Mimoto

Doormouse

Doormouse is a cloud hosted network registration portal designed with University Halls of residence in mind. It provides a straight forward interface for students to register their devices for use with the network from within their room.

Features

• Easy automation via Rest API (JSON/HTTP)
• Federated Single Sign on (SAML2)
• Device MAC auto-detection
• Configurable GDPR data policy enforcer
• Flexible template and styling system
• Fine grained access control permissions
• Student self-service portal user interface

Benefits

• Simple registration process reduces number of support requests
• Easy to integrate with existing services & infrastructure
• Keeps you in control of your data
• Students can manage their devices anywhere
• Can be made to match your organisational styles
• Automatic device detection reduces support ticket frequency

£20,000 an instance

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@mimoto.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

610171546017158

Contact

Sales
01618 504 093
info@mimoto.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
• Service constraints: Integration with on-site network is via DHCP and requires onsite agent.
• System requirements: Agent requires onsite server.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Acknowledgement within 1 hour 7 days a week.; Response within 4 hours during working hours (Mon-Fri, 9am - 5pm)
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: We provide support to administrative staff at the customer institution about the configuration and administrative use of the system. We do not provide support to end users (students) for their use of the system.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We work with the client to help them get the system set up and integrated into their infrastructure. This includes: an initial orientation meeting, configuration work and network integration and testing.
• Service documentation: No
• End-of-contract data extraction: The client organisation can export their data in JSON format using the API.; We can also help them convert the data to different formats, where possible, at additional cost.
• End-of-contract process: Towards the end of the contract we will approach the customer about the end date to inquire about contract extension.; As the contract reaches its end we'll provide technical support assistance to help them recover any user data they wish to export from the system as JSON objects.; If the user requires a different format we'll do our best to support that, at additional cost dependent on development days required.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: None.
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: API can be used to configure the service and read/write any aspect of data from the service.
• API documentation: No
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Template system means administrators have full control of the look of the system. This is managed through a Git repository.

Scaling

• Independence of resources: Each Doormouse customer is hosted on a seperate infrastructure instance.

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: Less than once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Via the API. Data is exported as JSON documents.
• Data export formats: Other
• Other data export formats: JSON
• Data import formats: Other
• Other data import formats: JSON

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: We shall endeavor to provide 99.9% service availability in each calendar month excluding periods of scheduled maintenance. We will extend the subscription term by one additional calendar month for each month we fail to meet this level of service availability.
• Approach to resilience: Application and database services hosted in two geographically separate UK locations.
• Outage reporting: We can provide email alerts on outage and performance issues.

Identity and authentication

• User authentication needed: Yes
• User authentication: Identity federation with existing provider (for example Google Apps)
• Access restrictions in management interfaces and support channels: The Doormouse management interface uses the same federated authentication system as the standard login. For the majority of administrative use cases role based access control system grants the relevant additional rights to managerial users based on their role. These roles can be specified by the customer login system and linked to internal identity management infrastructure, thereby automatically removing redundant access rights when a users role no longer requires them.
• Access restriction testing frequency: Never
• Management access authentication: Identity federation with existing provider (for example Google Apps)

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: We maintain the following internal standards: All employee laptops have hard disk encryption by default. Servers are managed with automated deployment tools that enforce security best practice. Server access requires individual ssh key based authentication. Administrative server access requires additional password authentication or other 2nd factor. Separation of customer data using virtual machines and/or containers. Physical servers hosted in secure data-centers. Infrastructure as code removes ad-hoc administration activities and reduces attack surface.
• Information security policies and processes: We have the following security polices/procedures: compromised account procedure, password policy, security incident and data breach policy.; ; The policies make clear that security incidents and concerns should be brought to the directors of the organisation as soon as possible. Our small size, flat organisational structure, and constant online team chat, means that we can respond quickly to such concerns/incidents.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: The Doormouse system was developed using a behavior driven development approach with many automated use-case tests. We develop the software using a Git software code respository and arrange changes into versioned releases. These releases go through 2 rounds of testing (local, and customer test environment). Internally approved minor changes are then taken to production within a pre-agreed maintenance window. We engage with customers to arrange suitable major change time windows, with respect to their internal change control processes.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We run antivirus on all employee laptops/workstations. We test the system software for a range of nefarious access scenarios as a part of our release cycle. We monitor upstream application frameworks, libraries, and pre-requisite software for updates, vulnerabilities, and maintenance support end dates. We develop and release patch updates to the software inline with urgency. Patch updates are deployed as soon as possible within previously agreed patch update window.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: A broad range of system statistics are included on an internal monitoring dashboard which is monitored daily. Alerting to team chat is triggered if the system is operating outside normal conditions. Application error conditions trigger warnings to the team chat system. When an usual situation is discovered, or we receive notification of such, we investigate as soon as possible, normally immediately. If we discover a potential compromise we seek to resolve the matter as quickly as possible, potentially using a temporary fix until a long term solution can be found.
• Incident management type: Supplier-defined controls
• Incident management approach: We have a security incident and data breach policy which applies to all Mimoto employees, members, and any sub-contractors.; Users can report security incidents directly through normal support channels. Additionally there is a dedicated security incident support channel abuse@mimoto.co.uk with an associated GPG encryption key for reporting on sensitive matters, this channel is available to users and the public for reporting incidents/concerns.; As a part of the policy we consider if the customer, police, ICO, need to be informed. If we believe a customers data has been affected we inform them within 24 hours.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  As a remote-first organisation, we have a lower carbon foot print than a traditional enterprise because we have a lower requirement for office space. We aim to minimize server resource use to reduce energy impact. We choose energy and water efficient technologies and software.

  Covid-19 recovery

  As a remote-first organisation we were able to continue business as normal throughout the pandemic. Our employees remained employed with us and none were put on furlough.; Through the Kickstart scheme we employed young people entering the job market at the height of the pandemic giving them valuable work experience at a critical time.

  Tackling economic inequality

  We have employed people at risk from long term unemployment, with little or no IT skill, with a view to level them up and give them useful industry experience.; We are a Living Wage Foundation employer.; We donate our old computer equipment to a charity that provides IT equipment for people from disadvantaged households.

  Equal opportunity

  We have a flexible working culture. Our employment practices focus on merit and are designed to remove conscious and unconscious bias. We have donated funds to the Women in Identity foundation.

  Wellbeing

  Our work culture allows people to work flexible hours so they can manage their work life balance. As a remote-first organisation we have a default of home working, and encourage co-working from time to time.

Pricing

• Price: £20,000 an instance
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@mimoto.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.