CGI

Vulnerability and Remediation Management Support

CGI's Vulnerability and Remediation Management services are instrumental in empowering organisations to fortify their cybersecurity defences. By identifying, prioritizing, and addressing security weaknesses within their Public or Private cloud hosted systems, networks, and applications, CGI helps clients proactively mitigate cyber threats and safeguard sensitive data and assets.

Features

• Conduct regular scans of IT infrastructure to identify potential vulnerabilities
• Threat intelligence feeds to understand emerging threats and vulnerabilities
• Threat prioritisation and risk assessment
• Remediation planning and guidance to address identified vulnerabilities
• Routine patch scheduling and management
• Continuous monitoring and reporting
• Compliance support for regulatory requirements and industry standards
• Incident response planning and playbooks
• Vulnerability awareness training

Benefits

• Enhanced overall security posture
• Reduced exposure to cyber risks and better data protection
• Demonstrate compliance with relevant regulations and standards
• Minimise system downtime, avoid disruptions to business operations
• Enhance customer trust, strengthen brand reputation
• Avoiding costs associated with data breaches and regulatory fines

£510 to £1,300 a unit a day

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at uk.gen.ccsframeworks@cgi.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

387852438829102

Contact

CCS Frameworks Team
08450707765
uk.gen.ccsframeworks@cgi.com

Planning

• Planning service: Yes
• How the planning service works: Our planning approach commences with an in-depth requirements gathering exercise to grasp the client's business objectives and security governance obligations fully. Subsequently, we adopt a methodical process to identify, prioritise, and rectify security vulnerabilities across the organisation's systems, networks, and applications. Collaboratively, our VAR Team liaises with clients to validate the target infrastructure, typically through asset lists and IP addresses, ensuring accurate alignment with security enhancement goals. The next step involves developing a remediation plan to address identified vulnerabilities. This plan outlines the steps, resources, and timeline required to remediate vulnerabilities effectively. Routine remediation efforts will include applying patches on a monthly or quarterly basis (depending on requirements) , implementing configuration changes, updating software versions, or deploying additional security controls.; This structured methodology ensures that our efforts are tailored to meet the specific needs of each client.
• Planning service works with specific services: Yes
• Hosting or software services the planning service works with: Vulnerability and Remediation Management

Training

• Training service provided: No

Setup and migration

• Setup or migration service available: Yes
• How the setup or migration service works: Our Vulnerability and Remediation service supports clients in transitioning to the cloud by providing the ability to scan virtual assets e.g hosted within AWS or Azure. This ensures that security posture is upheld and governance requirements are met throughout the migration process.
• Setup or migration service is for specific cloud services: Yes
• List of supported services:
  • Microsoft Azure
  • AWS
  • Google Cloud
  • Oracle Cloud

Quality assurance and performance testing

• Quality assurance and performance testing service: Yes
• How the quality assurance and performance testing works: Our VAR quality assurance activities focus on periodic verification that vulnerability assessments and remediation efforts meet the client's predefined standards and requirements. This includes validating the accuracy of vulnerability scans, assessing the effectiveness of remediation actions, and ensuring compliance with regulatory and industry standards. Our VAR Team undertake routine performance testing to evaluate the scalability, reliability, and responsiveness of our VAR security tooling solutions and associated infrastructure components. This involves assessing the performance impact of security controls on system resources, identifying potential bottlenecks or limitations, and optimising configurations to ensure optimal performance under various load conditions.

Security testing

• Security services: Yes
• Security services type:
  • Security strategy
  • Security risk management
  • Security design
  • Cyber security consultancy
  • Security testing
  • Security incident management
  • Security audit services
• Certified security testers: Yes
• Security testing certifications:
  • CHECK
  • CREST

Ongoing support

• Ongoing support service: Yes
• Types of service supported: Hosting or software provided by a third-party organisation
• How the support service works: Qualys ; Nessus Tenable; Rapid 7 ; Tanium

Service scope

• Service constraints: Not applicable

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: 30 minutes
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Yes, at an extra cost
• Web chat support availability: 24 hours, 7 days a week
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: End users can access webchat functionality via Amelia, which will be available via plugin to MS Teams. Amelia will transfer to a live agent if the issue cannot be resolved.
• Web chat accessibility testing: Web chat accessibility testing
• Support levels: Full support of CGI services are provided as standard via the CGI Service Desk. The Service Desk is 24x7x365 and is resourced with 1st/2nd line technical support engineers to support Cloud instances and a range of technologies hosted on those cloud instances. The service desk has direct escalation to 3rd line support and onward escalation to product vendors.

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Intertek Certification Limited
• ISO/IEC 27001 accreditation date: 28/03/2024
• What the ISO/IEC 27001 doesn’t cover: Nothing. Our certification covers the provision of outsourcing, project and consultancy services including development and delivery activities plus the management of people, technologies and physical security.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Social Value

• Social Value:

  Social Value

  Fighting climate change

  Fighting climate change

  As a member of the Government Digital Sustainability Alliance, CGI leads others to protect and improve the health of our planet.; CGI in the UK has committed to achieve net zero by 2026, based on Science Based Targets (SBTs), achieving an 84% reduction in emissions across our operations from our 2019 baseline. We will use our Carbon Impact Tool to identify and track contracting body contract associated emissions, building these into our net zero plans to reduce any negative environmental impacts of contracts.; We have extended our climate change commitment into our supply chain such that 50% of our suppliers, by spend, will have set their own SBTs to reduce their climate impact by 2026. This will apply to suppliers we engage to support the delivery of call-off contracts. We are supporting suppliers through quarterly net zero knowledge sharing webinars. So far 23% of our suppliers, by spend, have set SBTs.; Our environmental engagement programme 'No Planet B' influences CGI members, clients, suppliers and communities to support environmental protection and improvement. We achieve this through activities such as litter picking and our tree and hedge planting programme where, together with clients and suppliers we have planted 19,500+ UK native trees. Our members partner with clients and suppliers on tree-planting days. We will invite contracting bodies and their ecosystem partners to participate in such activities, connecting them with the environment and increasing protection and enhancement awareness.; CGI's UN-supported research programme, Sustainability Exploration Environmental Data Science (SEEDS), brings organisations, academics and experts together to collaboratively devise/deliver environmental solutions. SEEDS is accelerating efforts to address climate change by researching climate mitigation solutions and waste reduction.; We will continue our partnerships with charities and Social Enterprises, including Canal and River Trust to mobilise action on environmental protection objectives through collaborating with local communities.

Pricing

• Price: £510 to £1,300 a unit a day
• Discount for educational organisations: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at uk.gen.ccsframeworks@cgi.com. Tell them what format you need. It will help if you say what assistive technology you use.