C3IA SOLUTIONS LIMITED

Cloud Cyber Security

C3IA provides NCSC Assured Cyber Security Consultancy, delivering specialist advice to the public and private sectors to help them identify, understand and manage information security risks. Assured in Risk Management and with extensive experience of implementing NCSC Cloud Guidance, C3IA’s application of best practice helps organisations achieve risk-appropriate security outcomes.

Features

• Service lifecycle complies with NCSC and ISO 20700 Standards
• UK Cyber Security Council Chartered Cyber Security Professionals
• Specialist security training including Data Protection and Cryptographic Management
• HMG SPF, GovS007:Security, NIST CSF, ISO 27001 expertise
• System assurance implementing and following Secure by Design
• Supply chain security assessments and assurance
• Cyber Vulnerability Assessment and Investigation
• Application of NCSC guidance and industry best practice
• Technical Surveillance Counter Measures (TSCM), digital and cloud environments
• Protective security assessments (Physical, Personnel, Cyber, Technical, Industry)

Benefits

• Reduced risk using NCSC assured services and certified good practice
• Cloud and security services integrated into business transformation
• Services delivered by Certified Cloud Security Professionals and NIST Practitioners
• Proportionate and pragmatic risk reduction and implementation of security controls
• Improved alignment of Digital and Data with People (Human Factors)
• Reduced costs due to evidence-led analysis of security controls
• Security risk better managed throughout the entire ICT lifecycle
• Better risk management of the supply chain
• Improved security culture reducing organisational risks and costs
• Confidence to senior leaders that work will deliver successful outcomes

£497 to £1,720 a unit a day

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at s.roff@c3ia.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

215076190283440

Contact

C3IA Solutions Ltd - Sian Roff
01202721123
s.roff@c3ia.co.uk

Planning

• Planning service: Yes
• How the planning service works: C3IA’s Cyber Security services draw on the NCSC’s and HMG’s latest thinking and approach to the identification of organisations’ risks and their effective management. Working closely with our client, C3IA provides cyber security and cloud services to help you understand the risks you hold, including across your supply chain, and the measures you can take to mitigate them. C3IA’s consultants utilise the following methodologies and guidance to achieve this: ; 1. International Security Forum (ISF) Information Risk Assessment Model (IRAM) ; 2. NCSC Cyber Security Framework (CSF) ; 3. National Institute of Standards and Technology (NIST) Cyber Security Framework ; 4. Information Security Management Systems including ISO 27001, ISO 27002 and ISO 27005 ; 5. NPSA Surreptitious Threat Mitigation Process (STaMP) and Classified Material Assessment Tool (CMAT) assessments ; 6. UK National Counter-Eavesdropping (UK NACE) technical security guidance
• Planning service works with specific services: No

Training

• Training service provided: No

Setup and migration

• Setup or migration service available: Yes
• How the setup or migration service works: C3IA’s Cyber Security services are delivered through direct engagement with the service consumer’s management team. C3IA’s Certified Cyber Professionals will support organisations in their analysis of business risk, delivery of security management plans and security improvement plans to enable seamless, and risk-managed cloud migration. This provides a better understanding of the risks associated with the use of cloud services, and how best to manage the risks identified and implement solutions in line with the organisation’s strategy and operational activities. C3IA also conducts supply chain assessments, ensuring that your cloud service provider is not introducing additional risk and attack vectors into your own supply chain.
• Setup or migration service is for specific cloud services: No

Quality assurance and performance testing

• Quality assurance and performance testing service: Yes
• How the quality assurance and performance testing works: C3IA utilises its experience, knowledge and skills across physical, personnel, cyber and technical domains, with access to the latest threat intelligence and HMG advice, to ensure that it provides a holistic service to its cyber and cloud security clients to manage risk effectively and deliver successful business outcomes. C3IA delivers its consulting offering aligned to the NCSC approach to consultancy services and delivery (mandated under the NCSC Certified Consultancy Scheme (ISO 20700)). This approach implements measures to ensure that service delivery meets the highest technical and quality standards through defined Service Offering, Delivery and Service closure and feedback project steps. C3IA provides an NCSC named consultant to oversee the delivery and quality assurance of all cyber and cloud consultancy services.

Security testing

• Security services: Yes
• Security services type:
  • Security strategy
  • Security risk management
  • Security design
  • Cyber security consultancy
  • Security testing
  • Security audit services
  • Other
• Other security services:
  • Data Protection compliance assessment
  • Cyber Essentials Plus support & certification
  • Secure by Design assessments and review
  • Technical Security Countermeasures assessments
  • Penetration Testing
  • Acoustic Management assessment
  • Physical Security Assessments (FSC)
• Certified security testers: Yes
• Security testing certifications:
  • CHECK
  • CREST
  • Tigerscheme
  • Cyber Scheme

Ongoing support

• Ongoing support service: Yes
• Types of service supported: Buyer hosting or software
• How the support service works: C3IA provides TSCM assessments to provide physical assurance to existing cloud hosting environments. As physical hosting environments change or undergo work services, a TSCM assessment provides the assurance that the existing environment remains secure. A TSCM assessment strengthens and reinforces the physical and technical security of your data hosting environment. It may also be used to provide assurance that your hosting infrastructure, such as power and cabling services, is not introducing additional threat vectors into your cloud services. Our TSCM team are members of the TSCM Institute and have undergone training from UK NACE, the National Technical Authority for TSCM.

Service scope

• Service constraints: There are no service constraints applied to this service

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Within 1 working day.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Support levels: We support the client and organisation throughout planning, development and migration to cloud services. Support is available from our on-task consultants in person or via phone and email during working hours.

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: URS - United Registrar of Systems
• ISO/IEC 27001 accreditation date: 22/09/2023
• What the ISO/IEC 27001 doesn’t cover: The ISO/IEC 27001 Certification encompasses the scope of the service.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • NCSC Assured Cyber Security Consultancy
  • IASME Cyber Essentials Certification Body

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  C3IA is fully committed to delivering social value in our day-to-day business operations and in our commercial activities. ; ; We care about the environment and are committed to decreasing our already small environmental footprint. Our dedication to achieving Net Zero no later than 2050 is demonstrated through our annual Carbon Reduction plan where we outline our reduction targets and initiatives; we transparently share this on our website. We are also working to achieve ISO 14001, Environmental Management, to further demonstrate our enthusiasm towards the environment and reducing our impacts. ; ; Where Fighting Climate Change is a buyer-specified SV requirement for a contract we will commit to delivering appropriate value under the Policy Outcome ‘Effective stewardship of the environment’, and the associated Model Award Criteria benefits. ; ; We will provide information in our proposal about how we will add value during the contract period and post contract award we will work with clients and the supply chain to deliver the agreed outcomes. We will report social value information as agreed with the client and respond to all reasonable requests in an open, honest and transparent manner, subject to commercial or confidentiality constraints within the supply chain. ; ; C3IA will monitor contracted SV activity at Board level to ensure our commitments are met.

  Covid-19 recovery

  C3IA is fully committed to delivering social value in our day-to-day business operations and in our commercial activities. ; ; We care about COVID-19 recovery and throughout the pandemic and beyond have supported all employees across the business. We heavily invest in the continual professional development of our staff, which we consider is of the upmost importance. The physical and mental health and wellbeing of all our staff is vital, therefore we provide numerous internal and external support and helplines for all employees and all our line managers have undertaken specialist line manager mental health training. Furthermore, we have supported and continue to support local schools and sports teams as we understand the importance they have to individuals and their future. Finally, we have embraced hybrid working, utilising technology to effectively collaborate and communicate with individuals and teams across the business. ; ; Where COVID-19 recovery is a buyer-specified SV requirement for a contract we will commit to delivering appropriate value under the Policy Outcome ‘Help local communities to manage and recover from the impact of COVID-19’, and the associated Model Award Criteria benefits. ; ; We will provide information in our proposal about how we will add value during the contract period and post contract award we will work with clients and the supply chain to deliver the agreed outcomes. We will report social value information as agreed with the client and respond to all reasonable requests in an open, honest and transparent manner, subject to commercial or confidentiality constraints within the supply chain. ; ; C3IA will monitor contracted SV activity at Board level to ensure our commitments are met.

  Tackling economic inequality

  C3IA is fully committed to delivering social value in our day-to-day business operations and in our commercial activities. ; ; We care about tackling economic inequality and are committed to being socially responsible. We support new businesses, entrepreneurs, start up’s, Small and Medium Enterprises, Voluntary, Community and Social Enterprises and Mutuals which all have much to offer both the community and economy. We proactively engage with local schools, colleges and universities to encourage STEM participation and interest, especially in those from disadvantaged backgrounds and socially deprived areas, offering presentations and demonstrations from our team to inspire the next generation into the ICT & Cyber Security industry. Alongside this, we host work experience for higher and further education so individuals can learn more about the industry and how to successfully enter it. ; ; Where tackling economic inequality is a buyer-specified SV requirement for a contract we will commit to delivering appropriate value under the Policy Outcomes ‘Create new businesses, new jobs and new skills’ and ‘Increase supply chain resilience and capacity’ and the associated Model Award Criteria. ; ; We will provide information in our proposal about how we will add value during the contract period and post contract award we will work with clients and the supply chain to deliver the agreed outcomes. We will report social value information as agreed with the client and respond to all reasonable requests in an open, honest and transparent manner, subject to commercial or confidentiality constraints within the supply chain. ; ; C3IA will monitor contracted SV activity at Board level to ensure our commitments are met.

  Equal opportunity

  C3IA is fully committed to delivering social value in our day-to-day business operations and in our commercial activities. ; ; We care about equal opportunities and this forms apart of everything that we do, as demonstrated throughout our company policies. Our commitment is also demonstrated by our inclusion of bullying & harassment and equality, diversity and inclusion training as part of our e-learning service that all employees have access to. ; ; We employ a wide-ranging workforce which include many ex-service men and women, irrespective of age, gender or socioeconomic background. Every employee is enrolled in our CPD programme where they are encouraged to maintain momentum by completing industry and role specific courses and qualifications to aid their personal progression. Finally, we require our people and supply chain at all levels to uphold the same values where we actively prevent discrimination, harassment & bullying. ; ; Where equal opportunity is a buyer-specified SV requirement for a contract we will commit to delivering appropriate value under the Policy Outcome ‘Reduce the disability employment gap’, ‘Tackle workforce inequality’ and the associated Model Award Criteria benefits. ; ; We will provide information in our proposal about how we will add value during the contract period and post contract award we will work with clients and the supply chain to deliver the agreed outcomes. We will report social value information as agreed with the client and respond to all reasonable requests in an open, honest and transparent manner, subject to commercial or confidentiality constraints within the supply chain. ; ; C3IA will monitor contracted SV activity at Board level to ensure our commitments are met.

  Wellbeing

  C3IA is fully committed to delivering social value in our day-to-day business operations and in our commercial activities. ; ; As a people-centric company we care about the wellbeing of our team and those we work with. We are committed to creating a positive and psychologically safe working environment for all and provide a variety of training, support and help resources to our team which can be tailored to the individual and looks at the wellbeing of the whole person. ; ; We have implemented an e-learning management system which includes focus on mental health and wellbeing and have weekly communication explaining both the internal and external support that is available. We also have a team of mental health first aiders who work across the business. Where agreed with clients, they could also support clients when working on client sites. ; ; Where wellbeing is a buyer-specified SV requirement for a contract we will commit to delivering appropriate value under the Policy Outcomes ‘Improve health and wellbeing’ and ‘Improve community integration’ and the associated Model Award Criteria benefits. ; ; We will provide information in our proposal about how we will add value during the contract period and post contract award we will work with clients and the supply chain to deliver the agreed outcomes. We will report social value information as agreed with the client and respond to all reasonable requests in an open, honest and transparent manner, subject to commercial or confidentiality constraints within the supply chain. ; ; C3IA will monitor contracted SV activity at Board level to ensure our commitments are met.

Pricing

• Price: £497 to £1,720 a unit a day
• Discount for educational organisations: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at s.roff@c3ia.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.