Skip to main content

Beta Help us improve the Digital Marketplace - send your feedback

C3IA Solutions Ltd

NCSC Assured Cyber Security Services

C3IA provides NCSC Assured Cyber Security Consultancy, delivering specialist advice to public and private sectors helping identify, understand and manage information security risks. Assured in Risk Management and Audit and Review, C3IA is very experienced in delivering risk-appropriate security outcomes through the application of NCSC and HMG good practice.

Features

  • NCSC Assured Consultancy for Audit and Review and Risk Management
  • Led by Cyber Security Council Chartered Cyber Security Professional
  • Delivered by NCSC Certified Professionals covering all CCP specialisms
  • Service lifecycle complies with NCSC and ISO 20700 Consultancy Standards
  • Expertise in risk methodologies across public and private sectors
  • Experienced in GovS 007:Security, Secure by Design and NIST CSF
  • Multi-disciplinary experts: Security, engineering, business transformation, training
  • Consultants provided with highest levels of security vetting

Benefits

  • NCSC assured and certified good practice
  • Increased confidence that delivery adheres to NCSC guidance
  • Better aligns Digital, Data and Technology with People (Human Factors)
  • Better aligns security strategy, policies and processes to organisational requirements
  • Increases security skills and awareness through knowledge transfer
  • Improved multi-disciplinary support across the entire ICT lifecycle
  • Embedded security at strategy, design, technical and operational levels
  • Delivered by an ISO27001, ISO9001 and Cyber Essentials certified company

Pricing

£497 to £1,720 a unit a day

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at s.roff@c3ia.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

3 4 2 2 8 3 2 4 2 7 5 9 8 0 4

Contact

C3IA Solutions Ltd C3IA Solutions Ltd - Sian Roff
Telephone: 01202721123
Email: s.roff@c3ia.co.uk

Planning

Planning service
Yes
How the planning service works
C3IA supports its clients in the delivery of Cloud services in line with the HMG Government Cloud First which recommends the use of SaaS. Cloud Service “Service Level Agreements” (SLAs) are brokered with the nominated Service provider and these can be negotiated based on the Risk Appetite of the client and the levels of service provided by the provider. Brokering of services can be used to define Data Backup Regime, Restoration timelines and priorities, Disaster Recovery support, performance and availability requirements.
Planning service works with specific services
No

Training

Training service provided
No

Setup and migration

Setup or migration service available
Yes
How the setup or migration service works
C3IA will support you during your engagement with the preferred supplier, support the migration of data and services to the cloud, and should you require it, support in any move away from cloud services to either a hybrid solutions or on prem data storage solution. The C3IA approach to the delivery of cloud services is to ensure that any service provider meets the NCSC stated 14 security requirements for SaaS cloud services:  Secure data in transit; Asset Protection and resilience; Separation between users; Governance Framework; Operational security; Personal security; Secure development; Supply chain security; Secure user management; Identity and authentication of users; External interface protection ; Secure service administration; Audit information for users; Secure use of the service.
Setup or migration service is for specific cloud services
No

Quality assurance and performance testing

Quality assurance and performance testing service
Yes
How the quality assurance and performance testing works
As an NCSC Assured Consultancy our services are scoped, planned, and delivered in line with ISO 20700; the delivery of Management Consultancy services. This requires us to engage and work closely with our clients to ensure that the services we provide have been correctly scoped, planned and delivered. The approach followed is: 

Offering   
- The services to be provided, in the form of an execution plan.  
- The methodology and resources by which the services will be provided.  
- The business outcome of the service provision plan.  
- How performance will be evaluated, and outcomes accepted.  

Execution  
- Successful execution will result in the achievement of the business objectives identified as part of the offering; these are routinely re-evaluated.  
- During the execution phase, progress and performance will be managed and evaluated against the agreed plan.  This follows project management principles with the options for milestone control points, earned value management and progress reviews.  

Closure  
- Effective and successful closure relies entirely on Offering and Execution being managed effectively.  Final customer evaluation and agreement is conducted to ensure contractual obligations have been met.
- All lessons learned and continual service improvements are captured including requesting and receiving customer feedback.

Security testing

Security services
Yes
Security services type
  • Security strategy
  • Security risk management
  • Security design
  • Cyber security consultancy
  • Security testing
  • Security audit services
  • Other
Other security services
  • Data Protection compliance assessment
  • Cyber Essentials Plus support & certification
  • Secure by Design assessments and review
  • Technical Security Countermeasures assessments
  • Penetration Testing
  • Acoustic Management assessment
  • Physical Security Assessments (FSC)
Certified security testers
Yes
Security testing certifications
  • CHECK
  • CREST
  • Tigerscheme
  • Cyber Scheme

Ongoing support

Ongoing support service
No

Service scope

Service constraints
There are no service constraints applied to this service

User support

Email or online ticketing support
Email or online ticketing
Support response times
Within 1 working day.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Support levels
Support is usually agreed as part of the commercial agreement during project initiation with services matched according to client requirements. The client will have a nominated Lead Consultant responsible for delivery oversight and making adjustments to the service support as the client's needs evolve.

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2019
Government security clearance
Up to Developed Vetting (DV)

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
URS - United Registrar of Systems
ISO/IEC 27001 accreditation date
22/09/2023
What the ISO/IEC 27001 doesn’t cover
The ISO/IEC 27001 Certification encompasses the scope of the service.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
Yes
Other security certifications
Yes
Any other security certifications
  • NCSC Assured Cyber Security Consultancy
  • IASME Cyber Essentials Certification Body

Social Value

Social Value

Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

Fighting climate change

C3IA is fully committed to delivering social value in our day-to-day business operations and in our commercial activities.

We care about the environment and are committed to decreasing our already small environmental footprint. Our dedication to achieving Net Zero no later than 2050 is demonstrated through our annual Carbon Reduction plan where we outline our reduction targets and initiatives; we transparently share this on our website. We are also working to achieve ISO 14001, Environmental Management, to further demonstrate our enthusiasm towards the environment and reducing our impacts.

Where Fighting Climate Change is a buyer-specified SV requirement for a contract we will commit to delivering appropriate value under the Policy Outcome ‘Effective stewardship of the environment’, and the associated Model Award Criteria benefits.

We will provide information in our proposal about how we will add value during the contract period and post contract award we will work with clients and the supply chain to deliver the agreed outcomes. We will report social value information as agreed with the client and respond to all reasonable requests in an open, honest and transparent manner, subject to commercial or confidentiality constraints within the supply chain.

C3IA will monitor contracted SV activity at Board level to ensure our commitments are met.

Covid-19 recovery

C3IA is fully committed to delivering social value in our day-to-day business operations and in our commercial activities.

We care about COVID-19 recovery and throughout the pandemic and beyond have supported all employees across the business. We heavily invest in the continual professional development of our staff, which we consider is of the upmost importance. The physical and mental health and wellbeing of all our staff is vital, therefore we provide numerous internal and external support and helplines for all employees and all our line managers have undertaken specialist line manager mental health training. Furthermore, we have supported and continue to support local schools and sports teams as we understand the importance they have to individuals and their future. Finally, we have embraced hybrid working, utilising technology to effectively collaborate and communicate with individuals and teams across the business.

Where COVID-19 recovery is a buyer-specified SV requirement for a contract we will commit to delivering appropriate value under the Policy Outcome ‘Help local communities to manage and recover from the impact of COVID-19’, and the associated Model Award Criteria benefits.

We will provide information in our proposal about how we will add value during the contract period and post contract award we will work with clients and the supply chain to deliver the agreed outcomes. We will report social value information as agreed with the client and respond to all reasonable requests in an open, honest and transparent manner, subject to commercial or confidentiality constraints within the supply chain.

C3IA will monitor contracted SV activity at Board level to ensure our commitments are met.

Tackling economic inequality

C3IA is fully committed to delivering social value in our day-to-day business operations and in our commercial activities.

We care about tackling economic inequality and are committed to being socially responsible. We support new businesses, entrepreneurs, start up’s, Small and Medium Enterprises, Voluntary, Community and Social Enterprises and Mutuals which all have much to offer both the community and economy. We proactively engage with local schools, colleges and universities to encourage STEM participation and interest, especially in those from disadvantaged backgrounds and socially deprived areas, offering presentations and demonstrations from our team to inspire the next generation into the ICT & Cyber Security industry. Alongside this, we host work experience for higher and further education so individuals can learn more about the industry and how to successfully enter it.

Where tackling economic inequality is a buyer-specified SV requirement for a contract we will commit to delivering appropriate value under the Policy Outcomes ‘Create new businesses, new jobs and new skills’ and ‘Increase supply chain resilience and capacity’ and the associated Model Award Criteria.

We will provide information in our proposal about how we will add value during the contract period and post contract award we will work with clients and the supply chain to deliver the agreed outcomes. We will report social value information as agreed with the client and respond to all reasonable requests in an open, honest and transparent manner, subject to commercial or confidentiality constraints within the supply chain.

C3IA will monitor contracted SV activity at Board level to ensure our commitments are met.

Equal opportunity

C3IA is fully committed to delivering social value in our day-to-day business operations and in our commercial activities.

We care about equal opportunities and this forms apart of everything that we do, as demonstrated throughout our company policies. Our commitment is also demonstrated by our inclusion of bullying & harassment and equality, diversity and inclusion training as part of our e-learning service that all employees have access to.

We employ a wide-ranging workforce which include many ex-service men and women, irrespective of age, gender or socioeconomic background. Every employee is enrolled in our CPD programme where they are encouraged to maintain momentum by completing industry and role specific courses and qualifications to aid their personal progression. Finally, we require our people and supply chain at all levels to uphold the same values where we actively prevent discrimination, harassment & bullying.

Where equal opportunity is a buyer-specified SV requirement for a contract we will commit to delivering appropriate value under the Policy Outcome ‘Reduce the disability employment gap’, ‘Tackle workforce inequality’ and the associated Model Award Criteria benefits.

We will provide information in our proposal about how we will add value during the contract period and post contract award we will work with clients and the supply chain to deliver the agreed outcomes. We will report social value information as agreed with the client and respond to all reasonable requests in an open, honest and transparent manner, subject to commercial or confidentiality constraints within the supply chain.

C3IA will monitor contracted SV activity at Board level to ensure our commitments are met.

Wellbeing

C3IA is fully committed to delivering social value in our day-to-day business operations and in our commercial activities.

As a people-centric company we care about the wellbeing of our team and those we work with. We are committed to creating a positive and psychologically safe working environment for all and provide a variety of training, support and help resources to our team which can be tailored to the individual and looks at the wellbeing of the whole person.

We have implemented an e-learning management system which includes focus on mental health and wellbeing and have weekly communication explaining both the internal and external support that is available. We also have a team of mental health first aiders who work across the business. Where agreed with clients, they could also support clients when working on client sites.

Where wellbeing is a buyer-specified SV requirement for a contract we will commit to delivering appropriate value under the Policy Outcomes ‘Improve health and wellbeing’ and ‘Improve community integration’ and the associated Model Award Criteria benefits.

We will provide information in our proposal about how we will add value during the contract period and post contract award we will work with clients and the supply chain to deliver the agreed outcomes. We will report social value information as agreed with the client and respond to all reasonable requests in an open, honest and transparent manner, subject to commercial or confidentiality constraints within the supply chain.

C3IA will monitor contracted SV activity at Board level to ensure our commitments are met.

Pricing

Price
£497 to £1,720 a unit a day
Discount for educational organisations
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at s.roff@c3ia.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.