RAZOR THORN SECURITY LTD

Third Party Supplier Assurance Reviews

Razorthorn conducts thorough Supplier Assurance Reviews, and the implementation of a Supplier Management Framework for public and private sector organisations. Our structured process ensures scrutiny of mission-critical partners, ensuring resilience and security throughout the supply chain. Razorthorn offer independent assurance and guidance to safeguard against financial, regulatory, and reputational risks.

Features

• Supply-chain security assessment: Evaluate existing supply-chain management approaches.
• Contract security management review: Assess security measures within contracts.
• Supplier criticality risk assessment: Determine risk levels for critical suppliers.
• Supplier controls audit: Evaluate implementation effectiveness of supplier controls.
• End-to-end governance recommendations: Provide comprehensive governance guidance.
• Supplier security framework provision: Offer education or framework creation services.
• Cybersecurity consultancy and auditing expertise: Proficient consulting and auditing services.
• Experts in multiple security frameworks: Expertise across various security standards.
• Assurance framework development: Establish robust supplier assurance governance structures.
• Supplier due diligence: Assess security, operational, and contractual risks comprehensively.

Benefits

• Independent, structured review of Supplier Information Security controls.
• Cost reduction by identifying duplicate contracts/suppliers.
• Minimised supply-chain failure risk ensures business continuity.
• Repeatable audit rights enable consistent accountability enforcement.
• Prevents financial, reputational, and regulatory damage for stability.
• Identifying third parties and their criticality throughout supply chain.
• Provides risk map for comprehensive understanding of supplier risks.
• Reduce the impact of security breaches and incidents.
• Offers independent security assurance aligned with all industry security frameworks.
• Structured approach for ongoing supplier security and contract management.

£800 to £1,250 a unit a day

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sophia.durham@razorthorn.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

278201537717297

Contact

Sophia Durham
+447470334993
sophia.durham@razorthorn.com

Planning

• Planning service: Yes
• How the planning service works: We excel in cybersecurity, ensuring optimal support to tailor the perfect security program for your business. Collaborating closely with you, we understand your needs and offer advice to craft a program aligned with a risk based strategy. Our ultimate aim is to deliver the appropriate level of assurance at a competitive price point.
• Planning service works with specific services: Yes
• Hosting or software services the planning service works with:
  • Consultancy
  • Testing Services

Training

• Training service provided: Yes
• How the training service works: Our training options span from sharing knowledge during professional service implementations to conducting thorough classroom training sessions. We offer tailored training and awareness programs for staff responsible for cybersecurity and compliance duties, along with general security awareness training for all employee's.
• Training is tied to specific services: No

Setup and migration

• Setup or migration service available: Yes
• How the setup or migration service works: While we don't handle the entire cloud migration process, our focus lies specifically on ensuring the security of your cloud migration.
• Setup or migration service is for specific cloud services: Yes
• List of supported services:
  • Azure
  • Amazon Web services (AWS)
  • Microsoft 365 (M365)
  • Google Workspace
  • Private Cloud
  • Consultancy Services
  • Specific Software

Quality assurance and performance testing

• Quality assurance and performance testing service: Yes
• How the quality assurance and performance testing works: Razorthorn offers a comprehensive quality assurance and performance testing service that can be seamlessly integrated into your full lifecycle program or as a standalone service. We take a tailored approach to meet all specific requirements for each engagement. We will also make sure you have a dedicated specialist that will be assigned as your single point of contact, ensuring clear communication and personalised attention throughout the process.

Security testing

• Security services: Yes
• Security services type:
  • Security strategy
  • Security risk management
  • Security design
  • Cyber security consultancy
  • Security testing
  • Security incident management
  • Security audit services
  • Other
• Other security services:
  • CREST Penetration Testing
  • PCI DSS Consultancy Services
  • ISO 27001 Consultancy Services
  • Cyber Essentials/Plus Services
  • Data Protection Officer as a Service
  • Red Teaming
  • Incident Response Testing
  • 3rd Party Reviews
  • Cyber Security Reviews
  • AI Consultancy
• Certified security testers: Yes
• Security testing certifications:
  • CREST
  • Other
• Other security testing certifications:
  • PCI DSS Consultancy Services
  • ISO 27001 LA
  • CISM
  • CISSP
  • GIAC penetration tester / web application tester
  • Exploit researcher and advanced penetration tester
  • Offensive security certified professional
  • Offensive security wireless professional
  • Offensive security certified expert
  • Certified ethical hacker

Ongoing support

• Ongoing support service: Yes
• Types of service supported:
  • Buyer hosting or software
  • Hosting or software provided by your organisation
  • Hosting or software provided by a third-party organisation
• How the support service works: Razorthorn offers cybersecurity support services throughout the contract duration, customising our offerings to align with the demands of your program and the services you require. We establish specific support levels for each engagement, with a dedicated specialist assigned as your primary point of contact for seamless communication and assistance.

Service scope

• Service constraints: No.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We're operational from 9 AM to 5 PM (UK time) on weekdays, Monday through Friday via email. At minimum, we commit to responding within one working day for any standard queries and within one hour for critical queries. For out-of-hours services, we ensure to deliver support equivalent to the level provided during regular hours.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Support levels: Razorthorn operates from multiple locations across the UK and provides a standard 9-to-5 Monday through Friday phone support line and a 24-hour incident support hotline. ; ; Razorthorn Security assigns a dedicated Project Manager and Customer Success Manager to collaborate closely with each organisation, ensuring seamless execution of all projects.

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 13/10/2022
• What the ISO/IEC 27001 doesn’t cover: All requirements of the ISO27001 certification is covered across all of our UK sites, services and personnel.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: PCI DSS SSC
• PCI DSS accreditation date: 01/12/2023
• What the PCI DSS doesn’t cover: All requirements of the PCI DSS QSA certification are covered across Europe.
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: CREST

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Razorthorn is dedicated to combating climate change and has set a bold target of achieving Net Zero emissions by 2025. To fulfil this commitment, we prioritise tangible reductions in emissions through collaborative efforts with key suppliers and empowering our team to make climate-conscious travel decisions.; ; As a socially responsible business, Razorthorn upholds the highest standards of ethics and professionalism. Our efforts fall into two main categories: compliance and proactiveness. Compliance entails adhering to legal obligations and community values, while proactiveness involves initiatives to promote human rights, support communities, and safeguard the environment.; In addition to meeting legal requirements, we actively engage in environmental protection initiatives such as recycling, energy conservation, and adoption of eco-friendly technologies. We are in the process of aligning our operations with ISO 14001 standards for Environmental Management to continually improve our environmental performance.; Razorthorn is committed to delivering further environmental benefits, including striving towards net zero greenhouse gas emissions, as part of our ongoing contract performance.

  Covid-19 recovery

  Razorthorn's mission is to enhance workplace conditions for COVID-19 recovery, emphasising social distancing, remote work, and sustainable travel. Our G Cloud 14 services aid organisations in managing and rebounding from COVID-19 impacts, promoting remote service delivery to mitigate transmission risks. We support remote work and enforce social distancing in offices, with travel following the most recent COVID-19 guidelines.

  Tackling economic inequality

  Razorthorn actively tackles economic inequality by strengthening supply chains and managing cyber security risks in contracts. We promote innovation in supply chains for cost-effective, high-quality goods. Our social responsibility drives us to support local charities, nurture future security professionals, and address regional inequality through inclusive recruitment and skill development initiatives.

  Equal opportunity

  Razorthorn is dedicated to detecting, managing, and mitigating modern slavery risks within contract delivery and supply chains. We actively combat employment, skills, and pay disparities within our workforce. Our firm adheres to rigorous 'Equal Opportunity' and 'Equality and Diversity' policies, ensuring fair treatment across all engagements.

  Wellbeing

  Razorthorn is deeply committed to safeguarding and promoting the physical and mental health and well-being of our workforce. Our support begins with the initial recruitment process and extends throughout every working day within the organisation. For team members facing challenges such as disabilities, mental health conditions, or caring responsibilities, we have an established network that offers a supportive environment to connect with peers, seek advice, and share experiences.

Pricing

• Price: £800 to £1,250 a unit a day
• Discount for educational organisations: Yes

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sophia.durham@razorthorn.com. Tell them what format you need. It will help if you say what assistive technology you use.