ITHQ LTD

Fortinet FortiVM - Cloud-Native Network Firewall Service

Fortinet’s FortiGate-VM delivers robust security for cloud environments through a virtual appliance that can be deployed across multiple cloud platforms such as AWS, Azure, Google Cloud, and Oracle Cloud. It provides comprehensive protection by integrating next-generation firewall capabilities, including intrusion prevention, application control, antivirus, URL and DNS filtering, and sandboxing.

Features

• Cloud-native architecture: Optimised for public, private, and hybrid cloud.
• Real-time threat detection: Immediate identification and response to security threats.
• Scalable security measures: Easily adapts to changing infrastructure requirements.
• Centralised management dashboard: Manage security settings from a single interface.
• Compliance assurance: Meets regulatory requirements across multiple jurisdictions.
• Cost-effective operation: Reduces need for physical hardware and maintenance.
• Seamless integration with existing systems: Compatible with major cloud platforms.
• Multi-cloud support: Provides consistent security across various cloud services.
• Automated security policies: Simplifies deployment and reduces administrative overhead.
• Advanced encryption standards: Ensures data privacy and security during transmission.

Benefits

• Enhances network security, reducing risk of cyber breaches effectively.
• Streamlines security management, saving time and administrative effort.
• Facilitates regulatory compliance, simplifying audits and inspections.
• Lowers operational costs by minimising physical infrastructure requirements.
• Integrates easily with existing workflows, enhancing operational efficiency.
• Supports rapid scaling, accommodating growth without performance loss.
• Protects multi-cloud environments through consistent security policies.
• Accelerates digital transformation by securing cloud-based operations.
• Improves data security with robust encryption technologies.
• Simplifies multi-location access, ensuring seamless connectivity and protection.

£1,400 a unit

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidteam@ithq.pro. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

794567142604497

Contact

Dale Nursten
02039977979
bidteam@ithq.pro

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Hybrid cloud
• Service constraints: Requires stable internet connectivity for optimal performance and management.; Scheduled maintenance windows may lead to temporary service unavailability.; Support primarily tailored for modern operating systems and browsers.; Dependent on compatibility with existing cloud infrastructure specifications.; Performance may vary based on the specific cloud platform used.; Limited support for very old legacy systems and applications.; Real-time protection features require continuous data synchronization.; Geographic restrictions may apply due to data sovereignty laws.; Service adaptations might be necessary for highly customized environments.; Enhanced features may require additional subscriptions or upgrades.
• System requirements:
  • Compatible with major cloud platforms like AWS, Azure, Google Cloud.
  • Stable, high-speed internet connection essential for real-time functionalities.
  • Modern web browser required for accessing the management dashboard.
  • Adequate virtual machine configurations to handle advanced security operations.
  • CPU: Minimum of 4 vCPUs recommended.
  • Memory: At least 8 GB RAM.
  • Torage: Minimum 500 GB of disk space for optimal performance.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Vendor response times are dependent on support contracts.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: FortiCare Services; Basic Support:; ; Access to the support portal.; Software updates and upgrades.; Standard return material authorisation (RMA).; Enhanced Support:; ; All Basic Support features.; Extended hardware warranty.; Expedited RMA options.; Premium Support:; ; All Enhanced Support features.; 24/7 support access.; Advanced ticket handling.; Assigned technical account manager.; Health checks and ongoing optimisations.; Direct access to senior engineers.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: ITHQ will support the on-boarding of the solution with an agreed Scope of Works document customised to meet the customers' requirements.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Data export tools within the platform.
• End-of-contract process: At the end of the contract the customer will be offered the option of extending their subscription or ceasing to use the platform.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: Administrators can use API calls to a FortiGate to:; ; Retrieve, create, update, and delete configuration settings; Retrieve system logs and statistics; Perform basic administrative actions, such as a reboot or shut down through programming scripts.; Setting Up the Service Through the API; Create Instances: Users can launch service instances via API requests, configuring initial settings like firewall rules and security policies.; Configure Network Parameters: The API facilitates setting network parameters such as IP addresses, protocols, and overall system integration.; Limitations in Setup and Modifications Through the API; Access Controls: The API is governed by strict access controls, ensuring only authorised personnel can make changes.; Complex Setups: Some intricate configurations may not be possible via the API and might require direct system interactions.; Rate Limits: API requests are rate-limited; excessive calls can lead to temporary blocks, affecting responsiveness.; Compatibility Concerns: Effective API integration depends on compatibility with existing IT infrastructure, which may restrict functionality.
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: What Can Be Customised:; Firewall Rules and Security Policies: Tailor firewall settings specific to an organisation's requirements, controlling traffic based on parameters like IP addresses and protocols.; Security Settings: Adjust intrusion prevention, antivirus definitions, and malware detection to fit different security levels.; Network Configurations: Configure network settings such as IP segmentation, VPN setups, and port management.; Alerts and Notifications: Set up custom alerts for proactive threat management.; How to Customise:; User Interface (UI): Use a graphical web-based dashboard for straightforward adjustments.; APIs: Implement programmatic configurations for automation and system integration.; Command Line Interface (CLI): Employ CLI for detailed control over settings.; Who Can Customise:; IT Administrators: Manage most customisations, given their access rights and technical expertise.; Network Engineers: Handle network-specific customisations.; Security Specialists: Adjust security policies and settings.

Scaling

• Independence of resources: To guarantee that user demand does not affect others, we implement several strategies:; ; Resource Isolation: Using virtualisation and containerisation to isolate resources for each user, preventing overlap and interference.; ; Scalable Architecture: Our cloud infrastructure adjusts dynamically to handle usage spikes without impacting individual performance.; ; Load Balancing: Advanced load balancing distributes traffic evenly across servers, maintaining consistent service quality.; ; Traffic Management: We employ traffic shaping and prioritisation to efficiently manage bandwidth during peak times.; ; Performance Monitoring and Capacity Planning: Continuous monitoring and proactive capacity planning ensure sufficient resources are available to meet user demands, maintaining high service availability and performance.

Analytics

• Service usage metrics: Yes
• Metrics types: Fortinet provide comprehensive service usage metrics to assist users in optimising their service use. Metrics include:; ; Traffic Analysis: Throughput, session counts, and packet statistics.; Threat Intelligence Reports: Data on detected threats, malware types, and intrusion attempts.; System Performance: CPU usage, memory utilisation, and uptime.; Compliance Audits: Compliance tracking with regulatory standards and audit trails.; User Activity: Insights into user behaviour, bandwidth usage, and accessed domains.; Service Availability: Availability metrics and data on downtimes.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Fortinet

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Physical access control, complying with CSA CCM v3.0
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Users can export their data through a web-based management interface or APIs. Within the management dashboard, they select the data or logs for export, such as firewall logs, security reports, or configuration data, available in formats like CSV, JSON, or XML. Alternatively, APIs facilitate automated and regular exports, ideal for system integration or backups. These APIs allow for custom queries, enabling users to specify particular data sets, time ranges, or other criteria. This dual approach supports various analytical or record-keeping needs while ensuring data integration and archiving processes are streamlined and efficient.
• Data export formats:
  • CSV
  • Other
• Other data export formats: JSON, or XM
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Guaranteed Availability; 99.9% Uptime Commitment: Our SLA guarantees 99.9% uptime, ensuring dependable access to our services with minimal disruptions, supporting your critical operations consistently.; Service Level Agreements (SLAs); The SLA outlines precise availability benchmarks and our obligations to sustain continuous service operations. This includes proactive systems monitoring, scheduled maintenance adhering to industry best practices, and quick response protocols for incident management to uphold our uptime promise.; Compensation if Service Levels Are Not Met; Service Credits: If the service availability falls below our promised threshold, affected customers are eligible for service credits. This compensation is tiered based on the severity of the downtime:; For availability between 99.9% and 99.5%, a calculated credit is applied to the customer's account.; For availability under 99.5%, a greater credit is issued to acknowledge and mitigate the impact on the customer’s business.; Claim Process; Clients should report availability issues promptly via our support channels.; Applications for service credits should be filed according to the procedures set out in the SLA documentation.
• Approach to resilience: Fortinet prioritise resilience in our service design to ensure uninterrupted operations for our clients. Here is a breakdown of our resilience strategies:; ; Multi-Region Datacentre Architecture; Geographic Redundancy: Services are hosted in multiple datacentres across various geographic locations, enhancing physical security and ensuring redundancy for continuous service during regional disruptions.; High-Availability Systems; Failover Mechanisms: Automatic failover solutions are in place, redirecting traffic to secondary systems seamlessly if a primary system fails.; Load Balancing: Load balancers distribute traffic evenly across servers, preventing bottlenecks and enhancing service availability.; Disaster Recovery and Business Continuity; Regular Backups: Data is backed up regularly in secure locations, ready for rapid restoration.; Disaster Recovery Plans: We maintain and routinely test comprehensive disaster recovery protocols to ensure prompt and effective action in emergencies.; Security and Monitoring; Proactive Monitoring: Our infrastructure is monitored around the clock, facilitating rapid detection and resolution of potential issues.; Advanced Security Measures: We implement stringent security protocols, including physical security at datacentre locations and robust cyber defences.; Detailed and sensitive information about our datacentre setups and resilience specifics can be provided upon request, aligning with government cloud security guidelines on asset protection and resilience. This ensures both transparency and security in our service delivery.
• Outage reporting: Fortinet ensures transparency and timely communication during service outages. Here’s they report any outages to our customers:; Public Dashboard - We maintain a public dashboard that provides real-time updates on service status, including any current or past outages. This dashboard is accessible to all users and offers an immediate overview of the health of our services.; Programmatic Monitoring: For users who prefer automated monitoring, we provide access to an API that can be integrated with their own systems. This allows users to programmatically retrieve service status updates, including any disruptions or outages, directly within their own monitoring tools.; Email Alerts; Proactive Communication: In the event of an outage, registered users receive email alerts detailing the nature of the outage, the services impacted, expected resolution time, and any steps taken to address the issue. These alerts are sent out promptly to ensure that all affected users have the necessary information to plan accordingly.; These communication channels are designed to keep our users well-informed and prepared, minimising any potential impact. Each method ensures that users receive timely, accurate information in a manner that suits their needs, whether they prefer direct alerts, continuous dashboard monitoring, or integrating updates into their own system infrastructure.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Only authorised users or groups are able to access the management and support portals.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: QMS International Ltd
• ISO/IEC 27001 accreditation date: 15/03/2022
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: We are ISO27001 accredited and able to supply our Information Security Policies subject to a non-disclosure agreement being put in place with the receiving party.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Will be provided by ITHQ upon request.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Will be provided by ITHQ upon request.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Will be provided by ITHQ upon request.
• Incident management type: Supplier-defined controls
• Incident management approach: Will be provided by ITHQ upon request.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Tackling economic inequality
  • Equal opportunity

  Tackling economic inequality

  ITHQ runs a corporate social responsibility programme, Life In IT, in South East England. This initiative focuses on reconditioning tech devices, which are donated by businesses as they upgrade their infrastructure. By redistributing these devices to local non-profit organisations and schools, we prevent valuable technology from being wasted and facilitate access to digital education resources for underserved communities. This program not only extends the lifecycle of technology but also significantly reduces economic barriers to accessing necessary educational tools.

  Equal opportunity

  To specifically address equal opportunity, our Life In IT programme prioritises collaboration with schools that support students from diverse backgrounds, including low-income families, minorities, and those with disabilities. We provide customised technology solutions that cater to a wide range of learning needs and styles, thereby ensuring all students have the opportunity to succeed. By doing so, ITHQ is committed to creating a more inclusive educational environment where every student, regardless of their socioeconomic status or background, can benefit from equal access to high-quality digital education.

Pricing

• Price: £1,400 a unit
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidteam@ithq.pro. Tell them what format you need. It will help if you say what assistive technology you use.