TIMBREL Information Governance Ltd

Cyber Security Incident Management

A robust incident management process that strengthens an organisation’s cybersecurity posture, protects it from security threats and helps lessen the impact of unplanned disruptions. The objective is to enable organisations to prepare, respond and recover from incidents quickly and effectively, enhancing operational resilience and key stakeholder confidence.

Features

• Incident management and response aligned with ISO27035
• Automation, machine learning and AI
• Tailored to meet organisational requirements
• Identifies roles and responsibilities
• Integrated with disaster recover and business continuity plans
• Promotes good communications and preparedness
• Establishes escalation criteria
• Creation of incident playbooks
• Supports strategic vision and cyber security strategy
• Provides guidance on legal or regulatory reporting

Benefits

• Provides a structured approach
• Improves overall information security
• Builds trust with key stakeholders, investors and customers
• Reduces adverse business impacts
• Prevents recurrence of similar incidents
• Strengthens the focus on information security incident prevention
• Increases business resilience and business continuity
• Enhances continuous improvement processes
• Supports evidence collection and investigation
• Contributes to budget and resource justifications

£450 to £1,650 a unit a day

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at phaylett@timbrelig.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

152584804133509

Contact

Philip Haylett
07789 522237
phaylett@timbrelig.com

Planning

• Planning service: Yes
• How the planning service works: We will appoint a lead consultant to coordinate and undertake a thorough analysis, identifying potential data privacy, security or compliance risks. The lead consultant will collaborate closely with the Customer lead, key stakeholders and relevant teams to identify and implement proportionate security and privacy controls throughout development, migration, and into live services. The lead consultant will liaise throughout with key stakeholders, following using best practice risk assessment and risk management techniques, enabling informed decision making at all times. Director oversight is provided for all contracts and to act as an escalation point if needed.
• Planning service works with specific services: No

Training

• Training service provided: No

Setup and migration

• Setup or migration service available: Yes
• How the setup or migration service works: As with the planning service, we will appoint a lead consultant to coordinate and undertake a thorough analysis, identifying potential data privacy, security or compliance risks. The lead consultant will collaborate closely with the Customer lead, key stakeholders and relevant teams to identify and implement proportionate security and privacy controls throughout development, migration, and into live services. The lead consultant will liaise throughout with key stakeholders, following using best practice risk assessment and risk management techniques, enabling informed decision making at all times. Director oversight is provided for all contracts and to act as an escalation point if needed.
• Setup or migration service is for specific cloud services: No

Quality assurance and performance testing

• Quality assurance and performance testing service: Yes
• How the quality assurance and performance testing works: We thoroughly assess organisations against their legal, regulatory and contractual obligations, as well as industry standards ISO27001, ISO27017, ISO27035 and NIST Cyber Security Framework. We will carry out a gap-analysis based on security good practices and articulate the risks to enable informed management decisions around the implementation and maintenance of secure Cloud services. Our quality assurance processes are designed to enable organisations to manage risks effectively, implement proportionate security and privacy controls in line with good security practices, and meet their legal, regulatory and contractual security requirements.; Additionally, we can provide assistance by managing or delivering assurance and testing activities, covering both functional capabilities and non-functional areas such as security audits and penetration testing.

Security testing

• Security services: Yes
• Security services type:
  • Security strategy
  • Security risk management
  • Security design
  • Cyber security consultancy
  • Security testing
  • Security incident management
  • Security audit services
  • Other
• Other security services:
  • Managed Security Operations Centre (SOC)
  • Virtual CISO
  • Virtual DPO
  • Cyber Security Strategy
  • Risk Management Strategy
• Certified security testers: Yes
• Security testing certifications:
  • CHECK
  • CREST

Ongoing support

• Ongoing support service: Yes
• Types of service supported:
  • Buyer hosting or software
  • Hosting or software provided by your organisation
  • Hosting or software provided by a third-party organisation
• How the support service works: We offer ongoing support tailored to an organisation's specific requirements. Our flexibility allows us to adjust support levels to accommodate fluctuations in demand. For instance, enhanced support during transition or roll-out phases, ongoing support relating to compliance with standards or regulations, monitoring, reviewing, reporting and promoting continuous improvement. We will map benefits realisation with ongoing security support. Where needed, our highly skilled consultants will collaborate with client teams to facilitate effective skills and knowledge transfer in pursuit of organisational objectives.

Service scope

• Service constraints: Our service model is flexible with no specific constraints. We will tailor a service package as needed to support the business requirements.

User support

• Email or online ticketing support: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Support levels: We operate a flexible service model which can be tailored packages to suit Customer requirements. We will appoint a lead consultant to act as a primary contact, participating in regular reviews. Specific resources and costs for support are determined during the requirements process and agreed with the Customer before entering into an agreement. All contracts are managed by an account manager with oversight by a director, who is also an escalation point. Support is available by phone, email or on-site during normal working hours and we aim to respond to all enquiries within one working day. Extended support hours can be arranged where required.

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • Certified Information Systems Security Professional (CISSP)
  • Certified Cloud Security Professional (CCSP)
  • Certified Information Security Manager (CISM)

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  We operate flexible working to reduce travel and increase well-being of our staff. We operate as a fully digital, paperless organisation. We encourage and support staff, partners and third party suppliers to adopt environmentally friendly working practices.

  Tackling economic inequality

  We provide employment and training opportunities throughout the United Kingdom.

  Equal opportunity

  We are fully committed to promoting equality, diversity and inclusion through our practices and policies as a business and through delivery of our contracts, for all staff, Customers and third parties, irrespective of age, disability, gender, gender reassignment, marital or civil partnership status, pregnancy or maternity, race including colour, ethnic or national origins and nationality, religion or belief or sexual orientation. We respect an individual’s right to choose whether to belong to a trade union and this will have no bearing on an applicant’s suitability for employment or result in any detrimental treatment when working for us.

  Wellbeing

  We operate a number of initiatives intended to protect the wellbeing of our employees whilst providing them with the support to grow their careers. We encourage all staff to prioritise their health and well-being above anything else and will provide whatever support we can to help individual circumstances as they arise. We discourage long working hours and provide flexibility for staff to work at a location, in a way and at a time that suits individual commitments or interests, such as childcare, caring for others, hobbies, volunteering and charitable work.

Pricing

• Price: £450 to £1,650 a unit a day
• Discount for educational organisations: Yes

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at phaylett@timbrelig.com. Tell them what format you need. It will help if you say what assistive technology you use.