C3IA Solutions Ltd

NCSC Cyber Essentials and Cyber Essentials Plus Certification

C3IA is a Cyber Essentials certification body and we deliver Cyber Essentials and Cyber Essential Plus certification. Cyber Essentials is a Government backed, industry-supported scheme to help protect organisations against common cyber attacks. Achieving certification provides a recognisable information security baseline and helps your organisation meet mandated security compliance requirements.

Features

• Assessment of five essential security controls and mitigation strategies
• Support to achieve related supply-chain security requirements
• Consultancy support from certified consultants
• Online completion and submission of the self-assessment questionnaire
• On-site user device audit performed by a Cyber Essentials consultant
• Consultants hold Security Check or Developed Vetting

Benefits

• Protect your organisation against common cyber threats reducing risk
• Business compliance with NCSC recommended basic cyber hygiene level
• Demonstrates a responsible cyber security approach to your customers
• Provides entry to DCPP supply chain compliance
• Increasing security skills and awareness through knowledge transfer
• Delivered by an ISO 27001 and Cyber Essentials company

£320 to £2,800 an instance

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at s.roff@c3ia.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

332049402044541

Contact

C3IA Solutions Ltd - Sian Roff
01202721123
s.roff@c3ia.co.uk

Planning

• Planning service: No

Training

• Training service provided: No

Setup and migration

• Setup or migration service available: No

Quality assurance and performance testing

• Quality assurance and performance testing service: Yes
• How the quality assurance and performance testing works: Cyber Essentials and Cyber Essentials Plus provide the client with independent assurance that information systems and cloud services are configured and deployed in compliance with NCSC mandated security controls and best practice. ; The higher level of assurance, Cyber Essentials Plus, involves completing the Cyber Essentials online assessment followed by a technical audit of the systems that are in-scope for Cyber Essentials. This includes a representative set of user devices, all internet gateways and all servers with services accessible to unauthenticated internet users. ; C3IA's delivery of this service is subject to a rigorous quality control and assurance process conducted by IASME and the NCSC that ensure C3IA Assessor's adhere to the specified Code of Conduct and sustain the quality and integrity of the certification scheme.

Security testing

• Security services: Yes
• Security services type:
  • Security strategy
  • Security risk management
  • Security design
  • Cyber security consultancy
  • Security testing
  • Security audit services
  • Other
• Other security services:
  • Data Protection compliance assessment
  • Cyber Essentials Plus support & certification
  • Secure by Design assessments and review
  • Technical Security Countermeasures assessments
  • Penetration Testing
  • Acoustic Management assessment
  • Physical Security Assessments (FSC)
• Certified security testers: Yes
• Security testing certifications:
  • CHECK
  • CREST
  • Tigerscheme
  • Cyber Scheme

Ongoing support

• Ongoing support service: Yes
• Types of service supported:
  • Buyer hosting or software
  • Hosting or software provided by your organisation
• How the support service works: C3IA Solutions offers a bespoke Security Management Partnership (SMP) to offer ongoing support and assurance around the continuation of Cyber Essentials mandatory controls. Mapped to the Cyber Essentials Certification Standard, an SMP provides a structured, repeatable and assured structure in which ongoing support services are provided. Routinely an SMP will include information security governance advice, cyber and data protection periodic audit, testing and vulnerability assessments, education and awareness, red teaming and exercises.

Service scope

• Service constraints: Scope of solutions and services is negotiated individually to meet defined customer requirements.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Within one working day.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Support levels: Support is usually agreed as a Security Management Partnership (SMP) with services matched according to client requirements. The client will have a nominated Lead Consultant responsible for delivery oversight and making adjustments to the SMP as the client's needs evolve. ; Mapped to the HMG Minimum Cyber Security Standard and the NIST information security framework of Identify-Protect-Detect-Respond-Recover, an SMP provides a structured, repeatable and assured structure in which ongoing support services are provided. Routinely an SMP will include information security governance advice, cyber and data protection periodic audit, testing and vulnerability assessments, education and awareness, red teaming and exercises.

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: URS - United Registrar of Systems
• ISO/IEC 27001 accreditation date: 22/09/2023
• What the ISO/IEC 27001 doesn’t cover: The ISO/IEC 27001 Certification encompasses the scope of the service.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • NCSC Assured Cyber Security Consultancy
  • IASME Cyber Essentials Certification Body

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  C3IA is fully committed to delivering social value in our day-to-day business operations and in our commercial activities. ; ; We care about the environment and are committed to decreasing our already small environmental footprint. Our dedication to achieving Net Zero no later than 2050 is demonstrated through our annual Carbon Reduction plan where we outline our reduction targets and initiatives; we transparently share this on our website. We are also working to achieve ISO 14001, Environmental Management, to further demonstrate our enthusiasm towards the environment and reducing our impacts. ; ; Where Fighting Climate Change is a buyer-specified SV requirement for a contract we will commit to delivering appropriate value under the Policy Outcome ‘Effective stewardship of the environment’, and the associated Model Award Criteria benefits. ; ; We will provide information in our proposal about how we will add value during the contract period and post contract award we will work with clients and the supply chain to deliver the agreed outcomes. We will report social value information as agreed with the client and respond to all reasonable requests in an open, honest and transparent manner, subject to commercial or confidentiality constraints within the supply chain. ; ; C3IA will monitor contracted SV activity at Board level to ensure our commitments are met.

  Covid-19 recovery

  C3IA is fully committed to delivering social value in our day-to-day business operations and in our commercial activities. ; ; We care about COVID-19 recovery and throughout the pandemic and beyond have supported all employees across the business. We heavily invest in the continual professional development of our staff, which we consider is of the upmost importance. The physical and mental health and wellbeing of all our staff is vital, therefore we provide numerous internal and external support and helplines for all employees and all our line managers have undertaken specialist line manager mental health training. Furthermore, we have supported and continue to support local schools and sports teams as we understand the importance they have to individuals and their future. Finally, we have embraced hybrid working, utilising technology to effectively collaborate and communicate with individuals and teams across the business. ; ; Where COVID-19 recovery is a buyer-specified SV requirement for a contract we will commit to delivering appropriate value under the Policy Outcome ‘Help local communities to manage and recover from the impact of COVID-19’, and the associated Model Award Criteria benefits. ; ; We will provide information in our proposal about how we will add value during the contract period and post contract award we will work with clients and the supply chain to deliver the agreed outcomes. We will report social value information as agreed with the client and respond to all reasonable requests in an open, honest and transparent manner, subject to commercial or confidentiality constraints within the supply chain. ; ; C3IA will monitor contracted SV activity at Board level to ensure our commitments are met.

  Tackling economic inequality

  C3IA is fully committed to delivering social value in our day-to-day business operations and in our commercial activities. ; ; We care about tackling economic inequality and are committed to being socially responsible. We support new businesses, entrepreneurs, start up’s, Small and Medium Enterprises, Voluntary, Community and Social Enterprises and Mutuals which all have much to offer both the community and economy. We proactively engage with local schools, colleges and universities to encourage STEM participation and interest, especially in those from disadvantaged backgrounds and socially deprived areas, offering presentations and demonstrations from our team to inspire the next generation into the ICT & Cyber Security industry. Alongside this, we host work experience for higher and further education so individuals can learn more about the industry and how to successfully enter it. ; ; Where tackling economic inequality is a buyer-specified SV requirement for a contract we will commit to delivering appropriate value under the Policy Outcomes ‘Create new businesses, new jobs and new skills’ and ‘Increase supply chain resilience and capacity’ and the associated Model Award Criteria. ; ; We will provide information in our proposal about how we will add value during the contract period and post contract award we will work with clients and the supply chain to deliver the agreed outcomes. We will report social value information as agreed with the client and respond to all reasonable requests in an open, honest and transparent manner, subject to commercial or confidentiality constraints within the supply chain. ; ; C3IA will monitor contracted SV activity at Board level to ensure our commitments are met.

  Equal opportunity

  C3IA is fully committed to delivering social value in our day-to-day business operations and in our commercial activities. ; ; We care about equal opportunities and this forms apart of everything that we do, as demonstrated throughout our company policies. Our commitment is also demonstrated by our inclusion of bullying & harassment and equality, diversity and inclusion training as part of our e-learning service that all employees have access to. ; ; We employ a wide-ranging workforce which include many ex-service men and women, irrespective of age, gender or socioeconomic background. Every employee is enrolled in our CPD programme where they are encouraged to maintain momentum by completing industry and role specific courses and qualifications to aid their personal progression. Finally, we require our people and supply chain at all levels to uphold the same values where we actively prevent discrimination, harassment & bullying. ; ; Where equal opportunity is a buyer-specified SV requirement for a contract we will commit to delivering appropriate value under the Policy Outcome ‘Reduce the disability employment gap’, ‘Tackle workforce inequality’ and the associated Model Award Criteria benefits. ; ; We will provide information in our proposal about how we will add value during the contract period and post contract award we will work with clients and the supply chain to deliver the agreed outcomes. We will report social value information as agreed with the client and respond to all reasonable requests in an open, honest and transparent manner, subject to commercial or confidentiality constraints within the supply chain. ; ; C3IA will monitor contracted SV activity at Board level to ensure our commitments are met.

  Wellbeing

  C3IA is fully committed to delivering social value in our day-to-day business operations and in our commercial activities. ; ; As a people-centric company we care about the wellbeing of our team and those we work with. We are committed to creating a positive and psychologically safe working environment for all and provide a variety of training, support and help resources to our team which can be tailored to the individual and looks at the wellbeing of the whole person. ; ; We have implemented an e-learning management system which includes focus on mental health and wellbeing and have weekly communication explaining both the internal and external support that is available. We also have a team of mental health first aiders who work across the business. Where agreed with clients, they could also support clients when working on client sites. ; ; Where wellbeing is a buyer-specified SV requirement for a contract we will commit to delivering appropriate value under the Policy Outcomes ‘Improve health and wellbeing’ and ‘Improve community integration’ and the associated Model Award Criteria benefits. ; ; We will provide information in our proposal about how we will add value during the contract period and post contract award we will work with clients and the supply chain to deliver the agreed outcomes. We will report social value information as agreed with the client and respond to all reasonable requests in an open, honest and transparent manner, subject to commercial or confidentiality constraints within the supply chain. ; ; C3IA will monitor contracted SV activity at Board level to ensure our commitments are met.

Pricing

• Price: £320 to £2,800 an instance
• Discount for educational organisations: Yes

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at s.roff@c3ia.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.