Capgemini UK plc

SYNERGi GRC

Capgemini’s SYNERGi Platform provides a cost effective and comprehensive Governance Risk and Compliance software solution for rationalising IT GRC processes, managing cyber risk, and meeting regulatory requirements. SYNERGi enables companies to implement a framework to rigorously measure, mitigate, and monitor risk. It simplifies and reduces the cost whilst improving visibility.

Features

• Supports adherence to industry regulations and standards
• Populated with industry standards (ISO27001, NIST CSF, Cyber Essentials, GDPR)
• Seven modules (Governance, Risk, Compliance, Audit, Vendor, Security, Business Continuity)
• Third Party Risk Management module (TPRM).
• Unlimited user licenses
• Operational Risk Compatible
• SaaS and On-Premise Deployments available
• Real-Time Reporting and Dashboard
• Penetration testing integration to manage actions and vulnerabilities

Benefits

• Risk Framework aligned to IS1, IS2, ISO27005 and ISF
• Intuitive and simple user interface
• Automated work flows to reduce resource time and cost
• Able to orchestrate and manage task management
• Central Repository for Policy, control and evidence management
• Certified by the NCSC for Cyber Essentials
• Scalable to meet current cyber maturity
• Delivered by Capgemini's GRC Consultants
• Proven track record across multiple HMG Departments
• PCI-DSS, ISO27001, DORA, ISO9001, CE, NIST, NCSC CAF

£23,000 a unit a year

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at publicsector.opps.uk@capgemini.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

283241166752155

Contact

Giovanna Borgia
+44(0)370 904 4858
publicsector.opps.uk@capgemini.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: Planned maintenance and upgrades take place. Client is informed in advance of any unavailability.
• System requirements:
  • Ubuuntu Linux LTS
  • 2 xVM’s with following specs
  • 4 vCPU’s
  • 4GB RAM
  • 40GB Disk

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We aim to acknowledge receipt of questions within one Working Day. Resolution times will be according to the service level agreement for the service.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Individual service levels are described in the Service Definition. Should you have requirements for other service levels, please contact Capgemini directly to discuss
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Implementation days are available which include training days.; Webinars and documentation are available.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Arrangements for Buyer data to be extracted can be agreed at the start of each contract, and the execution of such arrangements can be completed as part of the contract close down procedures
• End-of-contract process: At the end of the contract, Capgemini can review with the Buyer:; That contractual obligations have been met; That invoices have been raised and paid; That no outstanding, documented issues remain (unless agreed otherwise); That access rights have been terminated and User IDs deleted; That data had been backed up and recovered as appropriate

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Browser based service interface
• Accessibility standards: None or don’t know
• Description of accessibility: It’s responsive to text size changes, easy links to find materials and search bar.; ; Colour changes are supported; ; Compatible with Assistive technologies
• Accessibility testing: No testing
• API: Yes
• What users can and can't do using the API: Read only API for reporting purposes.; Users can request API access and set up Oauth tokens for authentication.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Custom workflows and business rules for event based processing.; Custom development is available on request.

Scaling

• Independence of resources: Tenant segregation is place via a multi-instance, single tenant architecture.

Analytics

• Service usage metrics: Yes
• Metrics types: • Number of support tickets within SLA’s; • System uptime; • System Utilisation
• Reporting types: Regular reports

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Information Risk Management Ltd

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Other
• Other data at rest protection approach: Database storing data at rest with full database encryption at AES-256 standards
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: The software has an export feature. This can be as part of reporting for specific items or a full data export if off-boarding via a database extract.
• Data export formats: Other
• Other data export formats: Contact Capgemini directly, if other data extract formats are required.
• Data import formats:
  • CSV
  • Other
• Other data import formats: Contact Capgemini directly, if other data upload formats are required.

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Service Levels are provided in the G-Cloud 14 Service Definition.
• Approach to resilience: Application is hosted on Primary and secondary data centres in geographically distinct locations.; ; In the event of a major service outage we can fail over the service to the secondary data centre.; ; More information available on request.
• Outage reporting: Email alerts

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
  • Other
• Other user authentication: SSO
• Access restrictions in management interfaces and support channels: Role based access controls are in place and are authenticated to each service
• Access restriction testing frequency: At least once a year
• Management access authentication: Dedicated link (for example VPN)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 04/05/2023
• What the ISO/IEC 27001 doesn’t cover: Please contact Capgemini directly for information regarding ISO/IEC 27001 certification for this service
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Capgemini follows its own information security policy, which is referenced against ISO27001:2013 - Information Technology - Security Techniques - Information Security Management Systems - Requirements, ISO 27002:2013 - Information Technology - Security Techniques - Code of Practice for Information Security Controls, and the Information Security Forum - Standard of Good Practice (2014).

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Capgemini 's configuration and change management processes are set out in its ‘Unified Project Method’ (UPM), but can be adapted to comply with specific requirements by agreement with individual Buyers (tailored services may attract additional charges).
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: We adhere to Cyber Essentials and ISO27001. ; ; Additional information available on request.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Capgemini follows its own information security policy, which is referenced against ISO27001:2013 - Information Technology - Security Techniques - Information Security Management Systems - Requirements, ISO 27002:2013 - Information Technology - Security Techniques - Code of Practice for Information Security Controls, and the Information Security Forum - Standard of Good Practice (2014).
• Incident management type: Supplier-defined controls
• Incident management approach: Capgemini's incident management processes are set out in its ‘Unified Service Method’ (USM), but can be adapted to comply with specific requirements by agreement with individual Buyers (tailored services may attract additional charges).

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Capgemini has a long‐standing commitment to environmental sustainability, with a strategy focusing on managing and reducing our own environmental impacts and deploying our expertise in technology and business transformation to help clients address their sustainability challenges. Our Group environmental sustainability ambition is to be Carbon neutral no later than 2025 and transforming to net zero by 2040 as approved by SBTi.; ; We integrate sustainability into our existing structures and solutions where applicable with our impacts being calculated using our online carbon impact calculator, underpinned by our methodology.; ; PUBLIC AND HYBRID CLOUD:; Scalability can reduce the future need to replace hardware; increased efficiency reduces energy consumption; and pay per use encourages companies to only use what they require, increasing energy efficiency.; ; CLOUD APPS:; Cloud Native apps can be agile, flexible and scalable to a variety of innovative outcomes e.g. Smartly, facilitating electric vehicle charging. Direct energy reduction through efficient equipment.; ; APPS MASS MIGRATION TO CLOUD:; Assessment of where it is possible to retire and rationalise legacy applications, as well as reducing inefficiencies, lowering operating costs and enabling business model innovation. This could all reduce energy consumption across the estate; ; ERP MIGRATION TO CLOUD:; Delivering operational efficiencies through the wider operations can lead to energy savings as well as cost and time across the business.

  Covid-19 recovery

  Since Covid-19, Capgemini has implemented a flexible working policy allowing all our employees to request arrangements for hybrid working where appropriate in view of client and team requirements.; ; We have made strides in helping communities gain access and skills to cope with the situation. We have partnered with Digital Unite, a leading Digital Inclusion organisation, since 2020 developing a new model for corporate support of digital skills training in the UK. For over two decades the organization has been helping third sector organizations build digital capacity by helping them recruit and train a network of 4000 Digital Champions, who then directly engage communities and help tens of thousands of people to learn basic digital skills.; ; At Capgemini, we have so-created Inspire, a training programme to support Capgemini employees to become Digital Champions. By embedding Champions within communities, people can more easily access regular support. We have so far had 983 people complete Inspire, with around 679 people being supported through it.; ; We launched the Digital Futures initiative in 2021 and it’s spearheaded by our Cloud Infrastructure Services leaders and colleagues. The initiative is designed to help and support thousands of digitally excluded people in their journey to inclusion through digital literacy projects. Initiatives such as this is a testament to our collective commitment towards digital inclusion actions. Capgemini aims to support digitally marginalised people through digital literacy programme across the world.; ; The Capgemini Research Institute published “Conversations For Tomorrow #6: Nurturing The Future Of Work – How organisations empower talent”. With the pandemic reshaping the future of work in several ways, this report specifically looks at how organizations can successfully implement the transformations necessary to thrive in the future of work, evaluating strategies such as refining and strengthening purpose; empowering talent; nurturing future skills; and instilling a trust-based culture.

  Tackling economic inequality

  Capgemini is committed to ensuring that digital transformation creates an inclusive and sustainable future for all. This means opening doors to technology careers for people who are currently far from the digital skills job market, such as those from deprived areas or refugees whose studies/career have been interrupted.; ; Capgemini have an ongoing schools outreach programme, allowing students to build new skills improving their chances of landing a job and work experience. 90% of our impact is with students from years 10-13. During events with schools, we offer: mock interviews, apprenticeship TalkCareers ins, technology talks, business challenge days, employability workshops, networking events, panel Q&As.; ; We create job opportunities for underprivileged individuals by collaborating with CodeYourFuture, a UK-based non-profit. Together, we support refugees and individuals from extremely low socio-economic backgrounds to access technical careers, such as software engineering. During 2023, we provided opportunities for 390 individuals and hired 7 through CYF. Capgemini also offers undergraduate and masters apprenticeships in partnerships with universities allowing individuals to gain skills while working.; ; We work collaboratively with many businesses including new businesses, entrepreneurs, start-ups, SMEs and VCSEs. Capgemini’s Applied Innovation Exchange (AIE) brings together a framework for action, a network of exchanges, and a diverse ecosystem to scout, trial, implement and accelerate innovative technology applications.; ; Capgemini supports the wider supply chain of UK businesses as a partner of Business in the Community within their business response network, engaging in sessions for refugees, coaching for job seekers, and providing digital inclusion mentors to the elderly. Capgemini supported supply chain resilience and capacity by spending £180m+ with 395 SMEs in 2022/2023.; ; We support our charity partners to build their digital skills and increase their impact through digital transformation. We have completed a range of pro-bono projects using our skills to impact charities, while developing our own junior talent.

  Equal opportunity

  Capgemini’s Diversity and Inclusion Policy states our commitments and guidelines to achieve a more diverse, equal, and inclusive work environment. Our definition of diversity encompasses all personal attributes, to reflect society in all its richness. It includes, among others, sex and gender identity, age, race/ethnicity or nationality, sexual orientation, ability status, social origin, cultural identity, faiths, working methods, skills, and experience. We value the differences and uniqueness of our people, while cultivating our commonalities.; ; Capgemini is recognised as one of the UK’s Most Inclusive Employers, is one of the UK’s Best Places to Work for Wellbeing, in the top 75 employers in the Social Mobility Index and is EDGE Assess Certified.; ; Capgemini is a member of the Business Disability Forum providing training, podcasts and comprehensive advice on conditions and adjustments. We hold a Disability Confident Employer badge. We work with Ambitious About Autism providing specialised education services and an award-winning employment programme. With the vision of everyone feeling valued for who they are, Capgemini initiated the NeuroInclusion Programme in 2023 for neurodivergent individuals to share their valuable experiences, ideas, and insights. This has grown, engaging with external experts, training sessions for staff.; ; Our employees benefit from seven Employee Resource Groups, which promote inclusive behaviours and provide our teams with space to come together and share their experiences. Currently, we have the Armed Forces Network, Women@Capgemini, CAPability, OUTfront, the Race and Equality Network, and Talking Heads. NeuroAbility is the most recently launched group ensuring an inclusive support space for neurodiverse employees or carers.; ; For 20+ years, our partnership with The Prince’s Trust has supported young people from disadvantaged backgrounds across the UK, providing employability skills and useful insights into technology careers. In 2023, our volunteers supported over 1,000 young people to improve their digital and employability skills.

  Wellbeing

  From the first stages of recruitment through to each working day with Capgemini, support is always at hand. Capgemini UK has been named one of the UK’s Best Workplaces™ for Wellbeing in 2023 by Great Place to Work®, the global authority on workplace culture.; ; Here are a few ways that Capgemini provides support on wellbeing:; ; Talking Heads Employee Network: Our wellbeing Employee Network, Talking Heads, which supports mental wellbeing, with 500+ members, providing a space for everyone to discuss anything mental health or wellbeing related. It’s a space to connect, share, seek advice, and uplift each other.; ; Wellbeing Champions: We have more than 160 trained Wellbeing Champions across our UK business who are available to all employees. These dedicated champions have been trained by mind and provide a friendly and trustworthy point of contact, enabling colleagues to speak about mental health concerns or life events in confidence. Their role is to listen and signpost to internal and external support, not make a professional or medical judgement.; ; Access to ‘Thrive’ app: We offer a confidential wellbeing app that helps build a growth mind-set, prevent, and manage stress anxiety and other mental health conditions. It has a mood meter, relaxation techniques, a goal setting system, access to a thought trainer and more.; ; “The company really cares about employees’ wellbeing. When I mentioned that I was going through a difficult time to more senior colleagues, they supported me throughout and reached out to me frequently to ask how I was doing. There is also a great Employee Assistance Program where employees can speak to therapists for free.” – Capgemini employee; ; We work with our clients to deliver a range of wellbeing initiatives including wellbeing knowledge share sessions, wellbeing in delivery toolkits, monthly health, wellbeing champion check-ins, health and wellbeing fundraisers and much more.

Pricing

• Price: £23,000 a unit a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: 2 week free trial
• Link to free trial: https://www.irmsecurity.com/synergi-grc-platform/

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at publicsector.opps.uk@capgemini.com. Tell them what format you need. It will help if you say what assistive technology you use.