PQ SOLUTIONS LIMITED

Post-Quantum VPN

Post-Quantum VPN is a cloud deployed VPN Software as a Service which is quantum-safe and compliant with NCSC guidelines.
It uses a hybridised approach to accept different NIST/IETF ciphers for IKE/IPsec and SSL/TLS protocols, with Post-Quantum as the author of the original proposal to IETF, which is now being standardised.

Features

• Current cryptographic ciphers aligning to NCSC PRIME
• High degree of assurance (NCSC CPA & FIPS-140-2)
• Crypto-agility - Ability to integrate multiple post-quantum algorithms
• Multiple deployment options - site-site, remote-access, hub-spoke, spoke-spoke
• Multiple software clients (OS X, Linux, Windows, iOS and Android)
• Different protocols IKE/IPsec and SSL/TLS offerings
• (5Gb for servers and 1Gb for clients) software crypto
• Ultrafast offerings (>100Gb) hardware crypto
• Developed by world leading experts (IETF & NIST Authors)
• Developed using NCSC best practices

Benefits

• Assurance - Expert validation that network infrastructure is quantum-ready
• Assurance - Integrate future NCSC/NIST algorithms with hybridised adaptor
• Risk reduction - Assurance of long-term (future) security
• Risk reduction - Protects data today (mitigates data-harvesting attacks)
• Reduce downtime/business risk as optimisation tailored on customer enviroment
• Mitigate business risk using best of breed ciphers
• Reduce capital costs by leveraging Post-Quantum developed solution
• Reduce operational costs by leveraging our optimised service
• Flexible deployment to fit with customer specific requirements

£10 to £40 a user a month

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at jm@post-quantum.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

908640582790636

Contact

James Matthews
+44 (0)20 8106 6913
jm@post-quantum.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
• Service constraints: No
• System requirements: None

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Free for 48 hour response; Extra cost if buyer needs a rapid pre-agreed SLA response
• User can manage status and priority of support tickets: No
• Phone support: No
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: TBC
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Corporate onboarding service is available as described in our service documentation.; ; Online documentation will be provided.; ; Where required, bespoke training is available at extra cost.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: The data will be made available via a means agreed as part of our offboarding process.
• End-of-contract process: Once an end-of-service date is agreed, the service will be suspended for a month. In the case of an emergency, the service can be reinstated during this period.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Only constraint is for the device to allow the user to accept a third party VPN service
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: No
• Customisation available: Yes
• Description of customisation: For major government buyers, Post-Quantum is willing to discuss specific requirements if they relate to higher assurance, higher throughput and other security features.; The Company can also provide hybrid cloud and hardware installations with the entire deployment done via the cloud.; Post-Quantum will need to be involved in the software and hardware customisation whilst the buyer can appoint competent systems integrators to do the deployment.

Scaling

• Independence of resources: We utilise the highly scalable cloud technology where capacity can be expanded or contracted based on demand.; ; We also use state of the art deployment techniques and our staff have deployed the largest government Public Services Network (PNS) to date in the UK to over 5,000 sites with millions of users.

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: No data export is required for end-users. However, for the VPN gateway, the export of certificates and other credentials will be available upon request.
• Data export formats: Other
• Other data export formats: Not applicable
• Data import formats: Other
• Other data import formats: Not applicable

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: We guarantee the level of availability of 99.999%. Note that this exclude any downtime from any of the cloud providers used by us or chosen by the enterprise. Any hardware related repair and maintenance will be subject to separate SLAs.
• Approach to resilience: We host our service across multiple availability zones in order provide redundancy and load-balancing.
• Outage reporting: The customer will get an email alert should there be an outage.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
• Access restrictions in management interfaces and support channels: Access to management interfaces are restricted using the combination of user's credentials and IP whitelisting.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: Less than 1 month

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BM TRADA (UKAS)
• ISO/IEC 27001 accreditation date: 16/09/2019
• What the ISO/IEC 27001 doesn’t cover: All of PQ Solutions' operations are covered
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: PQ Solutions in its entirety, including all products, is certified to ISO/IEC 27001(2013). Internal and external auditing are carried out on a regular basis with external audits normally taking place twice annually. A member of the Senior Leadership Team has specific responsibility for security and reporting is carried out through the SLT to the CEO and board.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: We employ a system that logs all changes made to our source code and configuration. Any changes made will be subject to our rigorous QA testing before deployed in production environment.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: We employ an SIEM tool that allows us to security monitoring and alerting in real-time.; ; Our software is subject to regular penetration testing to ensure that any new vulnerabilities are addressed.; ; Our software and configuration is developed and deployed following the best practice of DevSecOps principles.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: We employ SIEM tool that will allows us to identify potential compromises and react to this according. The tool also allows us to proactively alert our customers.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: We follow the ITIL principles in our incident management process. Users can report an incident via email. Incident report is available upon request, at additional cost.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  Post-Quantum is committed to running the company according to the latest in ESG principles. We have internal processes to limit energy use, to work with suppliers that uphold ESG standards and to minimise the impact of our operations on the environment. These include working with the very latest cloud infrastructure services, offering the most efficient computing resources on the market, to limiting the impact of our employees through education – for example, explaining how we can limit physical travel, or to make sustainable travel choices by opting for rail for short journeys, or flying with an airline that operates a modern fleet.
• Covid-19 recovery:

  Covid-19 recovery

  Post-Quantum strives to improve workplace conditions in support of the COVID-19 recovery effort, delivering an effective complete remote working policy.

Pricing

• Price: £10 to £40 a user a month
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at jm@post-quantum.com. Tell them what format you need. It will help if you say what assistive technology you use.