Hexegic

DMZ in a Box (DiB) - Support Wrapper

Provision of end-to-end expertise for the ongoing support to DMZ in a Box (Lot 1) appliance, thereby enabling effective implementation of ephemeral technologies to optimise compute orchestration whilst breaking the attack pattern associated with persistence. The expertise extends to deployment strategies, integration and orchestration management, protective monitoring and training.

Features

• Deployment strategist
• Secure development
• Cyber awareness
• Secure by Design (SbD) consultancy
• Incident management
• Technical support

Benefits

• Reduced cyber threat surface
• Reduced deployment risk and timeframe
• NCSC Assured Service Provider
• Access to Chartered Cyber Security Professional
• Personnel with National Security Vetting
• Bespoke workpackage development

£750 a unit a day

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at contact@hexegic.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

182070619690571

Contact

Rob Sommerville
0870 7622111
contact@hexegic.com

Planning

• Planning service: Yes
• How the planning service works: A planning activity will be conducted in person (or virtually) to inform both the deployment strategy and subsequent capability implementation.
• Planning service works with specific services: Yes
• Hosting or software services the planning service works with: DMZ in a Box (DiB) Virutal Appliance

Training

• Training service provided: Yes
• How the training service works: Implementation training is provided for use with Managed Internet Access.
• Training is tied to specific services: Yes
• Services the training service works with: DMZ in a Box (DiB)

Setup and migration

• Setup or migration service available: Yes
• How the setup or migration service works: The on-boarding process is split in two distinct phases: technical and transition. The former will seek to conduct a rapid technical evaluation of an organisation’s extant infrastructure to enable Hexegic to advice on the optimal DiB implementation at minimal disruption. Consideration will also be given during this period to any unique or novel technical, security and or user requirements specific to the organisation. The transition phase will commence once onsite acceptance testing of the technical implementation has been completed. The phase will provide nominated personnel with both privileged accounts and advanced DiB training.
• Setup or migration service is for specific cloud services: No

Quality assurance and performance testing

• Quality assurance and performance testing service: Yes
• How the quality assurance and performance testing works: Services are offered in accordance with ISO9001 accreditation.

Security testing

• Security services: Yes
• Security services type:
  • Security strategy
  • Security risk management
  • Security design
  • Cyber security consultancy
  • Security testing
  • Security incident management
• Certified security testers: Yes
• Security testing certifications: CHECK

Ongoing support

• Ongoing support service: Yes
• Types of service supported:
  • Hosting or software provided by your organisation
  • Hosting or software provided by a third-party organisation
• How the support service works: Hexegic is able to support the MIA platform and third party applications and or services consumed within it.

Service scope

• Service constraints: VPN connectivity is required to the extant infrastructure.; Service to be offered a OFFICIAL unless otherwise requested.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Average mean response time less than 15 minutes, Monday - Friday.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Support levels: Level 1 - Telephone Support. ; Level 2 - Deskside Support (subject to contract). ; Level 3 - Application Support.

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 19/04/2024
• What the ISO/IEC 27001 doesn’t cover: Nothing is out of scope.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • JOSCAR Accreditation
  • NCSC Certified Consultancy
  • Chartered Cyber Security Professional
  • IASME Cyber Advisor (Cyber Essentials)

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  (1) Statement of Need. Effective stewardship of the environment.; (2) Method Statement. Hexegic will expand its current published Carbon Reduction Plan and commitment towards Net Zero, by investing in an initiative to enhance the natural environment through increasing local biodiversity by encouraging the number of pollinators in the area with the introduction of new beehives. Whilst native trees and plants that sustain pollinators through spring, summer and autumn, will be planted in the vicinity. New hives and locations will be added, as well as extending education and training to local community groups. ; (3) Model Award Criteria. The policy outcome follows MAC 4.1 - Deliver additional environmental benefits in the performance of the contract including working towards net zero greenhouse gas emissions.; (4) Project Plan:; (a) Timed Action Plan:; i. +3 months – Attend training and join a local beekeeping branch. ; ii. +6 months – Secure permission to locate new beehive(s). ; iii. + 1 year – Establish new beehive(s) with supporting inspection regime. ; (b) Metrics:; i. Number of beehives established.; ii. Number of training/inspection days attended per annum.; iii. Number of native trees planted to support pollinators.; (c) Tools/Processes:; i. SmartCarbon Carbon Reporting Platform. ; ii. GHG Reporting Protocol Corporate Standard.; (d) Reporting:; i. Annual Carbon Reduction Plan.; (e) Feedback & Improvement:; i. The initiative will follow Hexegic’s ISO9001 accredited QMS.; ii. Lessons identified/lessons learnt will be captured.; (f) Transparency:; i. Published on corporate website in accordance with PPN 06/21.; ii. The procuring Authority on request.; (g) Influence:; i. Published on the corporate website.

  Covid-19 recovery

  (1) Statement of Need: Helping local communities to manage and recover from; the impacts of COVID 19, tackling economic inequality, and driving the workforce including creating new businesses, jobs and skills as well as increasing supply chain resilience.; (2) Method Statement: Hexegic will offer gratis Cyber Risk Assessments to SME members of the Silverstone Technology Cluster (STC) to assist organisations strengthen their cyber resilience. The one-day assessments are aimed at raising their awareness and understanding of cyber threats and vulnerabilities, as well as provide Action Plans (where necessary) to strengthen security controls, whilst enabling new working practices.; (3) Model Award Criteria: The policy outcome follows MAC 1.3 - Support for organisations and businesses to manage and recover from the impacts of COVID-19, including where new ways of working are needed to deliver services.; (4) Project Plan: The impact will be delivered by the following initiatives:; (a) Timed Action Plan:; i. +3 months - Engage the STC leadership team.; ii. +6 months - Promotion of offer to STC membership.; iii. + 1 year - Commitment to complete at least three gratis assessments.; (b) Metrics:; i. Number of assessments completed per annum.; ii. Number of days efforts consumed per annum.; (c) Tools/Processes:; i. STC newsletters and events will be the forum for engaging members.; ii. Consultancy Lifecycle will be used to standardise the process.; iii. Engagement will follow Hexegic’s ISO9001 accredited QMS.; (d) Reporting:; i. To be included in NCSC ACSC Annual Management Reporting.; (e) Feedback & Improvement:; i. The engagement will follow Hexegic’s ISO9001 accredited QMS.; ii. Lessons identified/lessons learnt will be captured as part of the standing QMS.; (f) Transparency:; i. Silverstone Technology Cluster.; ii. National Cyber Security Centre.; (g) Influence:; i. Co-design of promotional material and collateral with STC.

  Tackling economic inequality

  (1) Statement of Need. Tackling Economic Inequality through employment opportunities.; (2) Method Statement. Hexegic will invest in a talent strategy to identify and respond to the skills shortages in the high growth sector of cyber security. A talent lead will be identified to coordinate professional development investment amongst the workforce, to develop the key skills in demand by the contract and sector. The strategy will also seek to promote awareness of careers and recruitment opportunities in this sector, amongst Service leavers and veterans of the Armed Forces. ; (3) Model Award Criteria. The policy outcome follows MAC 2.2 - Create employment and training opportunities particularly for those who face barriers to employment and/or who are located in deprived areas, and for people in industries with known skills shortages or in high growth sectors.; (4) Project Plan:; (a) Timed Action Plan:; i. +3 months - Appoint a full-time talent lead for professional development.; ii. +6 months - Complete a professional development plan to address skills shortage.; iii. + 1 year - Commitment to spend £5,000 per employee per year on training.; (b) Metrics:; i. Number of training days attended per annum.; ii. Number of professional qualifications gained per annum.; iii. Number of Service leavers/veterans offered employment opportunities.; (c) Tools/Processes:; i. Record professional development attended and skills attained.; ii. SFIA Rate Card to assess professional mobility of staff.; iii. Training review will follow Hexegic’s ISO9001 accredited QMS.; (d) Reporting:; i. Monthly professional development updates in the company newsletter.; ii. Annual professional development reporting.; (e) Feedback & Improvement:; i. The initiative will follow Hexegic’s ISO9001 accredited QMS.; ii. Lessons identified/lessons learnt will be captured as part of the standing QMS.; (f) Transparency:; i. Hexegic leadership team and employees.; ii. The procuring Authority on request.; (g) Influence:; i. Assigned as a leadership team priority.

  Equal opportunity

  (1) Statement of Need: Promoting diversity within the cyber security sector.; (2) Method Statement: Hexegic will appoint a talent lead with a mandate and funding to promote diversity and equal opportunities within the cyber sector. Each employee will have access to a professional development fund as well as access to the senior leadership team to assist team members upskill into cyber security roles. Disadvantaged groups will be a particular focus for support and mobility.; (3) Model Award Criteria: The policy outcome follows MAC 6.2 - Support in-work progression to help people, including those from disadvantaged or minority groups.; (4) Project Plan: The impact will be delivered by the following initiatives:; (a) Timed Action Plans: ; i. +3 months - Appoint a talent lead for professional development.; ii. +6 months - Complete a company-wide professional development plan.; iii. + 1 year - Commitment to spend £5,000 per employee per year on training.; (b) Metrics:; i. Number of courses attended per annum.; ii. Number of training days attended per annum.; iii. Number of professional qualifications gained per annum.; (c) Tools/Processes:; i. Record of professional development attended, and skills attained.; ii. Training review will follow Hexegic’s ISO9001 accredited QMS.; (d) Reporting:; i. Monthly professional development updates in the company newsletter.; ii. Annual professional development reporting.; (e) Feedback & Improvement:; i. The initiative will follow Hexegic’s ISO9001 accredited QMS.; ii. Feedback on the conduct of the training will be systematically collected and analysed.; iii. Lessons identified/lessons learnt will be captured as part of the standing QMS.; (f) Transparency:; i. Reporting to Hexegic leadership team and employees.; ii. Reporting to external certification bodies.; (g) Influence:; i. Assigned as a leadership team priority.

  Wellbeing

  (1) Statement of Need: Supporting health and wellbeing in the workforce.; (2) Method Statement: Hexegic will invest in a wellbeing initiative that seeks to cater for both physical and mental health through the provision of gym membership, private healthcare, and access to mental health services (including mindfulness resources). The company will train workplace Mental Health First Aiders within key teams. Hexegic will also plan and conduct experiential learning opportunities, outside of the workplace, to foster personal growth, social interaction between teams, and overall good health. ; (3) Model Award Criteria: The policy outcome follows MAC 7.1 - Demonstrate action to support health and wellbeing, including physical and mental health, in the contract workforce.; (4) Project Plan:; (a) Timed Action Plan:; i. +3 months - Identify and train a minimum of two Mental Health First Aiders.; ii. +6 months - Implement a calendar of experiential education opportunities. ; iii. + 1 year - Reaffirm the eligibility criteria for private healthcare enrolment. ; (b) Metrics:; i. Number of Mental Health First Aiders trained.; ii. Number of attendees at each event. ; iii. Number of enrolments to the wellbeing initiative. ; (c) Tools/Processes:; i. Record professional development attended and skills attained.; ii. Annual Employee Opinion Survey to track sentiment.; iii. The initiative will follow Hexegic’s ISO9001 accredited QMS.; (d) Reporting:; i. Monthly professional development updates in the company newsletter.; ii. Annual professional development reporting.; (e) Feedback & Improvement:; i. The initiative will follow Hexegic’s ISO9001 accredited QMS.; ii. Lessons identified/lessons learnt will be captured as part of the standing QMS.; (f) Transparency:; i. Hexegic leadership team and employees.; ii. The procuring Authority on request.; (g) Influence:; i. Assigned as a leadership team priority.

Pricing

• Price: £750 a unit a day
• Discount for educational organisations: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at contact@hexegic.com. Tell them what format you need. It will help if you say what assistive technology you use.