Grove Information Systems

Proofpoint Essentials

Proofpoint Essentials provides email security to protect business email both with the advanced protection of URL and Attachment Defence and Data Loss Prevention capabilities as well as comprehensive Email Continuity features to keep business communications up and running at all times.

Features

• Owns all security technology in solution
• URLs Sandboxing time of click, time of delivery (predictive analysis).
• Smart Search: Comprehensive message tracing across mail agents in seconds.
• Sandboxing of URLs found inside attachments
• Attachments delivered as-is
• Attachment Sandboxing
• Dedicated threat research team aligning with changing threat landscape
• Dynamic Imposter email classifier rules change as attackers change tactics
• Business Continuity allowing email flow during outage.
• Essentials Archiving

Benefits

• Protects you from malicious attachments in email
• Protects you from malicious URL's in attachments and email
• Responds to threats quicker
• Protects you from impersonation attacks
• Continue to send/receive email during outages, e.g Office 365 outage
• Data Loss Prevention and Content Filtering
• Community based intelligence contains more than 800 billion data points
• Deployment On-Prem or Cloud
• Archiving utilized for search anytime, anywhere
• Easy to enforce retention policies.

£1.21 to £4.18 a user

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at pwitheridge@groveis.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

642820200330423

Contact

Philip Witheridge
+44 207 493 6741
pwitheridge@groveis.com

Service scope

• Software add-on or extension: Yes
• What software services is the service an extension to: Yes, but can also be used as a standalone service
• Cloud deployment model: Community cloud
• Service constraints: See Service Level Agreement where any constraints are shown
• System requirements:
  • Existing mail server, eg; Exchange, o365, Zimbra, Lotus Notes
  • Google Apps, Google Workspace for Business

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We operate in a non-stop, global business environment —24 hours a day, 365 days a year—offering a range of specially tailored support packages. Grove’s Premier Support options include dedicated technical success managers, priority responses, customised escalations, weekly and monthly reports as well as clear service level agreement (SLA) guidelines.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Web chat
• Web chat support availability: 24 hours, 7 days a week
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: Through Grove's support CRM portal
• Web chat accessibility testing: N/A
• Onsite support: Yes, at extra cost
• Support levels: P1 - Critical business impact or critical loss of service - The issue must be logged via telephone A resolution of a next-steps action plan will be relayed within four hours for all support cases received from customers during each annual support period. P2 - Major or partial loss of service, where a work-around does not exist - Issue must be logged via telephone or the support portal A resolution or an initial next-steps action plan will be relayed within five hours, provided the customer provides all requested information in a timely manner. P3 - Questions, how-to queries or minor service impact - The issue must be logged via telephone or the support portal - A resolution plan will be relayed within eight hours, provided the customer provides all requested information in a timely manner. P4 - Documentation and enhancement requests - Issue must be logged via telephone or the support portal A resolution plan will be relayed within 24 hours, provided the customer provides all requested information in a timely* manner.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We deploy the service and configure service to customers requirements.; We then provide Admin training either on site or online depending on the customers requirements.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Proofpoint professional services can extract data for a pre-agreed fee or users can export the data themselves via post or email
• End-of-contract process: Proofpoint will stop providing services to the customer and data will be deleted.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Full Administrative Console
• Accessibility standards: WCAG 2.1 AAA
• Accessibility testing: Used interface extensively with no issues
• API: Yes
• What users can and can't do using the API: Use a reporting dashboard
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• API sandbox or test environment: No
• Customisation available: No

Scaling

• Independence of resources: All Proofpoint SaaS systems are actively monitored with local agents collecting hundreds of metrics specific to hardware, networking, and OS. All metrics are measured against a baseline compiled from historical data. Acceptable thresholds are defined based on a combination of optimal performance targets and historical baselines.

Analytics

• Service usage metrics: Yes
• Metrics types: Granular Reporting of message flow, deep analysis into threats
• Reporting types: Regular reports

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Proofpoint Essentials

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: In-house
• Protecting data at rest: Other
• Other data at rest protection approach: See security pack
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Administrators can export their users data via web interface
• Data export formats: Other
• Data import formats: Other

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
  • Other
• Other protection between networks: Proofpoint has documented information security program consisting of policies, procedures and standards that aligns with the requirements of NIST 800-53 and ISO 27001. The program is owned by the Proofpoint Global Information Security group, and includes a continuous monitoring program consisting of monthly and quarterly evidence collection and review, and an annual SOC 2 Type II audit of the program.
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: Policies, procedures, and standards comprising the Proofpoint information security program are reviewed and updated annually by the Proofpoint Global Information Security group and approved.

Availability and resilience

• Guaranteed availability: Defined at this link: https://www.proofpoint.com/sites/default/files/general_terms_hosted_services_sla_-_mar_2016.pdf
• Approach to resilience: Defined at this link: https://www.proofpoint.com/sites/default/files/general_terms_hosted_services_sla_-_mar_2016.pdf
• Outage reporting: Defined at this link: https://www.proofpoint.com/sites/default/files/30427798_proofpoint_essentials_sla_-_pfpt_august_08152015.pdf

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
• Other user authentication: See above
• Access restrictions in management interfaces and support channels: See Service Definition Doc
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
• Description of management access authentication: Access to the Proofpoint production environment

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: Between 6 months and 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: Between 6 months and 12 months
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: SOC 2 Type II audit report, available here: https://go.proofpoint.com/soc2_report_request.html

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: See security pack
• Information security policies and processes: Proofpoint's information security program is aligned with the requirements of NIST 800-53 and ISO 27001. However, we are not certified to the ISO 27001 standard.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Proofpoint has a documented change management policy that includes requirements around documented change tickets and review and approval by the Change Review Board.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Proofpoint performs internal and external vulnerability scanning and remediates applicable findings in line with the Proofpoint patch management policy.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Proofpoint has distributed monitoring in place for availability, performance, capacity and security.
• Incident management type: Supplier-defined controls
• Incident management approach: Proofpoint has a documented Incident Response Plan that includes procedures to detect, investigate, remediate and communicate security incidents.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Tackling economic inequality

  Tackling economic inequality

  The solutions and services we offer to G Cloud procurement organisations typically require new skill sets for which we provide employment and follow on mentorship training and growth opportunities.

Pricing

• Price: £1.21 to £4.18 a user
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Provided by a Proofpoint Engineer once requirements are confirmed.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at pwitheridge@groveis.com. Tell them what format you need. It will help if you say what assistive technology you use.