WIFINITY LIMITED

Secure SD-WAN

Wifinity's Secure SD-WAN service offers a managed networking solution that integrates advanced SD-WAN capabilities with robust security features, ensuring optimal performance and comprehensive protection across distributed networks. This service simplifies network management while reducing operational costs and enhancing user experience.

Features

• Prioritises/routes traffic based on application and user demands.
• Combines enterprise-grade security features, including SSL/TLS inspection, web filtering.
• Centralised, cloud-based management console simplifies network control and orchestration
• Adjusts to network size/demands for various business environments
• Secure access regardless of user location, enhancing remote capabilities
• Traditional VPN access, accommodating a range of remote connectivity needs
• Supports BGP, OSPF, RIP for routing capabilities across networks
• Simplifies branch deployments with automated device provisioning and management
• Deep insights, visibility into network traffic and security events
• Efficient management of multiple customer deployments and network segments

Benefits

• Enhance network performance with intelligent application-based traffic routing
• Secure remote access enables flexible, location-independent working environments
• Reduce operational costs by eliminating expensive MPLS links
• Streamline network management from a unified control centre
• Adapt network size and capabilities as business needs evolve
• Safeguard data with advanced security features and compliance standards
• Deploy new branches faster with zero-touch provisioning capabilities
• Gain real-time insights into network health and traffic flows
• Automate routine tasks to focus on strategic business initiatives
• Improve user experience with prioritised critical application delivery

£500 a unit

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@wifinity.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

395490019347342

Contact

Bid Management
07538410008
tenders@wifinity.co.uk

Service scope

• Service constraints: Service is optimised for Fortinet devices, requiring specific hardware for full functionality. Regularly scheduled maintenance may result in brief periods of service disruption to ensure system performance and security. Technical support is primarily available for configurations that strictly follow recommended setups. Service features and performance might vary by region, depending on local infrastructure and regulatory conditions. Certain advanced features require integration with existing enterprise systems, which might need customisation or additional configuration.
• System requirements:
  • Appropriate licensing for Fortinet products and feature sets.
  • High-speed Internet connection for optimal SD-WAN performance
  • Support for specific virtual machine environments if using virtual appliances
  • Compliance with regional data security and privacy regulations

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Target Service Level is at least 90% of end user emails responded to within 24 hours or less each month
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Yes, at an extra cost
• Web chat support availability: 9 to 5 (UK time), 7 days a week
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: The Wifinity web chat and website includes a number of assistive technology tools to support users with additional needs, including for those visually impaired, with cognitive disability, blind users, those who have seizures, and those with ADHD.
• Onsite support: Onsite support
• Support levels: Wifinity offers several support levels, designed to cater to a variety of operational requirements:; ; Standard Support:; Features: Includes 24/7 technical support and basic troubleshooting.; Hardware Break fix: 8x5 response, with an engineer dispatched to the site on the next business day.; Cost: Included in the base service package at no additional charge.; Premium Support:; Features: Provides all the benefits of Standard Support with the addition of a dedicated Technical Account Manager and a Cloud Support Engineer for tailored technical guidance.; Hardware Break fix: Enhanced 24/7 coverage with an engineer available to arrive on-site within 4 hours, any time of day.; Cost: This enhanced level of service is available for an additional fee, dependent on the customer’s specific requirements.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Each new client engagement begins with a project-managed onboarding process. This involves a dedicated project manager who oversees the entire setup, from initial planning and hardware installation to configuration and testing. This ensures a tailored deployment that aligns with specific business needs and technical requirements. To equip your team with the necessary skills and knowledge, Wifinity can offer both onsite and online training sessions. These training modules cover the full range of features and functionalities of the Secure SD-WAN service, ensuring that your network administrators and IT staff can manage and maintain the service effectively. Alongside training, we provide detailed user documentation that includes step-by-step guides, best practices, troubleshooting tips, and FAQs. This documentation is accessible online and can be referenced at any time to help resolve issues or to guide further configurations. From the start, users have access to Wifinity’s technical support team, available up to 24/7 to assist with any technical challenges or questions that arise during the initial setup phase and beyond. After the initial setup, our project manager or service delivery manager conducts follow-up sessions to ensure the service meets your expectations and to gather feedback for continuous improvement.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • ODF
  • PDF
• End-of-contract data extraction: The Exit Schedule would outline what data the Customer wishes to extract on exit and how Wifinity would share this.
• End-of-contract process: At the end of a contract Wifinity will agree, through the Exit schedule, a process to manage the removal of our support to allow the customer to transition to the new provider. Sites will be supported until an alternative is in place and circuits can be ceased or potentially novated. Any charges related to these services will be captured through a Contract variation once understood.

Using the service

• Web browser interface: Yes
• Using the web interface: New users gain access through an onboarding process. After signing up, they receive login credentials for the web interface. Setup involves configuring basic settings like network parameters and security policies, facilitated by a setup wizard. This process ensures that the firewall aligns with the customer’s security requirements from the start.; ; Users can adjust firewall rules, security settings, and network configurations through the web interface. The interface supports real-time changes, allowing users to respond to evolving security needs or network conditions without waiting for system restarts or causing significant service interruptions.; ; The web interface's ability to apply modifications ensures that security measures are always up-to-date and effective, providing continuous protection against threats.; ; For more sophisticated setups or when integrating complex policies, users might need to engage with technical support. This ensures configurations are implemented correctly and do not interfere with the overall security posture.; ; To maintain system integrity and prevent accidental or malicious changes, some settings are only modifiable by users with administrative privileges. This layered access model helps in safeguarding critical configurations.; The web interface may not fully support custom script integrations or specific hardware setups, potentially requiring manual configuration or consultation with professional services to ensure compatibility and performance.
• Web interface accessibility standard: WCAG 2.1 AA or EN 301 549
• Web interface accessibility testing: Wifinity offer number of assistive technology tools to support users with additional needs, including for those visually impaired, with cognitive disability, blind users, those who have seizures, and those with ADHD.
• API: Yes
• What users can and can't do using the API: Our API provides robust tools for setting up, managing, and modifying network services, though it comes with certain limitations that require consideration, particularly in complex integrations and advanced configurations.
• API automation tools:
  • Ansible
  • Chef
  • OpenStack
  • SaltStack
  • Terraform
  • Puppet
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
  • ODF
  • PDF
• Command line interface: Yes
• Command line interface compatibility:
  • Linux or Unix
  • Windows
  • MacOS
• Using the command line interface: Our CLI provides a powerful tool for network administrators to perform detailed and direct control over network services. While it offers precision and extensive capabilities, its use requires technical expertise and careful management, particularly in complex or large-scale environments. The CLI remains an essential component of network management, particularly for tasks that require granular control or immediate execution.

Scaling

• Scaling available: No
• Independence of resources: Our architecture ensures users are not impacted by others through robust resource partitioning and dedicated processing capabilities. Our scalable infrastructure dynamically allocates bandwidth and computing resources based on real-time demand, maintaining optimal performance and responsiveness. ; Advanced load balancing techniques distribute traffic evenly across our global network of data centres, preventing any single point of overload. Additionally, our cloud-native design supports auto-scaling capabilities that adjust resources automatically to handle increases in load, ensuring consistent service levels for all users regardless of overall system demand.
• Usage notifications: Yes
• Usage reporting: Other
• Other usage reporting: Reports and contact from their Service Delivery Manager

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
• Reporting types:
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: Fortinet

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Hardware containing data is completely destroyed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • Configuration files
  • User data
  • Logs
  • Network settings
• Backup controls: Backups would be coordinated and completed by Wifinity unless otherwise agreed.
• Datacentre setup: Multiple datacentres with disaster recovery
• Scheduling backups: Supplier controls the whole backup schedule
• Backup recovery: Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Core Network Availability: 99.99%; WAN Uptime: 99.98%; SDWAN Platform: 99.99%; Service credits are available and defined on a contract level dependent on severity of incident.
• Approach to resilience: Wifinity's Secure SD-WAN service is engineered with resilience at its core to ensure high availability and uninterrupted service. The service architecture includes several key elements designed to provide a robust and reliable networking experience. Both hub and branch sites are configured with high availability setups. This includes redundant hardware and failover mechanisms that automatically switch to backup systems in the event of a failure, minimising downtime and ensuring continuous network service.: Wifinity operates several geographically dispersed data centres capable of full failover. These facilities are equipped with redundant power supplies, HVAC, and network connections to ensure they operate effectively under various scenarios. Data and applications are replicated across these data centres to provide real-time redundancy and fast recovery times. The SD-WAN technology employed allows for dynamic path selection, automatically rerouting traffic over the best available link based on real-time performance assessments. This ensures optimal performance and accessibility even during link failures. The infrastructure is regularly updated and maintained according to best practices to prevent outages due to software or hardware malfunctions. The network design is scalable and flexible, allowing for easy expansion and adjustments as organisational needs grow or change, without impacting the underlying resilience.
• Outage reporting: Wifinity's Secure SD-WAN service employs a comprehensive approach to outage reporting, designed to ensure that clients are promptly and effectively informed of any service disruptions. There are key components of our outage reporting system. Wifinity provides a dashboard that offers real-time visibility into service status, including current operations, maintenance updates, and any ongoing outages. This dashboard is accessible to all users and is updated continuously to reflect the most current service conditions. In the event of an outage, Wifinity automatically sends out email alerts to all affected users. These alerts provide immediate notification of the issue, expected resolution time, and any steps users may need to take. Follow-up emails are sent to update users on the progress of resolving the outage and to notify them once normal service is restored. Alongside email, Wifinity also sends SMS notifications to provide another layer of immediate communication. This ensures that users receive outage notifications even if they are away from their primary email.

Identity and authentication

• User authentication: 2-factor authentication
• Access restrictions in management interfaces and support channels: We secure access with multi-layered defences:; 1. Authentication: Strong passwords and multi-factor authentication (MFA) prevent unauthorised logins, even if credentials are stolen.; 2. Authorisation: Users are assigned roles with least privilege, granting access only to features they need for their tasks.; 3. Network Segmentation: Management interfaces are isolated on secure networks, firewalls block access from untrusted sources.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
• Devices users manage the service through: Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: British Assessment Bureau
• ISO/IEC 27001 accreditation date: 10/07/2023
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Wifinity’s information security policies and processes are in compliance with ISO27001. This is the responsibility of our Head of IT and Information Security, who reports to our Chief Operating Officer and, ultimately, the CEO

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Wifinity has an ITIL-based Service Management process. A Service Delivery Manager will be responsible for overseeing change management in relation to the service. Where the need for change or configuration has been identified, the SDM will liaise with Wifinity’s Change Management Team to ensure service and security risks are mitigated, impact minimised, and change properly documented. The Customer Service and Account Management teams will also be involved to raise any comments or concerns about the impact of the change.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Wifinity scan our systems continuously for vulnerabilities using industry-standard tools. These compare our software to databases of known weaknesses.; ; Identified vulnerabilities are prioritised based on severity (exploitability, impact) and asset criticality. High-risk issues are addressed first.; Security patches from software vendors are reviewed and tested thoroughly. Once approved, deployment is prioritised based on risk. Critical patches are deployed rapidly, often within hours.; ; Wifinity monitor several threat intelligence feeds. These constantly update us on new vulnerabilities and exploits.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We vigilantly monitor systems for suspicious activity. Security logs track user access, system changes, and anomalies. Our tools analyse for patterns linked to malware or hacking attempts.; ; Potential compromises are flagged for investigation. This involves isolating the affected system, analysing logs for root cause, and assessing damage.; ; Response speed depends on severity. Critical incidents trigger immediate action to contain threats and prevent further damage. Our team is on call 24/7 to ensure a swift response.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Wifinity utilises 24/7/365 dynamic, automated monitoring of the network. Our Network Monitoring System (NMS) provides our network engineers and customer support agents with real-time and historical data regarding the health and performance of your network. ; ; Users can report incidents via email, telephone and webchat. ; ; Where an incident is identified or reported, the customer will be notified and provided details including reference number, priority, impact, root cause information, investigation and resolution. Communications will be sent out throughout the incident, with updates at each stage.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Supplier
• Virtualisation technologies used: VMware
• How shared infrastructure is kept separate: On the SD-WAN platform, the use of ADOMs ensures that each user and their data are separated into their own domain. ; Traffic physically transiting across the Wifinity segment of the network is contained and separation maintained through the use of VRF and VLAN configurations. Dedicated public facing infrastructure can be utilised to host individual sites to ensure service levels are met/maintained.; ; When complete isolation is required, Wifinity are able to offer private infrastructure on which to deploy platform software images. This will have additional associated costs.

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: Our chosen datacentres adhere to ISO14001 and 50001. Energy is sourced from only 100% renewable sources. It also utilises market-leading colling technology to operate efficiently, requiring far less electricity. Our datacentres utilise Power Usage Effectiveness index to measure energy efficiency by dividing the amount of power entering into the DC by power used to run the computer infrastructure within it.

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Wifinity is committed to reaching Net Zero by 31 December 2030. This places us 20 years ahead of the recommendations put forward by the IPCC and the UK government’s target, demonstrating our leadership and ambition. ; ; To this end, we have completed a baseline exercise of our Scope 1, 2 and several Scope 3 emissions and have set realistic and achievable targets to reduce these across our entire organisation and within each and every programme of work we deliver, including this one. We are working towards the inclusion of currently excluded categories as part of our program to improve data collection.; Wifinity aims to reduce our Scope 1 and 2 emissions by 30% by 2026 (within the lifetime of this contract). We will also offset our residual Scope 1 and 2 emissions in FY2023 to become carbon neutral via high quality verified offsets. Alongside this, we have set ourselves a 63% reduction target in all Green House Gases (GHGs) emissions across all Scopes by 2030, offsetting any residual emissions via high-quality nature-based or direct air capture projects. ; In 2022 we appointed external specialist carbon consultants to advise Wifinity on our process, collating and verifying data to calculate our carbon emissions (baseline) and advise us on our carbon reduction options. ; Wifinity will achieve: ; • 21% absolute reduction in emissions by 2024 (within the lifetime of this contract); • 40% absolute reduction in emissions by 2027; Where emissions are because of our supply chain (Scope 3), we are committed to using our purchasing power and choice of supplier to encourage the correct carbon reducing behaviour within our supply chain. This includes during the delivery of this service.

  Tackling economic inequality

  Wifinity is committed to tackling economic inequality and has a range of initiatives that directly or indirectly support current and future employees and the communities we serve.; Remote First – Significant talent exists beyond the main city hubs and therefore our remote-first status allows us to proactively promote our roles to the communities in which we serve ; Field Workers – We proactively recruit field workers in areas that align in proximity to our customer’s communities, reducing unnecessary travel and impact to our environment and on the work life balance of our employees.; Recruitment – inclusive hiring policy – One behaviour linked to our company value of Inclusion is “Come as you are”. We actively seek diversity in recruitment, using systems design theory ; Disability Confident – We are an approved Disability Confident Employer; Apprenticeships – We have set ourselves a minimum and stretch target for apprentices of 3% and 5% respectively. ; Traineeships – We run traineeship programmes to support our employee pipeline.; Volunteering Programme – Our Good Connections programme is an annual programme that leads to the installation of our product for free, in a facility for the underprivileged; Job Centres and Job Fairs – We proactively contact job centres in regions where we deliver or plan to deliver our services. This supports both unemployed and underrepresented community members. ; Promote internal development – This is especially important for remote team members in regions with limited opportunities ; Mentor Programme – We have a volunteer mentoring programme for employees to both mentor and reverse mentor.; Employee Champion and Social Groups – We’ve created a platform for two different types of Employee Groups. The first, Employee Champions, is business driven and supports areas such as Environment and Social Champions as well as Champions for Women in Tech.

  Equal opportunity

  Wifinity takes a positive approach to fair work practices, in providing equal opportunities, and supporting the learning and development of our staff. ; We commit to:; • Paying all directly employed staff on the project the Real Living Wage or above; • Supporting the development of project staff through on the job learning, peer-to-peer development and formal training. This includes shadowing, where appropriate.; • Investigating where we can provide apprenticeship opportunities, particularly in areas with low employment ; • Ensuring all staff benefit from our commitment to providing a positive environment that recognises and values their different experiences, abilities and skills and where equal opportunity will be provided for all; • Aiming to reflect the diversity of your staff and the wider population in our team; • Not utilising any zero-hours contracts; • Providing a positive work-life balance for all project staff, with opportunity for flexible working where eligible; • Creating an atmosphere of collaborative workforce engagement through regular staff representation and an open and honest culture of feedback; Wifinity has a number of policies that demonstrate our wider commitment to fair working practices (Parental/Adoptive Leave, Communication and Collaboration, Equal Opportunities, Flexible Working, Absence, and Skills and Training) which we would be happy to share

  Wellbeing

  Wifinity has an established Health and Safety Management system that is compliant with the requirements of the ISO45001:2018 Standard. ; Wifinity has core areas of focus which ensure that all employees have the necessary skills and information to achieve and maintain Health and Wellbeing.; All staff undergo a mandatory induction that covers all aspects of the Health and Safety Management System relevant to their activities along with information relating to employment and the help and support available to them for areas such as mental & occupational health. ; We hold a training matrix that indicates the required competencies by role which is then monitored to ensure individual employees renew their training at the required frequency.; Each team active on our projects has a team leader who is responsible for general supervision on site and ensures that all works are carried out to the requirement of the Management System and work-related documents. ; All Wifinity projects are subject to a specific Risk Assessment / Method Statement (RAMS). We complete a Point of Work Risk Assessment (POWRA) prior to work commencing. We use specific software to aid the programming of individuals, ensuring that those within the closest proximity of the delivery location are used to reduce travel along with effects on health caused by fatigue. ; Wifinity has trained six Mental Health First Aiders to provide support throughout the company. The team provides frequent communications to both raise awareness of mental health issues and to provide a contact point for individuals, should they require it. We also offer Private Health Insurance to all permanent employees, and this includes coverage for both physical and psychological health

Pricing

• Price: £500 a unit
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@wifinity.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.