Exponential-e Ltd

Single Vendor Security Access Service Edge (SASE)

Single-Vendor Secure Access Service Edge (SASE) solutions are tailored for public sector organisations seeking to enhance their network security and operational efficiency. This service integrates essential security functions such as SSL inspection, advanced malware protection, and intrusion prevention with cutting-edge network management technologies, leveraging a cloud-native platform.

Features

• Deep SSL Inspection secures and examines encrypted traffic
• NGFW and SWG capabilities unify advanced network security
• CASB monitors and enforces cloud application security policies
• Advanced IPS proactively prevents exploitation and network attacks
• Malware Prevention blocks threats with advanced algorithms and heuristic analysis
• DLP detects and prevents sensitive data leaks within your organisation
• Single-vendor solutions ensure the most seamless, efficient integration & support
• Comprehensive Reporting provides deep security insights into your organisation's behaviour
• API integration enhances functionality and automation with current third-party tooling
• Global SD-WAN POPs deliver local-like secure connectivity for all users

Benefits

• Secure Remote Working ensures safe corporate resources access from anywhere
• VPN replacement technology offers superior security and greater efficiency
• Modern, private application access reduces latency and operational costs
• Zero Trust Model authenticates all access and enhances security
• Continuous compliance across locations, devices & users is guaranteed.
• Centralised Management Portal significantly reduces administrative overheads
• Cost efficiency by minimising the need for multiple security solutions
• Single-vendor solutions minimise latency and improve user experience
• Device Security Posture enables comprehensive device control
• Conditional access enforces granular resource access control

£9,351 an instance

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at psbids@exponential-e.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

508749914487122

Contact

Kay Sugg
02034358835
psbids@exponential-e.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: In some cases, an applicable Operating System needs to be provided. A stable internet connection is also required. Minimum hardware specification for the client to be installed. Network readiness assessment may also need to be carried out first.
• System requirements: None

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: P1 Target Response Time - 15 mins; P2 Target Response Time - 15 mins; P3 Target Response Time - 30 mins; P4 Target Response Time - 30 mins
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Business Hours (09:00 - 17:00), weekdays excl Bank Holidays.; Extended Business Hours (08:00 - 18:00), weekdays excl Bank Holidays.; 24/7/265, including Bank Holidays.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Assessment and Planning: We conduct a thorough analysis to understand your specific security and network requirements. We customise the solution to integrate seamlessly with your existing IT infrastructure.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: When the contract ends, users can download all relevant logs and security reports to ensure they retain access to their operational history. This process is straightforward—users can request data extraction through their client dashboard, or this data can also be downloaded through an API. Customer data will be available common format such as CSV or JSON. Following data extraction, the account is securely decommissioned to ensure no residual data remains
• End-of-contract process: The services are ceased at the contract end with no additional requirement for extraction or removal of equipment or assets from the customer site.

Using the service

• Web browser interface: No
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: There are no differences that are apparent to the user about how the service works, by accessing from either a mobile or desktop device.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: Dashboard Monitoring: Users can view dashboards that display network performance, security alerts, and other real-time data. This includes visual representations such as graphs, charts, and statistics that provide insights into the system's operation.; Audit Logs: Read-only access often includes the ability to view logs and audit trails. This allows users to track changes made within the system, which is crucial for compliance and security monitoring.; View Configuration Settings: Users can view existing configurations of network devices, security policies, and other system settings. However, they cannot modify these settings.
• Accessibility standards: None or don’t know
• Description of accessibility: Not applicable
• Accessibility testing: Not applicable
• API: Yes
• What users can and can't do using the API: Dashboard monitoring: Users can view dashboards that display network performance, security alerts, and other real-time data. This includes visual representations such as graphs, charts and statistics that provide insights into the system's operation. Audit Logs: Read-only access often includes the ability to view logs and audit trails. This allows users to track changes made with the system, which is crucial for compliance and security monitoring. View Configuration Settings: Users can view existing configurations of network devices, security policies, and other system settings. However they cannot modify these settings.
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: Users can customise our SASE service by selecting and licensing individual features as needed:; Next Gen Malware Protection: Add on-demand for inspecting WAN and internet traffic for malware.; Intrusion Prevention System (IPS): Opt in for traffic inspection to identify malicious activities.; Cloud Access Security Broker (CASB): Gain insights and control over SaaS application usage.; Data Loss Protection (DLP): Implement to prevent unauthorised data transfers and uploads.; Remote Browser Isolation (RBI): Activate to safely access and stream risky or unknown websites.

Scaling

• Independence of resources: Our SASE solution is designed to meet the performance requirements of our users consistently, regardless of the demand from other users. We achieve this by continuously monitoring and proactively scaling our Points of Presence (POPs). The infrastructure's capacity is continuously monitored, and resources are scaled up well before any potential congestion occurs. Moreover, the POPs are equipped with dynamic resource allocation capabilities that automatically adjust and allocate additional resources to different tunnels and data flows as required. This happens whenever predefined service level agreements (SLAs) or performance thresholds are exceeded, ensuring that each user's experience remains optimal and uninterrupted.

Analytics

• Service usage metrics: Yes
• Metrics types: Users can view dashboards that display network performance, security alerts, and other real-time data. This includes visual representations such as graphs, charts, and statistics that provide insights into the system's operation.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Users can use the online dashboard to run reports which will export their data. Additionally, users can make API requests to export data from the system.
• Data export formats:
  • CSV
  • ODF
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Our Target availability for the service is 99.999%.
• Approach to resilience: Our solution is engineered for high resilience, utilising redundant infrastructure and automatic failover mechanisms to ensure consistent and reliable performance. For detail, please feel free to request additional information.
• Outage reporting: You can configure rules to trigger email alerts for specific events, such as when an SD-WAN device fails or a connectivity issue arises, directly from the System Notifications page. This page is dedicated to account-level alerts, allowing these notifications to be automatically emailed to designated administrators.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Details available on request.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: Between 1 month and 6 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: Between 1 month and 6 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 12/4/2024
• What the ISO/IEC 27001 doesn’t cover: Details available on request.
• ISO 28000:2007 certification: No
• CSA STAR certification: Yes
• CSA STAR accreditation date: BSI
• CSA STAR certification level: Level 3: CSA STAR Certification
• What the CSA STAR doesn’t cover: Details available on request.
• PCI certification: Yes
• Who accredited the PCI DSS certification: PCI Self-Assessment
• PCI DSS accreditation date: 08/11/2023
• What the PCI DSS doesn’t cover: Details available on request.
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • SOC Type 2
  • BS 10012 Personal Information Management
  • HSCN Stage 3 Compliance
  • ISO 9001 - Quality Management
  • ISO 27017 - Private Cloud Security
  • ISO 20000-1 - Service Management
  • ISO 20000-1 - Service Management
  • ISO 22301 - Business Continuity
  • ISO 50001 - Energy Management
  • ISO 14001 - Environmental Management

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Exponential-e are Stage 3 HSCN Accredited CN-SP and our network operability is fully compliant with the requirements of the HSCN Obligations Framework.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Details available on request.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Details available on request.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Details available on request.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Details available on request.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  MAC 4.1: Delivering environmental benefits Exponential-e is committed to continually improving environmental performance and monitoring environmental effects from our activities to identify potential areas for improvement. We are accredited and operate within internationally recognised management standards (9 ISO’s) of which two are focused on Environment Management (ISO 14001:2015) and Energy Efficiency (ISO 50001:2015). This standard specifies the requirements for establishing, implementing, maintaining and improving an energy management system with a systematic approach in achieving continual improvement of energy performance, including energy efficiency, energy security, energy use and consumption. Critical to our core operation is our national network infrastructure, and cloud infrastructure. Thanks to unique cooling technology, our Data Centres are the most environmentally efficient in the UK. They save customers on average around £1.1 million per megawatt and 6,000 tonnes of taxable carbon annually compared with an average Data Centre facility. Some of the practices deployed to achieve carbon footprint include: • All our Data Centres are ISO 14001 accredited with robust environmental management systems • Procuring consumed energy from sustainable energy sources wherever possible • Ensuring the use of hot/cold aisle cooling design in our Data Centres, which reduces energy consumption as the cooling is more efficient and helps our customers to reduce their carbon footprint • Using the latest virtualisation (VDC) technologies to ensure the most efficient utilisation of hardware resulting in the overall optimisation of our client’s infrastructure. Our VDC delivers dedicated processing instead of having multiple, underutilised physical servers, which helps minimise our environmental impact • The business considers the environmental impact of goods and services within procurement processes. Working with suppliers, contractors and indeed clients to lessen the environmental impact of their operations. • Homeworking practices have been developed to allow homeworking whilst preserving security of company data and access to IT systems.

  Covid-19 recovery

  MAC 1.5: Improvements to workplace conditions Exponential-e operates to ISO22301 – Business Continuity Management System (BCMS) standard. This means our critical business functions have existing and proven business continuity plans which are reviewed, exercised and/or tested regularly. In line with this standard, we have taken the following steps: • Implemented flexible working arrangements for any high-risk employees, or employees who are unable to travel due to other reasons relating to the coronavirus (Covid-19) • Conducted a full Business Impact Analysis (BIA), considering shift patterns, physical segregation and cover arrangements across all of our core 24*7 service operations to maintain the appropriate resource levels • Implemented ongoing monitoring of our workforce and skills capability to ensure all our personnel are multi-skilled and have monitoring in place to address any weakness or gaps • Completed capacity planning and forecasting of the current and future levels of resource utilisation, taking into consideration the enactment of multiple Business Continuity scenarios • Introduced enhanced presence of our on-site cleaning personnel throughout the day and evening to ensure the cleanliness of our facilities is maintained • Initiated a change freeze across our core platforms to allow our key resources to focus on service availability and reacting to changes our customers may require • Limited any non-essential travel to customer or vendor sites, making the best use of remote technology to ensure we maintain our quality of service and open engagement throughout this period of uncertainty. Exponential-e has since initiated remote working at a larger scale in a controlled manner. Our Head Office has implemented a Hybrid working model for all staff who are able to work remotely for two days a week and in the office for maximum of three days a week. This also reduces our carbon emissions through travelling and heating/lighting of office premises.

  Tackling economic inequality

  MAC 3.1: Diverse supply chain Exponential-e maintains a policy of working with diverse partners and SME organisations where there is a defined benefit to our customers, and where the limitations of the contract or security requirements are not at risk in any way, which must be our overriding consideration. We reach out to our wider supply chain partners should any subcontracting opportunities arise during the contract duration. If any strategic supplier fails to deliver and thus breaches the terms of their contract, we will invoke the use of alternative and pre-qualified suppliers. We plan for these contingencies and maintain a supply chain that does not rely on any single source of fulfilment. MAC 3.2: Supporting innovation & disruptive technologies We will hold regular engagements, in which we will review, present, and collaborate on new technology and commercial initiatives throughout the life of the contract, and (when applicable), driving equality throughout our supply chain. MAC 3.3: Scalable & future-proofed methods to modernise delivery/increase productivity We work with innovative and agile supplier organisations who bring innovative technology solutions to market, by providing a framework to enable the deployment of their services within our stable and risk-controlled corporate environment. MAC 3.5: Manage cyber security risks Exponential-e maintains Cyber Essentials Plus and ISO 27001 accreditations. Additionally, Exponential-e operates a 24 x 7 x 365 CSOC desk to alert for any cyber security issues and potential risks. Our CSOC is built using trusted Unified Security Management (USM) technology, which unlike other SIEM software, combines powerful SIEM and log management capabilities with other essential security tools such as asset discovery, vulnerability assessment, intrusion detection (NIDS and HIDS) to provide a centralised security monitoring of networks and endpoints, all through a single pane of glass.

  Equal opportunity

  MAC 5.1 Provision of inclusive working environment As a commitment to reducing the disability employment gap Exponential-e has adopted a hybrid working model that allows flexibility. Hybrid working, sometimes referred to as "blended working", is a form of flexible working that allows employees to split their time between attending the workplace and working remotely (typically from home). MAC 6.1: Tackling inequality in the contract workforce We are committed to equal pay for the contract workforce. To address our gender pay gap, we have a number of initiatives in place, to not only attract more female talent, but to encourage a more balanced, and rewarding workplace: • Working with educational institutions to help attract more women into STEM focused roles • The data shows that the disparity in the bonuses paid is due to the fact there a very few women in senior sales positions. We have a junior sales mentoring programme for both men and women, equally, to encourage progression into senior sales roles, especially for women • Training is available to cover areas like Equality & Diversity, Unconscious Bias • We have established a Women’s Working Group who will assist in supporting the attraction, retention and promotion of our female talent across the business • Flexible working arrangements for all staff to encourage work life balance. Placement Programme & Apprenticeships Every year Exponential-e offers placements and apprenticeships to students whose degrees would benefit from working in an operational technical environment. The students are paid, which allows them to practice the theory learnt in the classroom in a real world environment; while also supporting themselves financially. As part of our commitment to the Government’s Apprenticeships Levy Programme we actively work with registered apprenticeship companies to provide upskilling opportunities to employees across a range of subjects.

  Wellbeing

  MAC 7.1: Support health and wellbeing in the workforce All staff are eligible to join our Private Health scheme (on completion of probationary period) run by Vitality which actively encourages physical and mental wellbeing through a broad variety of programmes design to promote and incentivise wellbeing. Exponential-e has also implemented the six standards in the Mental Health at Work commitment and where possible follows the mental health enhanced standards in Thriving at Work, as follows: 1. Prioritise Health Wellbeing Through Systematic Programme of Activities Exponential-e partnered with Care first as an Employee Assistance Programme (EAP) to provide online and counselling services to all our employees. 2. Work Design & Culture Drives Mental Health Outcomes Exponential-e offers the following benefits package for all eligible employees - Life Assurance, Private Medical Scheme, Employee Assistance Programme, Ride to Work Scheme, Season Ticket Loan, Employee Referral Scheme and Purchase of Holiday Scheme. 3. Promote Open Culture Around Mental Health Exponential-e has seen a huge shift in attitudes to mental health and we promote and support employees to think and talk about their mental health which subsequently helps the organisation to thrive. 4. Increase Organisational Confidence & Capability Exponential-e recognises the importance of leadership and management development and provides programmes designed to upskill our managers and strengthen our leadership capabilities. 5. Provide Mental Health Tools & Support Exponential-e partners with Care first as an Employee Assistance Programme (EAP) to provide online and counselling services to all our employees, including a series of webinars including stress awareness, social anxiety, long Covid, how weather can affect mood and behaviour, financial wellbeing, and breaking bad habits. 6. Increase Transparency/Accountability Through Reporting Annual Employee Opinion Surveys are used to drive improvements. A monthly Employee Engagement Pulse Survey helps to keep our finger on the pulse of the organisation.

Pricing

• Price: £9,351 an instance
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at psbids@exponential-e.com. Tell them what format you need. It will help if you say what assistive technology you use.