INTEGRITY360 LIMITED

RSA IDPlus

ID Plus is part of the AI-powered RSA Unified Identity Platform. The platform combines automated identity intelligence, authentication, access, governance, and lifecycle into one cohesive solution, to protect the gaps and blind spots that result from combining multiple point solutions.

Features

• Multiple hosting options - on-prem(airgapped), Cloud or Hybrid
• Ture Hybrid failover - On-prem failsafe security
• MFA - Multiple authenticators including passwordless and phishing resistant
• SSO - For cloud and on-prem applications
• Contextual Access rules based on static and dynamic attributes
• RiskAI - Authentication challenges based on behavioural analytics
• Mobile Lock - Mobile threat detection to promote device confidence

Benefits

• Multiple hosting-options-Consistent user experience for on-prem to cloud-journey
• Ture Hybrid-failover-Enforcing-2FA should the cloud service become unavailable
• MFA-Increasing security and reduce user friction
• SSO - Ease of access when using multiple applications
• RiskAI - Reduction of authentication-challenges received by the user
• Mobile Lock-Removes the requirement for an MDM solution on device
• Contextual Access rules - Appropriate authentication challenges
• based on enduser context such as Location, device, Network, group

£25 a unit

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidreviewboard@integrity360.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

698502302626808

Contact

Paul Momirovski
+44 20 3397 3414
bidreviewboard@integrity360.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Hybrid cloud
• Service constraints: Hybrid environment required VMWare/Hyper-V Hypervisors or Physical Appliances to be configured
• System requirements: VMWare/Hyper-V Hypervisors or Physical Appliances to be configured

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Depends on package purchased
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: "Basic - 9x5; Enhanced - 24 x 7; Premium - 24x7 with stricter SLAs"
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Self guided User Portal with step by step instructions, Online Training available.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Support request
• End-of-contract process: Support request

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Cloud management Console & on-premise management console. Used to manage user and access policies
• Accessibility standards: None or don’t know
• Description of accessibility: Info here https://community.rsa.com/s/article/ACR-VPAT-for-RSA-Products
• Accessibility testing: Info here https://community.rsa.com/s/article/ACR-VPAT-for-RSA-Products
• API: Yes
• What users can and can't do using the API: "Cloud API permitted; * User Management; * Authentication requests; * Platform Administration"
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: "End User portals can be customised in appearance.; End User Authentication can be embedded in applications via REST API or SDKs"

Scaling

• Independence of resources: Separate instances

Analytics

• Service usage metrics: Yes
• Metrics types: Full Activity logs per Customer Tenant; Cloud: API; On-prem: Publish to syslog server
• Reporting types: API access

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: RSA

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Support request
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: "on-prem systems can have up to 15 replicas; Cloud service information is available on request"
• Approach to resilience: Public dashboard subscription : https://status.securid.com/
• Outage reporting: Public dashboard subscription : https://status.securid.com/

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Other
• Other user authentication: Users presented with customers configured challenge options
• Access restrictions in management interfaces and support channels: Management interface, customer configured policies
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Other
• Description of management access authentication: Management interface, customer configured MFA options

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: Yes
• CSA STAR accreditation date: 15/7/21
• CSA STAR certification level: Level 1: CSA STAR Self-Assessment
• What the CSA STAR doesn’t cover: N/A
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • https://www.rsa.com/secure/
  • SOC2 TypeII
  • FIPS 140-2/140-3
  • FedRAMP

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: https://www.rsa.com/secure/
• Information security policies and processes: https://www.rsa.com/secure/

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Available on request
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Available on request
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Available on request
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Available on request

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  RSA understands that aligning with a net-zero economy is inherently a multi-stakeholder endeavor and, in the interest of transparency and collaboration, the company is reporting its GHG emissions disclosures to the CDP network (formerly Carbon Disclosure Project).RSA’s 2022 greenhouse gas emission report can be viewed here https://www.rsa.com/greenhouse-gas-emissions-report/. RSA aims to become net zero-emission organization by 2040

  Tackling economic inequality

  RSA is committed to treating all workers with respect and dignity, ensuring safe working conditions and conducting environmentally responsible and ethical operations. We expect our suppliers to follow the same standard.

  Equal opportunity

  RSA promote equal opportunities and fair treatment for all team members, customers, business partners and other stakeholders.

  Wellbeing

  RSA offers employees a comprehensive benefits package, including Healthcare, Retirement and Employee Assistance Program to help support the health and well-being of employee and family.

Pricing

• Price: £25 a unit
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: 45 day trial of the RSA cloud service
• Link to free trial: https://www.rsa.com/contact/id-plus-free-trial/?utm_source=GoogleSearch&utm_medium=PaidSocial&utm_campaign=IDPlusTrial&utm_term=MFAFreeTrial&utm_content=Ad#trial-form

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidreviewboard@integrity360.com. Tell them what format you need. It will help if you say what assistive technology you use.