Barrier Networks

Barrier Networks Prevalent Third-Party Risk Management (TPRM)

Prevalent's Vendor Risk Assessment Service is dedicated to freeing
organisations of the burdens surrounding third-party risk management. We can
handle everything; onboarding vendors and conducting assessments to
identifying risks and tracking remediation. This drives TPRM efficiencies and
supplies the intelligence and reports to focus on vendor strategy and risk
reduction.

Features

• Automate onboarding and management of third parties throughout their lifecycle
• Issue standardised or custom assessments from a library of templates
• Manage and analyse responses, recommending remediations to reduce risk
• Report against multiple security best practices frameworks and compliance regimes
• Report against multiple security best practices frameworks and compliance regimes

Benefits

• Focus teams on risk reduction, not on vendor evidence collection
• Leverage domain expertise from dedicated third-party risk management experts
• Gain comprehensive visibility into risk remediation efforts
• Achieve compliance reporting objectives faster and with fewer resources
• Realise a faster time-to-value from your risk reduction initiatives

£3,625 a unit a year

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@barriernetworks.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

381692965659663

Contact

Iain Slater
0141 356 0101
info@barriernetworks.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: None
• System requirements: None

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Automated response within 1hr and human response within 1; business day.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: Via our Jira ticketing system.
• Web chat accessibility testing: N/A
• Onsite support: Yes, at extra cost
• Support levels: We provide a CSM/Technical Account Manager included in the; subscription cost. Support levels are based on contract but P1; issues have a target remediation of 1 hour.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Prevalent have a 10 step onboarding process provided; through Professional Services. Additionally, online; training material is available free of charge.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Customers can leverage the API or download to CSV; functionality within the platform.
• End-of-contract process: Guidance is provided on how to export custom data and; a certificate of destruction is provided within 30 days of; license termination.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: None
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: Prevalent use a Restful API which is open to all; customers. It contains 65 endpoints which map to all; key attributes of the platform.
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Everything that Prevalent can modify and customise; on the platform is also available to customers.

Scaling

• Independence of resources: Prevalent leverage AWS Elastic capabilities,; therefore, capacity scales on-demand.

Analytics

• Service usage metrics: Yes
• Metrics types: License utilisation and key metrics on data; contained in the platform.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller (no extras)
• Organisation whose services are being resold: Prevalent

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Customers can export using CSV functionality; in the platform or alternatively leverage the; API.
• Data export formats:
  • CSV
  • Other
• Other data export formats: Via API
• Data import formats:
  • CSV
  • Other
• Other data import formats: Via API

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: 99.98% availability
• Approach to resilience: Prevalent leverage AWS and their suite of; standards and security/resilience controls.
• Outage reporting: Public Dashboard and E-Mail Alerts.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: IP Whitelisting and 2FA
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: SCA

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: SCA
• Information security policies and processes: ISO27001

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Prevalent have a formal change control policy and patch; management policy. Security is considered for any new; systems or major environment changes. A CISO and DPO have; been defined in the business.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Prevalent leverage Nessus to conduct regular scans of the; business infrastructure. This is support by, at least annual,; penetration testing.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Prevalent leverage a WAF and IPS provided by AWS. A formal; incident management process is leveraged and tested at least; annually.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: We have formal processes for multiple event types. All; business users are trained and have a mechanism for reporting; any perceived events. Incident reports are provided within 72; hours to all impacted parties.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Equal opportunity
  • Wellbeing

  Equal opportunity

  • To create an environment in which individual differences and the contributions of all our staff are recognised and valued.; • Every employee is entitled to a working environment that promotes dignity and respect to all. No form of intimidation, bullying or harassment will be tolerated.; • Training, development and progression opportunities are available to all staff.; • To promote equality in the workplace which we believe is good management practice and makes sound business sense.; • We will review all our employment practices and procedures to ensure fairness.; • Breaches of our Equality Policy will be regarded as misconduct and could lead to disciplinary proceedings.; • This policy is fully supported by Senior Management.; • The policy will be monitored and reviewed regularly.

  Wellbeing

  • We promote an open, supportive company culture where employees look out for one another and feel comfortable discussing any difficulties. Mental health is valued equally to physical health.; • Employees have access to confidential counselling, therapy, and other mental health resources through our employee assistance program.; • We encourage taking time off when needed for mental health days in addition to sick days. Employees are trusted to manage their time off responsibly.; • Training is provided to managers on recognizing signs of burnout, ; work overload, and other mental health concerns. Managers work to ; proactively address issues and reduce employee stress.; • Employee workloads and schedules are designed to be reasonable ; and sustainable. ; • Wellness initiatives like meditation breaks, stress management ; workshops, mindfulness programs, and social events are offered ; throughout the year.

Pricing

• Price: £3,625 a unit a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Limited time, proof of concept; (fully functional).

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@barriernetworks.com. Tell them what format you need. It will help if you say what assistive technology you use.