Capgemini UK plc

DevSecOps Training

Capgemini’s DevSecOps Training service provides an online service that can
offer interactive training including coding labs, tournaments and assessments to help drive culture change, engage, and help developers improve their secure coding skills. The service empowers developers to enhance their coding skills in fostering a resilient and security-oriented environment.

Features

• Can provide a DevSecOps mentality through practical in-built feedback
• Cloud-based, integrated assessment and training solution
• Gamified training methodology can make learning fun, competitive and engaging
• Can provide on-demand learning in an ‘everywhere available’ format
• Can provide free learning resources library for specific vulnerabilities
• Can measure progress: challenges completed, time spent, strengths/ weaknesses, accuracy
• Can cover over 50 vulnerability types including OWASP Top 10
• Can provide portal training material for integration with LMS
• Coding Labs: provide hands-on training with intuitive, real-time feedback
• Can set up tournaments to help maximise engagement and adoption

Benefits

• Can help achieve faster and more secure software development
• Can help reduce cost of security by improving code quality
• Can empower developers to become first-line defence preventing code vulnerabilities
• Can train, educate developers to have a security mindset
• Can help build developer skills, get real-time advice, monitor development
• Can help increase developer awareness of security threats and vulnerabilities
• Can help create a positive security culture within an organisation
• Can increase training completion rates
• Can reduce code-based security risk
• Can help improve overall security posture of organisation

£118.27 a user a year

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at publicsector.opps.uk@capgemini.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

140536927978590

Contact

Giovanna Borgia
+44(0)370 904 4858
publicsector.opps.uk@capgemini.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Security Education and Awareness
• Cloud deployment model: Public cloud
• Service constraints: Developers will need access to the internet to use the service. The IDE plugin is only available for certain languages in certain IDEs at the moment.
• System requirements: Please contact Capgemini directly for information on system requirements.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We aim to acknowledge receipt of questions within one Working Day. Resolution times will be according to the service level agreement for the service.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Onsite support
• Support levels: Individual service levels are described in the Service Definition. Should you have requirements for other service levels, please contact Capgemini directly to discuss.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Capgemini can work with the Buyer at the beginning of the engagement to agree the strategy including the users, the training needs and implementation plan.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Arrangements for Buyer data to be extracted can be agreed at the start of each contract, and the execution of such arrangements can be completed as part of the contract close down procedures.
• End-of-contract process: At the end of the contract, Capgemini can review with the Buyer:; Those contractual obligations have been met;; Those invoices have been raised and paid;; That no outstanding, documented issues remain (unless agreed otherwise);; That access rights have been terminated and user Ids deleted;; That data had been backed up and recovered as appropriate.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: Yes
• Compatible operating systems:
  • Linux or Unix
  • MacOS
  • Windows
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: Please contact Capgemini to discuss this feature.
• Accessibility standards: None or don’t know
• Description of accessibility: The service is accessible via a browser on a laptop or desktop.
• Accessibility testing: Capgemini is working towards WCAG 2.0. Currently, Capgemini is partially compliant with AA.
• API: Yes
• What users can and can't do using the API: Reporting data on usage and completion of training modules via API.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Buyer can customise training, assessments and training for their developers. Capgemini can work with the Buyer to agree the requirements and implement the customisations.

Scaling

• Independence of resources: Our service is based on Secure Code Warrior’s SaaS platform that is hosted on scalable infrastructure which can adjust to varying demand profiles from users.

Analytics

• Service usage metrics: Yes
• Metrics types: Metrics on individual users and aggregated Buyer’s organisational training, assessment and tournament performance can be produced as agreed between Capgemini and Buyers.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Secure Code Warrior

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Metrics and statistics on user’s performance can be exported in CSV format. Capgemini can agree reporting requirements with the Buyer and produce reports on a periodic basis.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Please contact Capgemini directly to discuss availability requirements.
• Approach to resilience: Please contact Capgemini directly to discuss resilience approach.
• Outage reporting: Please contact Capgemini directly to discuss availability reporting.

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: Capgemini provides role based identity and authentication to restrict access
• Access restriction testing frequency: At least once a year
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: No audit information available
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Less than 1 month
• How long system logs are stored for: Less than 1 month

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 04/05/2023
• What the ISO/IEC 27001 doesn’t cover: Please contact Capgemini directly for information regarding ISO/IEC 27001 certification for ; this service
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: Our employees are instructed and obliged to comply with Capgemini's security policy and standards, which aim to safeguard the confidentiality, integrity and availability of physical assets; and electronic information as well as information hosted on behalf of our Buyers, to enable contractual obligations to be met and enable Capgemini UK to be compliant with relevant laws and regulations.
• Information security policies and processes: Capgemini follows its own information security policy, which is referenced against ISO27001:2013 - Information Technology - Security Techniques - Information Security Management Systems - Requirements, ISO 27002:2013 - Information Technology - Security Techniques - Code of Practice for Information Security Controls, and the Information Security Forum - Standard of Good Practice (2014).

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Capgemini 's configuration and change management processes are set out in its ‘Unified Project Method’ (UPM), but can be adapted to comply with specific requirements by agreement with individual Buyers (tailored services may attract additional charges).
• Vulnerability management type: Undisclosed
• Vulnerability management approach: The Capgemini provided platform is assessed by external pen testers every 9 months. Capgemini can also use Fortify static analysis solution on a continuous basis.
• Protective monitoring type: Undisclosed
• Protective monitoring approach: Please contact Capgemini directly for details of our Protective Monitoring approach.
• Incident management type: Undisclosed
• Incident management approach: Capgemini's incident management processes are set out in its ‘Unified Service Method’ (USM), but can be adapted to comply with specific requirements by agreement with individual Buyers (tailored services may attract additional charges).

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Capgemini has a long‐standing commitment to environmental sustainability, with a strategy focusing on managing and reducing our own environmental impacts and deploying our expertise in technology and business transformation to help clients address their sustainability challenges. Our Group environmental sustainability ambition is to be Carbon neutral no later than 2025 and transforming to net zero by 2040 as approved by SBTi.; ; We integrate sustainability into our existing structures and solutions where applicable with our impacts being calculated using our online carbon impact calculator, underpinned by our methodology.; ; PUBLIC AND HYBRID CLOUD:; Scalability can reduce the future need to replace hardware; increased efficiency reduces energy consumption; and pay per use encourages companies to only use what they require, increasing energy efficiency.; ; CLOUD APPS:; Cloud Native apps can be agile, flexible and scalable to a variety of innovative outcomes e.g. Smartly, facilitating electric vehicle charging. Direct energy reduction through efficient equipment.; ; APPS MASS MIGRATION TO CLOUD:; Assessment of where it is possible to retire and rationalise legacy applications, as well as reducing inefficiencies, lowering operating costs and enabling business model innovation. This could all reduce energy consumption across the estate; ; ERP MIGRATION TO CLOUD:; Delivering operational efficiencies through the wider operations can lead to energy savings as well as cost and time across the business.

  Covid-19 recovery

  Since Covid-19, Capgemini has implemented a flexible working policy allowing all our employees to request arrangements for hybrid working where appropriate in view of client and team requirements.; ; We have made strides in helping communities gain access and skills to cope with the situation. We have partnered with Digital Unite, a leading Digital Inclusion organisation, since 2020 developing a new model for corporate support of digital skills training in the UK. For over two decades the organization has been helping third sector organizations build digital capacity by helping them recruit and train a network of 4000 Digital Champions, who then directly engage communities and help tens of thousands of people to learn basic digital skills.; ; At Capgemini, we have so-created Inspire, a training programme to support Capgemini employees to become Digital Champions. By embedding Champions within communities, people can more easily access regular support. We have so far had 983 people complete Inspire, with around 679 people being supported through it.; ; We launched the Digital Futures initiative in 2021 and it’s spearheaded by our Cloud Infrastructure Services leaders and colleagues. The initiative is designed to help and support thousands of digitally excluded people in their journey to inclusion through digital literacy projects. Initiatives such as this is a testament to our collective commitment towards digital inclusion actions. Capgemini aims to support digitally marginalised people through digital literacy programme across the world.; ; The Capgemini Research Institute published “Conversations For Tomorrow #6: Nurturing The Future Of Work – How organisations empower talent”. With the pandemic reshaping the future of work in several ways, this report specifically looks at how organizations can successfully implement the transformations necessary to thrive in the future of work, evaluating strategies such as refining and strengthening purpose; empowering talent; nurturing future skills; and instilling a trust-based culture.

  Tackling economic inequality

  Capgemini is committed to ensuring that digital transformation creates an inclusive and sustainable future for all. This means opening doors to technology careers for people who are currently far from the digital skills job market, such as those from deprived areas or refugees whose studies/career have been interrupted.; ; Capgemini have an ongoing schools outreach programme, allowing students to build new skills improving their chances of landing a job and work experience. 90% of our impact is with students from years 10-13. During events with schools, we offer: mock interviews, apprenticeship TalkCareers ins, technology talks, business challenge days, employability workshops, networking events, panel Q&As.; ; We create job opportunities for underprivileged individuals by collaborating with CodeYourFuture, a UK-based non-profit. Together, we support refugees and individuals from extremely low socio-economic backgrounds to access technical careers, such as software engineering. During 2023, we provided opportunities for 390 individuals and hired 7 through CYF. Capgemini also offers undergraduate and masters apprenticeships in partnerships with universities allowing individuals to gain skills while working.; ; We work collaboratively with many businesses including new businesses, entrepreneurs, start-ups, SMEs and VCSEs. Capgemini’s Applied Innovation Exchange (AIE) brings together a framework for action, a network of exchanges, and a diverse ecosystem to scout, trial, implement and accelerate innovative technology applications.; ; Capgemini supports the wider supply chain of UK businesses as a partner of Business in the Community within their business response network, engaging in sessions for refugees, coaching for job seekers, and providing digital inclusion mentors to the elderly. Capgemini supported supply chain resilience and capacity by spending £180m+ with 395 SMEs in 2022/2023.; ; We support our charity partners to build their digital skills and increase their impact through digital transformation. We have completed a range of pro-bono projects using our skills to impact charities, while developing our own junior talent.

  Equal opportunity

  Capgemini’s Diversity and Inclusion Policy states our commitments and guidelines to achieve a more diverse, equal, and inclusive work environment. Our definition of diversity encompasses all personal attributes, to reflect society in all its richness. It includes, among others, sex and gender identity, age, race/ethnicity or nationality, sexual orientation, ability status, social origin, cultural identity, faiths, working methods, skills, and experience. We value the differences and uniqueness of our people, while cultivating our commonalities.; ; Capgemini is recognised as one of the UK’s Most Inclusive Employers, is one of the UK’s Best Places to Work for Wellbeing, in the top 75 employers in the Social Mobility Index and is EDGE Assess Certified.; ; Capgemini is a member of the Business Disability Forum providing training, podcasts and comprehensive advice on conditions and adjustments. We hold a Disability Confident Employer badge. We work with Ambitious About Autism providing specialised education services and an award-winning employment programme. With the vision of everyone feeling valued for who they are, Capgemini initiated the NeuroInclusion Programme in 2023 for neurodivergent individuals to share their valuable experiences, ideas, and insights. This has grown, engaging with external experts, training sessions for staff.; ; Our employees benefit from seven Employee Resource Groups, which promote inclusive behaviours and provide our teams with space to come together and share their experiences. Currently, we have the Armed Forces Network, Women@Capgemini, CAPability, OUTfront, the Race and Equality Network, and Talking Heads. NeuroAbility is the most recently launched group ensuring an inclusive support space for neurodiverse employees or carers.; ; For 20+ years, our partnership with The Prince’s Trust has supported young people from disadvantaged backgrounds across the UK, providing employability skills and useful insights into technology careers. In 2023, our volunteers supported over 1,000 young people to improve their digital and employability skills.

  Wellbeing

  From the first stages of recruitment through to each working day with Capgemini, support is always at hand. Capgemini UK has been named one of the UK’s Best Workplaces™ for Wellbeing in 2023 by Great Place to Work®, the global authority on workplace culture.; ; Here are a few ways that Capgemini provides support on wellbeing:; ; Talking Heads Employee Network: Our wellbeing Employee Network, Talking Heads, which supports mental wellbeing, with 500+ members, providing a space for everyone to discuss anything mental health or wellbeing related. It’s a space to connect, share, seek advice, and uplift each other.; ; Wellbeing Champions: We have more than 160 trained Wellbeing Champions across our UK business who are available to all employees. These dedicated champions have been trained by mind and provide a friendly and trustworthy point of contact, enabling colleagues to speak about mental health concerns or life events in confidence. Their role is to listen and signpost to internal and external support, not make a professional or medical judgement.; ; Access to ‘Thrive’ app: We offer a confidential wellbeing app that helps build a growth mind-set, prevent, and manage stress anxiety and other mental health conditions. It has a mood meter, relaxation techniques, a goal setting system, access to a thought trainer and more.; ; “The company really cares about employees’ wellbeing. When I mentioned that I was going through a difficult time to more senior colleagues, they supported me throughout and reached out to me frequently to ask how I was doing. There is also a great Employee Assistance Program where employees can speak to therapists for free.” – Capgemini employee; ; We work with our clients to deliver a range of wellbeing initiatives including wellbeing knowledge share sessions, wellbeing in delivery toolkits, monthly health, wellbeing champion check-ins, health and wellbeing fundraisers and much more.

Pricing

• Price: £118.27 a user a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Full access to the platform for maximum 2 weeks.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at publicsector.opps.uk@capgemini.com. Tell them what format you need. It will help if you say what assistive technology you use.