Jisc Services Ltd

Govroam

A federated roaming service for the wider public sector, providing seamless connectivity to the end user. Govroam makes offering offsite connectivity easy, delivering savings and efficiencies while enhancing the control employers have over staff roaming behaviours. Operated by Jisc, Govroam brings regional roaming initiatives together under a standardised national-scale service.

Features

• Provides a national standard for federated roaming design
• Guaranteed minimum service capability allows effective remote working.
• Service design built on a fabric of trust between participants.
• Uses your existing staff authentication mechanisms to grant access.
• Transfer of authentication data secured by end-to-end encrypted protocols.
• Support offered by end users' home organisation.
• Free at point of service to end users.
• Device and infrastructure agnostic, enabling BYOD
• Geolocation companion app supports easy venue discovery.
• National in scope - 6,000+ venues across 370+ member organisations

Benefits

• Support your mobile workforce, improving productivity by simplifying off-site connectivity.
• User-friendly roaming, with a “zero-touch” automated process after initial configuration.
• Secure authentication incorporating a real-time “member in good standing” check.
• Standardise your guest WLAN provision and consolidate SSIDs
• Reduce/eliminate the need for customer-facing visitor support.
• Reduce/eliminate the use of temporary credentials, improving network security.
• Reduce/eliminate the need for costly SIM-based data provision.
• Exert real-time control over staff access to roaming connectivity.
• Utilise existing network infrastructure.
• Customise the level of access to meet your organisation's needs

£344 to £797 a unit a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bid.support@jisc.ac.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

448540496667480

Contact

Bid Support
03003002212
bid.support@jisc.ac.uk

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: The Govroam service provides users with the ability to authenticate onto a local network, providing internet connectivity. Access can be configured for use with any web based software.
• Cloud deployment model: Community cloud
• Service constraints: Wireless Infrastructure must be 802.1x capable, and RADIUS proxies must be public internet facing for connectivity to Jisc RADIUS servers.; ; Scheduled maintenance is under the control of Jisc, and will be announced at least 7 days in advance and will be scheduled into the next available maintenance window. ; ; Unscheduled maintenance, which is only undertaken in an emergency, of the govroam central service, as well as the other servers and services under control of Jisc, will be announced as early as possible.
• System requirements:
  • Standards based RADIUS Server
  • Compliant Enterprise WiFi Deployment (802.1x capable)
  • Compliant access control
  • Compliant support process
  • IoS or Android (for use with govroam App)

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: For general enquiries or technical questions Members should contact the govroam team at govroam@jisc.ac.uk. The team will acknowledge receipt within 4 hours during a working day, and provide a solution or initiate further investigation to all enquiries as soon as possible, but no later than 5 working days.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Technical boarding, B2B troubleshooting and security incident management are included as standard.; ; Dedicated service management team.; ; Additional support with boarding and ongoing client-side technical service management are available as separate products via Jisc's Trust & Identity Consultancy Team.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: There is a defined technical boarding process supported by both deployment and operations training, an extensive documentation package and telephone/email support.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Service operations do not require holding end user data. Any business contacts etc will be deleted in accordance with our data protection policy.
• End-of-contract process: Trust relationship between customer and central RADIUS servers are removed. All public references to customer as a participant are removed.

Using the service

• Web browser interface: No
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: As a connectivity service, the only differences between mobile and desktop are the OS elements required for initial configuration. The service has no interface for the end user.
• Service interface: No
• User support accessibility: None or don’t know
• API: No
• Customisation available: No

Scaling

• Independence of resources: Resilience and redundancy in depth across all service elements. Normative use of the service by customers creates minimal load as authentication services are light touch.

Analytics

• Service usage metrics: Yes
• Metrics types: A govroam service report is presented at stakeholder meetings approximately every six months. The report includes information on the number of member organisations and the number of successful roaming sessions.
• Reporting types: Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest: Other
• Other data at rest protection approach: Physical access control, very little data to protect. Both datacentres are ISO/IEC 27001:2013 certified.
• Data sanitisation process: No
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: No data to export
• Data export formats: Other
• Other data export formats: N/A
• Data import formats: Other
• Other data import formats: N/A

Data-in-transit protection

• Data protection between buyer and supplier networks: Other
• Other protection between networks: Combination of end to end 802.11i AES encryption, RADIUS shared secrets, customer operated EAP methods and use of a private network (Janet)
• Data protection within supplier network: Other
• Other protection within supplier network: Combination of end to end 802.11i AES encryption, RADIUS shared secrets, customer operated EAP methods and use of a private network (Janet)

Availability and resilience

• Guaranteed availability: The availability of the central service is targeted as 99.9%.
• Approach to resilience: There are multiple load-balanced instances to handle load in the event of an outage. These are hosted in geographically redundant tier 3 facilities, with redundant backups of infrastructure.
• Outage reporting: Email alerts are generated against central service as part of the major incident handling process. Major incident outages are also reported via the service webpage and Twitter account.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
• Other user authentication: The member organisation determines who can access roaming provision, and controls credential issue and revocation according to their own policies. Govroam receives a connectivity request from a visiting user’s device and securely conveys it to their home organisation, where their identity is confirmed and the home organisation decides, based on its policies, whether the user is allowed to connect. Govroam conveys that back to the visited organisation which then grants or blocks access accordingly, confident that the visitor’s home organisation is aware of the transaction and has just checked that the visitor in question is a member in good standing.
• Access restrictions in management interfaces and support channels: Access credentials are only issued to required staff, as specified by the Regional Operator. ; Note that the Govroam app is managed by a third-party consultant.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
• Description of management access authentication: Credentials are issued individually to verified contacts at the request of an Regional Operator. Two-factor authentication for VPN login provides network access via a secure hosting facility. Username and password used to access the service.

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: LRQA
• ISO/IEC 27001 accreditation date: 07/07/2020
• What the ISO/IEC 27001 doesn’t cover: Please contact us for more information
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: Please contact us for more information
• PCI DSS accreditation date: Please contact us for more information
• What the PCI DSS doesn’t cover: Please contact us for more information
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: ISO 9000:2015. Also aligned with ITILv4. The responsibility for secure provision is split between Jisc, the end-user's home organisation, and the organisation they are visiting. For incidents with actual or potential information security or service integrity implications, we may delegate incident investigation and management to the Janet network CSIRT.
• Information security policies and processes: ISO/IEC 27001:2013. ; Member organisations are required to comply with the Janet Acceptable Use Policy and the Janet Security Policy.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Change management controls are applied to industry best practice. In particular, we are aware of the change management principles in ITILv4 and align our processes with these.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We have a long-established vulnerability management process which is managed through our ISO27001 certified ISMS.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We deploy a variety of effective systems and process; including fire-walling, IDS, inline DDOS prevention, regular internal and external vulnerability scanning, penetration testing, flow logging and centralised logging and authentication. Our incidence response process is modelled in NIST/SAN principles. It is managed via a dedicated incident response lead and backup roles. This process mandates engagement with CSIRT, SIRO and Infosec security manager. JISC CSIRT works to a 2hr response SLA on Incidents.
• Incident management type: Supplier-defined controls
• Incident management approach: We have a long-established vulnerability management process which is managed through our ISO27001 certified ISMS.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: Yes
• Connected networks:
  • Public Services Network (PSN)
  • NHS Network (N3)
  • Joint Academic Network (JANET)
  • Scottish Wide Area Network (SWAN)
  • Health and Social Care Network (HSCN)
  • Other
• Other public sector networks: Potentially, all public sector networks can connect guests through govroam.

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  As part of our core strategy for 2022-2025 the theme ‘Be a force for good’ recognises sustainability as an organisational imperative. Committed to achieving Net Zero emissions by 2040, 10 years ahead of government target, we plan to cut our emissions by over half by 2030 and be net zero across our remaining scope three emissions (net zero plus) by at least 2050. We have a Net Zero Roadmap outlining how we will reduce emissions and our plans for future projects.; Below are some examples of what we have done:; ; Lowered our carbon footprint by: reducing the size of our estate, motion-controlled lighting to save electricity in our Bristol office, as well as generating electricity through solar power. ; ; Reduced travel emissions by: a hybrid working model, introduction of a staff electric car scheme, alongside an existing cycle to work scheme. ; ; An Environmental Policy outlining our commitment to continually improve our environmental performance: We are developing an environmental management system to ISO14001, this will guide action across key areas, such as consumption, waste, biodiversity, travel.; ; Started to embed sustainability into our procurement processes: We will introduce a Sustainable Procurement Policy to drive this further.; ; Sustainable Jisc Events: Jisc’s Digifest event offered a meat free menu, estimated to have saved 6.4 tonnes of carbon. Catering was locally sourced, and any food waste was disposed through anaerobic digestion. We encouraged exhibitors to use digital messaging, reducing printed materials. Our event app reduced the amount of printing required, and any required event printing is now FSC certified and fully recyclable. ; ; Reuse or recycle old IT equipment: Wiped and sold for reuse old IT equipment, and recycled equipment not suitable for reuse, resulting in zero waste to landfill. In 2022/23 we recycled over 370 pieces of IT equipment.

  Covid-19 recovery

  Providing our people with the flexibility they need to balance their personal lives and do well at work, Jisc offers a range of ways of working, including flexible hours and working from home. We have adopted a hybrid working model for most roles. Flexible working eliminates the limitations posed by geographical location and personal circumstances. To support their home working environment, remote workers are provided with an allowance for equipment and advice and training on DSE.; For the benefit of people and community, everyone at Jisc can make a difference, with up to three paid volunteering days per year. In 2022/23 29% of our staff took a volunteering day. Colleagues used 321 volunteering days across the year for the benefit of people and community. Examples include, foodbanks, animal sanctuaries, helping children to learn to read, litter picking, giving blood.

  Tackling economic inequality

  We are an accredited Living Wage Employer. Jisc meets the standards set by Citizens UK and the Living Wage Foundation by signing the ‘UK Living Wage Employer' licence agreement. This agreement confirms that Jisc pay the Real Living Wage as a minimum. We also ensure that people in our supply chain delivering goods and services are paid the National Living Wage as a minimum.; Jisc is committed to the development of our people, and encourage they use 10% of their time on development. To help our people to upskill and achieve, they have access to a huge variety of learning resources including access to the full LinkedIn Learning catalogue. Where a qualification is directly linked to career progression, Jisc contribute or cover the full cost of the training. ; Jisc provide their employees with a number of benefits. For example, our Pay Framework gives a fair, flexible and transparent pay structure to work within. Our employee Healthcare cash plan allows members to claim back everyday healthcare costs, like dental or eye care. ; Apprenticeships provide an amazing opportunity to boost the skills of the local community and beyond. We are extremely proud of our apprenticeship scheme at Jisc, which cover legals, marketing, network engineering, procurement, HR and finance. Our scheme celebrates diversity, and we know that it is critical to our success. We work hard to make sure we’re inclusive and welcome all applicants who share our values and want to join us in our mission to improve lives through digital transformation.

  Equal opportunity

  One of Jisc’s guiding principles ‘Always Inclusive’ reflects our commitment to equity, diversity and inclusion (EDI). ; Our EDI policy outlines our commitment to de-constructing systemic racism and other barriers which have historically affected under-represented groups in the workplace. We strive to be an organisation where everyone here is able to be their authentic self and recognise the benefits of diversity with regards to innovation, team performance and organisation-wide productivity. ; We engage with external partners such as the Black Leadership Group and Emerge. Emerge are co-designing on the delivery of our Conscious Inclusion of Leaders Programme. In 2023 we launched a new Board and Committee diversity policy. The Board believes a mix of skills, knowledge and experience with different perspectives and insights builds a strong foundation for well-informed decision-making and as a consequence, better performance of Jisc in support of its stakeholders. ; Our EDI steering group meets quarterly to address inclusion-related topics from our employee networks, including the faith and LGBTQIA+ networks. We provide EDI training through our leadership program and have conducted anti-racism masterclasses for staff. Our recruitment team has also received inclusion-focused personal development and assists hiring managers in refining their practices.; We won’t accept modern slavery, forced labour or any human trafficking anywhere within our operations or supply chain. Our Modern Slavery working group assess risk areas, implement improvements and monitor progress against our Modern Slavery objectives and policy. Staff are educated on how to report modern slavery in the workplace and what signs to look for. ; Currently four of nine of our executive leadership team are women, including our CEO. According to benchmarking we carry out as part of our commitment to the Tech Talent Charter, we are above the national average for employing women in tech roles, having 31% taken by women against 28% nationally.

  Wellbeing

  The health and wellbeing of our staff is crucial to us. In 2023 we introduced a new benefits package for staff including an employer paid healthcare cash plan, an electric car scheme and the opportunity to buy additional annual leave. We offer a cycle to work scheme and an employee assistance programme for advice on a range of legal, financial, physical, emotional and mental health issues. We value good work/life balance and work flexibly. We also offer a generous leave entitlement, enhanced sick policy and enhanced maternity, paternity and adoption leave in addition to statutory entitlement, and shared parental leave. ; Trained to support our staff, we have 41 (April 2024) mental health first aiders easily assessable to our people across our geographical locations. Promoting and delivering wellbeing initiatives within Jisc, some of our mental health first aiders are also wellbeing champions. ; Providing staff with education, support and tools to help them live a happier and healthier life, they have access to a Wellbeing centre through our Jisc reward scheme, where they can access a range of resources to support wellbeing.; Our employee assistance programme provides staff and their immediate family access to confidential advice on a number of topics covering physical, mental, financial advice and is accessible through various mediums. ; Volunteering has been shown to improve mental health, by giving a sense of purpose and reducing stress and anxiety. Our staff can use up to three days volunteering per year. Through our volunteering network, staff share their experiences with others.

Pricing

• Price: £344 to £797 a unit a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Limited functionality. ; Trial available for the technical onboarding process, not the roaming function.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bid.support@jisc.ac.uk. Tell them what format you need. It will help if you say what assistive technology you use.