CSI Limited

IT Health Check and Penetration Testing

Scoping and delivery of Security Penetration Test of Internet-facing systems; testing for configuration, operating system, software vulnerabilities and application vulnerabilities. Security issues identified by the Penetration Test are reported and resolutions recommended, allowing the customer to eliminate or mitigate the risk, thus greatly reducing the likelihood of a successful attack.

Features

• IT Health Checks and penetration testing
• Infrastructure testing services
• Application testing services
• Remote Access Testing
• Social Engineering simulation
• Detailed risk mitigation recommendations consistent with Good Practice Guides
• Our approach is tailored to each organisation
• Consultant led scoping, testing and delivery
• Clear technical and non-technical reporting
• Daily debriefs on vulnerabilities identified

Benefits

• Directly supports system accreditation objectives and ongoing annual assurance requirements
• Targeted testing of key risk aspects
• Makes sense of the ‘cyber threat’ through understanding of vulnerabilities
• Stakeholder confidence that technical security has been verified
• High value low cost VFM approach tailored to individual customers
• Compliance with HMG Security Policy
• Compliance with NCSC policies, standards and Good Practice Guides
• Contingency and continuity of service assured by internal CCP team
• Responsive to customer timescales and scope changes
• Quality of Service assured by ISO9001, ISO27001 accreditations

£800.00 to £950 a unit a day

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at jennifer.billett@csiltd.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

154125678465745

Contact

Jennifer Billett
08001088301
jennifer.billett@csiltd.co.uk

Planning

• Planning service: Yes
• How the planning service works: Stakeholder workshops supporting business consensus and buy-in; Cost Benefit Analysis; Technical planning, informed by analysis of utilization patterns; Workload analysis to define an optimized service operating model; Data analysis and management ensuring effective archiving, deletion and retention; Tailored Risk Assessment and Management methodologies and approaches; Business Continuity Planning; Disaster Recovery planning including Recovery Time and Recovery Point objectives
• Planning service works with specific services: No

Training

• Training service provided: No

Setup and migration

• Setup or migration service available: Yes
• How the setup or migration service works: Deployment of appropriately qualified staff – PRINCE2, ITIL, TOGAF; Detailed assessment of infrastructure and service readiness; Training Needs Analysis; Internal team training, support and mentoring; Architecture monitoring, management and maintenance; Tailoring of services to the specific customer requirement; Pro-active risk assessment and management; Continuous improvement through review and updates
• Setup or migration service is for specific cloud services: No

Quality assurance and performance testing

• Quality assurance and performance testing service: No

Security testing

• Security services: Yes
• Security services type:
  • Security strategy
  • Security risk management
  • Security design
  • Cyber security consultancy
  • Security testing
  • Security incident management
  • Security audit services
• Certified security testers: Yes
• Security testing certifications:
  • CHECK
  • CREST
  • Tigerscheme
  • Cyber Scheme

Ongoing support

• Ongoing support service: No

Service scope

• Service constraints: Customer Responsibilities The customer is responsible for the completion of a Technical Details Form prior to delivery. The provision of appropriate information will ensure that delivery meets expectations and requirements. Technical Requirements The resources typically required from the customer to ensure the service is performed as efficiently as possible include: 1. Technical contact details for any necessary communication during the testing (e.g. high risk issue notifications) 2. A list of target Internet IP addresses 3. Details of all Fully Qualified Domain Names (FQDNs) and any other unique entryways into applications, remote access or other systems for the entire in-scope infrastructure

User support

• Email or online ticketing support: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Support levels: You will be appointed a dedicated account manager and provided with points of contact for commercial and technical questions, to ensure that the service is properly executed. A Service Level Agreement is offered that is monitored by a R.A.G system to ensure that delivery standards are met on all projects. The SLA includes timeframes for project delivery with technical staff working to targets to ensure that deadlines are met. Additionally, we have a customer services department that is responsible for the key administrative aspects of delivery such as liaising with you to confirm site details, scheduling the test, ensuring reports are sent out in a timely manner, scheduling follow up tests and debriefs etc. This is documented and monitored through the use of an internal database system, and links into other key processes regarding the correct method of sending the report according to the protective marking of the contents.

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Bureau Veritas
• ISO/IEC 27001 accreditation date: 14/01/2022
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: NCC Group Security Services Limited
• PCI DSS accreditation date: 27/02/2022
• What the PCI DSS doesn’t cover: N/A
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Along with our customers and carefully selected partners, environmental responsibility is extremely important to CSI when making our own decisions on platform choices and system purchases – IT sustainability is also being factored into our choice of sustainable infrastructure for our clients to deliver to their own ESG ambitions. ; ; Data centre consumption of energy, greenhouse gas emissions and managing e-waste are all considerations. The CSI Power10 environment shows considerable reductions in energy consumption to over 50% from our old IBM Power8 estate. The IBM Power10 system have been designed to deliver high performance with a reduced environmental impact. Over 97% of IBM Power server components are reused or recycled at the end of life. ; ; CSI are ISO 14001 accredited. CSI are committed to a programme of management, continuous improvement and reporting of our direct/ indirect impacts, which mark our contribution to improving the world in which we live. ; ; We recognise that our business activities have direct and indirect impacts on the societies in which we operate. We endeavor to manage these in a responsible manner, believing that sound and demonstrable performance in relation to corporate social responsibility policies and practices is a fundamental part of business success. ; ; Examples of our activity in this area are: ; • Webcasts to deliver All Employee meetings to avoid excess travel ; • Turn off all lights and PC monitors at night ; • Corporate functions at venues that support sustainable environments ; • Double sided printing set as default ; • New marketing material produced on material sourced from sustainable sources ; • Support of remote/flexible working – enabled reduction in office space

  Covid-19 recovery

  We are also committed to making a sustainable positive impact on the communities in which we operate. We aim to make a distinctive contribution to inequality and social development through the establishment of effective partnerships and programmes that make the best use of the energies and skills of our employees.; We support our employees in fundraising for charities and voluntary work, recognising both the benefit to the community and to the employees themselves

  Equal opportunity

  CSI aim to provide equal opportunities and avoid discrimination in all aspects of employment and to ensure that the talent and skills of all individuals are maximised. Our approach applies to recruitment, terms and conditions of employment (including pay), appraisals, promotion, disciplinary and grievance procedures and training.; ; The policy applies to employees, officers, agency workers, casual workers, consultants and self-employed contractors.; ; Part-time and fixed-term staff shall be treated the same as comparable full-time or permanent staff and enjoy no less favourable terms and conditions (pro rata where appropriate), unless different treatment is justified.

  Wellbeing

  The Company proactively supports Remote workers who are affected by time management and social isolation issues by:; a) regular one-to-one meetings between remote workers and their line managers; b) regular meetings between remote workers and their co-workers; networking, training, etc.; c) regular visits to their designated office; d) providing access to secure Company resources, e.g. CRM, SharePoint, Concur and BambooHR; e) providing access to Company communication tools such as Microsoft Teams, Microsoft Outlook and Yammer ; f) providing access to helplines for support with software problems and equipment failures; g) providing online meetings or virtual discussion forums; h) including remote workers in social activities, along with company newsletters and updates

Pricing

• Price: £800.00 to £950 a unit a day
• Discount for educational organisations: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at jennifer.billett@csiltd.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.