Pathlock Cloud Application Access Governance (AAG)
Pathlock Cloud AAG provides cross application
Identity and Access Security Governance, Risk
and Compliance (GRC) allowing you to monitor
and cleanse system access and authorisations,
detect and manage Segregation of Duties (SoD)
violations, detect fraud, and automate joiner,
mover, leaver processes and privileged
(emergency) Access.
Features
- Cross application Identity and Access Governance (SAP, Ariba, Successfactors etc.)
- Segregation of Duties Governance, Risk and Compliance
- User Access and Authorization Cleansing
- High risk, sensitive access and activity monitoring
- Workflows to automate security processes such as Priviledged Access
- Automated provisioning Starter(Joiner), Mover, Leaver Automation
- Automated Compliance Controls
- Automated User Access Review and Recertification
Benefits
- Ultra fast clean-up of user access and authorisations
- Detection and Remediation of Segregation of Duties violations.
- Audit and process control compliance
- IImmediate notification of real access/usage of high risk transactions
- Automate Starter/Mover/Leaver processes using workflows
- Privileged (Emergency) Access automation and auditing
- Automated User Access Review and Recertification
- Enterprise Wide Identity and Access Governance
Pricing
£3,000 to £10,000 an instance a month
- Education pricing available
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
5 0 8 6 1 3 1 4 2 1 3 5 7 7 7
Contact
Resulting Ltd
Robbert Willemse
Telephone: +44 1925 906 662
Email: Hello@resulting-it.com
Service scope
- Software add-on or extension
- No
- Cloud deployment model
-
- Public cloud
- Private cloud
- Service constraints
- No Constraints
- System requirements
- Requires a local server to deploy a software agent on
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- Within 4 Business Hours
- User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- None or don’t know
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
-
The standard support level supplied inclusive
within the SaaS offering is 8am to 6pm Mon-Fri.
Out of hours support can be provided for an
additional fee of £10 per day. A Technical account
manager is also assigned to each customer
account. - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
-
Self-service training is available or remote/onsite
personalised training - Service documentation
- Yes
- Documentation formats
-
- HTML
- Other
- Other documentation formats
- Masterclasses via Web Portal
- End-of-contract data extraction
- Data can be downloaded to CSV or Excel.
- End-of-contract process
-
The monthly subscription fee includes all of the
hardware, software, maintenance and support
and a main ERP connector (for instance SAP,
Oracle, Peoplesoft). Being a cross application
access governance solution, Pathlock Cloud also
has an additional 100+ connectors to line of
business applications such as Ariba,
SuccessFactors, Concur, ServiceNow, OKTA,
Microsoft Active Directory, MS Entra etc. These
connectors do incur an additional fee.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Opera
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
-
Differences between the mobile and desktop
service
The mobile service is mostly used for mobile
workflow automation so that steps and processes
can be completed by employees whilst out of the
office. - Service interface
- No
- User support accessibility
- None or don’t know
- API
- Yes
- What users can and can't do using the API
-
Pathlock Cloud accepts incoming APIs to be able
to initiate workflows within the product. - API documentation
- No
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
-
The Organisation's Master Data (organisational context, departments, applications, processes, entities etc. can be modelled).
Saved Searches are also available.
Super Users (Admin) can customise.
Scaling
- Independence of resources
-
This service is provided within a 100% private
cloud with no server sharing, operating system
sharing, disk sharing or application sharing.
Analytics
- Service usage metrics
- Yes
- Metrics types
- User activity and application uptime
- Reporting types
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Conforms to BS7858:2019
- Government security clearance
- Up to Baseline Personnel Security Standard (BPSS)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- Another external penetration testing organisation
- Protecting data at rest
- Physical access control, complying with another standard
- Data sanitisation process
- Yes
- Data sanitisation type
- Explicit overwriting of storage before reallocation
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
-
Data can be exported via on-screen menus into
either XLSX pr CSV format - Data export formats
-
- CSV
- Other
- Other data export formats
- Excel
- Data import formats
-
- CSV
- Other
- Other data import formats
- Excel
Data-in-transit protection
- Data protection between buyer and supplier networks
- Private network or public sector network
- Data protection within supplier network
-
- IPsec or TLS VPN gateway
- Other
- Other protection within supplier network
-
Other protection within supplier network
Microsoft dedicated network protection
Availability and resilience
- Guaranteed availability
-
99.95% up-time. A lack of availability owing to
customer-side connectivity issues and customer
system downtimes are not taken into account
with regard to SLAs. - Approach to resilience
-
Resilience is built in at various levels including
physical nodes, strorage controllers, disks,
internet connectivity, remote access and
firewalls. Our service uses UKFast data centres
which operate at Tier 3 standards for uptime and
availability. They use concurrently maintainable
systems including UPS, standby diesel
generators and high density infrastructures in
excess of 15kW per rack. - Outage reporting
- Dashboards and eMail alerts.
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- Dedicated link (for example VPN)
- Username or password
- Access restrictions in management interfaces and support channels
- User roles which define access rights
- Access restriction testing frequency
- At least once a year
- Management access authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Dedicated link (for example VPN)
- Username or password
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- Users have access to real-time audit information
- How long supplier audit data is stored for
- User-defined
- How long system logs are stored for
- User-defined
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- LRQA
- ISO/IEC 27001 accreditation date
- 23/06/2016
- What the ISO/IEC 27001 doesn’t cover
- All processes are covered
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- Yes
- Who accredited the PCI DSS certification
- Ultima Risk Management
- PCI DSS accreditation date
- 22/08/2016
- What the PCI DSS doesn’t cover
- Office network not covered
- Cyber essentials
- Yes
- Cyber essentials plus
- No
- Other security certifications
- Yes
- Any other security certifications
-
- Cyber essentials / cyber essentials+
- SOC 2
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
-
- CSA CCM version 3.0
- ISO/IEC 27001
- Information security policies and processes
-
Our full IT Security Policy document is available
upon request but the essential principles are; All
IT Systems are to be protected against
unauthorised access. All data stored on IT
Systems are to be managed securely in
compliance with all relevant parts of the Data
Protection Act 1998. The responsibility for the
security and integrity of all IT Systems and the
data stored thereon (including, but not limited to,
the security, integrity and confidentiality of that
data) lies with the IT Department unless
expressly stated otherwise. All IT Systems are to
be installed, maintained, serviced, repaired and
upgraded by Grey Monarch Technical Services
(the “IT Department”) or by such third
party/parties as the IT Department may from time
to time authorise. All breaches of security
pertaining to the IT Systems or any data stored
thereon shall be reported and subsequently
investigated by the IT Department and, if
necessary, escalated to the IT Director. All Users
must report any and all security concerns relating
to the IT Systems or to the data stored thereon
immediately to the IT Department, and, if
necessary, escalated to the IT Director.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
-
All components, hardware and software, can be
identified by their version number, release
number and modification level. The software
architecture allows for hot patching whereby
extremely focused updates can be applied
without affecting other components within the
system. Any changes are subject to our change
control procedures and are tested within
development and QA environments before being
applied to any production environments.
Scheduled maintenance will be required at
regular intervals. Scheduled maintenance is
excluded from any service availability. - Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
-
T
approach
The service infrastructure is ISO27001 certified
and, as such, is subject to continual assessment
to ensure that vulnerabilities are identified, risk
assessed and treated/patched accordingly.
Patches are prioritized according to risk and
relevance to the service. Critical patches are
typically applied within 24 hours of being
available. - Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
-
The service infrastructure undergoes continual
Security Incident and Event Monitoring (SIEM)
according to CESG and ISO27001 best
practises. This monitoring is provided by a
mixture of automated and manual monitoring and
analysis. Incidents and any potential
compromises are assessed and responded to
according to their risk assessment. Critical
incidents are responded to immediately. - Incident management type
- Supplier-defined controls
- Incident management approach
-
Pre-defined processes exist for common events.
All incidents, whether internally identified, or reported by users are logged within our ticketing
management system. Reported incidents are
initially analysed and risk assessed. Either
preventative measures or patches/fixes will be
applied according to the severity and scope of
any incident. Critical incidents will be escalated
accordingly. Reports will be provided via eMail or
telephone where appropriate and of a high risk
nature.
Secure development
- Approach to secure software development best practice
- Supplier-defined process
Public sector networks
- Connection to public sector networks
- Yes
- Connected networks
-
- Public Services Network (PSN)
- Health and Social Care Network (HSCN)
- Other
- Other public sector networks
- GC(RLI)
Social Value
- Social Value
-
Social Value
- Fighting climate change
- Covid-19 recovery
- Tackling economic inequality
- Equal opportunity
- Wellbeing
Fighting climate change
Grey Monarch as part of the Pathlock Group will
continue to work with all suppliers and clients to
reduce our emissions towards a zero
greenhouse and gas emissions. We achieve this
by educating staff and colleagues on the value of
reducing our carbon footprint largely by; •
Reducing unnecessary travel and or keeping
travel to a minimum. • Continuing to complete
projects and meetings via remote access and
video calls. • Retaining our hybrid working with
staff being able to work from home where
possible and only visit the office for essential
meetings, thus reducing travel fuel costs, and
heating and lighting the office space. • We also
use digital tools instead of paper to avoid
unnecessary exchange of written documentation.Covid-19 recovery
we will continue to offer a hybrid way of working
for all staff so that they can work from home as
much as possible • Travel will continue to be kept
to a minimum with most or all project being
completed via remote access. • Continuing to
use video calls for team meetings to discuss
project work and work loads • Managing work
loads and proactive recruitment will ensure that
the continued effects of COVID 19 are being
monitored at all times. • Continued use of video
calls will ensure that contact is kept to a
minimum for all staff and client contact. • Explore
ways of working with our customers to help
struggling clients and suppliers through this
difficult time. (fixed fee work T&E or monthly
subscription options where possible.Tackling economic inequality
We understand many of the the challenges of
economic inequality and work very hard with
other small businesses, especially within our
supply chain to promote their businesses. We
especially use local small businesses for
recruitment and marketing assistance wherever
possible.Equal opportunity
We continue to offer equal opportunities for
employment, pay and promotion. We have
always been focused on ensuring that promotion
and progress within our company is based upon
the best person for the job, considering their
qualifications, experience and knowledge.Wellbeing
We continuously monitor our staff wellbeing with
regular meetings and team social events.
Projects and workload are particularly monitored
and discussed on a regular basis to ensure that
staff are not under any undue stress or pressure,
and always have an avenue to openly discuss
any ongoing concerns or issues. Our hybrid
working model also means that staff can manage
and balance home-life with work-life as best as
possible.
Pricing
- Price
- £3,000 to £10,000 an instance a month
- Discount for educational organisations
- Yes
- Free trial available
- Yes
- Description of free trial
-
Free Proof of Concept and high level Security
Risk Assessment