Cysiam Limited

Multifactor Authentication

Provides clients with a cloud based authentication system across their organisation.

Verifies the identity of all users with strong two-factor authentication before granting access to corporate applications to protect against phishing and other access threats.

Features

• Contextual user access policies
• verifies the identities of your users quickly and easily
• zero-trust security model

Benefits

• protect against remote attacks such as phishing
• attackers unable to access accounts without possessing your physical device

£750 a unit a day

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at rupert.ryan@cysiam.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

614546119288762

Contact

Rupert Ryan
07376019394
rupert.ryan@cysiam.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Hybrid cloud
• Service constraints: None known
• System requirements:
  • Must not be air-gapped networks
  • Needs internet connectivity

User support

• Email or online ticketing support: No
• Phone support: No
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Onsite support at daily consultancy rates.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Onsite training on enrolment is provided with additional user documentation and online resources.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: No data is stored after the contract ends.
• End-of-contract process: At the end of the contract the service will finish providing mfa.; cost includes set up of MFA dashboard and integration with systems requiring MFA with user training provided.

Using the service

• Web browser interface: No
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • MacOS
  • Windows
  • Windows Phone
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The phone is the device that users use to authenticate access and verify their identity.
• Service interface: No
• User support accessibility: None or don’t know
• API: No
• Customisation available: Yes
• Description of customisation: Service is entirely bespoke to the deployment.

Scaling

• Independence of resources: Service provision is on the local device only so no issues with high demand on the service.

Analytics

• Service usage metrics: Yes
• Metrics types: Login location data including time and date stamp and unsuccessful authentication attempts.
• Reporting types:
  • Real-time dashboards
  • Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: DUO

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: In-house
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: No data is stored by the system.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Supplier provided.
• Approach to resilience: Hosted by DUO - Cysiam are the reseller and don't have access to the security information. DUO make this available on request.
• Outage reporting: DUO website, email and push notifications.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
• Access restrictions in management interfaces and support channels: Hosted by DUO - Cysiam are the reseller and don't have access to the security information. DUO make this available on request.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Less than 1 month
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: SGS
• ISO/IEC 27001 accreditation date: 19/10/2023
• What the ISO/IEC 27001 doesn’t cover: The whole business is covered
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: Cyber Essentials
• Information security policies and processes: We have policies and processes for the following:; IT Usage Policy; HR onboarding and release process; Remote working policy; Vulnerability and Patch Management Policy; Cyber Security Incident policy and procedure; ; All members of staff are required to read and sign all policies and procedures on induction and also every 12 moths.; All incidents or or nonconformity to policy or procedure are to be reported to the Chief Technology Officer

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Hosted by DUO - Cysiam are the reseller and don't have access to the security information. DUO make this available on request.
• Vulnerability management type: Undisclosed
• Vulnerability management approach: Hosted by DUO - Cysiam are the reseller and don't have access to the security information. DUO make this available on request.
• Protective monitoring type: Undisclosed
• Protective monitoring approach: Hosted by DUO - Cysiam are the reseller and don't have access to the security information. DUO make this available on request.
• Incident management type: Undisclosed
• Incident management approach: Hosted by DUO - Cysiam are the reseller and don't have access to the security information. DUO make this available on request.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Equal opportunity

  Fighting climate change

  CYSIAM is a proud member of the SME Climate Hub, a global initiative that empowers small to medium sized companies to take climate action and build more resilient businesses. Through the SME Climate Hub, we commit to lowering our impact on the environment through authentic action, halving our emissions by 2030. In making the commitment, we have joined the United Nations Race to Zero campaign. ; ; The initiative is supported at board level in the company and having calculated our baseline emissions, we report progress against our action plan on an annual basis. ; ; We run several initiatives throughout the year to support our climate commitment and try to involve our staff as much as possible.

  Equal opportunity

  CYSIAM is an equal opportunities employer and has a clear policy on equality of opportunity which is available to all staff and briefed to new entrants as part of the onboarding activity. We are also a member of the Armed Forces Covenant which aims to assist forces leavers in the transition into civilian life, giving them an opportunity to compete on an equal footing with those more used to participating in the workplace.

Pricing

• Price: £750 a unit a day
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: DUO defined

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at rupert.ryan@cysiam.com. Tell them what format you need. It will help if you say what assistive technology you use.