Prism Infosec

Penetration Testing / Infrastructure Testing

Our team of experienced penetration testers and network / system
and firewall security experts follow formal methodologies to assess
an infrastructure platform’s security controls for vulnerabilities and
weaknesses across the stack and deliver a comprehensive, yet
easy to decipher report.

Features

• A “Hacker” approach by experienced testers, to simulate real-world attacks
• OSINT/Internal/ External Pen testing to create a blended threat scenario
• Onsite and remote testing options
• Final reports containing detailed findings and Management Summary
• Fully detailed walkthrough of critical issues
• Debrief and further consultancy available post engagement

Benefits

• Identify and remediate vulnerabilities before they become a target
• Understand the real risk of a breach of your business
• Support PCI DSS, ISO 27001 and GDPR compliance
• Raise security awareness within your business
• Protect your brand, business and reputation
• Test security controls associated with internal or perimeter infrastructure
• Effectively manage infrastructure information security risks

£875.00 to £1,200.00 a unit a day

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at contact@prisminfosec.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

177956623951777

Contact

Robin Mulligan
01242652100
contact@prisminfosec.com

Planning

• Planning service: No

Training

• Training service provided: No

Setup and migration

• Setup or migration service available: Yes
• How the setup or migration service works: Prism Infosec can provide expert consultancy on the secure setup and migration of services into the cloud. Using best practice guidelines from the NCSC and the Cloud Security Alliance, as well as our own experience on conducting many assessment of infrastructure and application services in the cloud, Prism Infosec will be able to provide guidance on correct architecture and configuration to manage cyber security of cloud migrations.
• Setup or migration service is for specific cloud services: No

Quality assurance and performance testing

• Quality assurance and performance testing service: No

Security testing

• Security services: Yes
• Security services type:
  • Security strategy
  • Security risk management
  • Cyber security consultancy
  • Security testing
  • Security audit services
• Certified security testers: Yes
• Security testing certifications:
  • CHECK
  • CREST
  • Cyber Scheme
  • Other
• Other security testing certifications:
  • OSCP
  • IASME

Ongoing support

• Ongoing support service: No

Service scope

• Service constraints: None

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We will respond within 2 working days.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Support levels: We typically provide support during office hours with regard to the delivery of ongoing penetration testing services or reports delivered within the last 3 months with a 6 hour response window. This is included in the cost of delivery of a penetration test. The principal consultant responsible for the delivery of a penetration test shall be responsible for customer's technical account.

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Alcumus ISOQAR
• ISO/IEC 27001 accreditation date: 10/03/2020
• What the ISO/IEC 27001 doesn’t cover: The following controls have been excluded and are considered valid A.14.2 - Security in development and support processes A.14.3 - Test data development and support processes A.14.3 - Test data
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • Crest STAR
  • CHECK
  • Cyber Scheme

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  The Company is committed to keeping the environmental impact of its activities to a minimum and has established an Environmental Policy in order help achieve this aim. As an absolute minimum, the Company will ensure that it meets all applicable environmental laws in whichever jurisdiction it may be operating.

  Covid-19 recovery

  Covid 19 has forced the world to re-evaluate it’s approach in all aspects of business and life. We at Prism Infosec pride ourselves at being agile in our approach and very quickly adjusted our approach to be more flexible and have put measures in place to be able to provide our services safely and securely from a remote location if needed. We have adjusted very well to the pandemic and have adopted a similar approach coming out of the pandemic. This gives us also the opportunity to provide a more sustainable service that is less impact on the environment as well as the cost to the client.

  Tackling economic inequality

  Additionally, Prism Infosec are supporting the DWP and IASME ‘Kickstart’ Scheme, which is a government initiative which provides funding to employers to create jobs for 16 to 24 year olds on Universal Credit. We currently have a ‘Kickstart’ vacancy pending and are in the process of conducting interviews to fill this position and add a Kickstart based resource into our team. We align with the philosophy of this programme as it seeks to encourage individuals into our industry who may well have missed out as they have not progressed through into the further education environments that traditionally fuel our industry Other initiatives have included the sponsorship of industry related events, to the extent that we have been the major sponsor of the previous Liverpool ‘BSides’ event. BSides Liverpool is a cyber security industry driven, community event, that relies on sponsorship to happen. The event itself has strong social values as it looks to inform and provide workshops relating to our industry and to attract individuals into it . BSides believe that these are inclusive events and places where all people should feel safe and respected and welcome diversity in age, race, ethnicity, national origin, range of abilities, sexual orientation, gender identity, financial means, education, and political perspective.

  Equal opportunity

  1.1 Policy Statement Prism Infosec Ltd (“the Company”) is committed to achieving a working environment which provides equality of opportunity and freedom from unlawful discrimination on the grounds of race, sex, pregnancy and maternity, marital or civil partnership status, gender reassignment, disability, religion or beliefs, age or sexual orientation. This Policy aims to remove unfair and discriminatory practices within the Company and to encourage full contribution from its diverse community. The Company is committed to actively opposing all forms of discrimination. The Company also aims to provide a service that does not discriminate against its clients and customers in the means by which they can access the services and goods supplied by the Company. The Company believes that all employees and clients are entitled to be treated with respect and dignity.

  Wellbeing

  In 2022 Prism implemented a private medical scheme to its employees, that provides them with therapies like mental health included in the cover. We have also provided channels for employees to talk about their mental health or any other related wellbeing issues.

Pricing

• Price: £875.00 to £1,200.00 a unit a day
• Discount for educational organisations: Yes

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at contact@prisminfosec.com. Tell them what format you need. It will help if you say what assistive technology you use.