Skip to main content

Help us improve the Digital Marketplace - send your feedback


Galaxkey Secure Workspace

Galaxkey Secure Workspace for secure file transfer, sharing and collaboration. Features
include: secure collaboration, file sharing, encryption, unlimited file size. All with
central management and complete white labelling capabilities. Encryption is CPA
Certified by the NCSC.


  • Pure end-to-end encryption technology
  • Encrypt emails directly from Microsoft Outlook iOS Android and Web
  • Secure Workspace for file sharing & collaboration
  • Revoke emails, and get notifications for emails
  • Companies can manage keys in-house, no passwords stored
  • Complete audit of access of emails and files
  • Geofence and classify emails to protect emails within your environment
  • White label platform as per corporate requirements
  • Built in policy engine to define policy based encryption
  • Digitally sign and encrypt sensitive documents


  • Protect emails and files end-to-end
  • Digitally sign and encrypt documents in simple to use process
  • Collaborate & Share documents & Files Securely
  • Comply with regulatory requirements like GDPR, HIPPA
  • Save costs on expensive multiple platforms to secure data
  • Use policy engine to help in data loss prevention
  • Get notified when someone opens an email or document
  • No overheads of key management
  • Transfer & collaborate on files with no limit on size
  • Control your own keys and your data


£30 a user a year

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 13

Service ID

7 7 8 6 9 1 5 6 3 7 0 2 5 1 2


Telephone: 02083721000

Service scope

Software add-on or extension
Cloud deployment model
  • Private cloud
  • Hybrid cloud
Service constraints
Galaxkey can be deployed in in-house (Hybrid). It requires a DMZ implementation of some services which provide web access to the secured emails.
System requirements
  • Galaxkey Clients:
  • Microsoft Outlook 2007/2010/2013/2016/2019
  • IOS
  • Android
  • Mac OSX
  • Web Client
  • Galaxkey Server (Hybrid):
  • Windows 2012

User support

Email or online ticketing support
Email or online ticketing
Support response times
Within 2 Hours
User can manage status and priority of support tickets
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Yes, at extra cost
Support levels
Standard: 12 x 5 Support Access, Training videos/ Getting Started webinars & Standard
Support SLA. Advance: Enterprise-grade Support Access (24x7), Priority phone
support, SLA, Training videos/ Getting Started webinars. Premium: Enterprise-grade
Support Access (24x7), Dedicated Support Line, Enterprise-grade Support SLA,
Named Customer Success Manager, Getting Started webinars, Monthly On-Site
Customer Success Meeting, Quarterly On-Site Business Review.
Support available to third parties

Onboarding and offboarding

Getting started
When a corporate company signs up with Galaxkey, our on-boarding team does a complete on-boarding process which includes
1. Online/Onsite Training for Administrator
2.Online/Onsite Training for End users
Service documentation
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
With Galaxkey all files and emails that are encrypted have an extension .gxk. This is the secure container file format. Once the contract is over, the customers can use the Galaxkey client to decrypt the files. There is a complete procedure to decrypt the data.
End-of-contract process
At the end of the contract, Galaxkey provides a document to the customer to decrypt all their files. There is no restriction on decrypting the files.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
Compatible operating systems
  • Android
  • IOS
  • MacOS
  • Windows
Designed for use on mobile devices
Differences between the mobile and desktop service
Galaxkey has native applications on the mobile platforms (iOS and Android). The desktop apps are on Windows and Mac. On Windows Galaxkey integrates with Microsoft Outlook and a desktop application is installed to provide File Encryption. On the mobile platform the app provides an email interface which interacts with the mobile email clients to send out secure emails. The apps also provide the ability to open secure files.
Service interface
User support accessibility
None or don’t know
What users can and can't do using the API
Galaxkey has an API to encrypt and decrypt any data. This API is provide via the SOAP protocol
API documentation
API documentation formats
API sandbox or test environment
Customisation available
Description of customisation
The following can be customised
1. Logo on the Web Portal
2. The Email wrappers that is sent with a secured email.
3. The out going SMTP Servers (Hybrid)
4. Classifications
5. Email templates

The customisation is provides to the customers via a Web Administrator Portal.

The Galaxkey Corporate Administrator or designated Service Account can customise the user interface.


Independence of resources
Galaxkey cloud service is based on the Amazon auto scale platform. So as the demand increased, the service is auto called.


Service usage metrics


Supplier type
Reseller (no extras)
Organisation whose services are being resold

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
Data sanitisation process
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
Using the Galaxkey client, the customers can export their data to un-encrypted files.
Data export formats
Other data export formats
In original file formats
Data import formats
Other data import formats
  • Galaxkey can encrypt and file format.
  • There is no restriction on file format and size.

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Other
Other protection within supplier network
Even with TLS, all the communication between our internal servers are encryted.

Availability and resilience

Guaranteed availability
Response Time for the Service
Priority Level - 1, First Response - 1 Hour, Subsequent Updates - 2 Hours
Priority Level - 2, First Response - 2 hours, Subsequent Updates - 8 hours
Priority Level - 3, First Response - 2 hours, Subsequent Updates - 48 hours
Priority Level - 4, First Response - 8 hours, Subsequent Updates - 48 hours

Service Level Commitment:
The Service will, subject to the exceptions listed below, be available at least 99.9% of the time during any full calendar month in Customer’s production environment (“Availability Commitment”). The Availability Commitments do not apply to sandbox, beta and other test environments.
The Availability Commitment of the Service for a given month will be calculated as follows (rounded to the nearest one tenth of one percent):
Availability % = 100% x (Total Minutes in the Month – Total Minutes Unavailable in the Month)
Total Minutes in the Month
The Service will be deemed to be unavailable only if the Service does not respond to HTTP requests, (“Unavailable”).
Approach to resilience
Available on request
Outage reporting
1. Email Alerts
2. Twitter

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
All administrative access is based on role based access control. This limits the access to management interfaces.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Cyber essentials
Cyber essentials plus
Other security certifications
Any other security certifications
CPA certified through NCSC

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
NCSC CPA Evaluation. Cyber Essentials
Information security policies and processes
A. Executive review and support of all security related policies.
b. Periodic (but no less than annual) risk assessments of all systems containing Customer Data (“Customer System”).
c. A formal and effective risk treatment program.
d. A formal and effective service provider management program.
e. Periodic review of security incidents, including effective determination of root cause and corrective action.
f. Quarterly internal audit to measure the effectiveness of controls.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
To streamline the Galaxkey change control request, we utilise a ticket system where every change control request is assigned a unique ticket number to track the progress and responses online. With the use of valid AD credentials, the ability to submit a ticket is presented along with the complete archives and history of all Change Control Requests for Administrators.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Under the Galaxkey SDLC, any actual, suspected or reported flaw, vulnerability, or security associated exposures are addressed as soon as they are discovered, suspected or reported.
Two-Phase Flaw identification Process:
During the SDL: In the first instance the flaw remediation is achieved by following the established processes. The developers and the testers are the key stakeholders at this stage.
In production: The Technical Team are responsible for maintaining products and services by ensuring that any reported flaws, vulnerabilities, or other technical issues or services may have are dealt with as a matter of priority as soon as they are reported.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Galaxkey has a comprehensive compromise monitoring system in place based on SEIM and live monitoring. Our response policy for potential compromise is based on the following high level approach.

In an event of compromise
1. The impact of the compromise is categories in either a. Availability b. Integrity c. Security.
2. Based on the impact either single or in combination we have three Business Continuity and Disaster Recovery plans which we execute.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Galaxkey has an online incident reporting system which a user can report to. The incident is recorded and reviewed. We are registered with the ICO and based on the impact of the incident, we have policies to report to the ICO in case of any data theft of loss occurs. In case the incident falls under any of the data security policies, we have policies to provide remedy within 24 hours.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks

Social Value

Fighting climate change

Fighting climate change

The use of Galaxkey solutions can have an instant impact on the environmental impact
and carbon footprint of users and organisations. Our solutions allow for secure transfer
and distribution of important documents and files remotely, therefore instantly
removing the need for postage, packaging and transportation. We have multiple
examples of organisations that have achieved significant environmental improvements
through use of our solutions, across both Local & Central Government, NHS and
Covid-19 recovery

Covid-19 recovery

During the pandemic, Galaxkey have worked to make licences available for free use to
schools to assist with the security aspects of remote learning schooling. We also
provide access to a free user licence for people to reply to a secure email or
communication that has been sent to them from a corporate user which has and does
enable business to keep moving where physical presence is prevented due to Covid-19.
Our solutions are in use across multiple public sector bodies including Local & Central
government, Education and the NHS.
Tackling economic inequality

Tackling economic inequality

Galaxkey is part of the government KickStart scheme and has provided ongoing
employment to young people via this route. The use of our technology also enables
people to securely communicate and exchange information from any location thereby
negating the need for travel costs, postage costs and other elements that have an
economic impact or barriers to communicate. We also support existing public sector
customers with free training and education of their staff in the use of the technology.
Equal opportunity

Equal opportunity

Galaxkey is an equal opportunities employer both in the UK and across the wider world


Galaxkey supports all its staff in encouraging good working practices and a healthy
worklife balance. Our CEO recently completed a coast to coast walk to highlight the
importance of staying healthy and exercising regularly. This was replicated in all the
different geographies of Galaxkey who all completed smaller versions of the walk to
raise awareness in their regions.


£30 a user a year
Discount for educational organisations
Free trial available
Description of free trial
All features are provided at a 14 days trial
Link to free trial

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.