Entrust Datacard (Europe) Limited

Managed Certificate Hub

Entrust Managed Certificate Hub is a full certificate discovery, inventory and control platform, hosted from the Entrust Datacenter. Managed Certificate Hub gives organisations visibility of internal and external digital certificates from across their estate. Combined with Entrust CA Gateway, Managed Certificate Hub finds and controls certificates from any certificate authority.

Features

• Discover all of your internal and external digital certificates
• Automate certificate expiry notifications
• Take full inventory of certificates regardless of the certificate authority
• Create custom certificate reports
• Automated certificate import via Entrust Discovery Agent
• User administration with MFA authentication
• Agentless certificate deployment via SFTP
• Hosted from the Entrust datacentre
• Built by the Entrust certificate solutions experts

Benefits

• A single “pane of glass” for all certificate info
• No installation or upkeep: fully built and hosted by Entrust
• A strong foundation for your future certificate planning
• No more spreadsheets
• Spot unused and orphaned certificates- reduce your costs
• Find certificate issues and take actions quickly
• Work closely with Entrust’s certificate experts

£75,000.00 to £150,000.00 an instance a year

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at robert.hann@entrust.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

430022157845043

Contact

Robert Hann
07818 552411
robert.hann@entrust.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Hybrid cloud
• Service constraints: None known
• System requirements:
  • At least one certificate authority with certificates
  • Appropriate LDAP/CA gateway connectors
  • Windows Server 2008 (minimum)

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Support issues are answered within 1 hour, assuming the issue is reported within business hours (9am-5pm)
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Silver support (required for purchase)- 18% of subscription cost, 9-5 email and phone support.; ; Platinum Support- 22% of subscription cost, 24/7 email and phone support using a "follow the sun" support model.; ; A technical account manager is available at an additional cost.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Entrust will hold a kick-off meeting with the user to establish the requirements, and then build and deploy the solution for the user. This is a managed service.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Data will be retained by Entrust in accordance with the Certificate Policy and this retention period may be substantial. Where required, a Privacy Statement is developed with the customer. Users can extract their data at the end of their contract if they choose not to renew, under the terms of both the Privacy Statement and an exit plan which will be agreed with the user.
• End-of-contract process: Using our SCS consultancy, an Exit Plan can be created if required.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
  • Windows Phone
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: The interface should be familiar to anybody with experience of using Microsoft Windows.
• Accessibility standards: None or don’t know
• Description of accessibility: An administrative interface where users can generate reports regarding certificates, automate certificate expiry notifications, access their full certificate inventory etc.
• Accessibility testing: Further information available on request
• API: Yes
• What users can and can't do using the API: The user shouldn't need to have a lot to do with the API as Entrust will build and manage the service for them.
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: While the certificate hub is built as standard, users can generate customised reports and also cutomise their data fields within Certificate Hub

Scaling

• Independence of resources: Managed Certificate Hub is built specifically for the user and there are no concerns inherent in its use regarding capacity. The Managed Certificate Hub is run out of the Entrust Datacenter, where we meticulously monitor our own capacity with regards server space etc. to ensure that we always provide enough latency to cover all of our customers and their solutions.

Analytics

• Service usage metrics: Yes
• Metrics types: Entrust can provide comprehensive usage and compliance reporting, this includes a variety of system, administration and management reports
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • Other locations
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: In-house
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Users can generate custom reports within Certificate Hub and can export their certificate data to Microsoft Excel. Data will be retained by Entrust in accordance with the Certificate Policy and this retention period may be substantial. Where required, a Privacy Statement is developed with the customer.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Entrust Managed Certificate Hub is available (24) hours per day, seven (7) days per week, excluding planned maintenance windows. During periods of high activity, Entrust Support strives to maintain SLA in accordance with the customers chosen support plan. https://www.entrust.com/-/media/documentation/licensingandagreements/entrust-certificate-solutions-hosted-support-schedule-lg.pdf
• Approach to resilience: Entrust operates a progressive business continuity approach. Layered backup services ensure data and applications can be recovered quickly and contingency hardware allows for rapid recovery from equipment failure. In addition to recovery for systems, the primary Trust Services Centre (TSC) has separate independent network connections, battery based UPS and a full service backup generator that can provide power for the entire TSC in the event of a sustained power outage.; We operate as geographically independent contingency site in support of the Certificate Factory. This site is examined as part of all our compliance assessments. The contingency site benefits from similar facilities to the TSC in terms of networking and power. Contingency tests to confirm the ability to move operations to the site are conducted regularly.; An additional third secure site is used for storage of security components to ensure resilience and to support high availability services. Further information available on request.
• Outage reporting: Email alerts are sent to the user in the unlikely event of an outage.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: The Entrust Managed Certificate Hub supports the use of role based access which includes a Super-Admin, Sub-Admin, Requester and API user roles. All roles require authenticated access and the rights and permissions are authorised based on the principle of least privilege.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: A0Lign
• ISO/IEC 27001 accreditation date: 04/12/2016
• What the ISO/IEC 27001 doesn’t cover: See certificate
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Entrust's security model is based on fundamental good practices and ensures a high level of management control. It comprises best practice elements for information security and continuity:-; • ISO 27001 controls through our Security and Quality Management process,; • tScheme use for compliance management,; • We accommodate additional customer specific audits insofar as they don't breach existing standards.; ; Entrust applies security/contingency controls to all operations, covering the Trustis primary data centre and its geographically separate contingency site. Both locations have multiple levels of network/power contingency, together with high levels of systems contingency. Physical/logical access to both sites is strictly controlled and audited.; ; Entrust operations are compliant with/audited to ISO9001 standards and are subject to a process of continual improvement. This is achieved by performance measurement and reporting against SLAs, risk assessments, internal/external audits, and other feedback mechanisms.; ; Governance resides in the Entrust quality and security committees which regularly meet to manage/enforce the policy, compliance standards, review performance and agree necessary changes.; ; Entrust personnel are highly proficient; all undergo security clearance and a continual training program. All are subject to performance review and awarded formal approval status to work on managed services. High-level security processes are carried out under two-man control.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: We abide by our change management policy and procedure.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Available on request
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Available on request
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: We follow our info security policies and procedures. These have been vetted as part of our ISO 27001 certification process

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: Yes
• Connected networks: Public Services Network (PSN)

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Environment – Our goal is to manage our manufacturing, warehousing, distribution, and office facilities to minimize ecological impact. Entrust maintains an ISO 14001 certification at its headquarters and principal manufacturing facility and is working to set organizational carbon reduction goals to achieve net zero carbon emissions by 2050. We also comply with important environmental measures such as REACH, RoHS, and Proposition 65 where applicable to our business.

  Tackling economic inequality

  Diversity, Equity and Inclusion – Entrust has established concrete goals to build a more diverse workplace and supplier base. We actively promote an inclusive and welcoming culture across our business through our Entrust Includes initiative and we look for suppliers that embrace similar values through our formalized supplier diversity program.

  Equal opportunity

  Diversity, Equity and Inclusion – Entrust has established concrete goals to build a more diverse workplace and supplier base. We actively promote an inclusive and welcoming culture across our business through our Entrust Includes initiative and we look for suppliers that embrace similar values through our formalized supplier diversity program.

  Wellbeing

  Diversity, Equity and Inclusion – Entrust has established concrete goals to build a more diverse workplace and supplier base. We actively promote an inclusive and welcoming culture across our business through our Entrust Includes initiative and we look for suppliers that embrace similar values through our formalized supplier diversity program.

Pricing

• Price: £75,000.00 to £150,000.00 an instance a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Users may trial certificate hub to find and discover a limited number of certificates and produce reports for up to 30 days.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at robert.hann@entrust.com. Tell them what format you need. It will help if you say what assistive technology you use.