ADROIT CLOUD CONSULTING LIMITED

Secure CI / CD Implementation

Adroit's Secure CI/CD Implementation Service supports secure continuous integration, delivery, and deployment. Integrating tools such as SCA, SAST, and compliance checks, it ensures ISO 27001 compliance, reducing risks early in the development cycle. Our Agile approach streamlines development processes, aligning with industry standards and delivering secure, efficient pipelines.

Features

• Integrates SonarQube, Checkmarx for ISO 27001-compliant code security.
• Utilises SAST tools like Checkmarx; aligns with OWASP Top 10.
• Automates Docker container scanning, adhering to NCSC guidelines
• Manages artifacts with policy enforcement tools, ensuring GDPR compliance.
• Monitors compliance with coding, security standards; ITIL 4 process alignment.
• Employs encryption, secret management in CI/CD, enhancing data protection.
• Incorporates DAST tools for real-time vulnerability detection, mitigating risks.
• Provides DevSecOps best practices training, fostering a culture of security.
• Supports Cloud First strategy with cloud-agnostic scanning technologies.
• Service design aligns with GDS standards, ensuring digital service excellence

Benefits

• Boosts code security, aligning with ISO 27001, enhancing trustworthiness.
• Fortifies defences against vulnerabilities, leveraging OWASP and NCSC advice.
• Ensures compliance with legal and financial regulations, reducing risk.
• Early risk mitigation decreases the need for costly late-stage fixes.
• Container scanning secures deployments, supporting Cloud First initiatives.
• Secure artifact management protects intellectual property, aligning with GDPR.
• Achieves continuous compliance with evolving security standards and practices
• Advanced encryption techniques safeguard sensitive data throughout development.
• Efficient runtime vulnerability detection accelerates remedial actions.
• Enhances team security skills, promoting innovation within secure parameters.

£270 to £2,200 a unit a day

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at business@adroitcc.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

190954576903205

Contact

Pav Khural
07732808155
business@adroitcc.co.uk

Planning

• Planning service: Yes
• How the planning service works: Adroit's planning service for Secure CI/CD Implementation sets the foundation for integrating ISO 27001-compliant security into your development pipelines. Our approach focuses on embedding security practices early in the development cycle, using advanced tools and methodologies to mitigate risks and ensure compliance.; ; The planning process involves:; ; Assessing your current CI/CD workflows to identify integration points for security tools like SonarQube and Checkmarx, and practices including SCA and SAST.; Mapping out a strategy to incorporate OWASP Top 10 security measures and varied tool options for comprehensive risk management.; Designing a CI/CD pipeline that automates container scanning with Docker and other technologies, ensuring secure artifact management and data encryption.; Establishing compliance monitoring to maintain ISO 27001 standards throughout the development process.; Planning for the inclusion of Dynamic Application Security Testing (DAST) tools to identify runtime vulnerabilities.; Developing a training programme on DevSecOps best practices to enhance team capabilities in secure software development.; Our planning service aims to deliver a CI/CD pipeline that not only accelerates development efficiency but also embeds robust security measures from the start, aligning with security standards and best practices to protect your projects against vulnerabilities and compliance risks.
• Planning service works with specific services: No

Training

• Training service provided: Yes
• How the training service works: Adroit's training service for Secure CI/CD Implementation equips your team with the knowledge and skills to integrate ISO 27001-compliant security practices into your CI/CD pipelines. Our comprehensive training programme is designed to ensure your development processes are secure, efficient, and aligned with industry best practices.; ; Training includes:; ; An overview of secure CI/CD principles and the importance of integrating security early in the development cycle.; Hands-on sessions with tools such as SonarQube and Checkmarx for code security and static application security testing (SAST).; Guidance on implementing OWASP Top 10 strategies and selecting appropriate tools to address common vulnerabilities.; Techniques for automating container scanning and managing artifacts securely, using Docker and other technologies.; Best practices for coding and security standards compliance, employing encryption and secret management within CI/CD workflows.; Training on using Dynamic Application Security Testing (DAST) tools to detect and address runtime vulnerabilities.; Our training is aimed at boosting your team's proficiency in secure software development practices, ensuring they can effectively mitigate risks, maintain regulatory compliance, and enhance the overall security posture of your applications. Through this training, your team will be better equipped to innovate securely, protecting both your intellectual property and sensitive data.
• Training is tied to specific services: No

Setup and migration

• Setup or migration service available: Yes
• How the setup or migration service works: Adroit’s Secure CI/CD Implementation Planning Service establishes security at the heart of your development pipelines, ensuring compliance with ISO 27001 and OWASP guidelines from the outset. Our approach begins with a detailed review of your existing CI/CD practices to spot vulnerabilities and optimisation opportunities. By integrating leading security tools like SonarQube for static analysis, and Docker for container scanning, we embed robust protection at every stage of your pipeline.; ; The Planning Service Includes:; Crafting a security-centric framework within your CI/CD pipelines, integrating continuous security measures to prevent afterthought patching.; Automating security protocols to minimise manual oversight while accelerating secure development cycles.; Introducing encryption and secret management early in the development process to safeguard sensitive data across all environments.; Outlining a bespoke plan to elevate your CI/CD pipeline's security, including upskilling your team in prevailing security practices and tool usage.; By engaging with Adroit, you lay down a foundation for not only secure and efficient development workflows but also for cultivating a security-first mindset within your team, ensuring ongoing adherence to high security standards in line with the latest industry practices and regulations.
• Setup or migration service is for specific cloud services: No

Quality assurance and performance testing

• Quality assurance and performance testing service: Yes
• How the quality assurance and performance testing works: Our quality assurance and performance testing services are embedded from project initiation, ensuring a comprehensive examination across functional and non-functional requirements. We employ a blend of manual and automated testing techniques, providing robust quality assurance and performance assessments throughout the software development lifecycle. Our agile testing strategy integrates seamlessly with DevOps practices, including Continuous Integration/Continuous Delivery/Deployment (CI/CD), establishing an efficient and streamlined software delivery pipeline.; ; Expert QA and performance testers are actively involved from the early stages—planning, design, and implementation—adhering to GDS standards. This proactive involvement facilitates the early detection and resolution of potential quality issues, effectively minimising defects to zero within sprint cycles and enhancing overall software integrity. Our approach not only ensures the delivery of high-quality software solutions but also accelerates time to launch, reduces project risks, and improves stakeholder satisfaction by aligning product outcomes with the organisations' objectives and user expectations.

Security testing

• Security services: Yes
• Security services type:
  • Security strategy
  • Security risk management
  • Security design
  • Cyber security consultancy
  • Security testing
  • Security incident management
  • Security audit services
• Certified security testers: Yes
• Security testing certifications:
  • GBEST
  • CHECK
  • CREST
  • Tigerscheme
  • Cyber Scheme

Ongoing support

• Ongoing support service: Yes
• Types of service supported:
  • Buyer hosting or software
  • Hosting or software provided by your organisation
  • Hosting or software provided by a third-party organisation
• How the support service works: We deliver tailored solutions to help you design, implement, and manage your hosting or software services. Our offerings are adaptable to meet your specific requirements and budgets, ranging from full outsourcing to supplementing your current teams.; ; For organisations wishing to build their own in-house capabilities, we provide comprehensive support. This includes sourcing skilled professionals, from apprentices to seasoned experts, and equipping them with the necessary training to independently manage and maintain your services.; ; Our support operates around the clock, 365 days a year, ensuring reliable service at all times. We also offer proactive monitoring and alerting systems, which can be integrated with your existing tools or provided through our own solutions.; ; Additionally, we provide access to a diverse pool of talent, whether local, nearshore, or offshore, ensuring you have the right expertise to meet your operational needs.; ; Whether you require continuous support or assistance in establishing a self-sufficient team, we work closely with you to ensure your strategy is achieved effectively and efficiently.

Service scope

• Service constraints: None apply, not applicable

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Within 1-hour and response times are not different at weekends.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AAA
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Support levels: Adroit's support service for Secure CI/CD Implementation offers ongoing assistance to ensure your CI/CD pipelines remain secure, compliant, and efficient. Tailored to support your team in maintaining and enhancing security practices within your development processes.; ; Support Service includes:; ; 24/7 availability for urgent security and compliance issues, providing peace of mind and immediate assistance when needed.; Direct access to expert support via email and phone, facilitating prompt resolution of queries and technical challenges.; Continuous guidance on using security tools such as SonarQube, Checkmarx, and other SCA and SAST solutions integrated into your CI/CD pipelines.; Advice on automating container scanning, secure artifact management, and implementing encryption within CI/CD workflows.; Assistance with employing OWASP Top 10 security strategies and selecting the right tools to strengthen your application defences.; Support in maintaining continuous compliance with coding and security standards, ensuring your projects adhere to regulatory requirements.; Our dedicated support ensures that your development teams have the necessary resources and expertise at their disposal to manage security effectively within CI/CD environments. This ongoing support fosters a culture of secure development, minimising risks and enhancing the overall security posture of your applications.

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: British Standards Institute
• ISO/IEC 27001 accreditation date: 09/02/2024
• What the ISO/IEC 27001 doesn’t cover: Nothing
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  We encourage ethical and fair-trade purchasing and sustainable and carbon-reduction elements in our purchasing strategy. Our stated policy objective is to meet our Net Zero carbon targets while achieving our wider Social Value priorities. We have; ; Developed a circular economy model approach to our procurement strategy, environmental policy, and prevention strategies.; Ensured sustainability is considered in all purchases ; We operate a water consumption and management system that closely monitors water usage and compares performance with published targets. ; Regularly reviewed opportunities for reduction of mains water consumption. ; Installed water-efficient fittings and technology ; Reduced water consumption by 25% in 2023 and 3 m3/person/year for offices. ; To ensure new development, upgrades, and refurbishments are carried out to policies, and specifications. We apply independent environmental assessment methods to new developments. Our Waste Prevention Programme focuses on the top of the waste hierarchy, which means increasing the reuse, repair, re-manufacture, and use of industrial by-products. We monitor greenhouse gas emissions. We are committed to achieving Net Zero by 2050. ; REDUCING CARBON EMISSIONS; Remote Working: By facilitating remote and hybrid working, we actively reduce our carbon footprint by minimising commuting and business travel. This has the dual benefit of enhancing work-life balance and reducing emissions associated with transport.; Minimising Business Travel: we limit in-person meetings and opt for virtual communication tools; reducing the need for travel and associated carbon emissions.; Green Transport Initiatives: We cycle to stations for public transport wherever possible, further decreasing carbon emissions linked with car usage. We are also replacing our existing hybrid company vehicles with fully electric models to lower our emissions further.; Carbon Offsetting: We work with partners, where we plant trees locally. For each tree planted, a tonne of carbon is saved through supporting internationally verified carbon reduction projects.

  Covid-19 recovery

  Enhancing workplace conditions to support COVID-19 recovery required a comprehensive effort. Adroit implemented the following measures to safeguard the well-being of all engaged parties and the local community in order to contribute to broader recovery efforts:; Remote Working: We facilitated and promoted remote working options wherever feasible; Employee Support and Communication: Regular updates on COVID-19 developments, safety measures, and resources were communicated transparently to our employees and subcontractors; Mental Health Support: Adroit places a strong emphasis on fostering a positive and collaborative work environment. Through regular check-ins and an empathetic management approach, we maintain a healthy work-life balance and emotional wellbeing for all our team members. Employee mental wellness is integral to us.; Adroit is a workplace that fosters a culture of safety, flexibility, and employee well-being. Our commitment to improving workplace conditions contributes to the broader COVID-19 recovery effort and helps us emerge stronger as a united and resilient workforce.

  Equal opportunity

  As a digital transformation consultancy, a core focus is on creating equal employment opportunities for individuals facing barriers to employment and those located in deprived areas.; We are committed to promoting diversity and inclusivity by providing equal opportunities to all candidates based on their skills and potential. We actively seek talent from disadvantaged communities to contribute to their economic growth. Our dedication to creating meaningful employment opportunities drives our mission to positively impact and foster a diverse and inclusive work environment.; To demonstrate our dedication to this goal, we have implemented several actions:; Regular Audits: We conduct regular audits of our workforce to identify disparities in employment opportunities, skills development, and pay. These audits help us understand the areas that need improvement and ensure transparency in our practices.; Equal Pay Policy: Our equal pay ensures that all workers receive fair and equitable compensation for their work regardless of their contract status.; Skill Enhancement Programmes: We offer skill enhancement programmes to all employees, providing them with opportunities to develop and grow professionally. By investing in their skills, we aim to level the playing field and empower them for future career advancement.; Diversity and Inclusion Training: We conduct training sessions for our workforce to promote diversity and inclusion. These sessions raise awareness about fairness and respect, fostering a culture that values diversity.; Regular Feedback Mechanisms: We encourage open communication and feedback from our subcontractors. This helps us identify and address any concerns or issues related to inequality promptly.; We are dedicated to creating an inclusive and supportive work environment where all employees, regardless of their contractual status, have equal opportunities to thrive and succeed.

  Wellbeing

  We have identified the needs of our workforce and local communities, worked with health professionals (also using our Occupational Health service providers) and workforce representatives/community leaders, conducted surveys, held focus groups, and talked to community leaders to provide our Care well-being Support Programme, supporting the Mental Health at Work Plan: our volunteers and certified partner organisation provide health and wellbeing support for our temporary workers, internal staff and local communities; ; Mental health Wellbeing & Floor Walking / Desk-Side Mental Health First Aider (pastoral support for disadvantaged groups; helping to reduce stigma surrounding mental health conditions); Healthy living ; Financial and legal well-being and Fair Work Planning; 24/7 GP consultation ; Smoking cessation ; Mental & physical health support & confidential helpline, especially during Covid-19 remote working/recovery ; Burnout prevention ; Life events counselling ; Team Coach (confidential work-based safe environment coaching support) ; Get fit programme, healthy eating at home ; Diet support/Healthy diet at work ; Financial/Legal guidance ; The programme is monitored quarterly to take feedback from participants to help us drive improvements. We especially focus on the feedback from individuals with mental health problems. Our internal volunteers are professionally trained to deliver mentoring and support. ; We work with local community organisations such as The Rainbow Project, Action Mental Health and Inspire Wellbeing, who provide support and resources to support underrepresented communities.; We work with Cancer Pledge which aims to abolish the stigma and insecurity that exist for people with cancer in the workplace. They stand together to provide a more open, supportive, and recovery-forward culture at work for all. We recently joined the pledge, in our continuous commitment to be inclusive and to create a supportive environment for our employees and candidates. We are committed to continuously raising awareness and creating specific policies and programs, to accommodate specific needs of cancer patients and caregivers in the workplace.

Pricing

• Price: £270 to £2,200 a unit a day
• Discount for educational organisations: Yes

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at business@adroitcc.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.