Govroam
A federated roaming service for the wider public sector, providing seamless connectivity to the end user. Govroam makes offering offsite connectivity easy, delivering savings and efficiencies while enhancing the control employers have over staff roaming behaviours. Operated by Jisc, Govroam brings regional roaming initiatives together under a standardised national-scale service.
Features
- Provides a national standard for federated roaming design
- Guaranteed minimum service capability allows effective remote working.
- Service design built on a fabric of trust between participants.
- Uses your existing staff authentication mechanisms to grant access.
- Transfer of authentication data secured by end-to-end encrypted protocols.
- Support offered by end users' home organisation.
- Free at point of service to end users.
- Device and infrastructure agnostic, enabling BYOD.
- Geolocation companion app supports easy venue discovery.
- Explicitly national in scope, with potential international integration.
Benefits
- Supports your mobile workforce, improving productivity by simplifying off-site connectivity.
- User-friendly roaming, with a “zero-touch” automated process after initial configuration.
- Secure authentication incorporating a real-time “member in good standing” check.
- Standardises your guest WLAN provision to an industry best-practice standard.
- Reduces/eliminates the need for customer-facing visitor support.
- Reduces/eliminates the use of temporary credentials, improving network security.
- Reduces/eliminates the need for costly SIM-based data provision.
- Exert real-time control over staff access to roaming connectivity.
- Reduces/eliminates the need for costly SIM-based data provision.
- Reuses existing network infrastructure.
Pricing
£319 to £3,170 a unit a month
- Education pricing available
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 13
Service ID
5 0 7 8 9 6 7 6 4 8 6 1 1 7 4
Contact
Jisc Services Ltd
Bid Support
Telephone: 03003002212
Email: bid.support@jisc.ac.uk
Service scope
- Software add-on or extension
- Yes, but can also be used as a standalone service
- What software services is the service an extension to
- The Govroam service provides users with the ability to authenticate onto a local network, providing internet connectivity. Access can be configured for use with any web based software.
- Cloud deployment model
- Community cloud
- Service constraints
-
Scheduled maintenance is under the control of Jisc, and will be announced at least 7 days in advance and will be scheduled into the next available maintenance window.
Unscheduled maintenance, which is only undertaken in an emergency, of the govroam central service, as well as the other servers and services under control of Jisc, will be announced as early as possible. - System requirements
-
- Standards based RADIUS Server
- Compliant Enterprise WiFi Deployment
- Compliant access control
- Compliant support process
- IoS or Android (for use with govroam App)
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- For general enquiries or technical questions Members should contact the govroam team at govroam@jisc.ac.uk. The team will acknowledge receipt within 4 hours during a working day, and provide a solution or initiate further investigation to all enquiries as soon as possible, but no later than 5 working days.
- User can manage status and priority of support tickets
- No
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
- Technical boarding, B2B troubleshooting and security incident management are included as standard.
- Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- There is a defined technical boarding process supported by both deployment and operations training, an extensive documentation package and telephone/email support.
- Service documentation
- Yes
- Documentation formats
-
- HTML
- End-of-contract data extraction
- Service operations do not require holding end user data. Any business contacts etc will be deleted in accordance with our data protection policy.
- End-of-contract process
- Trust relationship between customer and central RADIUS servers are removed. All public references to customer as a participant are removed.
Using the service
- Web browser interface
- No
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- As a connectivity service, the only differences between mobile and desktop are the OS elements required for initial configuration. The service has no interface for the end user.
- Service interface
- No
- User support accessibility
- None or don’t know
- API
- No
- Customisation available
- No
Scaling
- Independence of resources
- Resilience and redundancy in depth across all service elements. Normative use of the service by customers creates minimal load as authentication services are light touch.
Analytics
- Service usage metrics
- Yes
- Metrics types
- A govroam service report is presented at stakeholder meetings approximately every six months. The report includes information on the number of member organisations and the number of successful roaming sessions.
- Reporting types
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Baseline Personnel Security Standard (BPSS)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- No
- Datacentre security standards
- Supplier-defined controls
- Penetration testing frequency
- At least every 6 months
- Penetration testing approach
- ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
- Protecting data at rest
- Other
- Other data at rest protection approach
- Physical access control, very little data to protect. Both datacentres are ISO/IEC 27001:2013 certified.
- Data sanitisation process
- No
- Equipment disposal approach
- A third-party destruction service
Data importing and exporting
- Data export approach
- No data to export
- Data export formats
- Other
- Other data export formats
- N/A
- Data import formats
- Other
- Other data import formats
- N/A
Data-in-transit protection
- Data protection between buyer and supplier networks
- Other
- Other protection between networks
- Combination of end to end 802.11i AES encryption, RADIUS shared secrets, customer operated EAP methods and use of a private network (Janet)
- Data protection within supplier network
- Other
- Other protection within supplier network
- Combination of end to end 802.11i AES encryption, RADIUS shared secrets, customer operated EAP methods and use of a private network (Janet)
Availability and resilience
- Guaranteed availability
- The availability of the central service is targeted as 99.9%.
- Approach to resilience
- There are multiple load-balanced instances to handle load in the event of an outage. These are hosted in geographically redundant tier 3 facilities, with redundant backups of infrastructure.
- Outage reporting
- Email alerts are generated against central service as part of the major incident handling process. Major incident outages are also reported via the service webpage and Twitter account.
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Identity federation with existing provider (for example Google Apps)
- Limited access network (for example PSN)
- Dedicated link (for example VPN)
- Username or password
- Other
- Other user authentication
- The member organisation determines who can access roaming provision, and controls credential issue and revocation according to their own policies. Govroam receives a connectivity request from a visiting user’s device and securely conveys it to their home organisation, where their identity is confirmed and the home organisation decides, based on its policies, whether the user is allowed to connect. Govroam conveys that back to the visited organisation which then grants or blocks access accordingly, confident that the visitor’s home organisation is aware of the transaction and has just checked that the visitor in question is a member in good standing.
- Access restrictions in management interfaces and support channels
-
Access credentials are only issued to required staff, as specified by the Regional Operator.
Note that the Govroam app is managed by a third-party consultant. - Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- 2-factor authentication
- Identity federation with existing provider (for example Google Apps)
- Username or password
- Other
- Description of management access authentication
- Credentials are issued individually to verified contacts at the request of an Regional Operator. Two-factor authentication for VPN login provides network access via a secure hosting facility. Username and password used to access the service.
Audit information for users
- Access to user activity audit information
- Users contact the support team to get audit information
- How long user audit data is stored for
- At least 12 months
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- LRQA
- ISO/IEC 27001 accreditation date
- 07/07/2020
- What the ISO/IEC 27001 doesn’t cover
- Please contact us for more information
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- Yes
- Who accredited the PCI DSS certification
- Please contact us for more information
- PCI DSS accreditation date
- Please contact us for more information
- What the PCI DSS doesn’t cover
- Please contact us for more information
- Cyber essentials
- Yes
- Cyber essentials plus
- No
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
-
- ISO/IEC 27001
- Other
- Other security governance standards
- ISO 9000:2015. Also aligned with ITILv4. The responsibility for secure provision is split between Jisc, the end-user's home organisation, and the organisation they are visiting. For incidents with actual or potential information security or service integrity implications, we may delegate incident investigation and management to the Janet network CSIRT.
- Information security policies and processes
-
ISO/IEC 27001:2013.
Member organisations are required to comply with the Janet Acceptable Use Policy and the Janet Security Policy.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
- Change management controls are applied to industry best practice. In particular, we are aware of the change management principles in ITILv4 and align our processes with these.
- Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
- We have a long-established vulnerability management process which is managed through our ISO27001 certified ISMS.
- Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
- We deploy a variety of effective systems and process; including fire-walling, IDS, inline DDOS prevention, regular internal and external vulnerability scanning, penetration testing, flow logging and centralised logging and authentication. Our incidence response process is modelled in NIST/SAN principles. It is managed via a dedicated incident response lead and backup roles. This process mandates engagement with CSIRT, SIRO and Infosec security manager. JISC CSIRT works to a 2hr response SLA on Incidents.
- Incident management type
- Supplier-defined controls
- Incident management approach
- We have a long-established vulnerability management process which is managed through our ISO27001 certified ISMS.
Secure development
- Approach to secure software development best practice
- Conforms to a recognised standard, but self-assessed
Public sector networks
- Connection to public sector networks
- Yes
- Connected networks
-
- Public Services Network (PSN)
- NHS Network (N3)
- Joint Academic Network (JANET)
- Scottish Wide Area Network (SWAN)
- Health and Social Care Network (HSCN)
- Other
- Other public sector networks
- Potentially, all public sector networks can connect guests through govroam.
Social Value
- Fighting climate change
-
Fighting climate change
Jisc is committed to achieving Net Zero emissions by 2040, 10 years ahead of the government target, with interim targets to ensure sufficient progress is being made. We are in the process of establishing our baseline Scope 3 emissions in accordance with the requirements for Carbon Reductions Plans and the GHG Reporting Protocol corporate standard.
We have a dedicated cross-organisational working group responsible for implementing our Carbon Reduction Plan. A few initiatives we have already completed are:
Solar panel, energy efficient lighting and heating installation at our Jisc owned building, advocating the use of green energy suppliers to buildings where we lease.
Trees for Life Membership, through which we planted 3,133 trees in 2020.
In 2021, we launched a hybrid approach to staff working in offices and home, and to meeting in person or virtually, reducing carbon generated through commuting/travel. We also facilitated the recycling and re-use of 270 network hardware items.
Our salary sacrifice cycle to work scheme and facilities for bike storage and showers encourages use of cycles. Since 2019, 89 colleagues have utilised the scheme.
We will continue to build on these initiatives, identifying compliance gaps against the ISO14001 standard and use this as a framework going forward. Measures we are planning to implement include ensuring our supply chain are committed to achieving Net Zero by 2050, minimising energy consumption in our datacentres and exploring a salary sacrifice scheme for electric cars.
To reduce paper and plastic at our annual Digifest event in 2022, delegates accessed an event app to print their name badges, ensuring only people who attended had printed badges. Removing the need for printed programmes, these were provided through the app. Attendees were encouraged to bring reusable water bottles to refill with provided jugs of tap water, rather than plastic bottles. - Covid-19 recovery
-
Covid-19 recovery
Providing our people with the flexibility they need to balance their personal lives and do well at work, Jisc offers a range of ways of working, including flexible hours and working from home. We adopted a hybrid working model for most roles in August 2021. Understanding that for some people returning to the office might be daunting, to help people feel more comfortable, we have a code of conduct to support safe working, including offering a choice of socially distanced desks and the use of lanyards to help us to understand each other’s preferences. For remote workers we have provided allowances and advise to support their DSE requirements.
Supporting our people affected by Covid-19, employees have access to help and information via our Employee Assistance Programme for example, how to deal with virus anxiety or how to protect yourself. There is also 24/7/365 helpline where employees can get advice and guidance. They can contact our mental health first aiders or access the Thrive app or our You Matter wellbeing community.
Helping our higher education customers Covid-19 recovery, Jisc launched four new data analytics dashboard suites. These dashboards have been developed using Higher Education Statistics Agency data to provide analytical insight in support of ongoing pandemic challenges. Allowing institutions to identify and mitigate significant risks in four key areas, postgraduate recruitment, offshore student provision, international student impact and UNESCO international student flow. - Tackling economic inequality
-
Tackling economic inequality
We are an accredited Living Wage Employer. Jisc meets the standards set by Citizens UK and the Living Wage Foundation by signing the ‘UK Living Wage Employer' licence agreement. This agreement confirms that Jisc pay the Real Living Wage as a minimum. We also ensure that people in our supply chain delivering goods and services are paid the National Living Wage as a minimum.
To help our people develop and achieve, they have access to a huge variety of learning resources including access to the full LinkedIn Learning catalogue.
In 2020 Jisc launched the Step-up programme, welcoming 50 edtech start-ups with solutions to some of the biggest challenges in education. A membership-based programme assessing emerging start-ups against key sector requirements. Now named the Edtech programme, it introduces member organisations to innovative new companies. It is also a space for community and collaboration, where the sector can come together to discuss and support one another. Jisc has worked with senior policy makers to ensure that it supports the ambitions of the government's edtech strategy to help create a vibrant edtech business sector in the UK.
Jisc have a dedicated contract management team responsible for internal facing contracts, as well as those associated with our Janet network. The team activities include annual supply checks to ensure the effectiveness of our suppliers and working closely with our key suppliers to ensure information security is managed effectively. The team also actively work with Electronics Watch on how we can monitor electronics in our supply chains to protect the rights of workers. - Equal opportunity
-
Equal opportunity
One of Jisc’s guiding principles ‘Always Inclusive’ reflects our commitment to diversity and inclusion (D&I).
Our aim, set out in our Equality and Diversity policy is to create a productive environment, representative of and responsive to different cultures and groups, where the contributions of all individuals are recognised, valued and everyone has an equal chance to succeed.
Our dedicated D&I Consultant is responsible for our D&I strategy focusing on improving awareness and inclusive leadership, improving data, policy/processes, building partnerships and broadening talent and engagement.
Raising awareness for our staff, focus sessions have covered topics on Autism, ADHD and dyspraxia, Black History all year round and History of LGBTQ equality movement. Webinars have explored Combating the biases women face at work and Supporting parents and carers to thrive at work. Speaker talks at our all-staff events, for example, neurodiversity.
We are committed to creating greater gender diversity in the tech workforce. Benchmarking carried out as part of our commitment to the Tech Talent Charter in 2020 showed us above the national average for employing women in tech roles, 32% against 25% nationally.
We will not accept modern slavery, forced labour or any human trafficking anywhere within our operations or supply chain. Our modern slavery group improves awareness, processes, and ensures we have ethical supply chains.
Staff are required to familiarise themselves with our Modern Slavery Policy and complete mandatory modern slavery awareness training. Our procurement staff are all trained annually through the Chartered Institute of Procurement and Supply.
Jisc’s chosen charity to fundraise for 2022 is Unseen a UK-based charity working towards a world without slavery. Staff can support in various ways through fundraising and volunteering. We held coffee mornings in our offices March 2022 and in September 2022, three of our staff are joining a charity skydive arranged by Unseen. - Wellbeing
-
Wellbeing
Jisc are committed to supporting and protecting the health, safety and wellbeing of our staff through our iMatter strategy and action plan, which takes a holistic approach to wellbeing. The plan is updated annually to focus on today’s environment and our people’s concerns and is agreed with our employee voice forum. Regular reports are provided to various stakeholders within the business including our executive leadership team and board.
All new staff complete a pre-employment health questionnaire to assess fitness for work and advise of any adjustments in the workplace. We take a pro-active approach and work with individuals and their manager to support them at work.
Trained to support our staff, we have 38 (March 2022) mental health first aiders easily assessable to our people across our geographical locations. Promoting and delivering wellbeing initiatives within Jisc, some of our mental health first aiders are also wellbeing champions.
Providing staff with education, support and tools to help them live a happier and healthier life, they have access to a Wellbeing centre through our Jisc reward scheme, where they can access a range of resources to support wellbeing.
Other wellbeing support and services include access to the Thrive mental health support app, where staff can assess their mental health and use techniques to build resilience to stress, anxiety and mild depression. A You Matter Wellbeing community through our learning platform, which has a large number of resources on mental and physical health. Our employee assistance programme where staff and their immediate family can get confidential advice on a number of topics covering physical, mental, financial advice and is accessible through various mediums.
We also support staff through wellness action plans, stress risk assessments, making reasonable adjustments upfront where we can and where needed seeking medical advice from our occupational health provider.
Pricing
- Price
- £319 to £3,170 a unit a month
- Discount for educational organisations
- Yes
- Free trial available
- Yes
- Description of free trial
-
Limited functionality.
Trial available for the technical onboarding process, not the roaming function.