Skip to main content

Beta Help us improve the Digital Marketplace - send your feedback

WSP UK LIMITED

Operational Technology (OT) in Cloud Cyber Security Consulting

WSP can help provide an adaptive security approach to moving your OT environment into the cloud. By utilising OT threat vector analysis, risk modelling for OT and security-centric segmenting we can support cloud security operations for the challenges of OT. Migration steps will be addressed ensuring secure operational business continuity.

Features

  • OT cyber security assurance in cloud or mixed environments
  • Cloud supplier independent security assurance
  • Governance and compliance management (ISO27001, ISA/IEC 624432, NIS-D, PCI-DSS)
  • Requirements development
  • Mitigation strategy development
  • OT appropriate mitigation strategies advisory
  • Threat modelling and Risk Matrix analysis
  • Asset upgrade and patch management strategy development
  • Human Factors Cyber Security advisory
  • Cyber Security informed Safety case

Benefits

  • Tailored security for your business environments and business goals
  • Benefit from IT security operations for OT assets
  • Critical digital assets, business and outcomes protected
  • Safety and Human Factors aligned cyber security integration
  • Our experience of safety and mission critical systems
  • Improved OT vulnerability management
  • Gaps identified in security policies and architecture
  • Increased effectiveness of cyber security controls
  • Improved collaboration between IT and OT systems and people

Pricing

£618 to £2,472 a unit a day

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sean.campbell@wsp.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

3 0 0 7 3 6 4 8 3 8 1 8 7 9 2

Contact

WSP UK LIMITED Sean Campbell
Telephone: 07833401978
Email: sean.campbell@wsp.com

Planning

Planning service
Yes
How the planning service works
We provide full lifecycle planning services and will work with buyers to select the most appropriate methodology. We draw on systems engineering techniques such as SI:D3 (Systems Integration: Develop the strategy, Define the system, Deliver integration) – a well-proven framework for implementing cloud solutions.
Based on a three-phased approach:
Develop – clarify vision and objectives, assess ‘as is’ situation and develop strategy/roadmap in line with buyer’s goals;
Define – identify requirements and deliverables (including requirements for migration); and
Deliver – use WSP’s business management system, and best practices such as Agile, ITIL, DevOps, and ISO 31000, to deliver solution to the highest quality.
SI:D3 reflects years of learning and international best practices, providing a high-quality panning service, no matter the sector, making it ideal for use on the G-Cloud 13 framework and its spectrum of customers.
We can guide buyers through each planning phase, ensuring maximum value is derived from eventual implementation/service.
Planning service works with specific services
No

Training

Training service provided
Yes
How the training service works
Where required we offer bespoke training for all members of the buyer’s team including:
Formal coaching and mentoring;
Peer-to-peer support and paired roles;
At-distance/e-learning modules; and
In-person workshops, one-day/short-course training.
Training will be targeted and cover the range of skills required for cloud adoption, including strategy and road mapping, requirements analysis, architecture design/modelling, implementation, and culture change.
We can also provide standardised, accredited training courses through our training partners.
Training is tied to specific services
No

Setup and migration

Setup or migration service available
Yes
How the setup or migration service works
We provide end-to-end migration support (planning through execution) including workload assessment, strategy formulation, discovery & planning, piloting & testing, and data security.
Our team are skilled in a range of migration models including re-location, re-platforming, re-architecting as well as cold and live migration, and we will work with you to identify the most appropriate strategy.
For implementation, we use the V-Model methodology. V-Model provides a highly disciplined migration, running SDLC and STLC (testing) in parallel to promote low-risk, right-first-time implementation. Process as follows:
1) Requirement analysis and identification of outcomes (no pre-prejudice to the solution);
2) Agile solution design and piloting, with STLC running in parallel;
3) Implementation (with SLTC); and
4) Testing (verification & validation) of outputs against the acceptance criteria and acceptance plan.

We provide ‘migration to cloud’ training, coaching and mentoring to the buyer’s team – to maximise success at the service phase, as well as future migrations. Our data and cyber security experts can also provide tailored, ‘on demand’ advice.
Setup or migration service is for specific cloud services
No

Quality assurance and performance testing

Quality assurance and performance testing service
Yes
How the quality assurance and performance testing works
Quality Assurance (QA) and performance testing will be delivered under WSP’s certified business management system BMS (ISO9001, 18001, 14001), bringing a consistent, rigorous approach to the quality, timeliness, cost effectiveness and security of our service. Our BMS is aligned with a range of methodologies including Agile, Waterfall (V-Model), APM and MSP.
We’ll work with buyers to deliver QA and performance testing that’s in line with the scope and scale of the service, for example:
Development of bespoke quality management and performance testing plans;
Provision of standardised, repeatable, and efficient testing procedures aligned with the relevant industry Standard(s) including ISO 27000, ISA/IEC 62443, and ISO 55000;
Use of V-Model approach: confirming requirements early through all-party consultation, and continuously validating outputs;
Support with automated testing, if appropriate;
Scheduling formal quality reviews, making use of independent QA experts (WSP); and
Customer/service satisfaction surveys, or similar techniques.
WSP’s lead for the framework will hold an active leadership role, remaining accountable for a high-quality, high-performance service. We’ll engage with buyers to seek feedback on our service and achieve continuous improvement.

Security testing

Security services
Yes
Security services type
  • Security strategy
  • Security risk management
  • Cyber security consultancy
  • Security audit services

Ongoing support

Ongoing support service
No

Service scope

Service constraints
No significant limitations that we are aware of at this point.

User support

Email or online ticketing support
No
Phone support
No
Web chat support
No
Support levels
Not applicable for this service.

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2019
Government security clearance
Up to Security Clearance (SC)

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
Bureau Veritas Certification Holding SAS
ISO/IEC 27001 accreditation date
01/11/2022
What the ISO/IEC 27001 doesn’t cover
Everything outside of the secure provision of IT services in WSP UK and offices in London, Basingstoke, Birmingham, Leeds, Manchester and Guildford only.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
Yes
Other security certifications
Yes
Any other security certifications
  • CISSP
  • ISA/IEC 62443 certificate 1
  • ISA/IEC 62443 certificate 2
  • ISO27001 Lead Implementer
  • ISO27001 Lead Auditor
  • PCI-DSS Auditor

Social Value

Social Value

Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

Fighting climate change

We commit to delivering additional environmental benefits in the performance of the contract by applying learning from WSP's industry-leading climate change initiatives. This includes: 1) our commitment to reduce Net Zero greenhouse gas emissions by 2025; 2) Halve the carbon footprint of our designs by 2030; 3) Incentivise green revenue growth; Achieve ISO 14064 (Green House Gas Validation); 4) Pledge SteelZero by 2050; 5) World GBC Net Zero buildings commitment and EP100; 6) WSP Net Zero Champions for every service; 7) Charitable Grant Fund to support environmental charities; and 8) Government and industry engagement (eg Think Tank – Bright Blue collaboration on “Delivering Net Zero” publication & member of All Party Parliamentary Group).
We’ll work with buyers to apply WSP’s Future Ready® programme – an award-winning innovation initiative that challenges us to plan services with consideration of carbon reduction and environmental protection. It includes ‘innovation labs’ and expert-led coaching and mentoring. We'll also benchmark our performance and report against bespoke framework targets. Our consultants will complete WSP’s Carbon Literacy course, and WSP’s Climate Change & Resilience team can offer training to Buyers’ teams.
Evidence: In 2019 we won the GOLD award for Global Good Company of the Year, sponsored by The Crown Estate. WSP’s approach to ESG (environmental, social and governance) received global recognition in 2022, qualifying for inclusion in the S&P Global Sustainability Yearbook and receiving an Industry Mover Award. To be listed in S&P's Yearbook, companies must rank in the top 15% of their industry for ESG.

Covid-19 recovery

Social Value (SV) will be explicitly evaluated (not just ‘considered’) as part of our service. For example, using the national Themes, Outcomes and Measures (TOMs) social value framework and PPN 06/20 Model Award Criteria (MAC).
Our team is familiar with the PPN 06/20 SV Model and will undergo targeted training and e-learning refreshers (including those offered via Government Commercial College).
Through our service provision we will deliver against SV Theme 1 and the relevant MACs by: 1) Creating employment, training and other return to work opportunities for those left unemployed by Covid-19, particularly in high growth sectors such as data and cyber security; 2) Supporting the physical and mental health of staff affected by Covid-19, through provision of industry-leading wellbeing initiatives such WSP’s THRIVE programme and agile working; 3) Design reporting metrics for wellbeing for example completion of the six standards in the Mental Health at Work Commitment; 4) Improve workplace conditions that support Covid-19 recovery including effective social distancing and remote working - coaching teams in the use of latest remote working practices including new technologies and applications; 5) The WSP Foundation will match fund charity efforts related to Covid-19 recovery and we’ll encourage teams to use WSP’s annual volunteering days.
Evidence: WSP continues to support charities and local authorities as part of the Covid-19 recovery effort through volunteering, fund raising and direct support to front-line workers. For example, we’ve donated over 14,000 items of PPE to Covid-19 workers and our WSP Foundation have supported Arkwright Scholarships (£11,000), £8,400 to the Trussell Trust (foodbanks), and >50 laptop donations to XLP (students in inner-city London).

Tackling economic inequality

We will deliver against Theme 2 and MAC2.1 to MAC 2.3 of the Social Value Model by: 1) Supporting opportunities for entrepreneurship and SMEs in our advice to Buyers, using WSP’s supplier diversity programme and Social Value Supply Chain Charter; 2) Fostering a culture of inclusion and trust, underpinned by WSP Inclusion & Diversity Strategy, to support under-represented groups; 3) To engage diverse groups, we’ll collaborate with our partners MSDUK (ethnic-minority owned business), Even Break (disabled jobseekers), and WEConnect (women-owned business). We also commit to supporting those within the armed forces community; 4)
In relation to MAC 2.3, our service delivery model emphasises a ‘learning culture’ that supports formal qualification and certification where this contributes successful service delivery. For example, attainment of Cyber Essentials and Cyber Essentials Plus certification. 5) To encourage innovation across our framework community, we will: i) Design metrics related to technology, innovation and VfM; ii) Partner with industry initiatives led by InnovateUK; iii) Host Future Ready ® labs with suppliers and WSP experts to co-design solutions; iv) Promote collaboration via ISO 44001 approach; and v) Measure & record innovation benefits achieved via the National TOMs.
Evidence: WSP is a Disability Confident Employer and partners with organisations such as Valuable 500 reduce economic inequality. We’re also a signatory of the Armed Forces Covenant and support the employment of veterans by working with the Career Transition Partnership to promote our job opportunities. We have an exceptionally active programme which includes our school engagement platform, ‘STEM@WSP’, focussed on women in STEM. In 2020, approximately 100 employees attended more than 50 STEM events to promote STEM careers to approximately 15,000 students. We hosted over 60 work experience students.

Equal opportunity

Below we outline how we will deliver against Social Value theme 4 and the relevant PPN 06/20 Model Award Criteria (MACs 5.1-5.2). Our approach, which is underpinned by WSP’s 2022-24 Inclusion & Diversity Strategy, involves: 1) Supporting the development of new skills that result in recognised qualifications for underrepresented groups; 2) Demonstrating clear action to identify and tackle inequality in employment, skills and pay in the contract workforce. This includes time-bound action plans that monitor inclusion and progression of FTE from unrepresented groups; 3) Supporting in-work progression to help people, from disadvantaged or minority groups, to move into higher paid work by developing new skills relevant to the contract. 4) Creating inclusive and accessible working practices and will consultant our partners Valuable 500, Disability Confidant and Centre for Accessible Environments (CAE) to understand underlying factors affecting employees with medical or physical disabilities. 5) Designing inclusive working practices in consultation with Belonging@WSP, which brings together WSP colleagues with medical disabilities; and 6) Establishing formal reporting metrics that follow guidance within the Voluntary Reporting Framework.

Wellbeing

We commit to collaborating with Buyers to share our best practice approach to supporting health and wellbeing. Teams will also have access WSP’s dedicated Wellbeing Hub providing access to corporate guidance and local support programmes, for example:
1) Flexible working patterns in support of hybrid working;
2) Virtual tea breaks and socials;
3) Trained Mental Health first aiders and Wellbeing Champions nominated for each service;
4) WSP’s intranet based THRIVE programme providing access to resources including Wellbeing Assessments and 24/7 Employee Assistance Programme;
5) Expert-led resilience webinars, training and mentoring as well as Stress Awareness Training for all;
6) Tailored engagement plans for relevant areas of delivery, leveraging the suite of wellbeing tools available via WSP’s Thrive programme; and 7)
Pulse surveys to measure staff engagement over time and adapt to any changes in the results.

Pricing

Price
£618 to £2,472 a unit a day
Discount for educational organisations
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sean.campbell@wsp.com. Tell them what format you need. It will help if you say what assistive technology you use.