THEIMPACT.TEAM LIMITED

Axonius

The Axonius Platform is the system of record for all digital infrastructure to let IT and security teams understand all assets, their relationships, and business-level context. Customers are able to mitigate threats, navigate risk, decrease incident response time, automate action, and inform business-level strategy, all while eliminating manual, repetitive tasks.

Features

• Comprehensive Inventory of All Assets, Their Relationships and Dependencies
• Discover Coverage Gaps, Assess Vulnerabilities, and Prioritize Risk
• Automatically Validate and Enforce Policies, and Simplify Workflows Across Departments

Benefits

• Asset Discovery
• Endpoint, Cloud, Software, Policy Management
• Security Operations
• User Inventory
• Account Hygiene
• Zero Trust Reconciliation
• SaaS Security Posture Management
• SaaS Spend Optimization
• SaaS App Inventory
• Shadow SaaS

£16,250 a unit

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at edward@theimpact.team. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

871980865099337

Contact

Edward
07904044112
edward@theimpact.team

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
• Service constraints: No constraints
• System requirements: Internet Access

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Issue response time within hours during regular business hours. See the following link for complete SLA details: https://www.axonius.com/service-levels-technical-support
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 A
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: No
• Support levels: Axonius will provide remote support for the initial deployment, configuration, and integration of the platform in the customer environment or the transition of any POC deployment into a full production implementation. Axonius will provide an Account Management team throughout the subscription period.; ; Axonius leverages our ticketing platform for tracking and management of open issues, actions, custom questions and troubleshooting efforts, Axonius will leverage the existing tool sets, Axonius internal workflows and staff resources to meet the Axonius Software License Agreement SLA for Technical Support. See the following link for complete SLA details: https://www.axonius.com/service-levels-technical-support
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Training is included as part of the subscription as well as self-help modules (PPT and videos). Axonius also has a library of online training curricula for foundational knowledge. The documentation section of our online training curriculum includes numerous "how-to" videos. Please reference https://www.axonius.com/resources#training for an overview of training resources. Axonius will provide virtual training (via Zoom) as part of the Implementation Plan. Additional (remote) training will be available for new users based on regularly scheduled training held by Axonius' Technical Account Management (TAM) team and schedules for these trainings are available upon request. On-demand training can be scheduled with the TAM team as well to support customer-specific questions, concerns and/or additional support.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: For our standard policies and processes regarding Personal Data, including our role and obligations as a Data Processor and our commitments to GDPR and CCPA, please see our Data Processing Agreement:; https://www.axonius.com/data-processing-agreement
• End-of-contract process: Customers can ask to change the retention policy or to delete any data that is stored in the SSPM solution. All data will be deleted after contract termination. Specific requirements regarding data destruction verification can be handled during contract negotiations. Our commitments to these requirements are addressed in our Terms & Conditions at https://www.axonius.com/terms-conditions/

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: WCAG 2.1 A
• Description of service interface: Please review the Getting to Know the Axonius Interface documentation at https://docs.axonius.com/pl/docs/en/getting-to-know-the-axonius-interface?highlight=interface
• Accessibility standards: None or don’t know
• Description of accessibility: This is not applicable to the Axonius platform as our product is a web application with APIs and not a web service. The Axonius Platform is accessible through an HTTPS Web interface.
• Accessibility testing: Axonius platform follows WCAG 2.1 accessibility guidelines. Axonius tests for WCAG compliance as a part of our release and delivery process (CI/CD).
• API: Yes
• What users can and can't do using the API: An API is available for the Axonius platform as described in: https://docs.axonius.com/docs/api and https://docs.axonius.com/docs/adapters-list.
• API documentation: Yes
• API documentation formats: HTML
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Features like custom tags and fields help users customize the metadata for their cyber asset inventory. Also, as part of Premium Support, customers have a dedicated Technical Account Manager who is tasked with developing new use cases and escalating feature requests internally to support customers' new business requirements.

Scaling

• Independence of resources: Axonius is scaled appropriately as the organization and demand grows. Our intention is to provide world-class support, so we always ensure our teams are sized appropriately to provide exceptional service.

Analytics

• Service usage metrics: Yes
• Metrics types: Any tracking of system performance metrics is monitored through the Axonius platform dashboard. The Axonius platform user interface provides a dashboard outlining system performance. For Axonius-hosted customers, system performance is monitored and maintained proactively.
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Axonius Inc.

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: Less than once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Axonius is able to export data to many different destinations. The most common of which is a SIEM tool such as Splunk or QRadar, but it can also be exported to a CSV. Dashboards can be packaged into PDF reports that can be emailed out. These emailed reports can include the CSV data as an attachment if desired. All available data within Axonius is able to be exported. There is also a robust API available to help with other methods to get data out of Axonius.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • PDF
  • JSON
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • SQL
  • JSON

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: SLAs are defined here: https://www.axonius.com/service-levels-technical-support
• Approach to resilience: Axonius SaaS deployments are hosted in AWS data centers. For its SaaS products, Axonius relies on AWS data center controls as seen at https://d1.awsstatic.com/whitepapers/compliance/AWS_SOC3.pdf.; For our headquarters location, there is no data stored in our New York office since all information is processed in SaaS solutions and our employees primarily operate remotely. The office is secured in order to prevent theft of or damage to equipment and not to secure information processing separately from how remote workers secure information processing. We do, however, have physical and environmental controls in place for the office as validated by our current ISO 27001 Information Security Management System (ISMS) certification. Please visit the Axonius Trust Center https://trust.axonius.com for our ISO certificate.; For on-premise and private cloud deployments of the Axonius Platform, the customer determines the data center and infrastructure that houses their deployment and scoped data.
• Outage reporting: Axonius will use the Axonius website and social media presence in the case of disruptive events that require broadly-visible public communications to Axonius customers. In addition, Customer Support will decide when customers need to be notified individually concerning any issues that directly impact their deployment of the instance.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Other
• Other user authentication: The Axonius platform supports the use of SAML and LDAP authentication standards for Single Sign-On (SSO)as described here: https://docs.axonius.com/docs/identity-providers-settings; ; There is also an option for configuring mutual TLS, as described here: https://docs.axonius.com/docs/mutual-tls. This is an additional layer on top of standard authentication, for which we recommend setting up a SAML or LDAP-compliant provider as described here: https://docs.axonius.com/docs/identity-providers-settings.
• Access restrictions in management interfaces and support channels: Axonius security policies require separate accounts for development and production activities, and access is provided based on business needs and limited to least privilege. We apply role-based provisioning upon account creation, deprovisioning upon termination, and provisioning/deprovisioning upon change of role. In addition, we follow zero trust principles whenever practical for employee access, including SSO, MFA, and encrypted web sessions. For users with privileged access, we apply additional security controls, including hardware-based MFA devices and additional SSO restrictions.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Other
• Description of management access authentication: For the Axonius platform, the customer manages access within their instance as described at https://docs.axonius.com/docs/role-based-access-control-rbac-management; ; Axonius supports multiple enterprise password managers, as described here: https://docs.axonius.com/docs/managing-external-passwords?highlight=enterprise%20password"

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Professional auditing firm, Schellman.
• ISO/IEC 27001 accreditation date: 2018-06-12
• What the ISO/IEC 27001 doesn’t cover: Please visit the Axonius Trust Center https://trust.axonius.com for our ISO certificate, descriptions of our security program and controls, and other security documentation, some of which is only accessible with an executed NDA.; ; The scope of the ISO/IEC 27001:2013 certification is limited to the information security management system (ISMS) which includes the in-scope functions supporting the development, deployment, and maintenance of the Axonius in-scope products and services in accordance with the Statement of Applicability, version 1.5, dated June 6, 2023.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: HIPAA Security Rule and Breach Notification Rule

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: ISO-27001 Information Security Management System(ISMS) certificate and our sanitized Statement of Applicability(SoA); SOC-2, Type-II examination report in the Trust Services Criteria category of Security; HIPAA, Type-1 examination report where third-party audit firm attested that our controls conform to HIPAA Security Rule and Breach Notification Rule applicable to HIPAA business associates
• Information security policies and processes: As part of our ISO continual improvement program, we monitor and update our information security policies and procedures when needed to improve our information security management. Our information security policies and procedures are reviewed by our CISO, Senior Director of Security, and Director of Cybersecurity Assurance and updated at least annually and whenever a significant change occurs. In addition, the policies and procedures are reviewed by third-party assessors at least annually for our current ISO 27001 certification. The policies provide employees and other applicable parties with information on what they must adhere to while engaging in Axonius business activities. Axonius may access, review, monitor, and use (to the fullest extent permitted by applicable privacy and other laws) any data or information that employees, contractors, volunteers, and other parties directly or indirectly view, create, upload, download, and store using Axonius information systems.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Axonius has a formal Change Management Policy that provides direction for managing changes to Axonius systems and products, including planning, documenting, reviewing, testing, and receiving final approval before being released. As part of our formal Secure Development Lifecycle process, we work with our application security team to complete security reviews and vulnerability scanning. We segregate development and production environments and require peer review and approval by the team's senior leadership before changes are implemented into the production environment. Key Axonius personnel are allowed to both approve and implement a change when required for Axonius business operations; their activity is monitored.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Identifying and remediating risks is a part of our ongoing efforts to include security in our secure development processes. In addition, Axonius has a documented, formalized plan for incident response and reporting, maintained by our CISO and Security Team and reviewed at least annually. For SaaS deployments of the Axonius Platform and on-prem deployments where remote support is enabled, we patch the cloud environment for the customer's instance on a weekly basis and update the customer's system via our releases. We include security reviews in our Secure Development Lifecycle and conduct third party application penetration tests at least annually.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: For our SaaS products and for Axonius corporate resources, Axonius utilizes a modern EPP and EDR solution to protect its corporate endpoints. Axonius also utilizes industry best practices within cloud environments, including firewalls, intrusion detection, and central logging of all cloud environment activities. For on-prem and private cloud deployments of the Axonius platform, the customer is responsible for monitoring for malicious activity within their environment. We do not share our plans or policies with customers; however, more information about incident is available here: https://www.axonius.com/data-processing-addendum; https://www.axonius.com/security
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Axonius has a documented, formalized plan for incident response and reporting, maintained by our CISO and Security Team and reviewed at least annually. The plan details the steps we take to identify, evaluate, and address security incidents, including coordination with Axonius teams and third parties when needed.; We do not share our plans or policies with customers; however, more information about incident is available here:; https://www.axonius.com/data-processing-addendum; https://www.axonius.com/security

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  We stand for creating a future where our natural resources are still plentiful and our communities suffer less from the effects of climate change. As a responsible business, this means we must take into account our carbon footprint, consumption of resources and have clear actions supporting sustainable business practices.

  Covid-19 recovery

  Axonius has a geographically-distributed network that allows us to deliver our products to our customers nearly seamlessly in the event of a pandemic. We follow CDC guidance and meet national, state, and local requirements for in-person interaction and support teleworking for all employees when needed. In addition, Axonius has policies and procedures in place to provide direction for establishing secure teleworking environments and providing continuity of service.

  Tackling economic inequality

  Axonius stands for creating a future where our natural resources are still plentiful and our communities suffer less from the effects of climate change. As a responsible business, this means we must take into account our carbon footprint, consumption of resources and have clear actions supporting sustainable business practices. In lieu of holiday gifts for customers, we donated $50,000 to Friends of the Children, which provides mentorship and opportunity for kids who face multiple systematic challenges.; Our internal gifting platform highlights products run by women and Black owned businesses. We offer employees 2 days off to pursue volunteer opportunities of their choosing.; We celebrated our last round of funding by planting 5000 trees in collaboration with Evertreen.

  Equal opportunity

  We have structured interviews to ensure we take a consistent, fair approach to evaluating all candidates, and implemented behavioral interview training with a focus on unconscious bias and how to address it in an interview setting. Our Talent Acquisition team partners with our Employee Resource Groups (ERGs) to identify and attract talent from underrepresented backgrounds and identities. We regularly host events and do specific outreach aimed to attract candidates from underrepresented identities and to celebrate the diversity of our current employee population. We partner with a variety of non-profit organizations that focus on the development and education of talent with underrepresented identities and (e.g., Diana Initiative, Cyversity). We have 7 Employee Resource Groups (Black. Women, LGTBQ+, Mental Health, Hispanic/Latinx, Family, Veterans) who organize member and company events, including for things like Black History Month, Women’s History Month, and Pride. These groups help share awareness of resources, experiences and culture related to different identities. They also have the option to donate to relevant causes. We partner with WISE (Women in Sales Everywhere), an organization that supports professional development and networking for women in sales, including providing external mentorships for women at Axonius.; Juneteenth and Veterans Day are both company holidays.

  Wellbeing

  We stand for our employees’ health, which means providing access to healthcare options so they can decide what is best for them and their families. We stand for the safety of our employees and their families, which means providing relevant support and resources in times of violence, conflict or natural disaster in areas where our employees live and work. We stand for respect, and for creating an environment where everyone feels safe to be who they are, without fear and oppression. We believe our differences make us stronger. We will support efforts to combat discrimination, racism and hate.

Pricing

• Price: £16,250 a unit
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Prior to a POC engagement, a "Mutual Action Plan" document is outlined by Axonius and the customer. This document consists of use case, success criteria for the POC. New features are often deployed to customer environments during a proof of concept evaluation period.; ; Axonius also provides free 30-day self-service trials
• Link to free trial: https://www.axonius.com/free-trial

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at edward@theimpact.team. Tell them what format you need. It will help if you say what assistive technology you use.