IP Performance Limited

Wallix Privileged Access Management (PAM)

Controlling Access to target resources and applications.
Monitor all user sessions.
Manage and rotate account passwords.
Just-In-time access and application usage.
Implement zerotrust methodology

Features

• Password Vault: control and manage secrets passwords and credentials
• MFA: Strong authentication of the user and Single-Sign-On
• Remote Access Management: Manage accesses for employees, vendors or contractors
• Session management : Authorization, management and recording
• Least privileged Management: dynamic elevation and grant the right privilege.

Benefits

• Password automation: complexity, encryption, rotation.
• Ensure the identity of the user
• Seamless experience for remote users ( contractors, third parties..)
• Maintain Compliance and regulations
• Implement zerotrust framework and block lateral movements

£28.77 a unit

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at pbright@ip-performance.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

679840009150777

Contact

Paul Bright
01275393382
pbright@ip-performance.co.uk

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Identity and Account Management / Identity and Governance Account
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
• Service constraints: No.
• System requirements: There are a few system requirements ( like CPU/RAM..)

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: IP Performance have a 24/7/365 service desk and response times do not change at weekends. Below are typical response times based on the severity level of the problem.; ; Severity Response Time Target; 1 15 minutes of initial call 95%; 2 30 minutes of initial call 95%; 3 8 hours 95%; 4 Next business day 95%
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: The cost of support depends on the SLA that is agreed with the customer. We tailor each SLA to a specific company's requirements. An account and service delivery manager are assigned and the latter will allocate engineer resources as required.; ; Support levels can be anything between service desk only to a fully managed service.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Training and professional services.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Datafile is available upon end of support contract.
• End-of-contract process: Service ends on agreed date with option of renewal if required.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Web and API for managing the solution.
• Accessibility standards: None or don’t know
• Description of accessibility: Every thing can be done through web APIs. APIs are documented.
• Accessibility testing: None.
• API: Yes
• What users can and can't do using the API: Every thing can be done through web APIs. APIs are documented
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Web interface GUI, configuration options.

Scaling

• Independence of resources: We provide adequate user and resource capabilities

Analytics

• Service usage metrics: Yes
• Metrics types: User Count.; Concurrent Users.; Number of resources or applications.; Number of Remote access users.; Number of User groups
• Reporting types:
  • Real-time dashboards
  • Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Wallix

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Other
• Other data at rest protection approach: Automatic deletion of auditing information after an expiration delay.
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Raise Ticket via support and request authorisation to retrieve data.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • Zipfile
  • Webapis
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • Zipfile
  • Webapis
  • One WALLIX proprietary backup

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection within supplier network: Encryption and https, ssh.

Availability and resilience

• Guaranteed availability: SLA available depending on support level : gold or bronze.
• Approach to resilience: High availability between different data-centres, breaking glass procedure, disaster recovery, backups, snapshots.
• Outage reporting: Alerts; Reports; SNMP Trap; Email

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: VPN.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users receive audit information on a regular basis
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Certified Quality Systems (CQS) LTD
• ISO/IEC 27001 accreditation date: 21/08/2021
• What the ISO/IEC 27001 doesn’t cover: It covers the whole company.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: WorldPay Safer Payments
• PCI DSS accreditation date: 31/12/2016
• What the PCI DSS doesn’t cover: Nothing, we are fully compliant, although card payments are preferred via telephone rather than in-person.
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: Wallix ANSSI

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: Wallix - ANSSI; GDPR
• Information security policies and processes: IP Performance Limited are ISO27001 accredited. We also have Cyber Essentials and Cyber Essentials Plus certification. We have a CISO who reports to the Managing Director and a compliance manager who reports to the Operations Director.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: IP Performance Limited operate their service and change management process within an ITIL Service Management Framework. Service Delivery Managers are ITIL qualified.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: A control of physical and logical accesses is managed by internal process to identify, empower, authorize, and trace.; internal repositories are updated on a regular basis to integrate third parties' security patches.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Vulnerability tracking is done by monitoring known CVE databases, CERT security alerts and other 3rd parties' alerts
• Incident management type: Supplier-defined controls
• Incident management approach: IP Performance operations follow ITIL process and procedures for incident management. All incidents are recorded on our ticket logging software - Vivantio. Users can log tickets on Vivantio themselves or email/ phone them into our service desk. Vivantio can produce reports in multiple ways either on the progress of specific tickets or as a report covering incidents over a given period i.e. monthly.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Fighting climate change

  Fighting climate change

  Since 2012, IP Performance Ltd has purchased four wind turbines, which are operated and maintained by the DistGen Group of companies. Three; are reconditioned Vestas V39 and V52 500kW turbines, generating in the region of 700,000 kWh per annum, whilst the fourth was new and rated at; 850kW,generating in excess of 1m kWh. They are located in Orkney, Cheshire, Somerset and Dorset. The turbines provide electricity for the; immediate area, with the bulk being fed in to the National Grid. A percentage of the funds generated are redirected to the local community in the; form of a Direct Community Contribution, typically paid to the Parish Council for use at their discretion. Whilst ultimately being dependent upon; wind speed, this should amount to a sum of £300,000 per site over the planned twenty year operation of each turbine.

Pricing

• Price: £28.77 a unit
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: One month free trial.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at pbright@ip-performance.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.