Brookcourt Solutions

Access Management - SecurEnvoy

Access Management tackles the task of overseeing user access across systems and applications. It empowers administrators to create conditional access policies, granting entry exclusively to users through suitable authentication methods. Elevate security with Multi-Factor Authentication (MFA) while simultaneously enhancing user ease Single Sign-On (SSO) and Passwordless authentication

Features

• Access Management
• Multi-Factor Authentication (MFA)
• Support for Mobile & Desktop App, SMS & Hardware Tokens
• Single Sign-On (SSO)
• Passwordless Authentication
• Conditional Access Policy Engine
• Digital Identity Merging
• Protection for Remote Desktop (RDP)
• Remote Access Safe Zones - supported by Advanced Location Awareness
• Full Customisation & Multi-Language Support

Benefits

• Access Management
• Multi-Factor Authentication (MFA)
• Support for Mobile & Desktop App, SMS & Hardware Tokens
• Single Sign-On (SSO)
• Passwordless Authentication
• Conditional Access Policy Engine
• Digital Identity Merging
• Protection for Remote Desktop (RDP)
• Remote Access Safe Zones - supported by Advanced Location Awareness
• Full Customisation & Multi-Language Support

£6 a user a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at contact@brookcourtsolutions.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

905149232088607

Contact

Phil Higgins
01737 886111
contact@brookcourtsolutions.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
• Service constraints: No noteworthy issues - Any scheduled maintenance is communicated in advance and usually has minimal impact on service.
• System requirements: The SecurEnvoy Agents require a windows server with .net framework

User support

• Email or online ticketing support: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Need a response
• Support available to third parties: No

Onboarding and offboarding

• Getting started: SecurEnvoy provides end users with a comprehensive array of options to kickstart their service journey. From streamlined quick start guides and detailed documentation to technical enablement sessions, organisations have the flexibility to choose the approach that best fits their needs. Whether opting for self-configuration of their tenant or preferring a vendor-led implementation, SecurEnvoy ensures a seamless and tailored onboarding experience. Quick start guides offer a swift entry point for those eager to get started, while comprehensive documentation serves as a valuable resource for in-depth understanding and troubleshooting. For organisations seeking more hands-on guidance, technical enablement sessions empower them to configure their tenant independently, fostering a sense of ownership and customisation. Alternatively, opting for a vendor-led implementation provides expert guidance and support every step of the way, ensuring a smooth transition and maximising the benefits of SecurEnvoy's solutions. With these diverse options, SecurEnvoy caters to the unique preferences and requirements of every organisation, setting them up for success in their security journey.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: We only keep authentication and log activity data. Log Activity data can be exported at ceassation of contract. All customer data is cleansed when they leave the service.
• End-of-contract process: We only keep authentication and log activity data. Log Activity data can be exported at ceassation of contract. All customer data is cleansed when they leave the service.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Users can have an MFA OTP Authenticator that runs on their mobile. The solution is not designed to be managed from a mobile device browser.
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Access Management administration console, accessible via a Web GUI secured with MFA, enables seamless platform setup and configuration. Users can synchronise user repositories, deploy users, and define access policies with ease.
• Accessibility standards: None or don’t know
• Description of accessibility: We support the built in accessibility options on supported devices.
• Accessibility testing: N/A
• API: No
• Customisation available: Yes
• Description of customisation: SecurEnvoy Access Management offers extensive customisation options to cater to diverse user preferences. Users can seamlessly switch between languages, including English (EN), German (DE), French (FR), and Spanish (ES), ensuring a user-friendly experience for global audiences. Additionally, the platform allows for the personalisation of web elements, enabling organisations to brand their interface with custom logos, colours, themes, and images. This not only enhances brand identity but also fosters a cohesive and immersive user experience, aligning the platform seamlessly with the organisation's visual identity and preference

Scaling

• Independence of resources: Cloud aligned resources with auto-scaling

Analytics

• Service usage metrics: Yes
• Metrics types: Users enrolled for Service; Users not enrolled by authenticator; Logins by authenticator; Logins by application; Not enrolled users
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: SecurEnvoy

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: From the Admin Console the customer can export log data.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: Private VPC's within the cloud environment

Availability and resilience

• Guaranteed availability: There are a number of options for authenticating users on the service, ranging for standard user name + password + OTP to Passwordless leveraging FIDO2
• Approach to resilience: Currently we use Azure cloud as our primary partner for the cloud infrastructure, the key points to achieve this are:; ; Availability Zones: Azure regions are divided into Availability Zones, which are physically separate data centers within a region, each with independent power, cooling, and networking infrastructure. Deploying resources across multiple Availability Zones enhances fault tolerance and ensures high availability by isolating workloads from single points of failure.; ; Fault Tolerance: services are designed to be fault-tolerant, meaning they can withstand hardware failures, network interruptions, and other infrastructure issues without impacting service availability. employing redundancy at various levels, such as data replication, load balancing, and automatic failover, to minimize the impact of failures on customer workloads.; ; Data Redundancy: DB Storage offers built-in data redundancy options, such as Geo-Redundant Storage (GRS) and Zone-Redundant Storage (ZRS), which replicate data across multiple data centers within a region or across different regions. This redundancy ensures data durability and availability even in the event of hardware failures or data center outages. This option is only enabled based on client requirement and government regulations; ; Backup and Disaster Recovery: providing robust backup and disaster recovery solutions, such as Backup, Site Recovery,
• Outage reporting: A public dashboard; Email Alerts

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Other
• Other user authentication: FIDO
• Access restrictions in management interfaces and support channels: Using the SecurEnvoy Conditional Access Policy, access can be restricting based on a number of siganls, including Group Membership, IP Address, Device, Time of Day etc.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Other
• Description of management access authentication: Using the SecurEnvoy Conditional Access Policy, access can be restricting based on a number of siganls, including Group Membership, IP Address, Device, Time of Day etc.

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: Between 1 month and 6 months
• Access to supplier activity audit information: Users receive audit information on a regular basis
• How long supplier audit data is stored for: Between 1 month and 6 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: Our approach is to align with the ISO27001 framework
• Information security policies and processes: We follow the ISO27001 framework and will be accredited later this year.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Change control tickets are meticulously logged via our CRM system and promptly assigned to designated team members, who carefully assess risk levels before deciding to approve or deny the requested change control
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Our vulnerability management process is comprehensive and robust, utilising a combination of state-of-the-art technologies and expert oversight. We employ a managed service provided by our trusted MSSP (Managed Security Service Provider), which utilises advanced solutions such as Deep Instinct and Tenable, supported by a Breach Discovery Alert system. This multifaceted approach ensures proactive identification, swift remediation, and continuous monitoring of vulnerabilities across our infrastructure, safeguarding our systems against potential threats.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Change control tickets are meticulously logged via our CRM system and promptly assigned to designated team members, who carefully assess risk levels before deciding to approve or deny the requested change control
• Incident management type: Supplier-defined controls
• Incident management approach: Our vulnerability management process is comprehensive and robust, utilising a combination of state-of-the-art technologies and expert oversight. We employ a managed service provided by our trusted MSSP (Managed Security Service Provider), which utilises advanced solutions such as Deep Instinct and Tenable, supported by a Breach Discovery Alert system. This multifaceted approach ensures proactive identification, swift remediation, and continuous monitoring of vulnerabilities across our infrastructure, safeguarding our systems against potential threats.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Fighting climate change

  Fighting climate change

  As part of the Shearwater Group of companies, we have a comprehensive list of ESG policies and we are 100% carbon offset

Pricing

• Price: £6 a user a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Full Version of the Service Limited for 100 users for 30 days
• Link to free trial: https://securenvoy.com/request-free-trial-am/

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at contact@brookcourtsolutions.com. Tell them what format you need. It will help if you say what assistive technology you use.