NTA Monitor Ltd.

PCI ASV Scanning

Quarterly external network vulnerability scanning of Internet-facing systems; testing for configuration, operating system, software vulnerabilities and application vulnerabilities. Security issues identified are reported and resolutions recommended, allowing the customer to eliminate or mitigate the risk, thus greatly reducing the likelihood of a successful attack.

Features

• Industry recognised methodologies (e.g. OWASP, OSSTMM, PCI) employed
• CVSS and CVE references included in reports
• Summary of risks identified, ordered from high to low severity
• Technical details of each issue found
• Recommendations for closing holes found
• Includes retesting of PCI 'fail' issues identified
• Post-delivery support and guidance included

Benefits

• Identifies security vulnerabilities and configuration weaknesses
• Improves protection of business information and data assets
• Demonstrates information security best practice
• Meets PCI Data Security Standard (DSS) compliance requirements
• Aligns to an Information Security Management System

£800 a unit a year

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gavin.simms@intertek.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

328092997095617

Contact

Gavin Simms
01634 721855
gavin.simms@intertek.com

Planning

• Planning service: No

Training

• Training service provided: No

Setup and migration

• Setup or migration service available: Yes
• How the setup or migration service works: This service allows organisations who have procured services via the Digital Marketplace, or who are using cloud hosted software, infrastructure or platforms, to gain independent analysis and information security assurance regarding the governance and controls that are in place to protect these services and systems. Such assurance is vital for cloud based services which possess specific security considerations due to their on-demand, remotely accessible and multi-tenanted attributes.
• Setup or migration service is for specific cloud services: No

Quality assurance and performance testing

• Quality assurance and performance testing service: No

Security testing

• Security services: Yes
• Security services type: Security testing
• Certified security testers: Yes
• Security testing certifications:
  • CHECK
  • CREST
  • Other
• Other security testing certifications: Approved Scanning Vendor (ASV) Employee

Ongoing support

• Ongoing support service: No

Service scope

• Service constraints: 1. Pricing assumes ‘active IP addresses’ are interactive applications (i.e. dynamic sites, web applications, remote access systems); 2. Free fail issue retesting applies to a single spot retest of any/all fail issues within two weeks of each scheduled quarterly test, with report being amended and re-issued to reflect latest state of security; 3. Price liable to adjustment if scope changes from that provided, or if the PCI Security Standards Council (SSC) change their requirements

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Email support is offered Monday to Thursday 9 am to 5.30 pm and Friday 9 am to 5 pm. Response times are within 24 hours, but typically same day.; There is no service available at weekends.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Support levels: Support Levels: ; • Email (FOC); • Phone (FOC); • Onsite (chargeable at day rate); • A technical consultant would be allocated to handle any support issue if required

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • CHECK Green Light status
  • CREST member company
  • CE+ Certification Body

Social Value

• Social Value:

  Social Value

  Equal opportunity

  Equal opportunity

  The Company is committed to providing equal opportunities in employment and to avoiding unlawful discrimination in employment or to customers.

Pricing

• Price: £800 a unit a year
• Discount for educational organisations: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gavin.simms@intertek.com. Tell them what format you need. It will help if you say what assistive technology you use.