Thales UK Ltd

Cloud Cyber Security Management

Thales provide Cloud Cyber Security Management, Consultancy, design and support services for Cloud, Edge and hybrid solutions (SaaS, PaaS and IaaS). We support architecture and process development following a Secure By Design (SbD) approach and following the customers preferred methodology, Agile DevOps, SecOps etc.

Features

• Business process analysis and Threat Modelling
• Security Design and Architecture
• Policy and Process Design
• Technical Controls Implementation
• Solution Verification and Validation
• Security Maturity
• NCSC Certified Consultancy for Risk Management
• Penetration Testing Design and Vulnerability Assessment
• Key management design & operation
• Aligned with Secure By Design

Benefits

• Access to large pool of cyber-security engineers and architects
• Reduce risks of migrating to a cloud environment
• Reduce risks of future cyber-security attacks
• Integration with Thales’ SOC for security in strength and depth
• Integration with Thales Threat Detection Services for current threat intelligence
• Retain control of data security with 3rd party cloud provider
• Retain control of access rights with 3rd party cloud provider
• Follows a Secure by Design approach

£650 a unit a day

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at fcmo@uk.thalesgroup.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

400151617852951

Contact

Phaedra Warnes
07974 011385
fcmo@uk.thalesgroup.com

Planning

• Planning service: Yes
• How the planning service works: The service is split into a series of phases, complementing the design, implementation, integration, and operation of the functional aspects of the solution. These phases are developed through close collaboration with the customer to ensure a solution which is fully aligned with their needs. ; The first stage, business process and threat modelling, allows Thales consultants to understand the security requirements of the system and the potential threats and risks that it would be exposed to in operation. ; The second phase, security design and architecture, is where the policies, processes and technical aspects of the security solution are designed with input from the business and cloud service vendor. ; Thirdly these components are integrated into the business and technical designs as the solution is built. ; The fourth phase allows for verification and validation of the security architecture to ensure that it operates in line with business requirements and satisfies the security policies and accreditation needs. ; The final phase ensures that the whole project is in a position to mature and improve over time under the control of the client.
• Planning service works with specific services: No

Training

• Training service provided: No

Setup and migration

• Setup or migration service available: Yes
• How the setup or migration service works: The service supports organisations that are either moving from an in-house (or third-party) solution into the cloud, or from an alternative incumbent cloud provider. ; The service provides cyber-security support. The service performs business analysis on the existing solution to understand what the security requirements and implications of the migration will be, prior to delivering a complete policy, procedure and architectural design. These components are integrated into the business and technical designs as the solution is built. ; Our defined setup and migration phases allows for verification and validation of the security architecture to ensure that it operates in line with business requirements and satisfies the security policies and accreditation needs. ; Our process ensures that the whole project is in a position to mature and improve over time under the control of the client.
• Setup or migration service is for specific cloud services: No

Quality assurance and performance testing

• Quality assurance and performance testing service: Yes
• How the quality assurance and performance testing works: Prior to any go-live of the solution the system, its procedures and technical controls will be validated. Technical controls may be assessed using standardised technical tests such as penetration testing and vulnerability assessment, with bespoke tests conducted for the application components of the solution. The threat models identified in the first service phase would be utilised to ensure that the highest risk threats are given priority, and that the security solution matches the organisation’s risk appetite.; Procedures may be verified by execution and refinement – does the procedure make sense, and can it be conducted by the appropriately trained staff? Where necessary procedures may be updated to incorporate changes and to ensure that they are fit for purpose.; At a higher level the security policies that have been defined may be tested using a combination of desktop scenario exercises as well as technical assessments.; Where a cloud solution is intended to replace an existing system, a parallel run programme could be initiated to ensure that the new cloud system was producing the same results as the incumbent platform, thereby reducing the risk of a costly failure when switching environments.

Security testing

• Security services: Yes
• Security services type:
  • Security strategy
  • Security risk management
  • Security design
  • Cyber security consultancy
  • Security incident management
  • Security audit services

Ongoing support

• Ongoing support service: No

Service scope

• Service constraints: None

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: E-mail and call support from our consultants is available during normal working hours. Consultants endeavour to respond as soon as they are able. If consultants are non-contactable, an out-of-office e-mail auto-response typically provides alternate means of contact for urgent support.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Support levels: Consultants are available via phone, e-mail or face-to-face meetings when required. Typically, the contract of work shall specify the required frequency of meetings, and further arrangements can be made as appropriate. Consultants work closely with our customers to ensure that customers have the support they require throughout the project; the basis of the support will depend on the specific needs of the project and customer.

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: LRQA
• ISO/IEC 27001 accreditation date: 22 November 2023
• What the ISO/IEC 27001 doesn’t cover: The Thales UK Secure Connectivity Services (SCS) Information Security Management System (ISMS) incorporates the people,; processes and technologies supporting a portfolio of network services.; The services include the Thales SCS; PSN Connectivity for DNSP and PSNSP services, PSN Gateways services, Secure & PSN; Remote Access Services, PSN IPED, Secure Connectivity Services, Cybels Authenticate, Cybels Vigilance, NOC Services and; secure hosting. In accordance with SOA ver 7.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • PSNSP certifications up to OFFICIAL SENSITIVE
  • Police Enhanced Regime
  • ISO20000 Accreditation

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Wellbeing

  Fighting climate change

  Thales UK has a clear focus on fighting climate change. Thales has set itself a target of becoming a Carbon Net Zero company by 2030, powered by cleaner energy used more efficiently at our sites and for our business, with renewable energy supplies. ; ; There are several strategies that Thales and our Cyber offerings implement to fight climate change, including:; ; 1) Sustainable future. Thales has put fighting climate change at the centre of its strategy, highlighted by the fact that tackling climate change is one of the 4 Thales strategic pillars. Thales Cyber security and consultancy offerings have enabled companies to develop secure and sustainable products, prevent product recalls, learn digital lessons and reduce rework that go towards meeting their strategic sustainability objectives and tackle climate change.; ; 2) Travel reduction. Thales has introduced a Smart Working model to reduce the travelling required by the workforce. One pillar of this is arranging virtual meetings with Customers, Stakeholders and interested parties. Thales has also deployed numerous tools to enable Thales UK to effectively operate via remote / smart working. It is expected that meetings under G-Cloud could implement this methodology to offer the same benefits to the customer. Our Cyber Security Consultants, including those specialising in Cyber Security Management have championed this approach for several years, reducing the need for Thales and customers to travel to physical meetings.; ; 3) Carbon reduction. Thales strives to implement carbon reduction, through a series of targets to reduce carbon emissions annually. Smart working, championed by our Cyber Security Consultants and offerings has been a key enabler of this strategy. Additionally, services enabling secure collaboration mean that businesses do not need to procure additional new hardware, thereby having a positive environmental impact.

  Wellbeing

  Thales considers the health and wellbeing of our people to be fundamental to our success as a business. We have a well-established health and wellbeing (H&W) support provision, which has enabled us to rapidly provide critical support to our employees where and when it is needed most. ; In 2017, Thales signed the Time to Change pledge, publically stating our commitment to changing the way we think and talk about mental health in the workplace. We have trained 200+ of our people in Mental Health First Aid, a network of supporters who can recognise the early signs of mental ill health, listen whilst assessing for crisis, and provide information. ; Help @ Hand; Thales provides every employee & their families access to an Employee Assistance Programme - A 24/7 helpline for in the moment emotional and practical support, or signposting onward resources, such as healthcare or local assistance. ; In 2021 Thales developed a ways of working model to support and equip teams, individuals & people managers with resources and frameworks to promote our hybrid ways of working following the pandemic, the framework will promote a culture of wellbeing and psychological safety for teams to work effectively within the new working culture.; Sustained & continued support; Thales also has a dedicated Employee Relations team to provide specific and tailored interventions. Thales will work alongside Occupational Health, H&W providers and rehab services to establish adjustments and tailored programmes to enable employees to return to work in the manner that is safest for them.; Thales will track and monitor working patterns to ensure that all hours worked are booked in the ERP Systems to actively monitor loading on individuals so that individuals maintain a healthy work/life balance. Any significant deviations from the norm will be raised in sprint planning reviews to inform resource balancing actions.

Pricing

• Price: £650 a unit a day
• Discount for educational organisations: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at fcmo@uk.thalesgroup.com. Tell them what format you need. It will help if you say what assistive technology you use.