Claranet Limited

Continuous Security Testing (CST)

Continuous Security Testing (CST) helps you identify new vulnerabilities as they surface so you can patch them quickly to mitigate cyber risks to your organisation on an ongoing basis. We use a combination of manual penetration testing and vulnerability scanners to identify and verify vulnerabilities across your scope.

Features

• Continuous vulnerability identification and penetration testing service
• Always-on advanced vulnerability scanning
• Manual penetration testing of in-scope assets by our Penetration Testers
• Discover new systems, services, and applications added to the perimeter
• Monthly digests of verified vulnerabilities free of false positives
• Includes but not limited to OWASP Top 10
• Includes Claranet’s Cyber Portal, allowing users to view vulnerabilities/generate reports.

Benefits

• Reduce mean time to detection of vulnerabilities
• Receive vulnerability notifications as new high impact issues arise
• Supplement your IT team with security experts
• Detailed technical analysis allows IT teams to remediate and learn
• Dedicated guidance, real-world risk analysis & practical remediation advice
• Deep, continuous visibility rather an annual, one-off exercise
• Reduce the chances of an attacker finding an exploitable vulnerability
• Reduce need for ad-hoc tests for changes to existing systems

£15,000 to £250,000 a unit a year

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at UK-bidteam@claranet.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

158636002195652

Contact

Claranet UK Bid Team
020 7685 8000
UK-bidteam@claranet.com

Planning

• Planning service: Yes
• How the planning service works: Planning is an essential phase in the scoping of Claranet Continuous Security Testing. Our consultants work with your team to create an effective testing strategy and tailor continuous testing to your operational workflow.
• Planning service works with specific services: No

Training

• Training service provided: Yes
• How the training service works: All issues identified in the service are reported with technical detail which allows reproduction and specific remediation advice. Reports can be supplemented with further advice from our security consultants to ensure a full understanding of the vulnerability type, the identified instance, and the measures required to address the issue.
• Training is tied to specific services: No

Setup and migration

• Setup or migration service available: No

Quality assurance and performance testing

• Quality assurance and performance testing service: Yes
• How the quality assurance and performance testing works: The service aims to identify security issues within the assets defined by the customer, with a focus on the highest impact vulnerabilities that a legitimate attacker will identify and exploit. Conducting this testing continuously gives ongoing assurance of the quality of the customer systems with regards to security. Our consultants carry out vulnerability verification on all vulnerabilities identified from vulnerability scans to remove any false positives.

Security testing

• Security services: Yes
• Security services type:
  • Security strategy
  • Security risk management
  • Security design
  • Cyber security consultancy
  • Security testing
  • Security incident management
  • Security audit services
  • Other
• Other security services:
  • Web Application Testing
  • ISO27001 Consulting Services
  • Network Infrastructure Testing
  • Red Team Assessments
  • Social Engineering Assessments
  • Cyber Essentials Audits
  • Mobile Application Security Testing
  • Physical Security Assessments
  • Wi-Fi Security Assessments
  • Cloud Security Assessments
• Certified security testers: Yes
• Security testing certifications:
  • CHECK
  • CREST
  • Tigerscheme
  • Other
• Other security testing certifications: OSCP

Ongoing support

• Ongoing support service: No

Service scope

• Service constraints: The scope is limited to the internet facing attack surface of the organisation and their internal infrastructure. Any testing that needs to be conducted outside of this would not be possible through this service.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Questions are answered as soon as possible, usually within an hour, Monday to Friday, 9am - 5pm BST.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Support levels: There is a flat support level included with the service which allows ongoing communication between the customer and the security consultants.

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: DAS
• ISO/IEC 27001 accreditation date: 06/06/2023
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: 7Safe Limited
• PCI DSS accreditation date: 01/2019
• What the PCI DSS doesn’t cover: Our PCI-DSS only covers physical security requirements 1 to 8. 10 and 11 are not covered
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: ISO22301

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Sustainability is a core element of our CSR strategy. At Claranet, we recognise the significance of our environmental footprint, even if it’s small, and are dedicated to perpetual improvements in energy conservation and waste minimisation throughout our operations. Our Senior Management Team has defined environmental and energy policies with a structure for setting and revising environmental objectives and goals.; • Our approach to environmental management includes:; • Committing to lessen our environmental impact.; • Integrating environmental performance and management into our business practice.; • Encouraging recycling and eco-awareness across our workforce, clientele, and suppliers.; • Reducing eco-toxic emissions from company vehicles.; • Reducing our energy use.; • Aligning with stakeholders to meet or excel in environmental standards.; • Adhering to applicable environmental laws and regulations.; • Conducting regular audits to measure and report on environmental metrics and establish goals.; Our energy management is focused on:; • Complying with legal standards for energy use.; • Implementing and, where possible, exceeding best practices for energy management.; • Allocating resources to meet our energy objectives and improve our management system continuously.; • Procuring energy-efficient solutions and services when feasible.; • Using data to monitor significant energy use and set targets for reducing consumption across the enterprise.; Our commitment to sustainability is reinforced by certifications such as ISO14001 for Environmental Management, ISO50001 for Energy Management, and the Cisco Environmental Sustainability Specialisation.; Aiming for net zero by 2050, we are proactively seeking ways to achieve this sooner. Our efforts are transparent, with an external Carbon Reduction Plan available upon request.

  Equal opportunity

  Offering the opportunity to advance our people’s professional development is one thing, however, ensuring that everyone, no matter who they are, has that opportunity is something that we pride ourselves on. Diversity and Inclusion is a highly regarded topic at Claranet and one that we strive to work towards. We are committed to driving diversity and inclusion in a measurable way. ; Our HR and Management teams are working closely on diversity and inclusion initiatives to support the reduction in the gap in pay between men and women. We have a group of employees who have volunteered themselves to work together the ensure some of the most meaningful diversity and inclusion dates throughout the calendar year are acknowledged and/or celebrated with the goal of ensuring all of our employees feel a sense of belonging at Claranet. We are a signatory with the Tech Talent Charter (TTC) who pride themselves on bringing organisations together to drive greater diversity and inclusion within the Technology sector. Not only does this support women getting into technology, but those from multi-ethnic and lower socio-economic backgrounds as well. We are excited to be a part of this movement and hope to contribute to making the UK technology sector truly inclusive. We are also one of the founding members of the Technology Community for Racial Equality (T4CRE). We are proud to support this organisation that is focused on promoting diversity, equity, and inclusion in the technology industry (https://tc4re.org/who-we-are/). ; Our recruitment strategy and policy also heavily supports this. The makeup of our Senior Management Team further evidences our commitment to inclusivity, as it continues to represent an equal split between men and women, which is essential to leading a diverse workforce and promoting equality.

  Wellbeing

  Claranet are passionate about people and fostering a healthy and nurturing work environment.; Our dedicated Wellbeing and Engagement team, work in partnership with external providers to deliver our health and wellbeing scheme: Health is Wealth. The scheme is comprised of talks led by professionals, access to exercise classes, discounted gym memberships and access to a fully trained Mental Health First Aiders team. Some of our notable events include, a Stress Awareness seminar, Disability Awareness talk delivered by Lee Spencer, Employee led activity to celebrate Neurodiversity Week, Women in technology celebrations, Happiness in the Workplace celebration week and Imposters Syndrome webinar. Our in-house team plan employee activity based on employee feedback and suggestions, enabling us to deliver a very diverse programme and support network within the workplace.; In conjunction with this we also provide all employees with access to the Employee Assistance Program (EAP). This facility provides an independent, confidential, and unlimited service available 24 hours a day, 365 days a year. It provides access to specialist professionals who offer advice on stress and anxiety as well as a range of other issues such as bereavement support, legal guidance, and health related issues.; Our employees also benefit from core and voluntary benefits including dental cover and private medical that covers pre-existing conditions with a range of options to cover partners or families. Voluntary Critical Illness Cover of up to £150,000 also gives our employees and their families financial and practical support at times of need.

Pricing

• Price: £15,000 to £250,000 a unit a year
• Discount for educational organisations: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at UK-bidteam@claranet.com. Tell them what format you need. It will help if you say what assistive technology you use.