INTEGRITY360 LIMITED

Galaxkey Secure Workspace

Galaxkey Secure Workspace for secure file transfer, sharing and collaboration. Features
include: secure collaboration, file sharing, encryption, unlimited file size. All with
central management and complete white labelling capabilities. Encryption is CPA
Certified by the NCSC.

Features

• Pure end-to-end encryption technology
• Encrypt emails directly from Microsoft Outlook iOS Android and Web
• Secure Workspace for file sharing & collaboration
• Revoke emails, and get notifications for emails
• Companies can manage keys in-house, no passwords stored
• Complete audit of access of emails and files
• Geofence and classify emails to protect emails within your environment
• White label platform as per corporate requirements
• Built in policy engine to define policy based encryption
• Digitally sign and encrypt sensitive documents

Benefits

• Protect emails and files end-to-end
• Digitally sign and encrypt documents in simple to use process
• Collaborate & Share documents & Files Securely
• Comply with regulatory requirements like GDPR, HIPPA
• Save costs on expensive multiple platforms to secure data
• Use policy engine to help in data loss prevention
• Get notified when someone opens an email or document
• No overheads of key management
• Transfer & collaborate on files with no limit on size
• Control your own keys and your data

£30 a user a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidreviewboard@integrity360.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

778691563702512

Contact

Davide Poli
02083721000
bidreviewboard@integrity360.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Private cloud
  • Hybrid cloud
• Service constraints: Galaxkey can be deployed in in-house (Hybrid). It requires a DMZ implementation of some services which provide web access to the secured emails.
• System requirements:
  • Galaxkey Clients:
  • Microsoft Outlook 2007/2010/2013/2016/2019
  • IOS
  • Android
  • Mac OSX
  • Web Client
  • Galaxkey Server (Hybrid):
  • Windows 2012

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Within 2 Hours
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Standard: 12 x 5 Support Access, Training videos/ Getting Started webinars & Standard; Support SLA. Advance: Enterprise-grade Support Access (24x7), Priority phone; support, SLA, Training videos/ Getting Started webinars. Premium: Enterprise-grade; Support Access (24x7), Dedicated Support Line, Enterprise-grade Support SLA,; Named Customer Success Manager, Getting Started webinars, Monthly On-Site; Customer Success Meeting, Quarterly On-Site Business Review.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: When a corporate company signs up with Galaxkey, our on-boarding team does a complete on-boarding process which includes; 1. Online/Onsite Training for Administrator; 2.Online/Onsite Training for End users
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: With Galaxkey all files and emails that are encrypted have an extension .gxk. This is the secure container file format. Once the contract is over, the customers can use the Galaxkey client to decrypt the files. There is a complete procedure to decrypt the data.
• End-of-contract process: At the end of the contract, Galaxkey provides a document to the customer to decrypt all their files. There is no restriction on decrypting the files.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • MacOS
  • Windows
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Galaxkey has native applications on the mobile platforms (iOS and Android). The desktop apps are on Windows and Mac. On Windows Galaxkey integrates with Microsoft Outlook and a desktop application is installed to provide File Encryption. On the mobile platform the app provides an email interface which interacts with the mobile email clients to send out secure emails. The apps also provide the ability to open secure files.
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: Galaxkey has an API to encrypt and decrypt any data. This API is provide via the SOAP protocol
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: The following can be customised; 1. Logo on the Web Portal; 2. The Email wrappers that is sent with a secured email.; 3. The out going SMTP Servers (Hybrid); 4. Classifications; 5. Email templates; ; The customisation is provides to the customers via a Web Administrator Portal.; ; The Galaxkey Corporate Administrator or designated Service Account can customise the user interface.

Scaling

• Independence of resources: Galaxkey cloud service is based on the Amazon auto scale platform. So as the demand increased, the service is auto called.

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Reseller (no extras)
• Organisation whose services are being resold: Galaxkey

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Using the Galaxkey client, the customers can export their data to un-encrypted files.
• Data export formats: Other
• Other data export formats: In original file formats
• Data import formats: Other
• Other data import formats:
  • Galaxkey can encrypt and file format.
  • There is no restriction on file format and size.

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: Even with TLS, all the communication between our internal servers are encryted.

Availability and resilience

• Guaranteed availability: Response Time for the Service; Priority Level - 1, First Response - 1 Hour, Subsequent Updates - 2 Hours; Priority Level - 2, First Response - 2 hours, Subsequent Updates - 8 hours; Priority Level - 3, First Response - 2 hours, Subsequent Updates - 48 hours; Priority Level - 4, First Response - 8 hours, Subsequent Updates - 48 hours; ; Service Level Commitment:; The Service will, subject to the exceptions listed below, be available at least 99.9% of the time during any full calendar month in Customer’s production environment (“Availability Commitment”). The Availability Commitments do not apply to sandbox, beta and other test environments.; The Availability Commitment of the Service for a given month will be calculated as follows (rounded to the nearest one tenth of one percent):; Availability % = 100% x (Total Minutes in the Month – Total Minutes Unavailable in the Month); Total Minutes in the Month; The Service will be deemed to be unavailable only if the Service does not respond to HTTP requests, (“Unavailable”).
• Approach to resilience: Available on request
• Outage reporting: 1. Email Alerts; 2. Twitter

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: All administrative access is based on role based access control. This limits the access to management interfaces.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Irqs
• ISO/IEC 27001 accreditation date: 21/12/2021
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: CPA certified through NCSC

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: NCSC CPA Evaluation. Cyber Essentials
• Information security policies and processes: A. Executive review and support of all security related policies.; b. Periodic (but no less than annual) risk assessments of all systems containing Customer Data (“Customer System”).; c. A formal and effective risk treatment program.; d. A formal and effective service provider management program.; e. Periodic review of security incidents, including effective determination of root cause and corrective action.; f. Quarterly internal audit to measure the effectiveness of controls.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: To streamline the Galaxkey change control request, we utilise a ticket system where every change control request is assigned a unique ticket number to track the progress and responses online. With the use of valid AD credentials, the ability to submit a ticket is presented along with the complete archives and history of all Change Control Requests for Administrators.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Under the Galaxkey SDLC, any actual, suspected or reported flaw, vulnerability, or security associated exposures are addressed as soon as they are discovered, suspected or reported.; Two-Phase Flaw identification Process:; During the SDL: In the first instance the flaw remediation is achieved by following the established processes. The developers and the testers are the key stakeholders at this stage.; In production: The Technical Team are responsible for maintaining products and services by ensuring that any reported flaws, vulnerabilities, or other technical issues or services may have are dealt with as a matter of priority as soon as they are reported.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Galaxkey has a comprehensive compromise monitoring system in place based on SEIM and live monitoring. Our response policy for potential compromise is based on the following high level approach.; ; In an event of compromise; 1. The impact of the compromise is categories in either a. Availability b. Integrity c. Security.; 2. Based on the impact either single or in combination we have three Business Continuity and Disaster Recovery plans which we execute.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Galaxkey has an online incident reporting system which a user can report to. The incident is recorded and reviewed. We are registered with the ICO and based on the impact of the incident, we have policies to report to the ICO in case of any data theft of loss occurs. In case the incident falls under any of the data security policies, we have policies to provide remedy within 24 hours.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  The use of Galaxkey solutions can have an instant impact on the environmental impact; and carbon footprint of users and organisations. Our solutions allow for secure transfer; and distribution of important documents and files remotely, therefore instantly; removing the need for postage, packaging and transportation. We have multiple; examples of organisations that have achieved significant environmental improvements; through use of our solutions, across both Local & Central Government, NHS and; Education.
• Covid-19 recovery:

  Covid-19 recovery

  During the pandemic, Galaxkey have worked to make licences available for free use to; schools to assist with the security aspects of remote learning schooling. We also; provide access to a free user licence for people to reply to a secure email or; communication that has been sent to them from a corporate user which has and does; enable business to keep moving where physical presence is prevented due to Covid-19.; Our solutions are in use across multiple public sector bodies including Local & Central; government, Education and the NHS.
• Tackling economic inequality:

  Tackling economic inequality

  Galaxkey is part of the government KickStart scheme and has provided ongoing; employment to young people via this route. The use of our technology also enables; people to securely communicate and exchange information from any location thereby; negating the need for travel costs, postage costs and other elements that have an; economic impact or barriers to communicate. We also support existing public sector; customers with free training and education of their staff in the use of the technology.
• Equal opportunity:

  Equal opportunity

  Galaxkey is an equal opportunities employer both in the UK and across the wider world
• Wellbeing:

  Wellbeing

  Galaxkey supports all its staff in encouraging good working practices and a healthy; worklife balance. Our CEO recently completed a coast to coast walk to highlight the; importance of staying healthy and exercising regularly. This was replicated in all the; different geographies of Galaxkey who all completed smaller versions of the walk to; raise awareness in their regions.

Pricing

• Price: £30 a user a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: All features are provided at a 14 days trial
• Link to free trial: https://www.galaxkey.com/lets-get-started/

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidreviewboard@integrity360.com. Tell them what format you need. It will help if you say what assistive technology you use.