Skip to main content

Help us improve the Digital Marketplace - send your feedback

QUADRIS LIMITED

Mimecast Comprehensive Defence Plan (Zone 1+2)

Mimecast helps companies protect their employees, intellectual property, customer data, and brand reputations by providing comprehensive, cloud-based security and compliance solutions that mitigate risk and reduce the cost and complexity of creating a cyber-resilient organisation

Features

  • Anti Virus
  • Anti Spam
  • URL Protection
  • Attachment Protection
  • Impersonation Protection
  • Internal Email Protect
  • Stationary (branding, signatures and disclaimers)
  • Data Leak Prevention Tools
  • Comprehensive awareness training with integrated phishing simulation and custom content

Benefits

  • Detection and protection against known cyber security threats.
  • Advanced threats launched from URLs, Attachments, and Impersonation.
  • Consistent stationary aligned to your business and organisation.
  • Data Loss Prevention to secure information across all email channels.
  • Protects inbound, outbound and internal email flow.
  • Engage end users and reduce the risk of human error.
  • Video training modules with real actors in a sitcom setting.
  • Easily accessible employee & company risk scoring.

Pricing

£63 a user a year

  • Education pricing available
  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@quadris.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

9 3 2 6 0 9 6 7 7 0 3 8 6 7 2

Contact

QUADRIS LIMITED Mark Charity
Telephone: 01615374980
Email: gcloud@quadris.co.uk

Service scope

Software add-on or extension
Yes
What software services is the service an extension to
Any application enabled compatible with SMTP routing.
Cloud deployment model
Private cloud
Service constraints
Comprehensive Defence Plan supports inbound and outbound mail flow along with internal mail flow. In addition Awareness Training is included.
System requirements
A corporate, SMTP-based email system.

User support

Email or online ticketing support
Yes, at extra cost
Support response times
This would be dependent on the Support Package chosen. Further details can be found within the "Mimecast Support Packages" documents attached
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
This would be dependent on the Support Package chosen. Further details can be found within the "Service Brief Customer Success Offerings" and the "Mimecast Service Levels and Support Description" documents attached
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Mimecast provides four implementation options; Core Connect (internet based wizard & Email support), Managed Connect (Wizard & Implementation assistance contactable by phone and email), Managed Implementation (Dedicated implementation engineer proactively driving your implementation), Advanced Implementatation (Proactive dedicated implementation engineer, advanced support, project documentation, optional Mimecast project manager).
Service documentation
Yes
Documentation formats
HTML
End-of-contract data extraction
Mimecast provides the ability to export Activity Logs for the lifetime the product was active. These logs come in CSV format. The Mimecast Account Assesment report also contains reporting, and is available for up to 2 years on a rolling basis.
End-of-contract process
All customer data is deleted from the Mimecast Cloud service.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
Yes
Compatible operating systems
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
  • Windows Phone
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
There are no feature differences between the mobile and desktop experience.
Service interface
Yes
User support accessibility
WCAG 2.1 AA or EN 301 549
Description of service interface
Single Web Based Administration console allowing access to all required controls and settings.
Accessibility standards
WCAG 2.1 AA or EN 301 549
Accessibility testing
This is provided by the third party vendor, Mimecast.
API
Yes
What users can and can't do using the API
Update polcies, users, block lists, integrate with 3rd party systems such as SIEM and SOAR. With Awareness Training the API allows user management.
API documentation
Yes
API documentation formats
HTML
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
Branding, various policies, settings, notifications, email signatures and disclaimers, authentication requirements options.

Scaling

Independence of resources
Mimecast’s cloud platform is capable of scaling horizontally as far as necessary. Today it handles more than one billion connections for service each day and delivers millions of "clean" messages. The system is scaled, with approximately 20% of capacity allowing for surge scenarios and simultaneous server outages. Mimecast can easily scale overall capacity by adding additional storage and processing resources to the relevant resource pools as required.

Analytics

Service usage metrics
Yes
Metrics types
Emails processed, rejected emails, and communication flows; for outbound, inbound and internal, as well as email bandwidth and rejected traffic; sent, rejected, and the data volumes being transmitted;
Reporting types
Real-time dashboards

Resellers

Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
Mimecast

Staff security

Staff security clearance
Conforms to BS7858:2019
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Physical access control, complying with CSA CCM v3.0
Data sanitisation process
Yes
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
Mimecast provides exgestion/extraction services along with the ability for administrators to export content directly from the Administration Console in pdf, csv or xls and Emails and attachments can be exported from the Archive in Zipped EML or PST formats.
Data export formats
CSV
Data import formats
Other
Other data import formats
No other formats

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Please see details at https://www.mimecast.com/globalassets/documents/termsandconditions/sla_and_support_terms.pdf

Email Delivery Credit Fee
<100% but >=99% 10%
<99% but >=98% 20%
<98% but >=97% 30%
<97% but >=96% 40%
<96% 50% and Customer may terminate the Agreement and receive a pro-rata refund of any unused pre-paid fees.
Approach to resilience
This information is available on request.

In brief, the platform is completely resilient with data replicated across diverse physical locations ensuring no single points of failure.
Outage reporting
Public Dashboard / Website announcements

Emails

Other communications including phone and text notification available as required.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
The management interface is granular in allowing access on a per user basis for predefined rights. Authorised users are allowed to log support queries.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Other
Description of management access authentication
Username and password. SMS, EMAIL or Authenticator application supplying the 2nd factor.

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
Certification Europe
ISO/IEC 27001 accreditation date
15/12/2021
What the ISO/IEC 27001 doesn’t cover
ISO covers the email security, continuity and archiving cloud services for the protection of personally identifiable information in the cloud and ISO 27001 is globally recognised as the best framework to demonstrate audited and continual improvement and on-going security management.

The ISO covers the platform in operation and support mechanisms.ne
ISO 28000:2007 certification
No
CSA STAR certification
Yes
CSA STAR accreditation date
25/3/2022
CSA STAR certification level
Level 2: CSA STAR Attestation
What the CSA STAR doesn’t cover
The full certification details can be found here: https://cloudsecurityalliance.org/star/registry/mimecast/
PCI certification
No
Cyber essentials
No
Cyber essentials plus
No
Other security certifications
Yes
Any other security certifications
  • SOC 2 Type I and Type II
  • ISO 27018
  • ISO 22301
  • Full details here: https://www.mimecast.com/company/mimecast-trust-center/

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
Mimecast CISO, Mark O'Hare (Melbourne Office), is responsible for information security and business resilience programs. Siobhan Curry leads our business resilience and led the ISO22301 certification. Please find our public facing Security Information Pack enclosed - further detail can be shared under NDA.

Quadris holds the following certifications that govern our security policies and processes: ISO27001, Cyber Essentials Plus, PCI DSS (self certified) and NHS Data Security and Protection Toolkit. Security incidents are monitored and reported in real time. Security is managed via weekly management and monthly board meetings.
Policy adherence is audited internally and externally via independent third party security specialists.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Stringent change control procures are in place to maintain operational and service level agreements. All changes are fully documented including roll back procedures.

Updates to the service follow a regular schedule and the impact is communicated to relevant parts of the business and customers. Changes to systems that could impact or compromise existing security and control procedures are subject to review by the Mimecast Information Security Team prior to acceptance.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Mimecast reviews vendor security bulletins and utilise the corporate SIEM system to log and identify any possible issues.

The severity of vulnerabilities are assessed on impact vs likelihood and risks are adjusted accordingly for manual analysis and system events. Critical vulnerabilities can be deployed globally throughout the Mimecast infrastructure within minutes.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
The entire platform is monitored 24 x 7 and system and network logs are entered into a centralised system. The monitoring platform provides mealtime information as well as automated alerting.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Mimecast has a formal Incident reporting process activated by monitoring and staff awareness.

User are able to log calls to activate an incident process.

Mimecast use a fully collaborative ticketing system allowing for the production of accurate incidents reports.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Social Value

Fighting climate change

Fighting climate change

Quadris has been a carbon neutral organization since the 1st of April 2020 and aims to be carbon zero by 2040. To achieve this target, we have implemented a Sustainable Development policy that commits Quadris to have a carbon reduction plan in place. As we work towards our 2040 zero carbon goal, we have from 1st April 2020 been carbon net zero (or carbon neutral) in our own operations. We’ve done this by investing in verified carbon reduction projects overseas to offset our own emissions. Our Carbon Net Zero plan is aligned to the PAS 2060 specification for detailing how to demonstrate carbon neutrality which is produced and published by the British Standards Institute (BSI).

Emissions are reported and recorded in accordance with the published reporting standard for Carbon Reduction Plans and the GHG Reporting Protocol corporate standard1 and uses the appropriate Government emission conversion factors for greenhouse gas company reporting. Scope 1 and Scope 2 emissions have been reported in accordance with SECR requirements, and the required subset of Scope 3 emissions have been reported in accordance with the published reporting standard for Carbon Reduction Plans and the Corporate Value Chain (Scope 3) Standard.

We set ongoing initiatives for reducing our carbon emissions each commitment period which runs in parallel to our financial year and reporting on these initiatives annually.

Our carbon reduction plans for each year are available here: https://quadris.co.uk/carbon-net-zero/
Covid-19 recovery

Covid-19 recovery

Quadris is committed to supporting local communities to recover from the impacts of COVID-19. At the heart of our social values and business planning is that we met and continue to meet and exceed, the ‘Good Work Plan’ recommendations (Taylor Review 2017) in advance of its publication and introduction into legislation in 2020. This includes the following COVID-19 recovery activities.

Recruitment & Employment:
Priority given to eligible unemployed applicants to join our workforce since 2020.
Agile working offered since 2020.
Above market median salaries, and a competitive value-add benefits package reviewed annually benchmarked against CIPD data .
Patterning with local Community Colleges and Universities to offer employment opportunities.
Apprenticeship partnering (Programme-led).

Health & Well-Being:
COVID education and risk assessment.
Access to free health supplements and fresh fruit.
Best practice line management in supporting health conditions through measures such as return to work meetings and alignment to CIPD & HSE best practices.
Provision for supporting Long-COVID through flexible and agile working options.
Rapid collaboration across the business to ensure employees children had access to laptops for education continuity during home schooling and beyond.

Workplace conditions:
Safe, open plan offices with safe working practices.
Home working options available, with full H&S risk assessment.
Workplace restructuring to new hybrid models of working.

Supporting Organisations & Business :
Free support provided to various UK NHS trusts during COVID to enable them to meet the changing demands and pressures faced in the HealthCare sector.
Launched our Managed Digital Workspace service offering enabling organisations to operate successful remote working practices.
Products and services sourced locally wherever possible, across a range of SME’s to invest back into our local economy’s recovery plan.
Fair payment terms.
Use of suppliers that are ethically like-minded.
Tackling economic inequality

Tackling economic inequality

Quadris is committed to working with people and businesses to create employment opportunities that stretch and challenge, resulting in high quality career development, positive social engagement, and a sense of value in the wider economy. In addition, we purposefully seek out and encourage local, small, diverse high-quality suppliers as part of our procurement approach, and treat our suppliers fairly through fair terms and conditions, and prompt payment practices. We pride ourselves on strong links with local college and university career hubs, offering opportunities for work in the IT sector that can help to kick start careers for the inexperienced. We work very closely with local training providers to source externally accredited courses, and engage with them for our Apprenticeship placements. We operate the following activities focused on tackling economic inequality:
Focus on local sourcing and attraction, with priority given to eligible unemployed applicants to join our workforce wherever possible, encouraging return to work applicants since 2020; partnering with local Community Colleges and Universities to offer employment opportunities; development of employment and skills through Personal & Professional Development planning; financial support for Industry recognised skills shortage technical and digital qualifications; financial advice for all employees joining; Apprenticeship partnering (Programme-led); work placements/work experience programmes; Diversity & Inclusion and all other policies aligned with Equality Act 2010 & EHRC; clear anti-harassment and anti-bullying policies underpin our workplace culture of inclusion; developing our relationship with BiTC (Business in the Community) in community-based volunteering opportunities; aligning with our staff social well-being.
Equal opportunity

Equal opportunity

Quadris is proud to be a diverse and representative organisation that challenges itself and its staff to do all it can to ensure that diversity and inclusion is embedded in our ways of thinking, and in our ways of working. Through recruitment, to the development and promotion of our people we encourage opportunity for all to shape the future of Quadris’ professional and specialist levels of expertise. We value different skill sets, perspectives, and backgrounds and this is reflected in our Core Values around teamwork, and knowledge and learning. We take pride in ensuring we can deliver the best possible outcomes to our customers through staff that feel empowered to be the best version of themselves and feel respected, valued and included which in turn, we believe, unlocks their true potential as individuals and our potential as an organisation. By continuously increasing the diversity of our teams we encourage a culture of empowerment, continuous learning, creativity, a sense of ownership and responsibility, wider thinking, and collaborative working. We achieve this position through: ensuring recruitment practices are inclusive with regard to socio-economic diversity, and accessible by supporting reasonable adjustment requirements; voluntarily collecting data on the backgrounds of those who apply to, and make up Quadris’ workforce; investment and commitment to apprentice upskilling into digital & technology-based careers, whilst also supporting functional skills achievements; addressing the gender imbalance in technology, by increasing our female headcount % of the workforce; increasing our ethnic minority representation; actively attracting female STEM Graduates into our business. All our operations must take place in accordance with policies we have for: Equality & Diversity Policy; Modern Slavery Policy.
Wellbeing

Wellbeing

Well-being is integrated into our organisation, and embedded in our culture, our leadership, and our people management. We pride ourselves on recognising we are a ‘people’ business and looking after our employees which is achieved through the following areas and activities.
Good Work: effective people management policies; clear job roles and key deliverables for each employee; externally accredited Employee Assistance Programme for all staff to support them with their health; personal, physical, mental and emotional, their relationships, their lifestyle and their financial well-being.
Health & Lifestyle: access to free health supplements and fresh fruit to improve health and relieve pressures on health services; encouraging physical fitness as well as mental fitness as part of our culture; social ‘activity based’ events for employees; commitment to Mental Health at work initiative.
Values//Principles: values based leadership and company vision; encourage openness, empowerment and autonomy through our leadership approach; company core-values that support trust, respect and encouragement across colleagues woven into the fabric of our business; Diversity & Inclusion and all other policies aligned with Equality Act 2010 & EHRC.
Collective/Social: ‘employee voice’ formal staff survey and reporting and action planning against this output into continuous improvement plans; social calendar of Quadris funded staff and family events.

Personal growth: Career Development Planning – mentoring, coaching, performance management, development plans, succession planning.
Financial
Financial advice for all employees joining us; life assurance provision;
Pay & Reward; Above market median salaries, and a competitive value-add benefits package reviewed annually and benchmarked against current market CIPD data; all salaries (excluding Apprentices) maintained above the voluntary National Living wage.

Pricing

Price
£63 a user a year
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
Mimecast provides a Proof Of Concept Account where a wide range of features can be tested.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@quadris.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.