Bridgeway Security Solutions

IronWorks: scheduled compliance and operational reporting for Microsoft Intune

Microsoft Intune is a leading mobility management and security solution for organisations. IronWorks unleashes the power of Intune's data to enable scheduled reports providing actionable insights and long-term trend analysis, as well as providing supporting evidence for compliance audits.

Features

• Mobility project key performance indicator (KPI) charting
• Automated, scheduled emailed PDF reports aligned to line-of-business
• Automatic data ingestion from Microsoft Intune via Graph APIs
• Comprehensive trend analysis and charting of your mobility project
• Compliance reporting for GDPR, ISO27001, IG Toolkit and PSN CoCo
• Daily Intune security health-check and operational dashboard
• Aggregated lost and missing and out-of-contact device views
• Identify and list inactive devices present on your Intune estate
• List mobile devices vulnerable to Spectre and Meltdown attacks

Benefits

• Measure, track and evidence the success of your mobility project
• Disseminate team mobility reports directly to their team managers
• Ensures complete and consistent information for mobility project reporting
• Plan and budget for mobile growth with insightful trend analysis
• Evidence your continuous work towards reaching and maintaining compliance
• Identify potential Intune issues before they become a problem
• Recover and repurpose missing mobile devices to cut costs
• Highlight inactive mobile users to reduce attack surface area
• Track and manage your mobile security risks and exposure

£6.30 to £9 a device a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at g-cloud@bridgeway.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

577470842042478

Contact

Jason Holloway
01223 979 090
g-cloud@bridgeway.co.uk

Service scope

• Software add-on or extension: Yes
• What software services is the service an extension to: IronWorks is a reporting solution that integrates with Microsoft Intune (MDM/EMM/UEM) deployments.; ; IronWorks provides data driven decision making for Intune mobility projects.
• Cloud deployment model: Public cloud
• Service constraints: IronWorks integrates via Graph API calls with Intune deployments. Mobility projects that do not use Microsoft Intune or Ivanti MobileIron as the security MDM/EMM/UEM are not supported at present.
• System requirements:
  • Microsoft Intune deployment
  • A local user with (read-only) Graph API roles on Intune
  • A modern web browser and internet connection
  • An email address for delivery of optional emailed PDF reports

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Bridgeway SLAs guarantee a first considered response within 1 hour from initial ticket being logged, and progress updates start from within 3 hours from receipt of all relevant information. Different SLAs apply according to mutually-agreed priority level.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Yes, at an extra cost
• Web chat support availability: 24 hours, 7 days a week
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: Our support service (Bridge Support) is typically provided as phone and email support, but optionally - at an agreed extra cost - we can integrate into existing customer processes and systems. For example, using customer's existing Zendesk, JIRA or SalesForce support tools, knowledge bases and escalation processes.; These services have their own WCAG compliant interfaces for user web chat support, which we would leverage in the support service delivery.
• Onsite support: Yes, at extra cost
• Support levels: Our Bridge Support services are flexible: we can augment your existing support arrangements, or provide a complete outsourced support function. Standard support is available during UK office hours and can be extended to include full 24x7 and/or onsite consultancy visits.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: IronWorks on-boarding is fast and easy to do, and typically takes five minutes in total to achieve. We will assist a prospective or new customer to integrate by providing a list of the necessary settings prior to a joint webinar call. This call then connects the customer's Microsoft Intune MDM solution with IronWorks, and the connection is tested.; Online training in the main IronWorks features then follows, and short videos describing the main features are also available for e-Learning and self-education.; 24x7 technical support is also available as part of the service.
• Service documentation: No
• End-of-contract data extraction: Users can request data extraction upon which we would create and share a copy of their underlying database data.
• End-of-contract process: At the end of the term, the customer is welcome to renew their licence and the service would continue. ; Alternatively, if the customer verifies in writing their preference not to continue, their account and associated data are deleted. The customer would be expected to remove the local Graph API user from their Microsoft Intune solution at this stage.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: None, all functionality present on both device types and across all form-factors
• Service interface: Yes
• User support accessibility: WCAG 2.1 A
• Description of service interface: Accessible from a web browser, an intuitive reporting dashboard delivers critical insights via real-time reporting on mobile device use. Alongside trend charting and insightful analysis, with IronWorks you can monitor how staff and devices comply with your mobile IT policies and recover lost devices.
• Accessibility standards: None or don’t know
• Description of accessibility: No testing has been carried out.
• Accessibility testing: No testing has been carried out.
• API: Yes
• What users can and can't do using the API: IronWorks collects data from Microsoft Intune instances through the use of Graph APIs. IronWorks also has APIs available for customer integration of the resulting computed information into existing business intelligence tools (e.g. Power BI and similar).; Full documentation of all the available API calls is available and integration consultancy services are available at extra cost.
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: Customers can set their preferred organisation name, which users can access the service and their respective roles. Additionally, the organisation administrator can add email report recipients and choose from pre-defined template reports, or custom build their own.; ; Optionally, IronWorks can also be customer branded at extra cost.

Scaling

• Independence of resources: IronWorks was designed and developed with scalability, availability and confidentiality in mind. Built with NodeJS and on Docker containers, the solution is self-healing and self-managing through the use of Kops and Kubernetes for enterprise- and carrier-grade deployment, with reliability and scaling configurations automatically ensuring a smooth customer experience.

Analytics

• Service usage metrics: Yes
• Metrics types: This is a mobility project reporting solution, so it is precisely designed to provide service usage metrics across many mobility project measurements, including but not limited to: number of devices, number of users, OS split, mission-critical application versions and split, number of out-of-contact devices, number and reasons for non-compliance of devices, active and inactive user lists, etc., etc.; In addition to which, operational dashboard metrics also cover certificate expiry notices, internet-exposed administration consoles, devices at risk from known security vulnerabilities, administrator roles and service access statistics.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: In-house
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Other
• Other data at rest protection approach: Security vetting of consultancy personnel (SC and NPPV3 by default, other vetting options available upon request). ISO27001 approved datacentre. Documented processes and internal policies. Physical and electronic security systems and controls. Encryption of data at rest (AES-256). Role-based access controls of personnel data access. GDPR-ready data handling processes, policies and user training.
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: IronWorks includes automated PDF report emailing on a scheduled basis, as well as user-initiated (on-demand) CSV export of all charts, tables and map data.; Extracting the tenant's data from the underlying IronWorks database is an optional service.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • PDF
  • Native database
• Data import formats: Other
• Other data import formats: Not applicable

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection within supplier network: SSH

Availability and resilience

• Guaranteed availability: Service part-refund for non-performance. SLAs determined by chosen option, customer need and mutual agreement.; ; Bridgeway's support SLAs for Bridge Support are listed here: https://www.bridgeway.co.uk/services/support-services
• Approach to resilience: Location and configuration of the service components are tracked and monitored through existing AWS, Kubernetes and Kops tools.; Changes to the service are discussed internally at initial design, during development and before implementation.; Security changes are discussed amongst a wider group, including the consultancy team and SMT to identify any weaknesses before implementation
• Outage reporting: Email alerts and customer ingest logs/dashboards track service outages (whether these are IronWorks outages or those on customer equipment).

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: IronWorks authenticates users to the web portal using strong passwords.; Bridgeway support only accepts support tickets to be raised by recognised administrators of the IronWorks platform
• Access restriction testing frequency: At least every 6 months
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users receive audit information on a regular basis
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users receive audit information on a regular basis
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: EY Certify Point
• ISO/IEC 27001 accreditation date: 18/11/2010, with latest re-issue on 15/12/2017
• What the ISO/IEC 27001 doesn’t cover: Scope covers datacentre services and facilities, does not cover on-premises installations or customer's own processes/implementations.
• ISO 28000:2007 certification: No
• CSA STAR certification: Yes
• CSA STAR accreditation date: 2018
• CSA STAR certification level: Level 1: CSA STAR Self-Assessment
• What the CSA STAR doesn’t cover: As per service scope definition
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • Cyber Essentials Plus
  • ISO 27001

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: Cyber Essentials currently, but moving to ISO27001 compliance in 2019.
• Information security policies and processes: We follow ISO27001 and industry best-practice, with a few additional bespoke controls and policies of our own. ; Contact details and reporting structure available on request.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Location and configuration of the service components are tracked and monitored through existing AWS, Kubernetes and Kops tools.; Changes to the service are discussed internally at initial design, during development and before implementation.; Security changes are discussed amongst a wider group, including the consultancy team and SMT to identify any weaknesses before implementation
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We monitor numerous security sources to remain abreast of the latest threats and attacks.; Risks are assessed, prioritised and alerted to relevant personnel so that remedial action can be planned, change control process applied, and systematically implemented
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: IronWorks user access logs are gathered and retained, along with usage data to allow for forensic examination of any suspicious activity.; We are planning to integrate IronWorks logging into its existing protective monitoring solution (implementation date TBC)
• Incident management type: Supplier-defined controls
• Incident management approach: Incident management and support escalation processes are in place and proven.; Bridgeway recommends customers report any possible security incidents or concerns through our logged and tracked 24x7 telephone and email support service.; Security incidents are notified immediately - day or night - to the Bridgeway SMT

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: Yes
• Connected networks:
  • Public Services Network (PSN)
  • NHS Network (N3)

Social Value

• Fighting climate change:

  Fighting climate change

  There is no greater threat to our collective future than climate change. At Bridgeway, we believe that the IT and security industries have a key role to play in promoting sustainable solutions to today’s climate challenges. ; ; Bridgeway strives to act ethically and with integrity in all of our business dealings and relationships. Bridgeway is committed to improving our environmental and sustainability practices in order to preserve and protect our planet for current and future generations. ; ; We always work to the highest ethical standards and comply with all laws, regulations and rules relevant to our business. Our reputation is paramount and we take our Environmental and Sustainability Responsibilities seriously. While much has already been achieved, especially in carbon reduction through the efficient generation of heat and power, as well as the provision of free-to-use electric vehicle charging points. Water and plastic consumption has also been reduced and we’ve improved site management of waste disposal. Yet there remain many areas where further progress can be made. ; ; In particular, Bridgeway is committed to: ; ; • Promoting environmental and sustainability issues and goals ; ; • Reducing our use of non-renewable energy and utilities ; ; • The development of green travel policies and raising awareness about environmental issues. ; ; • Improving the efficiency and effectiveness of our waste management systems ; ; • Striving for Net Zero status by 2025 and beyond. ; ; We realise that our relationships with those we deal with, whether customers, employees, suppliers, or the wider community, are key to our success and as such we take our obligations and commitments seriously. We expect the same high standards from those we work with and we are committed to ensuring that there is an appreciation of our collective environmental and sustainability responsibilities in our supply chains and all parts of our business.
• Covid-19 recovery:

  Covid-19 recovery

  During April 2020, Bridgeway assisted a couple of hospitals expanding their MDM projects to repurpose mobile devices for PatientComms. ; ; Thus, Bridgeway became aware of the wider issue facing hospitals (and then care homes) across the UK. Due to pandemic infection control measures, patients and residents weren’t allowed to receive visitors or to receive packages from their loved ones. Thus, patients and residents that had arrived without a mobile phone and charger were being cut off from their families. ; ; We identified an opportunity to bridge this communication gap. In early April 2020, we launched a not-for-profit initiative, Phones for Patients, that would make donation of secure, re-provisioned devices to hospitals and care homes possible. ; ; After donated devices and accessories were collected or delivered to the Bridgeway office, the team rallied together to prepare and redeploy these, all for free. This collaboration and teamwork meant patients and residents were able to remain in contact with friends and family during their stay, and in some sad cases, even be able to say their last goodbyes to their loved ones. ; ; In a collaborative partnership with information security vendors, we implemented workflows which enabled us to wipe, prepare and deploy devices for the recipients, ensuring they were ready to use and fully secure and supported. ; ; We strived to keep patient privacy at the forefront, ensuring Patient Identifiable Information (PII) was encrypted and secured on the devices. If devices were lost or stolen, their confidential data could be remotely wiped too. ; ; All donated devices are permanent donations, meaning after the pandemic, the devices remain with the organisation to pass on to their patients and residents as they see fit. ; ; With the hard work and dedication from volunteers throughout the business, over 9,500 mobile devices were processed and donated to care homes and hospitals across the UK.
• Tackling economic inequality:

  Tackling economic inequality

  After the initial success of the Phones for Patients not-for-profit initiative, we moved to register this as a standalone charity to continue this good work. ; ; The Phones for Patients charity constitution was expanded in scope to also cover those in social care settings and those who are shielding as a result of infectious diseases. Our donated devices are therefore often to be found assisting victims of physical and mental health issues, and disproportionately helping those affected by economic inequality. ; ; Bridgeway won the ‘Team of the Year’ award in the UK Business Awards in July 2021 for this project.
• Equal opportunity:

  Equal opportunity

  The Company acknowledges its legal and moral obligation both in recruitment and in employment to offer equal opportunities to all persons irrespective of race, disability, sex, pregnancy/maternity, sexual orientation, gender reassignment, age, marital status, colour, nationality, ethnic or national origin or religion or similar belief (the “Protected Characteristics”). It is contrary to our legal and moral duties to discriminate against any person on the grounds of any of those matters in respect of his or her terms and conditions of employment and opportunities for training and promotion. The Company also acknowledges that this is a continuous on-going process which must remain under constant review. We are committed to extending protection from discrimination to all groups and without restricting the generality of this commitment, we will deal with aspects of a matter as set out in the following paragraphs. ; ; The Company recognizes that the provision of equal opportunities in the workplace is not only good management practice but that it also makes sound business sense. The Company's equal opportunities policy is designed to help all employees develop their full potential and to ensure so far as is practical that the talents and resources of the workforce are fully utilized to maximize the efficiency of the organization. However, no policy of this sort can properly accommodate all possible circumstances and therefore this document should be seen as creating guidelines only and not contractual obligations on the part of the Company.
• Wellbeing:

  Wellbeing

  Bridgeway cares about our employees. We have a regular, audited mental health awareness training course, plus dedicated mental health practitioners on our staff. These, in combination with our HR department, ensure the wellbeing needs of employees are proactively met, engaged with, and supported.

Pricing

• Price: £6.30 to £9 a device a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: A fully-featured service available for a jointly-agreed but time-limited period.
• Link to free trial: https://www.bridgeway.co.uk/ironworks-trial

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at g-cloud@bridgeway.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.