MEDICARE NETWORK LIMITED

Self-learning, AI-driven Email Security Solution

The world’s leading anti-phishing email technology combines human intelligence with artificial intelligence and machine learning that stops sophisticated advanced threats using powerful technologies to stop threats inside the email network. Designed to quickly detect and prevent spoofing, impersonation and non-signature, based attacks in real-time, responding automatically in seconds, and blocking.

Features

• Machine learning algorithms offer advanced protection against phishing attacks
• Identifies and prevents business email compromise attempts
• Works with Office 365, G-Suite and Exchange.
• Reduces the burden on security and IT teams
• Easy installation without changing DNS or MX records
• Analytics such as real time reports on affected mailboxes/spam
• All attacks are verified by human intelligence teams
• Sender fingerprinting and advanced mapping of trusted senders
• End users notified of suspect phishing emails via banners
• Offers high quality security awareness training

Benefits

• Reduce risk by resolving unknown phishing threats faster
• Streamlined Automated Investigation & Response
• Minimize real human intervention to a minimum
• Simple setup and Deployment

£1.80 to £4.00 a licence

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at clientservices@mednetsec.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

979141978201229

Contact

Customer Services
0203 355 3785
clientservices@mednetsec.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: IronShield; IronSights; IronTraps; Themis; Federation; IronSchool
• Cloud deployment model: Public cloud
• Service constraints: None
• System requirements:
  • Must use either G Suite Premium or Office 365
  • Must have access to the Internet

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We operate standard telephone support 10 hours per day, Monday to Friday each week.; 24/7 x 365 email support is available at additional cost.; All calls are triaged and prioritised according to severity.; For full details of our support SLA, please contact us.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: Support button is available on web site and tickets may be raised directly.
• Web chat accessibility testing: N/A
• Onsite support: Yes, at extra cost
• Support levels: Standard support is included and provided by telephone, email and web chat.; Additional support levels are available and include on site support.; The help desk is staffed by suitably trained and qualified technical support engineers who can remotely access systems.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: On boarding is provided online by a dedicated team.; This includes access to all documentation, configuration and testing and familiarisation training.; Support is provided by the helpdesk for any additional deployment questions after the initial installation.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: No Data is held by Ironscales
• End-of-contract process: At the end of the contract the client either renews and the service continues or they cancel and the service ceases.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: None. Everything is fully accessible via a browser and the mobile application.
• Service interface: No
• User support accessibility: WCAG 2.1 AAA
• API: Yes
• What users can and can't do using the API: Native API into Office365 and G-Suite
• API documentation: No
• API sandbox or test environment: Yes
• Customisation available: No

Scaling

• Independence of resources: The service is hosted on AWS platform

Analytics

• Service usage metrics: Yes
• Metrics types: There are various metrics and reports available that are customisable,
• Reporting types:
  • Real-time dashboards
  • Regular reports

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: IRONSCALES

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
• Data sanitisation process: No
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: No data is held.
• Data export formats: Other
• Other data export formats: N/A . No data is held
• Data import formats: Other
• Other data import formats: Not Applicable

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: This mirrors the AWS SLA
• Approach to resilience: The service is duplicated across multiple sites for resilience on AWS, .
• Outage reporting: Email alerts are sent.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Other
• Other user authentication: All users must be logged onto their corporate domain in order to access the service.
• Access restrictions in management interfaces and support channels: Administrator accounts are allocated to key personnel only.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: Between 1 month and 6 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: Between 1 month and 6 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Institute of Quality & Control Limited
• ISO/IEC 27001 accreditation date: 04/03/2022
• What the ISO/IEC 27001 doesn’t cover: The certificate is valid for the following scope:; ; development, sales, marketing and services regarding information system security in the field of phishing.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • SOC 2 Type 2
  • GDPR Compliance
  • Privacy Shield Compliance

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: The company internal security organisation is aligned to ISO27001 and NIST whilst complying and adhering to contractual, legal and regulatory obligations as required. Our operating standards and procedures include personal, sensitive, critical and business data and where required comply to GDPR directive and any other data security requirements. The board is responsible for ALL obligations relating to Governance, Risk and Compliance across the company ensuring regular audits, assessments and security testing are carried out, (e.g. quarterly, bi-annually and annually).

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: We utilise a series of technologies and services to monitor our network for potential compromise.; Should a compromise be identified remediation actions will be implemented as soon as is reasonably practical; In any event, this will never be later than 72 hours of the potential compromise.; Penetration testing is also carried out every 6 months.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We utilise a series of technologies and services to monitor our network for vulnerabilities.; Patches are reviewed, tested and deployed weekly in arrears.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We utilise a number of technologies and services to monitor our network for identifying any compromise.; Should a compromise be identified remediation actions will be implemented as soon as is reasonably practical; In any event, this will never be later than 72 hours of the potential compromise.; Penetration testing is also carried out every 6 months.
• Incident management type: Supplier-defined controls
• Incident management approach: The status, location and configuration of service components (both hardware and software) are tracked throughout their lifetime.; Incidents may be reported directly to the helpdesk.; Incident reports will be provided to affected users by email.; All of the above is in line with our ISO27001:2013 certification.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  We aim to influence our workforce, suppliers and customers through the delivery of our services and solutions by leading by example where possible.
• Covid-19 recovery:

  Covid-19 recovery

  We are always looking at ways to improve our workplace conditions that support the COVID-19 recovery effort to ensure all required protocols that include effective social distancing, remote working, and sustainable travel ; solutions are assessed frequently.
• Tackling economic inequality:

  Tackling economic inequality

  Our Standards of Business Conduct details our commitments to labour and workplace rights. We provide fair working conditions for all our employees including terms and conditions of employment, remuneration, working hours, health and safety, resting time, holiday entitlements and benefits. Supporting economic growth and business creation to enable employment opportunities and training schemes that address skills gaps and result in industry recognised qualifications.
• Equal opportunity:

  Equal opportunity

  We believe diversity promotes innovation, opens doors, and creates partnerships that fuel the economy. Ensuring we foster a fair and inclusive workplace, where our people are valued, their differences are respected, and discrimination is eliminated.
• Wellbeing:

  Wellbeing

  We support the health and wellbeing of our workforce, including physical and mental health as a prior.

Pricing

• Price: £1.80 to £4.00 a licence
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: To prove the capability and to demonstrate the solution, a free 60-90 day trial is offered as a proof-of-value, prior to making a technology selection at no cost limited to 50 users. Full assistance is provided throughout the trial period, effectively providing an implemented service prior to purchase.
• Link to free trial: Www.mednetsec.com/contact-us

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at clientservices@mednetsec.com. Tell them what format you need. It will help if you say what assistive technology you use.