Skip to main content

Help us improve the Digital Marketplace - send your feedback

Ethical Services Group

'Platform' Infrastructure Security Dashboard and Automated Operational Toolkit

Infrastructure Security Dashboard and Automated Operational Toolkit. 'Platform' automatically connects and profiles any infrastructure and application environment regardless of the environment to deliver Audit, Discovery, Scheduling, Reporting, Governance and Operational functionality, OS, COTS patching, anti-virus and firmware security updates. Dashboard, APIs and reporting metrics are easily configured to meet need.

Features

  • Provides real-time assurance reporting of asset security status
  • Customised security policy compliance and assurance reporting
  • Performs security activity auditing
  • Patching, Scheduling, Reporting, Monitoring, Risk Identification in one product
  • Sensitive Asset Discovery
  • Drill down capability by asset highlighting patching levels and vulnerabilities
  • SSL Certificate monitoring, CARECERT and end of life alerts
  • Connectors for any environment or asset type
  • Export function for customisable monthly pack
  • Mobile Ready

Benefits

  • Platform Independent: Automates asset discovery regardless of the operating system
  • Compiles a complete CMDB for IT estate management
  • Business and IT can collaborate on asset project requirements
  • Supports MSPs and large companies in managing their portfolio
  • Supports end users in understanding how the service is performing
  • Raises the risk before it happens
  • Brand customization (white labelling) for resellers
  • Scalable for any asset management or any data reporting requirement

Pricing

£0.50 a unit a year

  • Education pricing available
  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at steve@esg.limited. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

8 5 1 8 9 0 0 7 4 8 5 0 7 6 8

Contact

Ethical Services Group Steve Loveridge
Telephone: 07779498617
Email: steve@esg.limited

Service scope

Service constraints
None although connectors will need to be assessed by us on an individual basis and will be provided where needed
System requirements
  • Connectors will need to be assessed
  • Avanti is required to be in place
  • Web browser

User support

Email or online ticketing support
Yes, at extra cost
Support response times
9 to 5 (UK time), Monday to Friday
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Yes, at an extra cost
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
We currently do not provide web chat. However, we are willing to do so should this be required
Web chat accessibility testing
None
Onsite support
Yes, at extra cost
Support levels
We provide a number of support services - these are customized to suit the client needs and budget. An account manager is assigned to all clients.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
We provide a number of implementation, support, training and managed services. Implementation is straight forward and flexible. Provide access to training tutorials. We can host a bespoke training package at a fixed price. Account Manager liaison. Help desk support.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
An extract of all data held will be made available to the client
End-of-contract process
Outstanding CCN costs where work is in progress or completed and not delivered Ongoing costs should the client require rolling non contractual software and services support

Using the service

Web browser interface
Yes
Using the web interface
Configure, run, monitor and report the services. No changes can be made to the server through the interface
Web interface accessibility standard
None or don’t know
How the web interface is accessible
Over secure https: via browser
Web interface accessibility testing
None
API
Yes
What users can and can't do using the API
Custom read-only APIs are available to allow integration with customers' data warehouses/line of business systems. We also offer our product integration with other customer and 3rd party applications
API automation tools
  • OpenStack
  • Other
Other API automation tools
  • Other API automation tools
  • Custom automation tools
API documentation
Yes
API documentation formats
  • HTML
  • ODF
  • PDF
Command line interface
No

Scaling

Scaling available
No
Independence of resources
We employ a change management process that validates change through a central governance function. From a performance perspective, the application is built as a node system which balances the load equally resulting in reduced impact
Usage notifications
No

Analytics

Infrastructure or application metrics
Yes
Metrics types
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
  • Other
Other metrics
  • Assets
  • Tailored to suit the user
  • Anti-Virus
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Yes
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Backup and recovery

Backup and recovery
No

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
99.9%
Approach to resilience
Load balancing nodes provide the structure for resilience combined with database clustering
Outage reporting
Maintenance page on the application browser

Identity and authentication

User authentication
  • 2-factor authentication
  • Username or password
  • Other
Other user authentication
Client specified
Access restrictions in management interfaces and support channels
Refer to service definition document
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Username or password
  • Other
Description of management access authentication
Client specified (if applicable)
Devices users manage the service through
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device on a government network (for example PSN)
  • Dedicated device over multiple services or networks
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
Yes
Other security certifications
Yes
Any other security certifications
  • IASME Gold
  • Cyber Essentials
  • Cyber Essentials Plus
  • Annual Penetration Test
  • ITQSB / A Quality Assurance

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
Other
Other security governance standards
IASME Gold Working towards ISO 27001
Information security policies and processes
Refer to service definition document

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Refer to service definition document
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Refer to service definition document
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Refer to service definition document
Incident management type
Supplier-defined controls
Incident management approach
Refer to service definition document

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
No

Energy efficiency

Energy-efficient datacentres
No

Social Value

Social Value

Social Value

Wellbeing

Wellbeing

Improve health and wellbeing

- Our services enhance the systematic offering from community and mental health services.

Pricing

Price
£0.50 a unit a year
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
Happy to discuss on an individual basis

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at steve@esg.limited. Tell them what format you need. It will help if you say what assistive technology you use.