BLUEFORT SECURITY LIMITED

BlueFort Evolve RSA SecurID Multi Factor Authentication Service

Cloud Hosted MFA Platform

Features

• Streamlined Secure Cloud Based MFA
• Enhanced capabilities for SSO, MFA, IGL, Self service
• 500+ out-of-the-box certified integrations
• Conditional rule-based, adaptive access controls
• Modern MFA: push notifications, device biometrics, onetime passcode
• 24x7 support, phone/email
• Customer Success Manager

Benefits

• Deployment flexibility with customizable functionality
• Reduces infrastructure costs
• Alleviate administrative burden & costs with simplified UX, empowering end-users
• Reduce staffing costs due to automation

£0.80 to £20 a user a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at accounts@bluefort.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

548086847211970

Contact

David Henderson
01252 917000
accounts@bluefort.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Hybrid cloud
• Service constraints: No
• System requirements: Virtual Machines

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: 2hr SLA Level 1 Response.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: Open, append and update tickets.
• Web chat accessibility testing: N/A
• Onsite support: Yes, at extra cost
• Support levels: 24 x 7 x 365 Support. Evolve level options include experts on demand/ Customer Success Managers and inclusive service credits.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Fast start remote installation, integration and handover.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Available upon request.
• End-of-contract process: 90 day cancellation confirmation required before end of term.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Mobile Authenticator provides equivalent digital authentication capability for users of Apple and Android devices.
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Available upon request.
• Accessibility standards: None or don’t know
• Description of accessibility: Available upon request.
• Accessibility testing: N/A
• API: Yes
• What users can and can't do using the API: The RSA SecurID Authentication API, a REST-based programming interface allows you to develop clients that process multifactor, multistep authentications through RSA Authentication Manager and the Cloud Authentication Service. The Service is set up using a toolkit. Further details available upon request.
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
  • Other
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: Available upon request.

Scaling

• Independence of resources: Architecture supports cloud and hybrid architectures. More details available upon request.

Analytics

• Service usage metrics: Yes
• Metrics types: Available upon request.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: RSA SecurID

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Other
• Other data at rest protection approach: Available upon request.
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Available upon request.
• Data export formats: Other
• Other data export formats: Text
• Data import formats: Other
• Other data import formats: Text

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Dependent upon service offering - more details available upon request.
• Approach to resilience: Available upon request.
• Outage reporting: Email and Platform alerts along with dedicated status website: ; ; https://status.securid.com/

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: Available upon request.
• Access restriction testing frequency: At least once a year
• Management access authentication: 2-factor authentication

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: UKAS
• ISO/IEC 27001 accreditation date: 2019
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: Available upon request.
• Information security policies and processes: Available upon request.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Available upon request.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Available upon request.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Available upon request.
• Incident management type: Supplier-defined controls
• Incident management approach: Available upon request.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Tackling economic inequality

  Through partnering with BlueFort, you will be actively supporting the creation of employment and training opportunities designed to help address the shortage of cyber security skills within the UK. Each additional contract provides a new opportunity for BlueFort to:; • Increase the amount of specialist cyber security roles within the business. Over 80% of our current workforce are in specialist cyber security roles. In line with our own growth plan, our target is to increase the amount of specialist roles by 50% by 2028. ; • Encourage the uptake of cyber security careers for school leavers and undergraduates. We commit to partnering with local schools and higher educational institutions. Our target is to offer 4 industry placements per year from 2025. ; In addition to the above, BlueFort’s service also actively supports the creation of diverse supply chains. We partner with a wide variety of specialist technology vendors and contractors to deliver our service. Each contract provides additional opportunities for new businesses, start-ups, and SMEs within the cyber security sector to grow and continue to innovate. ; • We support innovation and disruptive technologies. Our solution portfolio is continuously updated and reviewed

  Equal opportunity

  .BlueFort takes the health and wellbeing of its workforce seriously. We provide a range of wellbeing benefits and aim to treat employees who are sick with dignity and respect, providing support, and (if appropriate and practicable) workplace adjustments that may assist that individual to continue productive employment with the Company. BlueFort currently partner with Vitality to support our goal to build a healthier and happier workforce. Via Vitality Private Medical Insurance and Vitality at Work Business, we provide staff with a comprehensive health and wellbeing service offering that helps to address some of the leading causes of workplace absence, as well as offering many proven health and wellbeing benefits (including GP consultations and mental health treatment, including Cognitive Behavioural Therapy and counselling).

  Wellbeing

  BlueFort takes the health and wellbeing of its workforce seriously. We provide a range of wellbeing benefits and aim to treat employees who are sick with dignity and respect, providing support, and (if appropriate and practicable) workplace adjustments that may assist that individual to continue productive employment with the Company. BlueFort currently partner with Vitality to support our goal to build a healthier and happier workforce. Via Vitality Private Medical Insurance and Vitality at Work Business, we provide staff with a comprehensive health and wellbeing service offering that helps to address some of the leading causes of workplace absence, as well as offering many proven health and wellbeing benefits (including GP consultations and mental health treatment, including Cognitive Behavioural Therapy and counselling).

Pricing

• Price: £0.80 to £20 a user a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Time limited trial of SecurID Cloud MFA provided by BlueFort Security with deployment services for a quick migration to a full license.
• Link to free trial: N/a

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at accounts@bluefort.com. Tell them what format you need. It will help if you say what assistive technology you use.