CYBERIAM HOLDINGS LIMITED

ServiceIAM - Managed Identity Service Platform (MISP)

CyberIAM's MISP is a Managed Identity Service Platform, offering a set of services tailored to the size and needs of your environment; providing implementation of privileged and identity and access management (IAM and PAM) solutions to protect your identities as well as the management of the software after implementation.

Features

• Single pane of glass
• Add-ons availible
• Clear view of your identity landscapes
• Flexible services packaging
• Multi identity products

Benefits

• Suitable for greenfield and existing customers' cybersecurity requirements.
• Cost-effective
• Change tiers at any time
• Industry experts on hand
• Instant implementation
• Recognised and skilled vendor parter product experts
• 300+ combined years industry experience
• 24/7 support

£250 to £100,000 a unit

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@cyberiam.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

975774964729987

Contact

Andy Pinnington
08443350012
sales@cyberiam.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Quicker start time
• Cloud deployment model: Hybrid cloud
• Service constraints: N/A
• System requirements: N/A

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: SLAs agreed per customer requirement
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: SLAs depending on customer requirement
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Training and documentation
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Data is made availible upon request
• End-of-contract process: After a specified period of time the tennent and data it holds is deleted from the clooud service. For legal reasons, some information about the contract can be withheld for a longer period of time

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: ZenDesk
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: N/A
• API: No
• Customisation available: Yes
• Description of customisation: Product camn be configured per customer.

Scaling

• Independence of resources: We provide a single tenant to the customer so it is uneffected

Analytics

• Service usage metrics: Yes
• Metrics types: Per product usages
• Reporting types:
  • Real-time dashboards
  • Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: CyberArk, BeyondTrust, Saviynt, PingIdentity, OKTA, SailPoint, Microsoft

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: No
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Via the report and tooling provided
• Data export formats:
  • CSV
  • Other
• Other data export formats: PDF
• Data import formats:
  • CSV
  • Other
• Other data import formats: API

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: 99.9%
• Approach to resilience: SaaS
• Outage reporting: Email notifications will be sent out

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
• Access restrictions in management interfaces and support channels: We have an out the box and configurable and dedicated model for our management interfaces
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Perry Johnson, Registras Incorporated
• ISO/IEC 27001 accreditation date: 25/06/2023
• What the ISO/IEC 27001 doesn’t cover: None
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: We comply with industry-registered standards, such as ISO 27001, and our internal company structure.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Software is cloud based, there is no requirements for the customer to manage the lifecycle of components within the solution.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We are ISO 270001 certified and get external parties to do vulnerability assessments against our platform.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We leverage Azure platform security and event based capibilities.
• Incident management type: Supplier-defined controls
• Incident management approach: We have pre-defined processes that handle any incidences. We also have a managed service team.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  At CyberIAM, our environmental footprint is significantly smaller than similarly sized organizations due to numerous different factors which are built into our core business processes. We are an entirely paperless business, eliminating our reliance on paper for printing. CyberIAM also utilises a public cloud environment for our IT infrastructure, minimising our environmental impact, as resources are shared across Microsoft’s datacenters. We do not house our own data centres, keeping our carbon footprint small. We are also committed to recycling and re-using IT hardware, which is recycled wherever possible by approved suppliers, to guarantee that the hardware is recycled in the most environmentally friendly way possible. Furthermore, plastics are not used in any CyberIAM offices or for any business processes.

  Covid-19 recovery

  As an organization, CyberIAM responded quickly to the Covid-19 pandemic, enabling our employees to work from home and continue to do so as they wish, allowing for flexibility. This enables CyberIAM to adapt to any COVID-19-related challenges and to provide our services at all times without disruption. CyberIAM regularly holds company meetings and virtual social events which allow everyone to communicate and socialize without risk. Now that staff are permitted to return to offices, there are suggestion boxes for employees to anonymously let us know about anything that would help them carry out their duties safely and comfortably. CyberIAM’s offices also have COVID-19 rapid flow tests, hand sanitisers and temperature monitors available at all times

  Tackling economic inequality

  At CyberIAM we are committed to diversity, inclusion and equality. Our employees hail from all around the globe and are all paid higher than the national average in each territory.

  Equal opportunity

  Our equal opportunities policy is in place to enforce our firm belief in equality for all. Everybody at the company has the same opportunity for training, recruitment and selection. Our jobs are advertised to a diverse audience and our employees come from around the world including the UK, South Africa, Spain, Philippines and Australia. We specify that our initiatives need to include gender representation and typically under supported, disadvantaged groups. Most recently CyberIAM celebrated Eid in April and May 2022. We also offer a women’s support network group for the women in our company of all ages, ethnicities and backgrounds.

  Wellbeing

  Our offices are stocked with fruit, snacks and drinks to support the health and wellbeing of our employees. We also have a social committee who organize and run events for the company, ensuring everybody gets to have fun and socialize if they wish to. We have an open-door policy where people are encouraged to share and resolve any worries they have; we work with our employees to ensure they are happy and comfortable, e.g. flexible working hours to accommodate childcare needs. We work hard for our inclusive and supportive culture where everyone and their views, beliefs and goals are respected.

Pricing

• Price: £250 to £100,000 a unit
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@cyberiam.com. Tell them what format you need. It will help if you say what assistive technology you use.