Pionen

PionenAssure - CAF assessment management tool

PionenAssure simplifies cyber assurance for organisations using the Cyber Assessment Framework (CAF). It provides a guided, customisable assessment with role-based access for assessors, supervisors and reviewers or auditors; rich features for internal and external collaboration; powerful summary visuals and reporting to drive improvement plans. Also supports regulatory cyber assessments.

Features

• Guided Cyber Assessment Framework (CAF) assessments
• Role-based access for administrators, supervisors, assessors, reviewers and auditors
• Up-to-date CAF content, including a CAF version comparison tool
• Customise templates with your own questions and target profile
• Automatically collates multiple contributions to an assessment
• Dashboard view of all assessments in progress with status
• Summary visualisation, powerful reporting
• Unlimited users in all plans
• Export to PDF, CSV and JSON for further reporting/analysis
• Onboard partner organisations for external cyber assessments

Benefits

• No need for complex suites of spreadsheets
• Eliminate version control problems
• Guided workflow simplifies the Cyber Assessment Framework for users
• Monitor and manage assessment progress across your organisation and beyond
• Supports the GovAssure process
• Customisable target profiles support organisations at any stage of maturity
• Supports regulatory bodies carrying out assessments and audits
• See where a service is not meeting the required standard
• Demonstrates to leadership team where efforts need to be concentrated
• Built to CDDO secure-by-design principles and guidance

£10.00 to £150.00 a user a month

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at steve.moran@pionen.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

331029357921306

Contact

Steve Moran
01743 296 535
steve.moran@pionen.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: PionenAssure is not currently designed to work on mobile devices such as tablets or smartphones, due to screen size limitations.; Currently, Safari is not supported as a browser.
• System requirements:
  • Internet-connected computer running modern browser
  • Javascript enabled in the browser

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Within 2 working days
• User can manage status and priority of support tickets: No
• Phone support: No
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Support is via e-mail, following training of customer staff in the PionenAssure process and software. We will acknowledge e-mails within 2 working days, and will endeavour to provide a fix within a further 2 working days. This is included in the cost of the PionenAssure subscription model.; Custom enhancements and modifications can be made. The cost will depend on whether the changes will be useful to other customers, and the effort involved in creating and deploying them.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: We will provide training to a customer's staff in how the PionenAssure process works. This includes the management of the Discovery Workshops, the use of the PionenAssure software, and the creation and management of the output. This typically involves between 3 and 15 days' consultancy, depending on the size and nature of the organization.
• Service documentation: No
• End-of-contract data extraction: Export to Excel or PDF.
• End-of-contract process: If a customer chooses not to renew their subscription they will no longer be able to use the PionenAssure software.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: No
• User support accessibility: None or don’t know
• API: No
• Customisation available: No

Scaling

• Independence of resources: Our service is scaleable to meet the demands of multiple users concurrently.

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: No
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Secure export is provided
• Data export formats:
  • CSV
  • Other
• Other data export formats: PDF
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Service will be available between 07.00 and 18.00 on Monday to Friday (except Bank Holidays). Maintenance and update work will take place outside these hours, unless prior notice has been give, or for emergency updates.
• Approach to resilience: Available on request
• Outage reporting: Customers will be e-mailed in the event of an outage.

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: Username and password
• Access restriction testing frequency: At least once a year
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: Between 1 month and 6 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: Between 1 month and 6 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Pionen Information Security Policy

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Pionen Change Management Process, tracks all software through its lifecycle and all changes are assessed for potential security impact.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Vulnerabilities are managed using the shared services model.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Pionen utilize service provider native services.
• Incident management type: Supplier-defined controls
• Incident management approach: Incident management is pre-defined and planned as part of the Pionen incident management process. Users are aware how to report incidents. Reporting is provided to steering group quarterly for analysis.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Fighting climate change

  Fighting climate change

  Pionen has a well developed method statement on the subject of fighting climate change. Depending on the time of year our activities will be varied in this domain. However we endeavour to measure and report, if requested, on the specific activities our team are participating in. This list if not exhaustive but includes things like reducing energy consumption, reducing travel when possible, investment in green technology and planting trees to offset carbon.

Pricing

• Price: £10.00 to £150.00 a user a month
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: 1 month free trial is available for up to 5 users in a single orgainisation.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at steve.moran@pionen.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.