Hexegic

NCSC Certified Consultancy - Cyber Risk Assessment

Provision of NCSC Certified Consultancy Cyber Risk Assessment and Risk Management. The service is delivered in line with NCSC guidance by a CCP qualified practitioner using Hexegic's Consultancy Lifecycle.

Features

• NCSC Certified Consultancy
• Cyber risk assessment and risk management
• Bespoke action plans to improve resilience
• Informs remediation plans and technology adoption
• System design and assurance

Benefits

• Improved cyber resilience
• Visualisation of cyber posture to aid understanding
• Consideration of both preventative and response controls
• Understand threats and prevent harm
• Protect assets, systems, data and integrity

£750 a unit a day

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at contact@hexegic.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

216258224994782

Contact

Rob Sommerville
0870 7622111
contact@hexegic.com

Planning

• Planning service: Yes
• How the planning service works: The service assists with understanding the security risks and identifying the mitigations to inform an Action Plan for the secure adoption, migration and onward management of on-premise, cloud or hybrid cloud instances.
• Planning service works with specific services: No

Training

• Training service provided: Yes
• How the training service works: Cloud Security Training.; Executive Cyber Awareness training.
• Training is tied to specific services: No

Setup and migration

• Setup or migration service available: Yes
• How the setup or migration service works: The service assists with understanding the security risks and identifying the mitigations to inform an Action Plans for migrating to the cloud (to include hybrid options) or between cloud providers. This phase extends to considering the system designs, architectures and security controls necessary to maintain organisational resilience.
• Setup or migration service is for specific cloud services: No

Quality assurance and performance testing

• Quality assurance and performance testing service: Yes
• How the quality assurance and performance testing works: Services are offered in accordance with ISO9001 accreditation.

Security testing

• Security services: Yes
• Security services type:
  • Security strategy
  • Security risk management
  • Security design
  • Cyber security consultancy
  • Security incident management
  • Other
• Other security services:
  • Virtual CISO Service
  • Cyber Incident Response
  • Remediation Activity

Ongoing support

• Ongoing support service: Yes
• Types of service supported:
  • Hosting or software provided by your organisation
  • Hosting or software provided by a third-party organisation
• How the support service works: Support the hosting of third party software on a GFE basis.

Service scope

• Service constraints: In order to inform pricing it will be necessary to understand the scale of the infrastructure under management, to include number of endpoints, users and VMs.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Average mean response time less than 15 minutes, Monday - Friday.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Support levels: Level 1 - Telephone Support. ; Level 2 - Deskside Support (subject to contract). ; Level 3 - Application Support.

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: Mar 2022
• What the ISO/IEC 27001 doesn’t cover: Nothing is out of scope.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • JOSCAR Accreditation
  • NCSC Certified Consultancy

Social Value

• Fighting climate change:

  Fighting climate change

  As a technology company, Hexegic is motivated to minimise its carbon footprint across its operations and technology resource consumption. Hexegic has worked with SmartCarbon to educate its team with personnel successfully completing the 'Advanced Carbon Foot-printing (GHG Accounting), Carbon Management and Carbon Reporting' course delivered by Northumbria University. Hexegic has since gone on to calculate and report its baseline 2021 carbon emissions - gaining SmartCarbon's Level 2 "Reported" accreditation. The Hexegic leadership team have committed to the process of setting a carbon reduction target and developing a carbon reduction strategy.
• Covid-19 recovery:

  Covid-19 recovery

  Hexegic has sought to support the Covid-19 recovery with several initiatives. Firstly, the company has provided gratis cyber security advice to organisations via the Silverstone Technology Cluster throughout the pandemic, such as; on the practical steps of how to protect organisations from the heightened cyber threats and how to conduct Incident Response, as well as how to undertake Covid-19 risk management. Other initiatives include; supporting team members needing to shield, introducing a remote working policy and providing mental wellbeing initiatives such as gym membership, mindfulness tools and team social events.
• Tackling economic inequality:

  Tackling economic inequality

  Hexegic is also an active member of the Silverstone Technology Cluster (STC), a network of technology companies driving collaboration, innovation, and ultimately economic activity. The network is an integral part of the ‘Oxford-Milton Keynes-Cambridge’ Super Cluster and, through the members, aims to increase the value of the local economy. Moreover, Hexegic has directly supported both local and national charities, as well as Not for Profit and Further Education organisations to improve their cyber security resilience through the provision of gratis cyber risk assessments. Hexegic have operated a benevolent initiative since 2016 whereby the company commits to dedicating 100 hours of staff working time towards charity fundraising and volunteering each year. Hexegic also makes regular donations to good causes within the communities in which it operates.
• Equal opportunity:

  Equal opportunity

  Hexegic firmly believes in building a team that reflects society; representing a variety of backgrounds, disabilities, perspectives, and skills as we have seen the clear benefits that inclusivity brings to our employees, our services, and our customers. Hexegic is committed to equal opportunities. Amongst other associated initiatives, Hexegic is proud to have signed up to the Armed Forces Covenant, a commitment to support veterans and those serving in the military Reserve with worthwhile employment. The company is a “Bronze” award holder of the AFC scheme and employs a number of veterans.
• Wellbeing:

  Wellbeing

  Hexegic is a firm believer in work-life balance and has invested in providing flexible working across its teams. A now well-established wellbeing initiative was introduced in 2016 which extends to; employee gym membership, the cycle to work scheme, private healthcare insurance with access to mental wellbeing resources and mindfulness tools. In addition, learning opportunities are encouraged through access to our employee professional development fund which in the past 12 months has seen every staff member having attended at least 10 days external training. The company also holds several events each year to foster social interaction, team collaboration and mental wellbeing.

Pricing

• Price: £750 a unit a day
• Discount for educational organisations: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at contact@hexegic.com. Tell them what format you need. It will help if you say what assistive technology you use.