CODE AND CONSULT LIMITED

Information Assurance of Cloud services

Provide Information Assurance advice covering the following areas - risk assessments/assurance (IS1, NIST, ISO27001/5 frameworks), solution architecture design, solution review, security gap analysis, ITHC planning-scoping-remediation, CIS Audits and compliance checks, documentation drafting for processes and procedures, bid submission reviews, stakeholder management, change control reviews, security incident event management, strategic planning.

Features

• System design and assurance
• Bid assistance to choose system and vendors
• Review of change controls
• Risk assessments using a number of frameworks
• Governance, Risk and Compliance reviews and assessments
• Documentation drafting (Process, Procedures, Runbooks, RMADS)
• Audit and assessment of propose and in-situ services
• ITHC planning, scoping and remediation
• Security Incident Event Management
• CIS Audits and assessments

Benefits

• Reduces deployment time
• Ensures security is baked in from the start
• Impartial identification of risks and controls
• Effective management of Security Incidents
• Robust reviews of security services
• Reduces costs to a managed fixed level
• Access to experienced specialist staff

£650 to £1,450 a person a day

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at pt@codeandconsult.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

358727705283183

Contact

Phil Thomas
07800917208
pt@codeandconsult.com

Planning

• Planning service: Yes
• How the planning service works: 1) Design of the security solution for the cloud hosting or cloud software.; 2) Review of a proposed architecture from a security perspective. This will highlight any design flaws, raise areas where additional design work needs to be undertaken and catalogue the risks arising from the solution with suggested mitigations.; 3) Advise on security processes, technology, standards and toolsets which may help to ensure a secure solution.; 4) Write risk management documentation and perform risk modelling using IS1/2, NIST or CIS standards.; 5) Write ITHC scopes, evaluate returned bids, run Test Readiness reviews and audit ITHC remediation ; 6) Manage Security Incidents in a structured formal manner
• Planning service works with specific services: No

Training

• Training service provided: Yes
• How the training service works: Customised in-house training for administrators or staff who need to understand the principles of security in a cloud architecture environment.
• Training is tied to specific services: No

Setup and migration

• Setup or migration service available: No

Quality assurance and performance testing

• Quality assurance and performance testing service: No

Security testing

• Security services: Yes
• Security services type:
  • Security strategy
  • Security risk management
  • Security design
  • Cyber security consultancy
  • Security incident management
  • Security audit services
  • Other
• Other security services: CIS Audits and assessments

Ongoing support

• Ongoing support service: No

Service scope

• Service constraints: Services outside the core hours of Monday-Friday 9am-5pm carry a multiplier detailed in the SFIA rate card.

User support

• Email or online ticketing support: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Support levels: The lead consultant on the program is your technical account manager. The service is not a traditional support service in that tickets are raised. Instead the consultants work alongside you using phone, email and workshops to provide written reports and recommendations specific to your service.

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Social Value

• Social Value:

  Social Value

  • Equal opportunity
  • Wellbeing

  Equal opportunity

  Code and Consult aims to employ and currently employs a 50% female workforce, encouraging a sector of society that have not traditionally been included in the security arena to take up the challenges facing the UK.

  Wellbeing

  Staff wellbeing is important to the company and staff are free to work from home on a flexible hours basis - providing they achieve the required 37.5 hours of work a week. Staff should not feel guilty about taking time off to do errands or look after their mental wellbeing and health and are encouraged to do so.

Pricing

• Price: £650 to £1,450 a person a day
• Discount for educational organisations: Yes

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at pt@codeandconsult.com. Tell them what format you need. It will help if you say what assistive technology you use.