Gaiasoft International Limited

Verasity Cyber Security

Tailored security solutions to meet your unique needs. Our team of cyber security experts are always up-to-date with the latest threats and solutions.

Features

• Phishing / Vishing / Smishing Simulation
• Deep Fake detection
• Deep fake video and voice simulation
• Impersonated domain detection
• Dark web scanning
• Brand Monitoring for impersonation
• Social media monitoring for impersonation
• Mobile app monitoring
• Leaked credential scanning
• Learning Management System

Benefits

• Educate employees by running simulations
• Reduces the threat of deep fakes by detecting them
• Train employees by deep fake voice and video simulation
• Reduce cybersecurity risks: Detecting leaked passwords
• Reduce cybersecurity risks: Detecting impersonated apps
• Reduce cyber security risks:impersonated domains
• Reduce cyber security risks: Malicious domains detection
• Reduce cyber security risks: Brand impersonation impersonation
• Reduce cyber security risks: executive impersonation detection
• Learning management system with learning modules

£5 to £50 a user

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at morel.fourman@gaiasoft.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

226121853192125

Contact

Morel Fourman
02076924035
morel.fourman@gaiasoft.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Hybrid cloud
• Service constraints: The service is a SaaS service and can also be hosted on premise on most of Linux and Windows Operating Systems
• System requirements: Not applicable as its a SaaS platform

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We have a Service Level Agreement based ticketing support. ; ; Priority 1 tickets are responded to within 4 hours; Priority 2 tickets are responded to within 6 hours; Priority 3 tickets are responded to within 8 hours
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AAA
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: 1. Our web chat has a chatbot and also a frequently asked questions module that the users can ask information regarding the platform use.; 2. The web chat can also have a human personnel who can be engaged if the chatbot triages and directs the user to a human agent; 3, Alternatively, the user can open a ticket using a chatbot
• Web chat accessibility testing: NA
• Onsite support: Yes, at extra cost
• Support levels: We provide onsite training, installation, program build, program operate and program transfer support, if required
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: The training is available by the following:; 1. Self paced trainings; 2. User guide and manual with trainings; 3. Onsite training which is instructor led at a certain cost that can be made available; 4. Instructor led online training with a certificate of completion as well as a certification test at the end of the training
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: The data repatriation is available at any point through a report, CSV or PDF methods. ; ; We have API's also available for data retrieval for the users at any given point in time. ; ; We have a simple and effective interactive platform for the data extraction
• End-of-contract process: At the end of the contract, we will provide adequate user training, transfer data, as required and delete all data from our systems, unless you require it for compliance, regulatory or other purposes.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • Linux or Unix
  • Windows
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The service has an optional component that can be installed in the client environment to obtain data in order to contextualize and enrich the information that can be used as meta data in the application for the cybersecurity awareness and education phishing, smashing and vishing campaigns as well as Learning Management Systems
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: The service accessible through the web interface with most browsers available in the market
• Accessibility standards: None or don’t know
• Description of accessibility: To be added
• Accessibility testing: To be added
• API: Yes
• What users can and can't do using the API: The API supports the following:; ; 1. Retrieval of leaked passwords from data breaches; 2.Retrieval of users who have passed/failed phishing/SMSishing/Vishing campaigns; 3. Retrieval of users who have completed/not completed learning management system based training; 4.Retrieval of results found for social media and brand monitoring platforms
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: What can be customized:; ; The service can be customized in the following fashion:; 1. Customizable dashboards for simulation results; 2. Customizable user groups that specific cybersecurity simulations can be sent to ; 3. Customizable user groups that specific cybersecurity trainings can be sent to ; 4. Custom keywords for dark web search; 5. Customizable email addresses and domains that the leaked passwords need to be retrieved for ; 6. Customizable brand names for social media monitoring and brand monitoring; ; How users can customize; ; - Users will have an interface available where they are able to change the fields to customize the points 1 through 6 above; ; Who can customize:; ; - Users will role and rule based access control based permissions can customize. A user guide and training is available for users to customize

Scaling

• Independence of resources: We have true multi tenancy and have auto scaling, load balancing and failover implemented. Our service has been rigorously and thoroughly tested for the scalability and independence of resources and can handle thousands of users concurrently.

Analytics

• Service usage metrics: Yes
• Metrics types: The metrics we provide are well represented using a real time dashboard, can be pulled using an API as well as, can we generated using a reporting function
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: In-house
• Protecting data at rest:
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: The users can export the data using a reporting function. The data can be exported in pdf, csv or xls format using a user interactive UI
• Data export formats:
  • CSV
  • ODF
  • Other
• Other data export formats:
  • PDF
  • XLS
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: SLA of 99.9% is based on those AWS currently provides for the underpinning services. Due to the rapidly evolving nature of AWS’s product offerings, SLAs are best reviewed directly on our website via the links below:; ; • Amazon EC2 SLA: http://aws.amazon.com/ec2-sla/; • Amazon S3 SLA: http://aws.amazon.com/s3-sla; • Amazon CloudFront SLA: http://aws.amazon.com/cloudfront/sla/; • Amazon Route 53 SLA: http://aws.amazon.com/route53/sla/; • Amazon RDS SLA: http://aws.amazon.com/rds-sla/; • AWS Shield Advanced SLA: https://aws.amazon.com/shield/sla/; ; Well-architected solutions on AWS that leverage AWS Service SLA’s and unique AWS capabilities such as multiple Availability Zones, can ease the burden of achieving specific SLA requirements.
• Approach to resilience: We have redundancy at many levels.; ; 1. Our tiered architecture within our SaaS environment has multiple redundancies at different levels (Database, web app, API etc.); 2. We also have High Availability as well as Failover established for our applications; 3. We also have SLA commitments with our hosting service provider to ensure a smooth operation ; 4. Additionally, our service is hosted across multiple data centres, availability zones or geographic regions; 5. Our service ensures resiliency across energy suppliers, cooling systems, telecoms networks and the impact that an outage of one of those dependent services will have on one or more data centres; 6. We offer the ability to automatically create backups of your data, such as:; - Backups triggered by changes made to the data; - Backups based on a user-defined time period; 7. We conduct regular tests to ensure that these backups give you the ability to revert or restore data to a ‘known good state’
• Outage reporting: We report any outages through an email alert to the set of users that have been added as notification points of contact or to email IDs/ID's

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Other
• Other user authentication: Single Sign On
• Access restrictions in management interfaces and support channels: We have Role and Rule based access control implemented within the application
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users receive audit information on a regular basis
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: We follow the ISMS principles and are preparing for ISO27001 certification and audit
• Information security policies and processes: 1. Information Security Policy; 2. Access Control Policy; 3. Information Classification and Handling Policy; 4. Clear screen policy and clear desk; 5. Business continuity policy; 6. Third Party security supplier policy; 7. Network Security management policy; 8. Physical and Environmental Security Policy

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: We have rigorous change control processes in place to ensure the configuration management and change management takes place.; Additionally, we also have version control with adequate release notes in place for configuration management and change management; Changes are assessed for potential security impact by using devsecops within the devops pipeline as well as penetration testing and fixing the cybersecurity vulnerabilities/findings before any release.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: 1. We do regular SAST/DAST scanning in order to ensure that vulnerabilities are identified, detected and responded to.; ; 2. We also use vulnerability prioritization framework to ensure that the patching is done with a prioritized method and the patches are done within a defined SLA prior to any version release. If a vulnerability is found post version release, we will prioritize the patching based on a SLA that we maintain organizationally; ; 3. We get the information about potential threats from threat intelligence, CVSS scores, exploitability of attack surfaces and vulnerability scanners
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Audit events support effective identification of suspicious activity ; Collected events are analyzed to identify potential compromises or inappropriate use ; We have playbooks defined to take prompt and appropriate action to address / detect and respond to incidents; ; - Our SLA to identify and start the response of the Priority 1 compromises is 30 minutes and 1 hour respectively; - Our SLA to identify and start the response of the Priority 2 compromises is 45 minutes and 2 hours respectively; We have a defined playbooks to take immediate action to contain the compromise, respond with appropriate and recover
• Incident management type: Supplier-defined controls
• Incident management approach: 1. We have playbooks defined for common events to detect and respond to then; 2. The user reported incidents are sent to a 24X7X365 monitored mailbox; 3. We provide incident reports using a template and following a incident and crisis response process

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity

  Fighting climate change

  We practice ESG and sustainability and ensure that we measure and track environmental impact of our changes and minimize the environmental impact from our services

  Tackling economic inequality

  We provide opportunities to the marginalized as well as have a economically diverse workforce

  Equal opportunity

  We implement an equal opportunity policy to ensure that employees are treated fairly and with equal opportunity

Pricing

• Price: £5 to £50 a user
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at morel.fourman@gaiasoft.com. Tell them what format you need. It will help if you say what assistive technology you use.