SAPPHIRE TECHNOLOGIES LIMITED

Privileged Access Management PAM

PAM suite provides Privileged Access Management and Task Automation to protect your IT infrastructure, cloud services and critical assets. By separating users from privileged credentials we enforce a " least privilege" policy which controls, monitors and audits authorised employees and third-party access.

Features

• Protect and delegate Privileged Access with 1-click access
• Separate users automatically managed & rotated privileged credentials
• Delegate automated pre-packaged and custom privileged tasks
• Capture searchable audit including screen and keylogging on every device
• Real-time ability to remotely terminate active access sessions
• Privileged Behaviour analytics to report on common, unusual activity
• Out of box connections to over 150 target devices
• Integrated with ITSM platforms including Service Now
• Fine grained, role-based access & permissions via configurable policies
• Complete integration and support of multi-Active Directories

Benefits

• Protect critical infrastructure and devices from Cyber Attack
• Satisfy audit/compliance with control, recording of privileged access
• Delegate automated privileged tasks to reduce burden on IT Admins
• Rapid deployment and ease of use
• Control and audit vendor access to your IT systems
• Automatic credential injection eliminates need for users to know passwords
• Pre-built adapters for SIEM, Incident Response, ITSM and IAM Platforms
• Increase productivity of your IT Admins and Service Desk

£76 a device a year

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@sapphire.net. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

971796939491586

Contact

Katie Smith
0845 58 27001
info@sapphire.net

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Active Directory, Service Now & ITSM, Radius MFA, SIEM, IT Infrastructure Systems, & more.
• Cloud deployment model:
  • Private cloud
  • Hybrid cloud
• Service constraints: No Service Constraints
• System requirements: No System Requirements

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: "If we are unable to provide a solution at the time of the first notification, we will provide our first considered response and continually update the person who raised the support request (and/or the Customer) as per the following:; ; P1 - First Considered Response: 1 hour, Progress Update: 3 hours, Solution Delivery: 48 hours; P2 - First Considered Response: 3 hours, Progress Update: 8 hours, Solution Delivery: 72 hours; P3 - First Considered Response: 8 hours, Progress Update: 24 hours, Solution Delivery: 96 hours; P4 - First Considered Response: 24 hours, Progress Update: 24 hours, Solution Delivery: 120 hours"
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AAA
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Web chat
• Web chat support availability: 24 hours, 7 days a week
• Web chat support accessibility standard: WCAG 2.1 AAA
• Web chat accessibility testing: N/A
• Onsite support: Yes, at extra cost
• Support levels: "P1 – Mission Critical : Software or product fault preventing the Customer’s business from carrying out its normal operations.; P2 – Severe Disruption : Software or product fault causing operating problems for the Customer’s business and its normal activities.; P3 – Problematic : Software or product failing on a regular basis or problems occurring within specific functions or facilities.; P4 – Non Critical : Occasional software or product failures/problems that can be overcome without undue difficulty or disruption to the Customer’s business operations."
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Many pieces of documentation are available to get using the service including: Install and Setup Guides, Admin Guide, Template Guide and several tutorial videos on YouTube (search for Osirium). Instructor lead product training is also available.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: All data from PxM can be saved as CSV or PDF format exports.
• End-of-contract process: The Osirium PAM platform is provided as a subscription controlled by a time-stamped license key. Unless the susbcription is renewed the license key will expire and access to the system will no longer be possible..

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: HTML5 Browser based with no differentiation of access device
• Service interface: Yes
• User support accessibility: WCAG 2.1 AAA
• Description of service interface: A web based interface for configuration and administration of the Privileged Access Manage solution
• Accessibility standards: WCAG 2.1 AAA
• Accessibility testing: N/A
• API: Yes
• What users can and can't do using the API: "Osirium PAM has a full read only API to both configuration and vaulted credentials.; A full read/write API is on the roadmap"
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Osirium PAM support for devices is based on 'Device Knowledge Templates'. This is an open part of the configuration and allows customers to add any new devices to be supported by PAM beyond the out of the box 150+ templates.

Scaling

• Independence of resources: N/A - PRIVATE CLOUD - SINGLE TENANT

Analytics

• Service usage metrics: Yes
• Metrics types: "Many metrics are avilable including user stats, device stats, connection stats.; Account state information is also available."
• Reporting types:
  • API access
  • Real-time dashboards

Resellers

• Supplier type: Reseller (no extras)
• Organisation whose services are being resold: Osirium

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: All data from PAM can be saved as CSV or PDF format exports.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: The Osirium PAM platform is provided as a subscription and can be deployed in the customer's preferred Cloud platform which will determine the SLA.
• Approach to resilience: This information is available on request
• Outage reporting: The Osirium PAM platform is provided as a subscription and can be deployed in the customer's preferred Cloud platform which will determine the service outage response.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
• Access restrictions in management interfaces and support channels: Via Authentication options listed above
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: You control when users can access audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: No
• Security governance certified: No
• Security governance approach: This information is available on request
• Information security policies and processes: This information is available on request

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: We use a form of Agile / Git process whereby all code changes are committed in code forks, vulnerability scanned (including CVE checks of third party packages), peer reviewed against 14 different criteria, merged into master, fully end to end automatically tested, published and then released.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: This information is available on request
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: This information is available on request
• Incident management type: Supplier-defined controls
• Incident management approach: This information is available on request

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: Yes
• Connected networks: Other
• Other public sector networks: Customer's preferred Cloud vendor to connect to any network

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  We make sure that we recycle where we can and take appropriate modes of transport to get to clients. Our offices in Darlington and Glasgow are easily accessible by public transport meaning that many of our colleagues go to an office by these means. For other colleagues, we offer remote working, and colleagues are able to attend an office when they need. We are pricing our services to encourage customers to prefer remote access and remote working where possible. One of Sapphire staff is undertaking a part time PHD studying the carbon consequences of cyber crime and its mitigation which is inclusive of Sapphire customers and partners.

  Covid-19 recovery

  We have encouraged our staff back to office working especially in the SOC which runs 24*7 shift patterns. We have recently engaged in local communities by hiring space in local charity buildings for company meetings as in house face to face meetings. We have performed pro-bono work with charities to check their security status and help them move onwards from Covid in the face of increased cyber attacks on charities.

  Equal opportunity

  We have an Equal Opportunities policy which everyone in Sapphire adheres to. We are currently at 29% of females in our organisation, a number that has grown over the last few months. Our recruitment processes allow us to interview the best people for the roles we have available, and we insist on 50:50 short-lists for all roles. We value the views of others and see as a strength our openness to challenge. We employ military reservists and are supportive of their overseas deployment commitments on behalf of HM Government. Recently we have signed documentation to join the NCSC Cyber First scheme to help young people especially women and girls to join the ranks of cyber professionals. We also mentor young people who are keen to move into cyber at some stage in their career.

  Wellbeing

  We take the wellbeing of our colleagues seriously; we offer an Employee Assistance Programme, have health cover, a pension scheme and Life Cover. We also provide opportunities for colleagues to Give Back to local projects/schemes and they can use a day a year to do this.

Pricing

• Price: £76 a device a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@sapphire.net. Tell them what format you need. It will help if you say what assistive technology you use.