BAE Systems Applied Intelligence Limited

Cyber - Security Management Services

Our Service Integration Security Management services offer information assurance, compliance and accreditation management, as well as security and penetration testing and a range of further security-focused capabilities. This service reduces the risk of information compromises and security breaches, and improves response effectiveness in these situations.

Features

• Security services aligned with ITIL v3, ISO20000, certified ISO27001.
• Information assurance, compliance and accreditation management.
• Security and penetration testing.
• Targeted attack assessment.
• Security training from SC and DV cleared staff.
• Security operations management.
• Security incident response management.
• Protective monitoring, advanced persistent threat management.
• Operates collaboratively with managed supplier and client teams.
• Breadth and depth of service is refined through discussion.

Benefits

• Reduces the risk of information compromises and security breaches.
• Improves response effectiveness to information compromises and security breaches.
• Enables relevant accreditations.
• Enables consistent delivery of secure, cost-effective and user centric IT.
• Supports flexible, agile approaches where appropriate.
• Leverages live, proven SIAM security experience.
• Based on extensive experience in collaborative delivery.
• Leverages cross-customer continual service improvement approach.
• Embeds ITIL v3, ISO20000, certified to ISO27001.

£525 a unit a day

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at government.tenders@baesystems.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

276510095228106

Contact

Jules Fraser
03301 580 051
government.tenders@baesystems.com

Planning

• Planning service: Yes
• How the planning service works: We work right up to CIOs, CTOs and CDOs, to develop ‘cloud first’ IT strategies and migration plans that realise critical business objectives while focussing scarce resources on the core mission and away from providing commodity infrastructure and platform services. We develop transitional architectures to deliver the benefits of the cloud incrementally, minimising risk and maximising return on investment, based on our extensive experience of open-source, mobile, digital and cloud architectures, patterns and implementations. We consider market and technology trends relevant to the business and identify principles to guide technology investment and adoption, with an emphasis on cloud services wherever this makes business sense. We help clients to define and govern coordinated, coherent portfolios of business and technology change to implement the technology strategy. We offer independent, vendor-agnostic technology advice on the adoption of cloud services and related technologies. We provide horizon-scanning and technology futures advice that underpins the strategies and roadmaps that we build for our clients, and help clients to assess any existing IT strategies in light of current and emerging digital and cloud technologies.
• Planning service works with specific services: No

Training

• Training service provided: Yes
• How the training service works: We can provide full training services. There are three main ways that users and administrators can be up-skilled on new cloud software and hostimg services. The first is via direct, on-site training delivered to the users and administrators of the service. There are different levels available depending on the exact solution required, and range from one day courses to a five day courses and can be carried out on site or off site. The second is via self-study methods, such as remote tutorials, guide books and software manuals. This can be combined with on-site training if required. We also offer a third method, which is via an extensive 'train the trainer' programme, with nominated members of the customer’s staff becoming experts in the service and are then able to train the rest of their team.
• Training is tied to specific services: No

Setup and migration

• Setup or migration service available: Yes
• How the setup or migration service works: Our approach supports the development and execution of migration plans, to transfer services into cloud-based live operation with minimal disruption. To support customers through the migration, we work to design, develop and manage communication channels and content, particularly to de-mystify ‘cloud’ and explain in practical terms what adopting cloud-based services will mean for people. We support the adoption of cloud-based working practices, particularly the cultural changes required as services migrate, through the use of strategies to promote acceptance of the change and embed new ways of thinking and working. Key to this is the recognition of both political and emotional factors when assessing an organisation, a group, or an individual's appetite for change; central to our approach is the identification and mobilisation of change agents and expert users from within the teams undergoing the change. We will also support the technical change during setup and migration to the cloud by developing and managing effective service validation and testing plans, asset and configuration management, and release and rollout strategies based on detailed impact and readiness assessments.
• Setup or migration service is for specific cloud services: No

Quality assurance and performance testing

• Quality assurance and performance testing service: Yes
• How the quality assurance and performance testing works: Our ready formed cloud engineering teams build quality assurance into their delivery approaches, with an emphasis on taking a 'shift-left' approach, with early lifecycle testing and feedback being critical for successful migration to cloud. This includes undertaking traditional testing activities such as Functional testing, Integration testing, Security testing and Performance testing, adjusted to take into effect latency and threat of outage or attack:; • Functional testing - executed with user tests, to ensure that the expected functionality is delivered.; • Integration Testing - performed with applications in the cloud and across a hybrid estate.; • Security Testing - tests to establish that applications are only accessible by authorised users. Additional measures are implemented to protect against DDoS attacks. Data is validated at rest, in use and during transit. Access control and compliance requirements are defined.; • Performance Testing – SLAs are identified for key business transactions and these are tested for response times and scalability.; • Disaster Recovery (DR) and Business Continuity Planning – data recovery plans, and addressing systematic attacks is tested, with all DR plans validated in the event of a cloud outage.

Security testing

• Security services: Yes
• Security services type:
  • Security strategy
  • Security risk management
  • Security design
  • Cyber security consultancy
  • Security testing
  • Security incident management
  • Security audit services
• Certified security testers: Yes
• Security testing certifications:
  • GBEST
  • CHECK
  • CREST
  • Other
• Other security testing certifications:
  • Offensive Security Certified Professional (OSCP)
  • OSCE Offensive Security Certified Expert (OSCE)
  • Offensive Security Web Expert (OSWE)
  • Certified Red Team Operator (CRTO)
  • QNUK Level 4 Physical Penetration Testing Operations

Ongoing support

• Ongoing support service: Yes
• Types of service supported:
  • Buyer hosting or software
  • Hosting or software provided by a third-party organisation
• How the support service works: BAE Systems can offer a flexible team of experienced support professionals that can be scaled to match the required level of support and the standard SFIA rate card enables value for money. BAE Systems typically assigns dedicated Account Managers for Customers, who provide a point of assurance for continued value and escalation, if required.

Service scope

• Service constraints: N/A

User support

• Email or online ticketing support: No
• Phone support: No
• Web chat support: No
• Support levels: Contact and support arrangements will be determined with the customer as required.

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Lloyd's Register
• ISO/IEC 27001 accreditation date: 24/11/2022
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: NCSC certified incident provider

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  For information on our Environment and Climate Change response please see https://www.baesystems.com/en/sustainability/environment-and-climate-change

  Covid-19 recovery

  For information on our COVID-19 response please see our website https://www.baesystems.com/en/covid-19-our-response

  Tackling economic inequality

  For information on our contribution to the UK and its regions please see https://www.baesystems.com/en-uk/our-contribution-to-the-uk-and-its-regions

  Equal opportunity

  For information on our processes in creating Equal Opportunities please see https://www.baesystems.com/en-uk/careers/careers-in-the-uk/diversity-and-inclusion-in-the-uk

  Wellbeing

  For information on on how we support Wellbeing in the workplace please see https://www.baesystems.com/en/sustainability/safety-and-wellbeing/wellbeing

Pricing

• Price: £525 a unit a day
• Discount for educational organisations: Yes

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at government.tenders@baesystems.com. Tell them what format you need. It will help if you say what assistive technology you use.