DO Business Services Limited

Parallels Secure Workspace Solution

Parallels Secure Workspace enables users to securely use the applications, files and services in their work environment without exposing the systems to Cyber Security threats. Only a web browser is required and there are not downloads. Enabling a mobile workforce is now simple and secure.

Features

• Remote Access
• Access to files, internal web sites and application remotely
• Browser only secure remote access
• Access to files, internal web sites and application remotely

Benefits

• Most secure form of remote access
• No risk of mass data loss via VPN
• No challenging deployment of software, simply go to a URL
• Significantly lower cost than Citrix

£40 to £100 a user

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at david@davidoverton.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

459966170114110

Contact

David Overton
07712 410 268
david@davidoverton.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Hybrid cloud
• Service constraints: This service has no constraints as maintenance is agreed with the customer
• System requirements:
  • HTML 5 web browser
  • Network connection to the cloud
  • Windows Server or Desktops to run user software
  • Windows RDS CALs

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: P1 tickets are normally responded to within 1 hour,; P2 tickets are normally responded to within 4 hours; p3 tickets are normally responded to within 1 day
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Our basic support tier is 9am - 5:30pm, Mondays to Fridays excluding bank holidays.; We offer upgrades to ; - 8am-8pm, 5 days per week, excluding bank holidays, 30% uplift to support; - 8am-8pm, 7 days per week, including bank holidays, 80% uplift to support; - 8am-12am, 7 days a week, 150% uplift to support; - 24x7, 250% uplift to support; ; You will have access to a technical account manager
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Our onboarding information process consists of the following steps:; 1) Application identification and provision for remote access; 2) Testing via UAT; 3) Release to production portal; ; We provide on-site and remote training, end user videos and getting started guide and a customised Wiki for the users
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: All data is stored on customer accessible or owned solutions, so no extraction is required.; ; Applications, configurations and customisations are not provides once the contract has ended.
• End-of-contract process: At the end of the contract the service is either terminated or extended. As no data resides within the service, there is nothing to hand back to an organisation

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The solution works with any web browser. When working on a mobile device touch is supported and when typing the touch keyboard can be brought up.
• Service interface: No
• User support accessibility: None or don’t know
• API: No
• Customisation available: Yes
• Description of customisation: This service is customised for each customer, including branding, urls, applications per user.; ; The customisation is performed by us on behalf of the customer as part of the service provided.

Scaling

• Independence of resources: We size appropriately and can scale as needed

Analytics

• Service usage metrics: Yes
• Metrics types: We can provide regular reports that show:; - Number of users (concurrent and used); - Number of sessions; - Application usage (qty of sessions, duration); - Feature usage
• Reporting types:
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: The only data that can be exported is audit data and this is provided through a service request.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: We offer three levels of reliable architecture than enable different levels of SLA.; We start at 99% and can provide solutions that move to 99.9% of the solution we control and provide.; In the event of failing the SLA in a month we will offer a service credit of 1 month
• Approach to resilience: Resiliency is built into the solution architecture with multiple systems replicated as required by the customer
• Outage reporting: We report outages, by default, via e-mail and if the customer has an API we can call, we will also report via that api.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Access to admin and support functions is limited by security group, login username and password, that must exist in the customer AD group as well as MFA to ensure stolen credentials by themselves cannot compromise the system.; ; Access to the solution does not in itself provide the ability to access the customer servers or software with any admin or management capability
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: Cyber Essentials
• Information security policies and processes: When we control the datacentre, we apply the following principles:; - All data is encrypted, whether in transit or at rest; In all circumstances:; - All data from solution to the client is encrypted; - All data from solution to client servers is encrypted; - All access, including Admin access is audited and by default has MFA enabled; - Suspicious activity is reported to the client and investigated in-house; - No customer data is held in/on the solution system, so always remains with the customer.; - We read and follow NSCS, Microsoft and Parallels security recommendations and patch systems as soon as possible.; ; Our staff must follow our security procedures at all time. If they fail to do so, they will face disciplinary action. Any concerns about security must be raised to a director to ensure follow-up and visibility

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All changes have to be approved by Change Management. This requires approval by the customer as well as our technical and security teams.; ; All components of the Awingu service are tracked with full audit capability enabled. We track every change and access to the system.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Our systems have a very small footprint exposed to the outside world to minimise security risks. All systems are kept fully patched and admin access is monitored for unusual or unexpected behaviours.; ; Any potential threats identified are checked with our suppliers to understand if they are a risk to the service. If they are, we immediately take remedial action. We may take remedial action in any event before we get confirmation.; ; We get threat information from NHS Digital, NCSC, Microsoft Security Response Centre, our suppliers and our in house team.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We run constant monitoring systems looking for suspicious activity. All suspicious activity is checked and if necessary actions will be taken to remove the issue. We may be reliant on customer solutions in terms of account management.; We respond 24x7 to security issues often within minutes of becoming aware of an issue.
• Incident management type: Supplier-defined controls
• Incident management approach: E have a number of pre-defined incident responses that range from user information through to full processes executed by ourselves. Where we integrate with customer systems our response may be to log a call with the customer IT teams for them to implement a change.; ; Where possible, we will follow standard CRB processes, however if security or service provision require an immediate response, this will be taken in conjunction with the customer in agreed scenarios.; ; All major incidents go through a root cause analysis and a document is produced.; ; Users can log incidents via e-mail or Web chat

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Wellbeing

  Fighting climate change

  Working remotely has a positive impact on reducing travel requirements and therefore our CO2 footprint. Awingu enables users to travel less every day and be more productive, getting more done as a result.

  Covid-19 recovery

  Due to Covid-19 more people want to have a flexible work-style, while some need to be able to work from more remote locations. The remote access provide a secure way to enable these users to work from where they are safe and comfortable. Rather than having to travel or be furloughed, staff can continue to be productive.

  Wellbeing

  Due to Covid-19 more people want to have a flexible work-style, while some need to be able to work from more remote locations. The remote access provide a secure way to enable these users to work from where they are safe and comfortable. Rather than having to travel or feeling insecure in a work environment, staff can continue to be productive without these stresses.

Pricing

• Price: £40 to £100 a user
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: We can provide access to a trial solution for 2 weeks. We will install and configure the solution in this time and provide limited licenses to enable access during this time.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at david@davidoverton.com. Tell them what format you need. It will help if you say what assistive technology you use.