Cantium Business Solutions

EIS (Cantium) AI Penetration Testing

EIS' (the trading arm of Cantium Business Solutions) range of cutting-edge cybersecurity solutions integrates human intelligence, artificial intelligence, and machine learning technologies to proactively identify and respond to the ever-evolving threat landscape. We offer real-time detection/ response capabilities across cloud-based services and on-premises environments, reducing risk of exploitation and compromise.

Features

• Clear intuitive visualisation of advanced threats, risks and ransomware tactics
• Intelligent data analysis and practical threat insights
• Seamless attack prevention with automated coordination and defence mechanisms

Benefits

• Identify vulnerable attack paths and mitigate risks
• Efficiently detect complex attacks
• Filter out false positives and unnecessary alerts

£0.01 a unit

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bids@eis.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

402013325719936

Contact

EIS Bids
03301650000
bids@eis.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: Advance notice will be provided for planned maintenance and software upgrades.
• System requirements: A physical/virtual graphics card is required for password cracking

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: P1 - Complete loss of service; Target Response 20 Minutes; Target Resolution 6 Hours.; P2 - Critical Support Incident, Service Affecting over 50% users down; Target Response 1 Hour; Target Resolution 10 Hours.; P3 - Urgent support incident, service affecting more than 1-50% of users; Target Response 1 Working Day; Target Resolution 3 Working Days.; P4 - Support incident, single user down; Target Response 1 Working Day; Target Resolution 4 Working Days; P5 - Non-service affecting fault; Target Response 2 Working Days; Target Resolution 5 Working Days
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: Webchat is accessible via an online client embedded in our website. Existing customer need to log into their dedicated user area and can access the webchat feature via a dedicated link. This opens a new window within their browser and instigates a live webchat with the next available operative. Messaging is text based and supports the transfer of files and information via the secure channel. A full audit of the live chat history and transcript is available to the user in their dedicated user area for future reference.
• Web chat accessibility testing: Webchat testing with assistive technology users has not been undertaken to date.
• Onsite support: No
• Support levels: We provide a standard support service delivering to the following SLA: ; P1 - Complete loss of service Target Response - 20 Minutes Target Resolution - 6 Hours ; P2 - Critical Support Incident, Service Affecting over 50% users down Target Response - 1 Hour Target Resolution - 10 Hours ; P3 - Urgent support incident, service affecting more than 1-50% of users Target Response - 1 Working Day Target Resolution - 3 Working Days ; P4 Target Response - 1 Working Day Target Resolution - 4 Days Support incident, single user down ; P5 - Non-service affecting fault Target Response - 2 Working Days Target Resolution - 5 Working Days ; Onsite support may be required with response times varying depending on location and priority level
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Cantium prioritises establishing a clear and effective onboarding strategy with every new customer. We will ensure that every migration to a new application, software, or service is performed with the least possible disruption and highest possible satisfaction. From Cantium’s Onboarding Team, you will be appointed a dedicated Onboarding Officer. The onboarding process will begin with a Project Initiation Meeting, the launchpad for your AI Penetration Testing service with Cantium. Following the initial meeting your Onboarding Officer will also set up regular project calls with you and any relevant members of the Cantium team to help keep the project on track, update stakeholders on progress and highlight any areas of concern.
• Service documentation: Yes
• Documentation formats:
  • PDF
  • Other
• Other documentation formats:
  • Word
  • Hard Copy
• End-of-contract data extraction: This is provided in an agreed format at the end of the contract through our established off boarding process. The data is usually provided in excel format (CSV) as standard although other formats may be available upon request.
• End-of-contract process: System access is revoked on the contract end date unless otherwise agreed. In line with the contract, at the written direction of the Controller, unless a copy is specifically required to be retained by the Processor for audit or compliance purposes in performance of its obligations for up to six (6) years, the Processor will delete or return Personal Data (and any copies of it) to the Controller on termination of the Contract unless the Processor is required by Law to retain the Personal Data.

Using the service

• Web browser interface: No
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: No
• User support accessibility: None or don’t know
• API: No
• Customisation available: No

Scaling

• Independence of resources: As it is not a multi-tenanted environment, and an on-premise solutions, there is no shared bandwidth.

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Pentera

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: In-house
• Protecting data at rest: Other
• Other data at rest protection approach: N/A
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Data can be exported from the system into CSV format, or fed into an ITSM.
• Data export formats:
  • CSV
  • Other
• Other data export formats: ITSM
• Data import formats: Other
• Other data import formats: N/A

Data-in-transit protection

• Data protection between buyer and supplier networks: Other
• Other protection between networks: Data is not relayed back, and is stored locally on the user's device.
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: 99.9% availability
• Approach to resilience: Available upon request.
• Outage reporting: N/A

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: Username and password, and 2FA into software interface, support tickets to be raised by known email addresses / registered user names and passwords only.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: No audit information available
• Access to supplier activity audit information: No audit information available
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: British Assessment Bureau
• ISO/IEC 27001 accreditation date: 03/04/2023
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Cantium employees undergo the required levels of vetting suitable for the role in which they undertake. All employees undergo an induction program which includes Information Governance training. All staff are also aware of the company’s data protection, information governance and GDPR policies which details all staffs responsibilities when handling information and must adhere to this at all times. E learning on Information governance and Data protection is available to all staff and is refreshed on an annual basis. Sub Contractor services are procured using procurement rules and require that sub-contractors adhere to at least the same standards of system and data management as Cantium requires of itself.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: We have downtime internally to make changes, communicated with colleagues and partners, but this does not impact the software which is wholly owned and run by our customers.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Updates are deployed to the software, available for download from the GUI, on a 4-5 weeks basis, but this does not impact the software which is wholly owned and run by our customers.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Annual penetration testing is conducted by an accredited third party. The system undergoes regular IT Health checks (including assessment of potential attacks from SQL Injection from any device). The system is managed and maintained by both Cantium internal systems development teams and supported by our external service host UKFAST Ltd . Cantium monitors the performance of its service in conjunction with data provided by our hosting company and decides on an ad-hoc basis if and when patches/updates are required to the system.
• Incident management type: Supplier-defined controls
• Incident management approach: Incidents are reported within guideline SLAs which are pre-defined.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Cantium is an ISO 14001 accredited, cloud-first technology provider. We have set a net zero target of being carbon neutral by 2030 within our Carbon Reduction Policy, in line with our corporate strategy.; ; We strive to purchase goods/services that have a minimal impact upon the environment. Factors taken into consideration include sustainability of resource production, transportation, full life energy/raw material consumption, waste production and recycling percentage. Our buildings have also been upgraded to reduce energy and water use, with LED lighting, motion sensors, draught proofing, heating controls, insulation, smart meters and controls. One of our sites was recently part of a project to install an additional 1,300 solar panels on 5 of their buildings, these panels now generate the equivalent of 423 kilowatt at peak. ; ; To improve sustainability and energy efficiency, we continually review the most up to date ways of working. This includes considering environmental impact and sustainability as part of solution design. We aim to repurpose hardware rather than buy new. Energy efficiency is a key selection criterion for any devices, working with suppliers committed to reducing carbon and ecological footprint. We have extended our kit lifecycle from 5 to 7 years or, where possible, extended support agreements to reduce replacement of items for WEEE. As part of our relationship with our partner SWEEEP Kuusakoski, we have recycled over 1,000 pieces of unusable IT hardware which would otherwise have been destined for landfill. Instead of redundant ICT equipment being condemned to landfill, we actively participate in reissuing equipment to local communities and schools (subject to applicable security requirements). This not only serves as an environmental benefit but a societal one too. ; ; We take a virtual first approach to business interactions wherever possible, encouraging employees to engage through online platforms in the first instance, to reduce unnecessary business travel.

  Covid-19 recovery

  We are committed to helping the communities we serve recover from the impacts of the COVID-19 pandemic. Our CSR Policy sets out our future strategic vision; ‘increasing opportunities, improving outcomes’, including, investing more time in volunteering within our local communities to engage with groups at a local level, expanding mentoring programmes and outreach work within the community.; ; Cantium currently pledge our support through:; • Encouraging our staff to play an active role in their communities, supporting and recognising the value of employee volunteering through one paid day’s leave every year for each employee to volunteer with a project of their choice.; • Selecting and promoting a ‘charity of the year’.; • Partnering with the Payroll Giving Scheme to allow employees to make donations to local or national charities directly from their gross pay.; • Organising two annual charity days to support i) national and ii) local charities, such as football tournaments, fun runs or bake sales. ; • Inviting staff to nominate charities of personal significance to them for review by a Cantium panel with a commitment to match the amount staff raise up to an agreed amount. ; • Our support for local charities and not-for-profit organisations also extends to sponsorship of events and equipment.; ; To promote local investment and growth, we also procure locally wherever possible, sourcing from SMEs (small to medium-sized enterprises) whenever feasible.; ; We appreciate the challenging economic times we are all still facing and ensure our employees are fully supported through financial advice, guidance and support to enable them to create a suitable work/ life balance. Our counselling service, Support Line, offers confidential advice to all Cantium staff on topics such as: stress at work, loss or bereavement, depression or anxiety, substance issues and worries concerning money or debt.

  Tackling economic inequality

  As a technology supplier in a constantly evolving digital world, we understand the importance of supporting society to improve digital skills shortages and tackle economic inequality.; ; Cantium is a socially inclusive business and we place great emphasis on equal economic opportunities for all, which is why we participate in apprenticeship schemes such as the DWP Kickstart Scheme, designed to create high-quality 6-month apprenticeship placements across the country for young people aged 16-24 on Universal Credit. As part of each placement, apprentices are provided with hands-on experience with a dedicated mentor to guide and support them through their learning and development. Our primary goal is to encourage skills development, with a view to offering permanent positions within the business to successful placements.; ; During the last iteration of the Kickstart scheme, 9 candidates were interviewed, resulting in 3 Kickstart placements. We are delighted that following these 3 placements, they have now taken permanent positions of employment with Cantium. ; ; To support further within the communities we serve, we have partnered with schools to deliver workshop sessions as part of a Digital Inclusion project within Kent and are open to extending further projects to customers through this framework. We also actively engage with higher education providers to offer placements and employment opportunities to graduate leavers.

  Equal opportunity

  As an ethical organisation, we promote inclusion, equality and diversity across every area of our business. Every new employee joining the company must complete mandatory diversity training, which is regularly refreshed every 2 years to ensure continued awareness.; ; Our staff are our greatest asset. Therefore, we take care to ensure we are recruiting and maintaining the best candidates, regardless of race, gender or disability.; ; Our detailed Inclusion and Diversity Policy sets out our standards which all employees must uphold. The principles of this policy are embedded in our People Strategy and all policies and procedures are regularly monitored and reviewed.; ; To accommodate the needs of our employees and tackle inequality in the workforce, flexible working is an embedded culture within our organisation. This ensures business needs are met and encourages more diversity in the workplace with our ethos that ‘work is not a place’.; ; We have affirmed our commitment to be disability aware throughout our organisation by becoming a Level 1 Disability Confident Committed Employer and working towards the Level 2 status which highlights how our processes, from recruitment through to ongoing support in the workplace, engage and embrace people with disabilities to help them reach their full potential. We have also pledged our support through the Armed Forces Covenant, which seeks to support ex-military personnel through access to training and work placements.

  Wellbeing

  Improving wellbeing, both internally for our employees and externally, through community engagement, is a core focus for Cantium. In a digitally-driven world, it is vital that we ensure people are supported, both from a physical and mental health perspective.; ; Promoting wellbeing to our customers and within the community starts with first ensuring our employees are supported and cared for. Our company culture is to nurture and support each other, creating an inclusive environment where each team member’s wellbeing is important. These values are embedded into our Wellbeing Policy and Wellbeing Action Plan, which are monitored and updated on a regular basis. To promote and uphold the vision within the policy, we have a network of nominated Wellbeing Champions and Mental Health First Aiders across every area of our business, committed to supporting other staff members and advocating wellbeing for all. Through our corporate intranet, Candoo, our employees have an extensive range of supportive tools and advisors within the wellbeing hub, home to information and ideas to engage, empower and enable staff to prioritise their wellbeing, to take care of themselves and encourage others to do the same.; ; For any staff seeking advise but wishing to remain anonymous, we have a dedicated employee assistance programme and support line to listen and provide guidance for those in need.; ; To ensure regular engagement, we run wellbeing campaigns throughout the year and arrange bi-annual staff surveys to monitor employee contentment. We also have a dedicated Mental Health Awareness week, where workshops and webinars are run across the week and employees are encouraged to take time to reflect on their own wellbeing.

Pricing

• Price: £0.01 a unit
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bids@eis.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.