data is stored for
- Between 1 month and 6 months
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- Between 1 month and 6 months
- How long system logs are stored for
- Between 1 month and 6 months
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- EY CertifyPoint
- ISO/IEC 27001 accreditation date
- 22/03/2022
- What the ISO/IEC 27001 doesn’t cover
- Echoworx software, updates and security patches.
- ISO 28000:2007 certification
- No
- CSA STAR certification
- Yes
- CSA STAR accreditation date
- 22/03/2022
- CSA STAR certification level
- Level 3: CSA STAR Certification
- What the CSA STAR doesn’t cover
- Echoworx software, updates and security patches.
- PCI certification
- Yes
- Who accredited the PCI DSS certification
- Richter LLP
- PCI DSS accreditation date
- 18/06/2021
- What the PCI DSS doesn’t cover
- Only our Email Encryption Services are covered.
- Cyber essentials
- No
- Cyber essentials plus
- No
- Other security certifications
- Yes
- Any other security certifications
-
- PCI DSS Level 1
- SOC 2 Type II
- WebTrust
Security governance
- Named board-level person responsible for service security
- No
- Security governance certified
- Yes
- Security governance standards
- Other
- Other security governance standards
- SOC2
- Information security policies and processes
- Echoworx is SOC 2 and PCI certified and audited.
Operational security
- Configuration and change management standard
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Configuration and change management approach
-
Change is managed at all levels through the design, software
development, quality assurance, deployment, and operational
management of the services. Some examples: All source code is
versioned and tagged in a Version Control System. Change requests are
reviewed weekly by Product Management, Sales Engineering,
Operations, and Development. Change requests are assigned to the
current or future release based on severity and value to the solution. All
production system changes, including config changes, are documented
and tracked in the ticketing system and reviewed by management before
any version of the software is deployed changes. - Vulnerability management type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Vulnerability management approach
-
Threats are assessed as soon as there is information available, by the
Echoworx Operations, Security and Development teams. Patches are
deployed based on the severity and impact to the system. Information
about potential threats comes from several sources, some of which
include, CVE monitoring, dependency alter monitoring, service mailing
lists, etc. - Protective monitoring type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Protective monitoring approach
-
Echoworx' monitoring of our applications, environments, and services are
audited during our SOC2 and PCI certifications to be in line or exceeding
the requirements for these standards. Echoworx' Operations team reacts
immediately to any potential compromise, or incidents. - Incident management type
- Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
- Incident management approach
-
The Echoworx Operations and Support teams have various run books for
common events, in which repeatable actions are documented for cases.
Users can report incidents to the Support teams by logging a ticket with
Echoworx Support. Incident reports are provided as required.
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Public sector networks
- Connection to public sector networks
- No
Social Value
- Fighting climate change
-
Fighting climate change
N/A - Covid-19 recovery
-
Covid-19 recovery
N/A - Tackling economic inequality
-
Tackling economic inequality
N/A - Equal opportunity
-
Equal opportunity
N/A - Wellbeing
-
Wellbeing
N/A
Pricing
- Price
- £36.62 a licence a year
- Discount for educational organisations
- Yes
- Free trial available
- Yes
- Description of free trial
- Full functioning Proof of Concept (POC) for a limited time period.