At Egress, we constantly strive to provide the highest levels of security and product excellence to our customers. This technical focus has seen the Egress platform achieve an unmatched number of product certifications and accreditations. At Egress, we constantly strive to provide the highest levels of security and product excellence to our customers. This technical focus has seen the Egress platform achieve an unmatched number of product certifications and accreditations.
The only email encryption product to achieve UK Government CPA certification
Egress Protect remains the only UK Government CPA Foundation Grade certified email encryption product. This makes Protect suitable for sharing OFFICIAL and OFFICIAL-SENSITIVE under the Government Security Classifications Policy (GSCP). As a result, Protect can be used across the Public Sector to process and share highly sensitive data over the internet, without the need to manage external third party credentials.
NATO Information Assurance
Egress Protect features in the NIAPC amongst its endorsed IA products as suitable for NATO Restricted.
The NIAPC established under Directive AC/322-D(2010)0042 (22-09-2010), provides NATO nations, and NATO civil and military bodies with a catalogue of Information Assurance (IA) products, Protection Profiles and Packages that are in use or available for procurement to meet operational requirements.
Cyber Essentials and Cyber Essentials Plus certification
The Cyber Essentials scheme has been developed by Government and industry to fulfill two functions. It provides a clear statement of the basic controls all organisations should implement to mitigate the risk from common internet-based threats, within the context of the Government’s 10 Steps to Cyber Security.
Common Criteria (‘In Evaluation’)
One of the highest international standards for data security, Protect is currently ‘In Evaluation’ against Evaluation Assurance Level 2 (EAL2). Full certification is expected in early 2017.Common Criteriais a framework in which computer system users can specify their security functional and assurance requirements (SFRs and SARs respectively) through the use of Protection Profiles (PPs), vendors can then implement and/or make claims about the security attributes of their products, and testing laboratories can evaluate the products to determine if they actually meet the claims. Common Criteria is used as the basis for a Government driven certification scheme and typically evaluations are conducted for the use of Federal Government agencies and critical infrastructure.
ISO 27001:2013
The ISO standard is the recognised international benchmark for information security management, outlining how to implement and uphold an independently assessed and certified information security management system (ISMS). Egress was one of the first organisations to achieve the ISO 27001:2013 standard demonstrating our commitment to providing customers with the necessary levels of assurance regarding the way their information is managed and secured. Egress information security management system includes policies around access control, incident management, business continuity, physical security, human resources and technical procedures.
A standard for secure data sharing across Government
This absolute focus on product excellence and assurance has seen Protect encryption services become a standard for secure communication across many areas of government. Our technology is now used by 35% of UK local authorities, including six of the 10 largest councils, 25% of police forces, and 26 Central Government departments and agencies.
In total, Egress’ customer base has grown to over 1,500 organisations predominantly in the UK, Europe and North America. These range from Government organisations, to industry regulators, private healthcare providers, professional services firms, utility providers and global financial services.