Claranet Limited

Security Risk Assessment

Security Risk Assessment Consultancy helps organisations adopt a risk-based approach to security through a tailored approach to detect, assess, and mitigate risk. Security risk assessments include risk modelling, threat modelling, risk assessment, information security review, and residual risk analysis. Assurance checks are available to ensure effective security controls.

Features

• Tailored risk assessment, scoped to assess relevant risks
• Categorisation of critical processes and significant information
• Collaborative risk assessment with employees
• Introduction to information security risk training provided
• Open source threat intelligence conducted
• Identify threat sources and potential reasons to conduct an attack
• Identify pre-existing vulnerabilities in processes and systems
• Identify the likelihood of a threat event materialising
• Prioritise risks for treatment

Benefits

• Tailored risk assessment minimises required time and resources
• Uncover information sources and potential new risks
• Enabling employees to learn and continue to identify risks
• Establish accessible vulnerabilities that could be used in an attack
• Prioritise and budget risk assessment activities
• Awareness of which threat actors could target your organisation
• Learn threat methods malicious actors may use
• Remediate identified vulnerabilities before they are exploited
• Make informed decisions on actions to take to reduce risk
• Prioritse implementing security controls where risk is greater

£1,000 to £1,500 a unit a day

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at UK-bidteam@claranet.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

170637411949537

Contact

Claranet UK Bid Team
020 7685 8000
UK-bidteam@claranet.com

Planning

• Planning service: Yes
• How the planning service works: Claranet's experienced consultants collaborate with your team to understand the existing risk management maturity. If available, and suitable, an organisation’s risk methodology will be utilised. The scope for the risk assessment will be agreed upon. The scope could be for the whole organisation. Alternatively, the scope could be limited to critical processes, the loss of which could severely impact the organisation if they were disrupted. Risk assessments are interview led. The purpose is to identify information, threat, and vulnerability sources, to input into the risk process. To get the best from everyone involved, information security risk management training can be delivered to people who have not participated in the identification of risks before.
• Planning service works with specific services: No

Training

• Training service provided: Yes
• How the training service works: Risk management training is provided as an introduction or a refresher to information security risks assessments. The training will ensure all employees are acquainted with risk methods and terminology.
• Training is tied to specific services: No

Setup and migration

• Setup or migration service available: No

Quality assurance and performance testing

• Quality assurance and performance testing service: No

Security testing

• Security services: Yes
• Security services type:
  • Security strategy
  • Security risk management
  • Security design
  • Cyber security consultancy
  • Security testing
  • Security audit services
  • Other
• Other security services:
  • ISO27001 Consulting Services
  • Cybersecurity training
• Certified security testers: Yes
• Security testing certifications:
  • CHECK
  • CREST
  • Tigerscheme
  • Other
• Other security testing certifications: OSCP

Ongoing support

• Ongoing support service: No

Service scope

• Service constraints: Security Risk Assessment Consultancy consume technical resources and therefore carries a lead-time between order and delivery. This lead time is considered when planning a project. Please ask for current lead times. Although Consultancy services can be delivered out of office hours (9 am-5 pm), this is chargeable at a higher rate and can be subject to longer lead times.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Claranet provides a credit service which is primarily provided via email on a bulk-buy, call-off basis. Responses are usually within 2-3 working days as this service isn't designed for business critical queries.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Support levels: Claranet provides support for Security Risk Assessment Consultancy in the form of scoping assistance, guidance, and remediation advice. Support is priced based on the technical resource it requires and is calculated based on a day rate. All engagements are assigned a technical resource and an account manager. Additionally, support is offered 9 to 5 (UK time), Monday to Friday. Claranet works towards a 2-3 working day turnaround for most email enquiries. Telephone advice is often delivered, which is usually ad-hoc arranged via your Claranet Account Manager.

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: DAS
• ISO/IEC 27001 accreditation date: 06/06/2023
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: 7Safe Limited
• PCI DSS accreditation date: 01/2019
• What the PCI DSS doesn’t cover: Our PCI-DSS only covers physical security requirements 1 to 8. 10 and 11 are not covered
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: ISO22301

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Sustainability is a core element of our CSR strategy. At Claranet, we recognise the significance of our environmental footprint, even if it’s small, and are dedicated to perpetual improvements in energy conservation and waste minimisation throughout our operations. Our Senior Management Team has defined environmental and energy policies with a structure for setting and revising environmental objectives and goals.; • Our approach to environmental management includes:; • Committing to lessen our environmental impact.; • Integrating environmental performance and management into our business practice.; • Encouraging recycling and eco-awareness across our workforce, clientele, and suppliers.; • Reducing eco-toxic emissions from company vehicles.; • Reducing our energy use.; • Aligning with stakeholders to meet or excel in environmental standards.; • Adhering to applicable environmental laws and regulations.; • Conducting regular audits to measure and report on environmental metrics and establish goals.; Our energy management is focused on:; • Complying with legal standards for energy use.; • Implementing and, where possible, exceeding best practices for energy management.; • Allocating resources to meet our energy objectives and improve our management system continuously.; • Procuring energy-efficient solutions and services when feasible.; • Using data to monitor significant energy use and set targets for reducing consumption across the enterprise.; Our commitment to sustainability is reinforced by certifications such as ISO14001 for Environmental Management, ISO50001 for Energy Management, and the Cisco Environmental Sustainability Specialisation.; Aiming for net zero by 2050, we are proactively seeking ways to achieve this sooner. Our efforts are transparent, with an external Carbon Reduction Plan available upon request.

  Equal opportunity

  Offering the opportunity to advance our people’s professional development is one thing, however, ensuring that everyone, no matter who they are, has that opportunity is something that we pride ourselves on. Diversity and Inclusion is a highly regarded topic at Claranet and one that we strive to work towards. We are committed to driving diversity and inclusion in a measurable way. ; Our HR and Management teams are working closely on diversity and inclusion initiatives to support the reduction in the gap in pay between men and women. We have a group of employees who have volunteered themselves to work together the ensure some of the most meaningful diversity and inclusion dates throughout the calendar year are acknowledged and/or celebrated with the goal of ensuring all of our employees feel a sense of belonging at Claranet. We are a signatory with the Tech Talent Charter (TTC) who pride themselves on bringing organisations together to drive greater diversity and inclusion within the Technology sector. Not only does this support women getting into technology, but those from multi-ethnic and lower socio-economic backgrounds as well. We are excited to be a part of this movement and hope to contribute to making the UK technology sector truly inclusive. We are also one of the founding members of the Technology Community for Racial Equality (T4CRE). We are proud to support this organisation that is focused on promoting diversity, equity, and inclusion in the technology industry (https://tc4re.org/who-we-are/). ; Our recruitment strategy and policy also heavily supports this. The makeup of our Senior Management Team further evidences our commitment to inclusivity, as it continues to represent an equal split between men and women, which is essential to leading a diverse workforce and promoting equality.

  Wellbeing

  Claranet are passionate about people and fostering a healthy and nurturing work environment.; Our dedicated Wellbeing and Engagement team, work in partnership with external providers to deliver our health and wellbeing scheme: Health is Wealth. The scheme is comprised of talks led by professionals, access to exercise classes, discounted gym memberships and access to a fully trained Mental Health First Aiders team. Some of our notable events include, a Stress Awareness seminar, Disability Awareness talk delivered by Lee Spencer, Employee led activity to celebrate Neurodiversity Week, Women in technology celebrations, Happiness in the Workplace celebration week and Imposters Syndrome webinar. Our in-house team plan employee activity based on employee feedback and suggestions, enabling us to deliver a very diverse programme and support network within the workplace.; In conjunction with this we also provide all employees with access to the Employee Assistance Program (EAP). This facility provides an independent, confidential, and unlimited service available 24 hours a day, 365 days a year. It provides access to specialist professionals who offer advice on stress and anxiety as well as a range of other issues such as bereavement support, legal guidance, and health related issues.; Our employees also benefit from core and voluntary benefits including dental cover and private medical that covers pre-existing conditions with a range of options to cover partners or families. Voluntary Critical Illness Cover of up to £150,000 also gives our employees and their families financial and practical support at times of need.

Pricing

• Price: £1,000 to £1,500 a unit a day
• Discount for educational organisations: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at UK-bidteam@claranet.com. Tell them what format you need. It will help if you say what assistive technology you use.