Mimecast

Service scope

Software add-on or extension: Yes, but can also be used as a standalone service
What software services is the service an extension to: Any application enabled compatible with SMTP routing.
Cloud deployment model: Private cloud
Service constraints: Please refer to Mimcaster Central for further information https://community.mimecast.com/s/ on constrains with specific product lines
System requirements: A corporate, SMTP-based email system including Microsoft365

Internet Access

User support

Email or online ticketing support: Yes, at extra cost
Support response times: We target our service desk with a One-Hour valid first response. Our first response is based on an engineer responding with an action and not an automated response. Our support team are targeted on a number of Key Performance Indicators. We are committed to providing buyers with the highest level of support possible. Examples of these is, Telephone pickup KPI which is within 10 seconds and consistently averages at 93%, well above our target of 85%. First Response to Tickets within One-hour SLA averages at 97%, which is above our target of 94%. These are reviewed on a quarterly basis.
User can manage status and priority of support tickets: Yes
Online ticketing support accessibility: None or don’t know
Phone support: Yes
Phone support availability: 24 hours, 7 days a week
Web chat support: No
Onsite support: Yes, at extra cost
Support levels: Redinet offer support to fit the needs of our clients. Standard Business Hours are, Monday to Friday, 8am to 6pm. We also provide support outside of these hours (up to 24/7) to fit the needs of all business and can be tailored as required. Our SLA for first response is 1-hour for a valid response from an engineer who has been assigned to the ticket. Support package costs can be discussed on a per customer basis dependant on required levels
Support available to third parties: Yes

Onboarding and offboarding

Getting started: As we are a Mimecast MSP we would be required to help to deploy the services to buyers and provide training on how to manage the system.
Service documentation: Yes
Documentation formats: HTML
End-of-contract data extraction: We can export activity logs for the product into .csv format for the buyers. We can also provide account assessment reports to show usage.

If the service being used is for email archiving then we would need to request an export of any data that resides in the Mimecast Archive. There is a cost associated to the export of data which is dependent on the size of data.
End-of-contract process: After the initial term which is a minimum of 12 months. We have to give 30 days notice prior to the end of the term and then the service is switched offer. Before this MX records will need to be redirected to the new service. If data needs exporting this will happen within agreed timescales.

All customer data will then be deleted from the Mimecast Cloud Service.

Using the service

Web browser interface: Yes
Supported browsers: Internet Explorer 11

Microsoft Edge

Firefox

Chrome

Safari
Application to install: Yes
Compatible operating systems: Android

IOS

Linux or Unix

MacOS

Windows

Windows Phone

Other
Designed for use on mobile devices: Yes
Differences between the mobile and desktop service: None
Service interface: Yes
User support accessibility: None or don’t know
Description of service interface: It is an online portal used for managing policies and products. It can also be used to trace emails, restore email to mailbox or send secure email.
Accessibility standards: None or don’t know
Description of accessibility: Single Web Based Administration console allowing access to all required controls and settings.
Accessibility testing: None
API: No
Customisation available: Yes
Description of customisation: Branding, various policies, settings, notifications, email signatures and disclaimers, authentication requirements options.

Scaling

Independence of resources: There are no resource performance issues due to other users using the service. Mimecast handle more than a billion connections to the service each day.
Mimecast are able to scale the systems as necessary to handle growing capacity.

Analytics

Service usage metrics: Yes
Metrics types: You can view details of emails blocked or rejected and why. Email tracking is available to see why emails have been blocked.
Reporting types: Real-time dashboards

Resellers

Supplier type: Reseller providing extra support
Organisation whose services are being resold: Mimecast

Staff security

Staff security clearance: Other security clearance
Government security clearance: None

Asset protection

Knowledge of data storage and processing locations: Yes
Data storage and processing locations: United Kingdom
User control over data storage and processing locations: Yes
Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency: At least every 6 months
Penetration testing approach: Another external penetration testing organisation
Protecting data at rest: Physical access control, complying with CSA CCM v3.0
Data sanitisation process: Yes
Data sanitisation type: Explicit overwriting of storage before reallocation
Equipment disposal approach: A third-party destruction service

Data importing and exporting

Data export approach: We can supply activity data via CSV or PDF for usage of the systems.

If data resides within the archives we would need to request data exportation from Mimecast and it would go in as a project to be completed. This is chargeable to the customer and this is detailed in the pricing sheet.
Data export formats: CSV

Other
Other data export formats: .pst
Data import formats: Other
Other data import formats: .pst

Data-in-transit protection

Data protection between buyer and supplier networks: TLS (version 1.2 or above)
Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability: The SLA is with the Vendor of the product and can be found here: https://assets.mimecast.com/api/public/content/ee26e8901c394925b931ad93969048b7?v=ae5a52ef
Approach to resilience: Services are spread across multiple datacentres to ensure resilience.
Outage reporting: Public Dashboard / Website announcements, Emails, Other communications including phone and text notification available as required.

Identity and authentication

User authentication needed: Yes
User authentication: 2-factor authentication

Public key authentication (including by TLS client certificate)

Identity federation with existing provider (for example Google Apps)

Username or password
Access restrictions in management interfaces and support channels: The management interface is granular in allowing access on a per user basis for predefined rights. Authorised users are allowed to log support queries.
Access restriction testing frequency: At least every 6 months
Management access authentication: 2-factor authentication

Username or password

Audit information for users

Access to user activity audit information: Users have access to real-time audit information
How long user audit data is stored for: At least 12 months
Access to supplier activity audit information: Users have access to real-time audit information
How long supplier audit data is stored for: At least 12 months
How long system logs are stored for: At least 12 months

Standards and certifications

ISO/IEC 27001 certification: Yes
Who accredited the ISO/IEC 27001: BSI Assurance UK Limited
ISO/IEC 27001 accreditation date: 27/01/2023
What the ISO/IEC 27001 doesn’t cover: We made the decision to cover everything we do under our certificate. We don't cover other businesses with our accreditation.
ISO 28000:2007 certification: No
CSA STAR certification: No
PCI certification: No
Cyber essentials: Yes
Cyber essentials plus: Yes
Other security certifications: No

Security governance

Named board-level person responsible for service security: Yes
Security governance certified: Yes
Security governance standards: ISO/IEC 27001
Information security policies and processes: We have an Information Security Group that is responsible for running our ISO27001 accreditation.

Operational security

Configuration and change management standard: Supplier-defined controls
Configuration and change management approach: Formal change management process. If changes are requested to the infrastructure these would go through the project team to make sure that changes are thought about to avoid risk.
Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach: We suggest using third party vulnerability cloud services to detect out of date software or end of life software. If a support contract is in place we would carry out patching within 14 days or a patch being released.
Protective monitoring type: Supplier-defined controls
Protective monitoring approach: We have MDR & threat hunting services but these are a separate service. We respond within an hour to isolate and mitigate.
Incident management type: Supplier-defined controls
Incident management approach: If there is a support contract in place with us users would be able to respond to incidents via our service desk and have incident management processes as part of our ISO27001 accreditation.

Secure development

Approach to secure software development best practice: Supplier-defined process

Public sector networks

Connection to public sector networks: No

Social Value

Fighting climate change
Covid-19 recovery
Tackling economic inequality
Equal opportunity
Wellbeing

Fighting climate change

As a business we have an environmental policy in place.

Covid-19 recovery

We have always been flexible with staff with working from home and since the Covid-19 pandemic we have increased the opportunity for flexible working. We give staff the freedom to ensure they can work from home as and when required.

We support local business with sponsorships to help the community around us.

Tackling economic inequality

We have run apprentice programs for students doing IT and Security courses at College. We also have continual improvement programs to continue to upskill internal staff with our strategic Vendor partnerships.

Equal opportunity

At Redinet we have an inclusion policy to ensure that we give as many people the right opportunity as possible.

Wellbeing

We regularly run charitable events and team building in conjunction with mental health initiatives. We have employee healthcare services in place that incorporates mental health and wellbeing services to be used.

Pricing

Price: £0.31 to £1,722.35 a unit a month
Discount for educational organisations: No
Free trial available: Yes
Description of free trial: We do for Mimecast offer a Cloud Integrated product that allows us to bolt the email security services onto the Microsoft365 email system which allows us to create a 30 day report to show what could have been captured by Mimecast.

Features

Benefits

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Pricing

Service documents

Cookies on Digital Marketplace

Mimecast

Features

Benefits

Pricing

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Social Value

Pricing

Service documents