nowSecure Respond

Service scope

Software add-on or extension: No
Cloud deployment model: Hybrid cloud
Service constraints: There are no service constraints
System requirements: Microsoft Windows 7 and Windows 8 & 8.1

Microsoft Windows 10

Microsoft Windows Server 2008 R2

Microsoft Windows Server 2012, 2012 R2

Microsoft Windows Server 2016

Apple MacOS 10.12, 10.13

Apple OSX 10.11

Apple iOS 11 and above (requires separate MDM)

Red Hat Enterprise Linux or CentOS 6.x 7.x

Android 2.1 (Éclair) to 6.0 (Marshmallow) (requires separate MDM)

User support

Email or online ticketing support: Email or online ticketing
Support response times: Cisco Technical Support operate the following response times for the standard Cisco Umbrella Cloud service.
Cisco response times operate 24/7/365.
Severity 1-2: Cisco response time within 1 hour.
(Covers items such as major outage, cloud service down or causing critical impact to the business).
Severity 3-4: Cisco response within the Next Business Day.
(Cloud Service is impaired however operations remain functional with little impact to business or general service queries).
Nowcomm can provide additional technical service desk expertise and managed services capabilities to complement Cisco Technical Support above.
User can manage status and priority of support tickets: Yes
Online ticketing support accessibility: WCAG 2.1 A
Phone support: Yes
Phone support availability: 24 hours, 7 days a week
Web chat support: No
Onsite support: Yes, at extra cost
Support levels: There are 4 main support levels which Nowcomm offer for customers to select to further compliment Cisco Technical Support, providing additional Nowcomm technical service desk expertise and managed services capabilities. Nowcomm’s Service Desk operates 24/7/365 and a choice service levels including 24*7, 8*5 Mon-Fri or a NBD service offers to best suit the coverage required.

1) Service Desk - providing remote based technical assistance, advice and guidance to day to day issues and questions. 2) On Site Experts - providing technical engineering, training or consulting experts on site with your team as and when required.
3) Analysis Service - providing scheduled proactive insight and advisory of performance operation data - for example analysing monthly performance data, security reports and behaviour and providing recommendations, guidance and expert insights. monitoring of devices with downtime alerts.
4) Managed Service - providing complete operational service as an extension to the in-house IT team. For example performing all moves, adds, changes and deletes (MACD's), making monthly backups as necessary, any patching updating, vulnerability scanning, monthly reporting, compliance documentation completion, change advisory board reviews and so on.
Support available to third parties: Yes

Onboarding and offboarding

Getting started: Nowcomm onboards customers by gathering all key information required as part of the early data gathering activity that forms part of the planning phase within the on-boarding process. Typically the on-boarding activities, including training are provided remotely.
All go-live system information, service documentation and procedures required to describe, explain, test, educate, train and launch the service is developed and distributed to the customer as part of the on-boarding process. Any detailed design documentation is also derived from within the on-boarding process. All detailed designs are agreed and signed off by both parties within the on-boarding phase and prior to service implementation. Full copies of the system documentation and user documentation as applicable are provided as part of the user acceptance testing phase.
Service documentation: Yes
Documentation formats: PDF
End-of-contract data extraction: As part of the Nowcomm off-boarding process, customers continue to benefit from full reporting access to the service management portal until the date of contract completion. From this service management portal customers can access, retrieve and download copies of all available data and reports as required for future use following the end of contract date. When the contract end date is reached the service is ended and customer access is no longer available. As part of contract completion, the service is considered ended and all data is erased for compliance and operational reasons as part of the customer being fully off-boarded and as such no longer subscribing to the service. Nowcomm notify the end customer with end of service data reminders and guidance to extract necessary data in advance of the contract completion date. This forms part of the Nowcomm remote off-boarding process provided as part of our standard service.
End-of-contract process: Full service functionality is provided for the duration of the cloud service contract with Nowcomm. Customers may have the opportunity to extend the contract based on the rules and governance of the framework agreement at that time. Customers wishing to explore extending the service and contract options should discuss feasibility questions to the Nowcomm account team no later than 90 days before the scheduled end of contact date. As the the services approaches the end of contract date, the organisation will be off-boarded from the service following Nowcomm's standard model, set out in the previous response and which is provided at no additional cost to the standard service.
At the end of the contract the customer will no longer receive the service and all service features, benefits, access and use will cease. Any retained data still held within the system up to contact end date will be securely deleted by the Nowcomm services team at the end of contract date.

Using the service

Web browser interface: No
Application to install: Yes
Compatible operating systems: Android

IOS

Linux or Unix

MacOS

Windows
Designed for use on mobile devices: Yes
Differences between the mobile and desktop service: No differences in the functionality (cosmetic only)
Service interface: Yes
User support accessibility: WCAG 2.1 A
Description of service interface: A web based service management portal for configuration and user provisioning, day to day management, reporting and service usage and for application configuration policy enforcement is provided.

Events and endpoints are categorised by priority and tied into workflows to track progress during investigation.
Accessibility standards: WCAG 2.1 A
Accessibility testing: All assistive interface testing has been performed by Cisco who are the manufacturer of the cloud software service. Assistive testing details can be provided from Cisco on request.
API: Yes
What users can and can't do using the API: The API is provided via an open framework to allow for integration into other threat management and threat intelligence platforms. Details of the API can be provided on request from Cisco, the manufacturer of the cloud software service.
API documentation: Yes
API documentation formats: HTML

PDF
API sandbox or test environment: No
Customisation available: No

Scaling

Independence of resources: Cisco have designed a global platform with significant excess capacity to handle ongoing growth in demand.

Cisco operate through a validated design guide detailing system maximum's and minimums to enable customers to scale, adhering to many industry standards including ISO 9001 and 27001.

Nowcomm perform our service delivery model based on ITIL v4 framework. Our service and support teams are scaled to respond to the needs of our customers of various sizes across both the public and private sector.

Analytics

Service usage metrics: Yes
Metrics types: A range of flexible service metrics reports and dashboards are available as part of the service.

Service usage data can also be output to other correlation, alerting and management systems, including many SIEM and SOC platforms and applications.
Reporting types: API access

Real-time dashboards

Regular reports

Reports on request

Resellers

Supplier type: Reseller providing extra features and support
Organisation whose services are being resold: Cisco

Staff security

Staff security clearance: Other security clearance
Government security clearance: Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations: No
Datacentre security standards: Managed by a third party
Penetration testing frequency: At least once a year
Penetration testing approach: In-house
Protecting data at rest: Physical access control, complying with another standard

Encryption of all physical media
Data sanitisation process: Yes
Data sanitisation type: Explicit overwriting of storage before reallocation

Deleted data can’t be directly accessed
Equipment disposal approach: A third-party destruction service

Data importing and exporting

Data export approach: Customers export data is performed via the manufacturer options available within the management portal. Exporting of data is provided to the customer on both a self service and as required basis. No charge or restrictions of the export of data is enforced by Nowcomm. Data is not hidden, restricted or locked from end users that hold the correct service access privileges. Data, reports and logs will be available for export from the service in the formats and options supported by the manufacturer, Cisco. Available data formats may be subject to change by the manufacturer from time to time.
Data export formats: CSV

Other
Other data export formats: HTML

PDF
Data import formats: CSV

Data-in-transit protection

Data protection between buyer and supplier networks: Private network or public sector network

TLS (version 1.2 or above)

IPsec or TLS VPN gateway
Data protection within supplier network: TLS (version 1.2 or above)

IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability: Nowcomm are providing a service built on a global cloud infrastructure from the manufacturer Cisco and as such are beyond our control. Any Service Level Agreements (SLAs), availability guarantees and any service credit models will form part of the manufacturers terms, which may change from time to time and can be found at: https://www.cisco.com/c/en/us/about/legal/cloud-and-software/cloud-terms.html.
Approach to resilience: Available on request.
Outage reporting: Service outages are reported in a variety of ways. High level public dashboards of Cisco cloud services can be viewed at https://www.cisco.com/c/en/us/support/web/cloud-status.html.
Further detailed service outage information may be available to customers via their specific service portal access.
Automated email alerts and progress updates of a range of possible service outages or service matters are provided for each Cisco cloud service.

Identity and authentication

User authentication needed: Yes
User authentication: 2-factor authentication

Identity federation with existing provider (for example Google Apps)

Username or password
Access restrictions in management interfaces and support channels: Access management is controlled and restricted via secure role-based access controls on a per user basis. This allows the configuration of system access and permissions to be set based on the designated role of the individual user, ensuring only the agreed specific tasks can be performed across the Cisco Umbrella cloud service.
Access restriction testing frequency: At least every 6 months
Management access authentication: 2-factor authentication

Identity federation with existing provider (for example Google Apps)

Username or password

Audit information for users

Access to user activity audit information: Users have access to real-time audit information
How long user audit data is stored for: At least 12 months
Access to supplier activity audit information: Users have access to real-time audit information
How long supplier audit data is stored for: At least 12 months
How long system logs are stored for: At least 12 months

Standards and certifications

ISO/IEC 27001 certification: Yes
Who accredited the ISO/IEC 27001: QMS
ISO/IEC 27001 accreditation date: 17/09/2021
What the ISO/IEC 27001 doesn’t cover: Nowcomm follow all processes and procedures to the ISO 27001 level
ISO 28000:2007 certification: No
CSA STAR certification: No
PCI certification: No
Cyber essentials: Yes
Cyber essentials plus: Yes
Other security certifications: No

Security governance

Named board-level person responsible for service security: Yes
Security governance certified: Yes
Security governance standards: ISO/IEC 27001
Information security policies and processes: Nowcomm are an accredited Cyber Essentials Plus organisation and have adopted and incorporate key processes and procedures set out within ISO27001 and ISO9001 and ISO14001 standards. Nowcomm ensure our business services and operational delivery model processes including our security polices are performed within a structure of continual improvement and review. This includes regular internal audits and annual external audits from qualified third party organisations of our policies and processes.

Operational security

Configuration and change management standard: Supplier-defined controls
Configuration and change management approach: All changes and configuration management follow ITIL V4 standards.
Vulnerability management type: Supplier-defined controls
Vulnerability management approach: Potential vulnerabilities are identified via proactive, continual review and analysis. This combines Nowcomm's own vulnerability scans of systems and services with threat data from a variety of third party sources including but not limited to Cisco Talos, Cisco TAC, Microsoft, ATT Cybersecurity, Qualsys, Google and Symantec.
Identified vulnerabilities are reviewed on the basis of risk and impact.
Standard system patching for low risk and ongoing items is performed monthly.
High risk or high impact vulnerabilities may require high priority patching within 7 days.
Items identified as critical risk or critical impact may require emergency patching, e.g. within 24 hours.
Protective monitoring type: Undisclosed
Protective monitoring approach: All external facing services are subject to monthly vulnerability scans. Standard patching policy is monthly, with critical patching being performed sooner including within the day if deemed necessary to protect the customer as part of our 24/7/365 operations. Nowcomm obtain continual vulnerability information and alerts from many third parties including Cisco Talos, Cisco TAC, Microsoft and AT&T Cybersecurity. We use independent third party scanning engines to correlate all known CVE's, enabling our experts to establish impact for all managed assets scanned.
Incident management type: Supplier-defined controls
Incident management approach: Nowcomm operates both proactive and reactive response services. All service requests and incidents to Nowcomm are logged via the Nowcomm Network Operation Centre with a unique case reference number and tracked from triage through to resolution via our service desk platform. Customers are encouraged to report incidents via email or telephone.

Nowcomm operate a pre-approved process / change model for certain tasks. However, bespoke customer requirements can also be designed and implemented depending on the organisation’s needs.
Reports are provided via email in either HTML or PDF format. Major incident reports are provided within 48 hours of the incident resolution.

Secure development

Approach to secure software development best practice: Supplier-defined process

Public sector networks

Connection to public sector networks: No

Covid-19 recovery: Covid-19 recovery

With Nowcomm being in a high growth sector within the East Midlands, we have a policy on recruiting from the local area as part of the current government levelling up strategy. Employees have total flexibility with tools and resources to work remotely enabling social distancing and reducing unnecessary travel. Nowcomm are currently growing between 20 and 30% per annum. We also employ graduates and apprentices, along with providing opportunities for work experience for those thinking of retraining in the information technology and cyber security fields.
During pandemic situations the business was/can continue effective, due to our robust and resilient working environment. Emphasis was placed on employee wellbeing with access to mental health support, encouraging a clear work / life separation driving a healthy work life balance.
Nowcomm are also part of the Derby Bondholders group (a vibrant community of local companies and organisations), who strive to provide a supportive business network, celebrate achievements, and engage in the shaping of our place (Derby). From sole traders to the region’s largest firms, our Bondholder community is a vast and vibrant collection of what makes Derby great. More than a vibrant business club, Bondholders are engaged proactively in supporting each other and influencing Derby and Derbyshire to be a better place in which to live and work, and to visit.

Pricing

Price: £1,100 a unit
Discount for educational organisations: Yes
Free trial available: Yes
Description of free trial: A 14 day full feature trial is available. Trials are subject to availability and maybe for a limited number of users /devices only.

Features

Benefits

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Pricing

Service documents

Cookies on Digital Marketplace

nowSecure Respond

Features

Benefits

Pricing

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Social Value

Pricing

Service documents