Through Technology Limited

Email Security for the Public Sector

Email remains the most common vector for cyber attacks on public sector organisations. Through Technology are experts in email security, having worked with Ministry of Justice and DWP to secure 100's of domains to meet and exceed NCSC Guidance.

Features

• Expert email security implementation following NCSC Guidance
• Technical oversight of delivery partners
• Manage complexities: bulk email, sub-domains, multiple mail gateways
• Broad range of expertise covering all technical aspects implementation
• Hands-on migration and configuration expertise
• Security configuration for OFFICIAL, following NCSC Guidance and Principles
• DMARC Monitoring to prevent service failures during implementation
• Readiness assessment, planning and implementation of DMARC, DKIM and SPF

Benefits

• Accelerate deployment and optimise cost leveraging a proven experienced team
• Proven Experience from securing over 400 domains and 200,000 users
• Clear, authoritative, solution leadership, separate from vendors or delivery partners
• Produce realistic plans, based upon relevant end-to-end experience
• Minimise implementation risk through monitoring prior to implementation.
• Fully leverage the security features of your existing email service
• Establish permanent monitoring of your email security with NCSC Mailcheck

£300 a unit a day

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at enquiries@throughtechnology.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

931311582519960

Contact

Peter Hanney
+44 (0)7913334794
enquiries@throughtechnology.uk

Planning

• Planning service: Yes
• How the planning service works: We will work with you to understand even the most complex of environments. Identifying email domains, gateways, bulk mailing or device mailing requirements and produce a sound technical approach and plan to implement email security. We work with our own Agile methodology or can fit in with your wider project planning approach. This service has already been used by Ministry of Justice and Department of Work and Pensions to plan and undertake work to secure over 400 domains, used by over 200,000 users on time and to budget.
• Planning service works with specific services: Yes
• Hosting or software services the planning service works with:
  • Office 365, Microsoft Exchange, Exchange Online, Gmail and other platforms
  • NCSC Mailcheck, Phishing Reporting and Active Cyber Defence
  • DMARC, DKIM, SPF, TLS, MTA-STS, Malware Scanning
  • Application Bulk Email, Email from Print/scan devices, Bulk emailing services.
  • User education and empowerment
  • Microsoft Defender 365, Anti-phishing Policies, Message tracing, monitoring & alerting
  • Other email security solutions, e.g. Mimesweeper, Redsift etc.
  • DNS Security, including Registry Lock and wider DNS Security Assessment

Training

• Training service provided: Yes
• How the training service works: We will educate your internal teams in email security and provide comprehensive knowledge transfer and closure reports, ensuring that any new controls and processes that are implemented by our service can be properly managed by your internal team or incumbent supplier if an ongoing support service is not required.. We also deliver end user training material on email security and phishing, typically via simple video and email communications. We can run simulated phishing attacks but typically find this ineffective in driving user behaviour change compared to education and providing simple tools for reporting and empowerment.
• Training is tied to specific services: No

Setup and migration

• Setup or migration service available: Yes
• How the setup or migration service works: Under this service, Through Technology will implement or assist buyers in implementing appropriate security controls and processes for the receipt, management and transmission of email. Our team have already seamlessly implemented these changes across over 400 domains, for 200,000 users in complex email environments in the UK public sector.; ; We offer a wide spectrum of email security services, from initial assessment of your environment, to implementation of controls including (but not limited to): DMARC, DKIM, SPF, TLS, MTA-STS, Anti-phishing policies, automated Phishing reporting to NCSC, message tracing and analysis, bulk email system security, user education and training, user empowerment, Criminal Justice Secure Mail (CJSM), NCSC Mailcheck configuration, Message encryption, malware scanning, etc.; ; We offer a separate services for Cloud Email Migration and Consolidation under G-Cloud Lot 3.
• Setup or migration service is for specific cloud services: No

Quality assurance and performance testing

• Quality assurance and performance testing service: Yes
• How the quality assurance and performance testing works: We have had several G--Cloud contracts with Government departments purely to undertaken quality, delivery, solution and security assurance of their third-party suppliers. For email security work, we will also assure the configuration and processes of third-party suppliers and provide comprehensive reporting on their compliance with NCSC Guidance and Standards and industry best practice. We thoroughly test any email security controls that are implemented, mitigating the risk of any impact to your users or any citizen-facing services (such as application-generated bulk email). All of services are delivered following our own quality assurance processes and ISO27001 certified information security management system.

Security testing

• Security services: Yes
• Security services type:
  • Security strategy
  • Security risk management
  • Security design
  • Cyber security consultancy
  • Security testing
  • Security incident management
  • Security audit services
  • Other
• Other security services:
  • Email Security Discovery and Assessment
  • Email Security User Education and Empowerment
  • Reporting on compliance with government guidance and legislation.
• Certified security testers: Yes
• Security testing certifications:
  • CHECK
  • CREST

Ongoing support

• Ongoing support service: Yes
• Types of service supported:
  • Buyer hosting or software
  • Hosting or software provided by your organisation
  • Hosting or software provided by a third-party organisation
• How the support service works: This is a consultancy engagement to improve the security of your email services and therefore does not typically require ongoing support after our comprehensive handover. Throughout any engagement we will provide support and consultancy on a T&M or fixed price basis with all queries responded to within one business day. You will have an assigned Technical Account Manager and Cloud Service Architect to carry out the work and provide any after-care required. We offer user support services separately through our TT Cloud Services Support offering on G-Cloud lot 3.

Service scope

• Service constraints: None

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Service levels, Service Hours and Service management tooling would be driven by customer need and discussed in procurement or through pre-procurement clarification of our service offering.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AAA
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 AAA
• Web chat accessibility testing: We will typically use either Microsoft teams (which is certified to the above standard) or any tooling that the customer already has in place as part of the IT Service Management toolset.
• Support levels: Service levels, Service Hours and Service management tooling would be driven by customer need and discussed in procurement or through pre-procurement clarification of our service offering.

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: British Standards Institute (BSI) - BSI Certificate Number IS 743920
• ISO/IEC 27001 accreditation date: 13/10/2021
• What the ISO/IEC 27001 doesn’t cover: Nothing. It covers all elements of the services we offer on the G-Cloud Framework.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Social Value

• Fighting climate change:

  Fighting climate change

  Through Technology is a Carbon Negative Business and formally assessed and certified as such with the PAS2060 Carbon Neutral Plus standard. This means that our services are operated to remove more carbon dioxide from the atmosphere than our business has created or will create in future, already significantly exceeding HM Government's Net Zero targets. Our business was designed with a very carbon-efficient business model. Building on this foundation, we have a process of continual improvement. We annually calculate our carbon footprint using the reputable carbonfootprint.com service, identify further reductions in our environmental impact, then offset -double- the residual carbon footprint of our business through the same scheme reputable UK tree-planting scheme used to offset HM Government ministerial travel. Measuring our footprint every year, optimising it and offsetting double, scales with our business and automatically applies to every service we provide (through G-Cloud or elsewhere). Furthermore, because trees last for many years, our positive impact on carbon capture and storage will continue to grow greater and greater across the lifetime of our business. As a business, we are also focussed upon helping our customers achieve your outcomes. We consider environmental impact in the work we undertake as part of our services many of which involve carbon reduction through modernisation of systems and migration to the cloud. Fighting Climate Change is something we are passionate about. We are proud of the contribution we make as UK Small Business. It also shows our commitment to not only meet, but exceed government targets for fighting climate change and goals of Procurement Policy Notes PPN 06/20 (Social Value) and PPN 06/21 (Taking account of Carbon Reduction in major contracts). Further detail, including "Beyond Net Zero - The Through Technology Environmental Impact Plan" available upon request.
• Covid-19 recovery:

  Covid-19 recovery

  In Through Technology, we have a very strong focus on achieving value for the tax-payers money and on supporting the UK economy. We are a UK Small Business, paying all our taxes in the UK and operating in full compliance with UK Tax regulations. We are members of the TechUK industry body, volunteering time via our seat on their Justice and Emergency Services Committee to help to define and deliver best practice in work between the Digital & Technology industry and government. We are signatories to the UK Government Small Business Commissioner’s Prompt Payment Code. Meaning we commit to paying our supply chain within 30 days and have never yet failed to do so, even when we ourselves have faced delays in our payments. Our company principles include sharing knowledge and building capability with our customers’ internal teams. This can be seen in our “Insource Transition Support” service published on G-Cloud. Helping our customers insource and develop their internal teams will drive upskilling and job creation within our public sector customers. We have a defined standard business process to actively seek out opportunities for savings and cost avoidance for our customers in everything we do. This process has resulted in savings and cost avoidance of over £10M in the last 3 years, saving our customers more than we have cost them while we have also delivered all of our contracted scope. We have also created new jobs in our business during the Covid 19 pandemic and continue to collaborate effectively with our customers remotely through their choice of tooling and onsite following all current Covid guidance.
• Tackling economic inequality:

  Tackling economic inequality

  Through Technology are committed to fighting economic inequality. As a modern business without strong geographic ties, our hiring policy is to prioritise recruitment from areas of high social deprivation as identified in the Department for Levelling Up, Housing and Communities' English Indices of Deprivation). At present, 40% of our staff are from these areas and as our business grows, so will this percentage, ensuring that most of the tax-payer money spent on our services ends up in the local UK communities that need it the most. We are an equal opportunities employer that recognises and actively seeks out the benefits of diverse and inclusive teams to our business, to our customers and to wider society.
• Equal opportunity:

  Equal opportunity

  We are an equal opportunities employer that recognises and actively seeks out the benefits of diverse and inclusive teams to our business, to our customers and to wider society. This is built into our policies, procedures and contracts, and lived day to day. We have worked to remove any bias from our organisational processes, including subconscious bias where it may exist. An example is that the first stage of our recruitment process is anonymised, minimising the impact of any potential bias in CV and Application evaluation. We are signatories to the Armed Forces Covenant and seek proactively to recruit ex-forces personnel, overcoming some of their challenges in returning to civilian life. Our recruitment process for opportunities is intentionally designed to be accessible and open to all. Our teams working through G-Cloud are diverse and include people from different parts of the UK, age groups, ethnic origin, gender, disability and faith.
• Wellbeing:

  Wellbeing

  Through Technology’s defining characteristic is the quality of our people, so we take well-being very seriously and have a number of measures in place to support the well-being of our staff and people they work with. Despite our relative small size, we have a board member responsible for staff wellbeing and a number of policies and processes which we live every week to maintain it. Examples include: Providing private health cover for all employees, offering time out for voluntary work in our local communities (including current staff acting as school governors, volunteering careers guidance in schools, acting as community representatives and teaching practical philosophy/life skills), funding a qualified Mental Health First Aider within the business, fostering a culture that welcomes private or public discussion of mental health and well-being (including open discussion of our CEO’s personal experiences). We also care about the well-being of those we work with in our supply chain, our customers, and their third-party suppliers. If we identify any well-being or stress-related issues with colleagues outside our organisation, then we handle these sensitively through the appropriate process or channel.

Pricing

• Price: £300 a unit a day
• Discount for educational organisations: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at enquiries@throughtechnology.uk. Tell them what format you need. It will help if you say what assistive technology you use.