Netcompany UK Limited

Cloud Security Service

The cloud security service provides an agile delivery approach to design, deployment, configuration and support of secure cloud based services.

Netcompany provides assurance that the cloud security solution being deployed aligns to HMG, NCSC and CESG security standards for private, public and hybrid cloud services.

Features

• Proven information security framework, ISO27001, ISO9001, cyber essentials plus
• Secure by design, automated security, scalable, continuity of operations
• Cloud security frameworks, NCSC cloud security principles, PSN policing
• Data protection and cryptographic controls, identity and access management (IdAM),
• Information risk management including privacy and GDPR,
• Threat modelling, security assurance, security testing, penetration testing
• IT Service/Business Continuity and Disaster Recovery (DR) policies, procedures
• Security architecture design, secure development lifecycle, DevSecOps, supply chain security
• Security operations, protective monitoring, vulnerability, security incident and event management
• Management, operation, monitoring and tuning of SIEM solutions

Benefits

• Expert knowledge in multi-zonal security domain architectures
• Align security compliance to policy frameworks and information assurance standards
• Verification and validation of security monitoring, management, functions and processes
• Ensure the confidentiality, integrity and availability of cloud information.
• Microsoft365, Microsoft Azure, Amazon Web Services (AWS), on-premise solutions
• Increased detection of high impact threats and vulnerabilities
• Agile delivery and security best practice methodologies
• Scalability and elasticity of cloud security solutions
• Independent Cyber Essentials Plus assessment and implementation
• CESG, MSc, CISSP, CCP qualified and SC Cleared personnel

£250 to £1,500 a unit a day

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info.uk@netcompany.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

351852841278052

Contact

James Hancock
+44 203 318 2133
info.uk@netcompany.com

Planning

• Planning service: Yes
• How the planning service works: When customers engage with Netcompany, we mobilise quickly and work collaboratively to establish a strong working relationship. ; ; At the initial stages, through project kick-off meetings and workshops, we gain a clear understanding of goals, requirements and the current challenges. ; ; We ensure that our customers have a clear view of the shape of the engagement and are confident that their requirements will be met. ; ; We begin with governance discussions, documentation, as-is review, and assessment before embarking on any journey with you. We discuss options, delivery methods, associated services, costs, pros and cons, and ongoing support and maintenance where applicable. ; ; Netcompany then develop a strategy and plan in partnership with the customer that addresses the requirements and clearly defines the scope of the activities.
• Planning service works with specific services: No

Training

• Training service provided: Yes
• How the training service works: Service Operation Team Training; Training for service operational teams would be tailored to the customers’ specific requirements, the cloud solution being implemented and the experience of the operational team in cloud-based services. As part of helping a customer plan for implementing a cloud service, Netcompany review the buyers current service operating model (in-house, external or combination) and determine how the cloud service would be integrated into the existing operating model including how any cloud supplier management would be handled.; ; Where the cloud solution is being managed by an in-house team, we traditionally adopt a model where they are integrated into the implementation lifecycle to get visibility from the outset to maximise training, train the trainer and knowledge transfer across the lifecycle, typically ending in an operational acceptance testing and formal handover process with option for early life support.
• Training is tied to specific services: No

Setup and migration

• Setup or migration service available: Yes
• How the setup or migration service works: Netcompany have extensive experience of complex infrastructure migrations. Working with us you will receive the benefits of this experience, and using our tried and tested Netcompany approach ensures a low-risk delivery.; ; We set our customers up with a dedicated and committed project team consisting of any combination of Project Manager, Solution Architect, various skilled Technical Engineers, and Testers. ; ; It is important to establish clear roles and responsibilities for the delivery and identify and engage with Stakeholders at early stages to introduce the project and take them on the journey with us.; ; We take full ownership and responsibility for the setup of the delivery/service and can manage and oversee the smooth transition from an existing supplier where applicable.
• Setup or migration service is for specific cloud services: No

Quality assurance and performance testing

• Quality assurance and performance testing service: Yes
• How the quality assurance and performance testing works: Our Quality Assurance (QA) process starts with gaining a detailed understanding of the customers’ requirements and the implementation lifecycle to be adopted. This then allows us to determine the QA and inspection points needed such that we could review, assure, witness at the appropriate points of the lifecycle or support deliverable review and assurance.; ; Performance Testing; Netcompany create a performance related view of the customers’ requirements and design a test strategy, plan and scripts that enable proving these requirements had been met and that the cloud solution could scale as the business needed.; ; We complete performance testing to ensure the requirements would be met by the cloud solution but also to ensure that on-demand resources scale up and down based on load or availability requirements. In completing this testing we would validate any capacity model that would be handed over into the service operation process or where this hadn’t been designed, support the customer in creating this as it would act as a vital support resource to support ongoing capacity management of the service.

Security testing

• Security services: Yes
• Security services type:
  • Security strategy
  • Security risk management
  • Security design
  • Cyber security consultancy
  • Security testing
  • Security incident management
  • Security audit services
  • Other
• Other security services:
  • ISO 27001 Compliant
  • GDPR Compliant
  • Environment Accreditation Assessment and Audit
  • Data Classification
  • Compliance and Regulation Assessment
  • Cyber Essentials
  • Cyber Essentials Plus
• Certified security testers: Yes
• Security testing certifications:
  • CHECK
  • CREST

Ongoing support

• Ongoing support service: Yes
• Types of service supported:
  • Buyer hosting or software
  • Hosting or software provided by your organisation
  • Hosting or software provided by a third-party organisation
• How the support service works: Netcompany has a dedicated Service Operations practice, operating our own national service centre and service desk. In providing support services for cloud solutions, the proposed model to be adopted would be driven from the customers’ requirements on: ; ; - Type of cloud service to be supported.; - Target Operation Model design, e.g. 100% Netcompany provided support, or 1st, 2nd and 3rd line support tiers split across internal operations/other supplier and Netcompany. ; - Onsite / Offsite. Whether all or any part of the service function needs to be onsite and integrated with the customer operations team(s) or provided remotely via a Netcompany location. ; - Support levels required. Netcompany can cater any level of support up to 24x7x365 with tailored, stringent SLA response and resolution times.; - Security clearance requirements. Netcompany can provide cleared personnel to the highest security levels.; ; Netcompany provide a full range of ITIL v3/2011/v4 functions including capacity and demand management, incident, change and problem management, and comprehensive system monitoring and alerting. Where the cloud solution is being managed by an external provider, we support the customer in ensuring their specific requirements and commercials are defined.

Service scope

• Service constraints: All services provided are custom and specific to each customers' requirements, so there are no obvious constraints to be highlighted.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Netcompany will respond to tickets within the agreed Service Level Agreement. The response time will depend on the impact and urgency of the issue to determine the priority. Typical response times are below: - P1 – 15 minutes - P2 – 30 minutes - P3 – 60 minutes - P4 – 120 minutes
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Support levels: We will work in partnership with you to agree the types of support and support levels.

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: DNV Business Assurance UK Ltd
• ISO/IEC 27001 accreditation date: 30th June 2021
• What the ISO/IEC 27001 doesn’t cover: The scope of our ISO 27001 certification is "Plan, design and deliver IT services and associated services for specified customer contracts, in accordance with the Statement of Applicability version 1.1"
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Social Value

• Fighting climate change:

  Fighting climate change

  We are committed to sustainability and recognising our responsibility to minimising impact of our operations and services on the environment. We have a fully integrated approach to environmental management, meeting the principles of the Environmental Protection Act 1990, WEEE Directives, Greening Government Commitments and ISO14001. ; Our Method Statement comprises two elements confirming our commitment to ensuring that opportunities under contract deliver the Policy Outcome and Model Award Criteria; ; (1) Actions our organisation is taking ; (2) Activities we’ll undertake to support the contract; ; (1) Examples demonstrating our commitment to Fighting Climate Change; ; • Carbon Reduction Plan target to become NetZero by 2030 and have flagged UN SDG targets 9 and 12 as our priorities.; • Our UK offices are powered by renewable energy ; • We have a Climate Positive Workforce with our Carbon emissions offset through our partnership with Ecologi at 10.8 tonnes CO2 per employee/year. ; • We Promote Sustainable travel: Our people use sustainable commuting methods through Cycle-to-Work, season ticket loan and secure bike-parking schemes. ; • Installing state-of-the-art conferencing facilities realising a significant reduction of office-to-office commuting.; • Reducing waste: We have introduced waste management systems in our offices, minimised single-use water bottles and operate paperless offices.; ; (2) Activities we’ll undertake to reconnect people with the environment and increasing awareness to protect and enhance it.; We will track and optimise the carbon footprint of the target estate using industry leading Carbon calculators. We’ll promote embedding sustainability as a digital design principle inline with Greening Government Commitments and support awareness of CO2e reduction and best practice. ; We will minimise the carbon footprint of our work using technology to work remotely by default.; To enable awareness, and to influence the supply chain and local communities, we will share best practice with the project team, its supply chain and educate the local community.
• Covid-19 recovery:

  Covid-19 recovery

  We recognise the significant challenges presented by the UK Digital Skills gap, compounded due to the pandemic. We employ 443 people in the UK, 197 of whom were recruited during the pandemic. Of the 14 major cities outside of London, Leeds, with the 2nd highest unemployment rate, has been our city of focus for the last 3 years; there we provide secure employment for 220 people. Our growth target is to increase Leeds based job opportunities by 30% year on year.; Our Apprenticeship programme starts in Sept-22 with a focus on underrepresented communities in Leeds and London. Our aim is to have 10 apprentices by Dec-23. ; Throughout the pandemic we prioritised helping our staff and local communities to manage and recover from the impact of COVID-19. We implemented initiatives to reduce the demand on public services and improve how we support physical and mental health such as introducing company-funded private healthcare for all employees and became a Disability Confident employer. To help our local communities, we supported the NHS through delivering IT solutions that enabled the reopening of society. Namely through delivering Covid Solutions in England, Wales, Scotland.; We’re an equal opportunity employer and continue to tackle inequalities via our Equality, Diversity & Inclusion Policy, our status as Level 1 Disability Confident Employer, and by aligning to the 5 principles of the Government Good Work Plan. We are committed to becoming a Disability Confident Level 2 employer by June 2022. ; Finally, we also support community education schemes; ; • Ahead Partnership as a key partner in “Growing Talent Digital Leeds” to inspire and encourage young people aged 11-18 to pursue a career in digital. ; • Us Programme, a London based project to help women from lower income backgrounds aged 15-19 with education and training; we are currently mentoring 10 young women.
• Tackling economic inequality:

  Tackling economic inequality

  As an equal opportunity employer, we are committed to creating an attractive working environment which promotes equal career opportunities for all employees regardless of social identity. Our Board is 50% women. ; ; We identify inequalities in employment, skills and pay through our Whistle Blowing Policy, Annual staff survey and our Affinity groups like LGBTQ+/Multicultural. ; ; We continue to tackle inequalities via our Equality, Diversity & Inclusion Policy (aligned to Equality Act 2010, including the Public Sector equality duties), our status as a Level 1 Disability Confident Employer, and by aligning to the 5 principles of the Government Good Work Plan. ; ; We address inequality by focusing on: ; • inclusive, accessible recruitment practices: we proactively engage local deprived communities with all roles advertised through Vercida Group, a D&I resourcing specialist ; • offering a range of quality employment opportunities; ; • providing an inclusive working environment which promotes career progression; ; • educating our people to act with tolerance and compassion; ; • compliance with equal pay reporting. ; To support in-work progression, our career paths offer broad opportunities to choose a career that accommodates personal goals. We ensure that: ; ; • Our Academy provides equal opportunity to training and recognised certification designed and developed to supplement knowledge, coaching and skills gained from the day-to-day tasks and responsibilities to enhance career development. ; • Everyone has a mentor they meet regularly to discuss career progression and well-being. ; • Detailed development feedback is given twice a year measured against transparent performance criteria by their line manager who have attended Inclusive leadership training. ; • Promotions happen once a year and all promotions are communicated throughout the company. ; ; Our planned activity and targets: ; By Q3 2022 start our apprenticeship programme to help reduce the digital skills gap ; By Q4 2022 Disability Awareness training provided
• Equal opportunity:

  Equal opportunity

  There are 14.1 million disabled people in the UK. 19% of working age adults are disabled (Family Resources Survey, 2019 to 20), however, disabled people are twice as likely to be unemployed as non-disabled people.; We recognise the inequalities that have been amplified during the pandemic, in particular to those with disability. As a Disability Confident Employer, we have incorporated Disability awareness training as part of our mandatory training for our UK workforce from April 2022 onwards. We are committed to becoming a Disability Confident Level 2 employer by June 2022. ; We are an equal opportunity employer and publish our Diversity and Inclusion Policy. We continuously focus on any barriers that may prevent underrepresented groups from being appointed to a position, especially management positions. All UK Jobs are advertised through an inclusive and accessible job platform via our partnership with Vercida group, a D&I resourcing specialist. ; We recognise our role, is to use our expertise to make sure people with disabilities can connect and contribute to the workplace in the best way possible, to ensure they are thriving at work and within their role for the organisation. ; Our Inclusive leadership management training plays a vital role in creating and sustaining an inclusive working environment. This ranges from implementing the people management policies that will impact on how a person with a disability experiences work, to managing absence or a flexible working model to support the individual. Our inclusive and accessible development practices support managers to; attract the most suitable talent; be confident about supporting colleagues with a disabilities / health condition through on-boarding, training, and progression; understand how to identify and reduce, through workplace adjustment, the barriers that would prevent someone from reaching their potential; ensure fair treatment for all colleagues and create and inclusive working environment and culture.
• Wellbeing:

  Wellbeing

  Throughout the pandemic we prioritised helping our staff and local communities to manage and recover from the impact of COVID-19. We implemented initiatives to reduce the demand on public services and improve how we support physical and mental health such as introducing company-funded private healthcare for our people and became a Disability Confident employer. ; Our Method Statement comprises two elements confirming our commitment to ensuring that opportunities under a contract deliver the Policy Outcome and Model Award Criteria; ; (1) Actions our organisation is taking ; (2) Activities we’ll undertake to support the contract; ; (1) Example activities of how we influence staff, suppliers, customers and communities to support health and wellbeing, including physical and mental health and demonstrate our commitment to the Award Criteria; ; • signatory of Mental Health at Work commitment; • Implemented the Mental Health at Work 6 Core Standards and enhanced standards; • We utilise our Intranet to promote an active healthy lifestyle, use of our benefits like Cycle to Work Scheme, annual Fitness challenges and awareness of mental health encouraging open discussions with a clear route to support. ; • Our people have equal access and opportunity to regular training through our Academy to enhance their career prospects. They receive ongoing career progression planning through their mentor.; • Encouraging our people to seek help and feel supported through structured appraisals and access to our Mental Health specialists.; ; (2) Activities we’ll undertake on to promote personal and community health and well-being. ; As the delivery partner, we propose to co-design with the project team, a charity partner and a CPD accredited provider to offer education and training on Health and Wellbeing to unemployed people affected by Covid19. Our aim is to support them to find employment in the Health and Wellbeing sector. This will benefit both the individuals and the community.

Pricing

• Price: £250 to £1,500 a unit a day
• Discount for educational organisations: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info.uk@netcompany.com. Tell them what format you need. It will help if you say what assistive technology you use.