Arrow Business Communications Limited

Barracuda Email Protection

Barracuda Email Protection provides organisations with comprehensive email security for Microsoft 365 applications; including OneDrive, SharePoint, and Exchange. The service leverages a multi-layered security approach, combining various Barracuda solutions into a bundle that protects against spear phishing, account takeover, business email compromise and more.

Features

• Gateway security against spam attacks
• Protects against zero-hour and targeted attacks
• Protects against socially engineered CEO Fraud and Account Takeover
• Ensures emails are accessible in event of a disaster
• Combats phishing attacks with email-security awareness computer-based training
• Protects critical data from leaving the business
• AES 256-bit encryption ensuring sensitive secure information is protected
• Protects Exchange, SharePoint, OneDrive for Business data backed-up to BarracudaCloudStorage.
• Granular retention policies with powerful search functionality
• Automated incident response remediation options quickly address attacks

Benefits

• Forensics & incident response
• Compliance & eDiscovery
• O365 Backup (OneDrive, Sharepoint, Exchange & MS Groups)
• Data encryption
• Data loss prevention
• Phishing simulation & training
• Email continuity
• Advanced threat protection
• Inbound & outbound email security

£7.66 a user a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@aro.tech. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

836143148252923

Contact

John Loftus
07545 929225
gcloud@aro.tech

Service scope

• Software add-on or extension: Yes
• What software services is the service an extension to: Microsoft 365
• Cloud deployment model: Public cloud
• Service constraints: -Per user license model
• System requirements: Some models require Office 365

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Our standard response time is four working hours Monday-Friday 9-5.30pm. We can supply bespoke SLA agreements.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: There is a web-chat icon available on our website
• Web chat accessibility testing: N/A
• Onsite support: Onsite support
• Support levels: On-site support is available upon request, but not often required for cloud services.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Barracuda Campus available on web browser for self-led service training. User documentation readily available through the Barracuda website and campus to address frequently asked questions. Onsite training available through Arrow in certain circumstances
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: Customers have the ability to extract data from the platform - Barracuda will securely remove customer data 30 days after contract end date.
• End-of-contract process: At the end of the subscription term the service will cease.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: There is no inherent functionality difference between the desktop and mobile interface
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Web GUI
• Accessibility standards: None or don’t know
• Description of accessibility: N/A
• Accessibility testing: N/A
• API: No
• Customisation available: Yes
• Description of customisation: Administrators can customise the service via the Web Interface. Per domain, unique rule sets, customisable notifications and reports.

Scaling

• Independence of resources: Our platform is built upon a scalable architecture under constant monitoring

Analytics

• Service usage metrics: Yes
• Metrics types: Metrics can be provided on subscription terms, licensed users, and protected mailboxes.
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: Barracuda

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: Less than once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Other
• Other data at rest protection approach: All customer data is encrypted at rest using AES-256 encryption
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Tools and support for data exporting provided at no extra cost
• Data export formats: Other
• Other data export formats:
  • EML
  • PST
• Data import formats: Other
• Other data import formats: N/A

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: https://assets.barracuda.com/assets/docs/dms/Barracuda_Essentials_for_Email_Security_Overview_2.pdf
• Approach to resilience: Barracuda has live replication with geo-redundancy in place in case of a disaster event.
• Outage reporting: All outages are notified via https://status.barracuda.com/ with ability to subscribe to relevant products and services for email notification.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Support staff are based within tiers and have been granted relevant access based on job role requirements.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: Less than 1 month
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: Less than 1 month
• How long system logs are stored for: Less than 1 month

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: DNV Business Assurance UK Limited
• ISO/IEC 27001 accreditation date: 01 December 2023
• What the ISO/IEC 27001 doesn’t cover: This certificate is valid for the following scope:; ; Provision of IT and Telecommunications Services (AV and Video Conferencing, Business Mobile, Cloud Telephony, Contact Centre, Cyber Security, Data Centre Services, Data services, IT, Software Development, Mobile Data) in accordance with the Statement of Applicability, version 1.0, plus Code of Practice ISO 27017:2015 on information security controls for cloud services and Code of Practice ISO 27018:2019 for protection of personally identifiable information (PII) in public clouds.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • AICPA
  • SPC 2 Type 2
  • NHS Data Security and Protection Toolkit. ODS Code: 8J121

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: SOC Type II
• Information security policies and processes: https://www.barracuda.com/support/Security

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: SOC 2 Type II
• Vulnerability management type: Undisclosed
• Vulnerability management approach: Undisclosed
• Protective monitoring type: Undisclosed
• Protective monitoring approach: Undisclosed
• Incident management type: Supplier-defined controls
• Incident management approach: Refer to the “Security Incident Notification” section of Barracuda’s cloud service terms located here: https://www.barracuda.com/company/legal/cloudserviceterms

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Wellbeing

  Wellbeing

  To help us drive wellbeing and engagement throughout Arrow, we have dedicated Wellness Champions at each of our key sites – these are voluntary roles and act as a central point of contact for advice and guidance around the mental health and wellbeing of our people. They also help to drive the promotion and organisation of various corporate social responsibility initiatives across Arrow further driving engagement. A dedicated Teams channel is used to communicate, share, and promote these activities. Each Champion has completed Mental Health First Aider training so that they are equipped with the necessary skills to fulfil this role. These courses run through MHFA England have also been attended by other members of the wider team. The engagement of our people is paramount at Arrow, and we track this closely, currently sitting at 89% this places us in the upper quartile of all benchmarked organisations. In addition to our 2 main annual surveys, we also track the wellbeing and resilience of our people as well as our eNPS score monthly to ensure we keep a close temperature check on how they are feeling. Our current eNPS score is 52% which places us in the top 25% of organisations in our industry.

Pricing

• Price: £7.66 a user a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: 14 day free trial available for the full-featured version of Email Protection
• Link to free trial: https://www.arrowcommunications.co.uk/contact-us/

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@aro.tech. Tell them what format you need. It will help if you say what assistive technology you use.