CODA Security Limited

Application Source Code Review

A range of service options focused on assuring the codebase for applications and microservices. This includes both manual and automated assessment of source code for potential vulnerabilities or evidence of insecure development practices. This is typically a mixture of both static analysis and dynamic analysis, depending on the application.

Features

• Risk Assessment
• Best Practice Audit
• IT Health Check
• DevSecOps Support
• Secure by Design Assessment
• Continuous Assurance Support
• Security Architecture Review
• Microservices Architecture Security Support
• Terraform Security Review

Benefits

• Maintain and achieve compliance.
• Reduce cost and complexity of service architecture.
• Understand potential operational impact of technical vulnerabilities.
• Embed security in agile processes.
• Improve security knowledge of cloud support teams.
• Identify deep technical flaws in bespoke services.
• Identify subtle flaws in complex deployments.

£1,000 to £1,500 a unit a day

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at contact@codasecurity.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

253650830175166

Contact

Technical Services Team
01926 956200
contact@codasecurity.co.uk

Planning

• Planning service: Yes
• How the planning service works: CODA provide detailed assessments of potential technical vulnerabilities and risks to an organisation moving to or implementing cloud services. This is delivered through detailed risk assessment, cyber threat actor simulation, penetration testing, IT Health Checks, and support for technical security architecture and design. All of CODA's work is bespoke to customer requirements, and considers alternative options or service constraints that may be applicable to a given project, service, or platform.
• Planning service works with specific services: No

Training

• Training service provided: No

Setup and migration

• Setup or migration service available: No

Quality assurance and performance testing

• Quality assurance and performance testing service: Yes
• How the quality assurance and performance testing works: CODA do not typically provide performance testing services, however, we provide quality assurance in the form of assessing services against security requirements and approved business logic or role-based access control matrices.

Security testing

• Security services: Yes
• Security services type:
  • Security strategy
  • Security risk management
  • Security design
  • Cyber security consultancy
  • Security testing
  • Security incident management
  • Security audit services
• Certified security testers: Yes
• Security testing certifications:
  • CHECK
  • Cyber Scheme
  • Other
• Other security testing certifications:
  • CISSP
  • CISM
  • CRISC
  • CISA
  • Chartered Cyber Security Professional (ChCSP)

Ongoing support

• Ongoing support service: No

Service scope

• Service constraints: There are no known constraints on the services provided.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Response times to email enquiries are typically within a matter of hours, depending on the availability of appropriately qualified consultants. CODA also has a 24/7 emergency incident response line for more urgent requirements.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Support levels: CODA don't have a support tiering system. All of our customers are treated equally. We provide email support during business hours, with a 24/7 emergency response line. For business hour support, we provide support through our standard telephone queuing system. All support questions are handled by the most qualified person. There is no traditional helpdesk process, as we are a technology and security focused team.

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: NQA
• ISO/IEC 27001 accreditation date: 08/09/2020
• What the ISO/IEC 27001 doesn’t cover: No parts of the service were excluded. The scope included all service components.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: NCSC CHECK Green Light Membership

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  We minimise unnecessary travel, and use public transport where possible. We minimise waste by using only the specific hardware required. We source materials from within the UK where possible to minimise transport requirements. This is documented in our environmental policy.

  Covid-19 recovery

  We were a small business that was impacted directly by Covid-19. We are therefore not directly involved in delivering recovery efforts as we don't have the resources to do so. Supporting a small business such as ours would be a part of delivering against broader strategic covid-19 recovery support objectives.

  Tackling economic inequality

  We seek to pay fair wages to our staff, while charging the lowest amount we can reasonably afford to customers. We have a strong ethical policy that prohibits working with organisations who are known to engage in practices that directly increase economic inequality. This is documented in both our ethical policy, and our corporate social responsibility policy.

  Equal opportunity

  We are an equal opportunities employer, and this is enshrined in our company charter. We employ and promote solely on merit and competence, and have zero-tolerance internally for bullying or discrimination. This is clearly documented in our employment policy. We have several veterans on staff, and some staff with physical disabilities upon whose behalf we actively advocate. As a result of this, we have been awarded the Gold ERS by the West Midlands Reserve Forces and Cadets Association.

  Wellbeing

  We work to ensure the wellbeing of our staff and their families through providing flexibility of working hours and locations. This has been enshrined in our company's working practices since incorporation, and is regularly reviewed through direct one-to-one engagement with staff, complete internal transparency, and a firmly open-door management policy.

Pricing

• Price: £1,000 to £1,500 a unit a day
• Discount for educational organisations: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at contact@codasecurity.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.