MASS Consultants Ltd

Business Processes and Consultancy

Within MASS are teams that are committed to research and innovation, product management, communications and marketing, and digital services. These teams successfully help find buyer problems and needs by following a design-thinking (‘discover, define, develop and deliver’) process, and ideate and solve by exploring data (secondary and primary).

Features

• Dedicated Research and Innovation team
• Structured and methodical customer requirements capture processes
• Fluency with data handling
• Project managers qualified in the latest agile delivery mechanism techniques
• Highly communicative approach to the delivery of our services/products
• Access to specialist skills throughout the company
• Work across all security clearances

Benefits

• Structured and methodical customer requirements capture processes
• R&I team to fulfil bespoke requirements
• Experts as designing, implementing and executing research at all levels
• Specialist skills ensures solutions to range of problem areas
• Scalable solutions to solve all customer requirements
• Communicative approach puts customer requirements first

£0 a unit

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at frameworks@mass.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

404506428088959

Contact

Frameworks
01480 222600
frameworks@mass.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
• Service constraints: Our business processes and consultancy services are not vendor specific, therefore there are no service constraints.
• System requirements: No service requirements/dependent on the contract

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: We ensure adherence to any pre-agreed Service Level Agreements (SLAs) and will respond to requests based on the priority and nature of the requests. Basic requests for information will be responded to within one business day. In order to respond to situations outside our teams’ working hours, we also utilise on-call teams.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: MASS provides a service desk with 1st, 2nd and 3rd line support for IT services, with additional specialist support for infrastructure, other technologies, and cloud services. Depending upon the support package requested, we provided such services at different levels of cost.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: MASS has extensive experience providing onsite training, instructor-led online training, and user documentation to ensure users are able to access and make best use of our services. We can provide a bespoke mixture of the above to suit individual needs.
• Service documentation: Yes
• Documentation formats:
  • PDF
  • Other
• Other documentation formats:
  • Microsoft Office formats (including Word and PowerPoint)
  • Other formats - dependent on buyer's requirements
• End-of-contract data extraction: MASS often works within our clients' infrastructure where users do not have to extract data when the contract ends. If we have set up such environments, we will ensure a suitable handover process at the end of the contract, this would be outlined within an Exit Management Plan.
• End-of-contract process: At the end of the contract, we will discuss with the buyer whether they would like to extend or end the contract. If the buyer would prefer to end the contract, then we will establish an exit agreement where we will agree elements such as: returning devices and passes, removing access to data, disposal of material. If the buyer would like to extend the contract, we will discuss and agree a new contract. ; ; Within our price we have included a day rate for MASS personnel. Anything that is required in addition to this will be discussed on a case-by-case basis dependent on the requirement of the contract.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Our clients are provided with access to an online portal to our service desk. MASS' web interface is used to provide support services to users. Users can access the MASS service portal to request support, raising tickets for incidents and change, as well as Continual Service Improvement (CSI). They can also view open tickets, providing clients with visibility and continued communication with the support team.
• Accessibility standards: None or don’t know
• Description of accessibility: Our service interface follows accessibility guidelines, for example, providing alt text and screen readers. If a specific requirement is needed by a buyer we can assess the need and may be able to adapt. We aim to follow the guidelines set by the WCAG and will always aim to achieve the AA/AAA standard.
• Accessibility testing: MASS has not completed interface testing with users of assistive technology. However, this can be completed if it suits the buyer's requirements.
• API: No
• Customisation available: Yes
• Description of customisation: MASS endeavour to work closely with the customer to understand their requirements and how we can work together to ensure the buyers needs are met.

Scaling

• Independence of resources: MASS' system is designed to perform for a significant amount of concurrent buyers. Each contract is assigned it's own Project Manager, and they will manage the resource(s), risk(s), deliverable(s), and dependencies, ensuring that each individual buyer is not affected by the demand from other users. Each buyer will have a POC to escalate any issues. As part of our service management approach, we conduct regular capacity testing to ensure that our service does not slow or become hindered via increased usage. We can also manage separate networks for buyers, if required, to make it separate from other users.

Analytics

• Service usage metrics: Yes
• Metrics types: Reports can be customised, including but not limited to: usage, trends, ticket per user or category, and breaches. We will agree the metrics with clients at the outset of the contract.
• Reporting types: Regular reports

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: Never
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: MASS will provide data in formats agreed with the buyer at the beginning of the contract.
• Data export formats:
  • CSV
  • Other
• Other data export formats: Agreed with the buyer at the beginning of the contract
• Data import formats:
  • CSV
  • Other
• Other data import formats: Agreed with the buyer at the beginning of the contract

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Other
• Other protection between networks: MASS utilises enforced TLS 1.2 or higher where possible protocols for data in transit. Our Information Security policies, processes and instructions are followed by all MASS staff, in support of our adherence to our ISO 27001 standard and Cyber Essentials Plus certification. It ensures that all information is used appropriately, data integrity is perpetuated, and systems, information and technologies have the appropriate number of controls and correspond to the context of the organisation. We also apply our Data Protection Policy, which conforms to the Data Protection Act 2018. We will follow any specific security requirements required for the contract.
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: Our Information Security policies, processes and instructions are followed by all MASS staff, in support of our adherence to our ISO 27001 standard and Cyber Essentials Plus certification. It ensures that all information is used appropriately, data integrity is perpetuated, and systems, information and technologies have the appropriate number of controls and correspond to the context of the organisation. We also apply our Data Protection Policy, which conforms to the Data Protection Act 2018. We make use of intelligence monitoring systems such as DarkTrace.

Availability and resilience

• Guaranteed availability: To ensure a full understanding of their requirements, based on their current infrastructure, MASS will engage in early discussions with the buyer prior to Contract Award. SLAs, including those related to availability, will be dependent on the client's requirements and the budget available.
• Approach to resilience: MASS systems are designed to eliminate single points of failure, wherever possible, across servers, firewalls, internet connectivity, routing and file storage (not definitive). Further information is available upon request.
• Outage reporting: MASS utiilises email alerts to inform clients of any planned outages as soon as a scheduled date is confirmed, and according to any agreed upon notice requirements. Once acknowledged and accepted by the client, we display notice of the upcoming outage on our service desk tool, accessible to all users. The outage email details several details about the planned outage, including (but not limited to) the locations affected, the service(s) affected, the start and end times, the date of the outage, and the estimated downtime.; ; For unplanned outages, MASS adheres to protocol, agreed upon with individual clients, to notify all users of the outage and when service has been restored.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: MASS personnel operate multiple networks within our business domains ensuring separation and safeguarding of physical and electronic data and restrict access to only those who require access, in addition; our facilities are secured with PAC access control systems to restrict and audit movements of employees.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: British Standards Institute (BSi)
• ISO/IEC 27001 accreditation date: March 2024
• What the ISO/IEC 27001 doesn’t cover: No exceptions listed
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • IASME Cyber Assurance Level 1
  • ISO 27001:2022 Full Scope SoA
  • IASME Cyber Assure Gold
  • Joint Services Publication 440
  • Gov S007
  • Variety of other international standards

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: ISO 27001:2022 Full Scope SoA,; IASME Cyber Essentials Plus,; IASME Cyber Assure Gold,; Joint Services Publication 440,; Gov S007 and a variety of other international standards.
• Information security policies and processes: The MASS Information Security Management System has been developed in accordance with the HMG Security Policy Framework, MOD JSP440, HMG IS1 & IS2, MOD DCPP CSM, ISO 27001/2:2013, GDPR, PECR, Cyber Essentials (PLUS) Scheme, CIS Top 20 Critical Security Controls, NIST SP800-171 (i.a.w.SP800-53), ISO31000 (Risk), NCSC Guidance, NIS Framework, Cloud Security Alliance Cloud Controls Matrix (CSA CCM v 3.0.1), and PCIDSS 3.2 (s9.5). Statement of Applicability v3. Our Security organisation is led by our Chief Information Officer and supported by our Company Security Controller, both of whom form part of a Security Working Group. We ensure policies are followed through annual compulsory training for all employees, auditing, and unannounced spot checks.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Changes are submitted in accordance with a defined process, regardless of their origin (Client / Service Delivery Organisation / Supplier). They are allocated a category; standard change (pre-approved low risk, low impact), normal change (non-urgent changes that pose an intermediary risk) and emergency change (high risk, high impact). For normal and emergency changes, we follow a robust change management and approval process. A decision is made based upon a change's implementation and urgency. The Change Manager ensures all changes required are authorised, monitored, and implemented in a controlled manner.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: We use Tenable.io vulnerability management software to continually scan systems and identify necessary patches, and their severity. ; ; We categorise patches into critical and non-critical, based on risk, and establish schedules for the deployment of patches in accordance with the operational requirements of our clients’ systems. We can implement critical patches within 24 hours.; ; We provide patch management for the MOD, on highly classified systems, maintaining stability and 99.9% uptime. We can provide an early sight of vulnerabilities, ensuring reduced instances of zero-day, emergency patches, updates, fixes, mitigating security risks.; ; All patches are classified in line with ITIL Change Management.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Compromises are identified through regular daily checks of the systems, information from colleagues, and audits. ; ; In the event of a Security Incident, the details should be reported immediately to the MASS Company Security Controller using the our Security SharePoint Site page and/or by phone without undue delay. MASS comply with our legal obligations to report any data breaches within the correct timescales. MASS will inform all affected buyers at the earliest opportunity.
• Incident management type: Supplier-defined controls
• Incident management approach: Users report incidents through the service desk. ; ; Following any incident or problem, we produce a ‘Root Cause Analysis Report’ with:; • A description of incidents or service failures.; • Analysis undertaken to identify the root causes, together with our findings.; • The benefits, risks and costs of possible resolutions to prevent the incident or service failure reoccurring and the impact if they reoccurred.; • A recommendation on which resolution(s) should be implemented.; ; We bring reports to weekly meetings and, subject to buyer approval, implement recommendations under change management procedures. Successful implementation results in a Problem Resolution Report for future reference.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  MASS is dedicated to fighting climate change and ensuring that we reduce our carbon footprint. We have implemented a Carbon Reduction Plan, in accordance with PPN 06/21, that is reviewed annually to ensure that we are meeting our targets and continually improving. We are committed to achieving Net Zero emissions by 2050. ; ; MASS has introduced a variety of policies to reduce our carbon footprint and fight climate change, including:; • Introducing an electric car leasing scheme for employees; • Implementing car charging stations at MASS-owned sites which use green energy; • Ensured all MASS owned sites use green energy to power the building; • Continuing our roll out of electric pool cars; • Provided technology to enable employees to work from home; • Encouraged video calls rather than travelling to meetings; • Planted 357 trees to offset our carbon emissions, making us a carbon-neutral organisation; • Introduced hybrid working so the majority of employees have the option to work from home two days a week; • Created a social value group to drive forward social value initiatives; • Switching all office lighting to low-energy LEDs; • Installing PIR sensors in every room for automatic switch-off.; ; MASS aligns to the standards set by ISO 50001 and strive for all our sites to either be compliant or working towards being compliant. Where we are not currently ISO 50001 compliant, we undertake Energy Savings Opportunity Scheme (ESOS) assessments to understand what opportunities we have to operate more efficiently. These standards provide a holistic approach to resource efficiency and waste reduction.

  Covid-19 recovery

  The Covid-19 pandemic allowed MASS to implement business continuity processes to ensure we have the ability to deal with changing circumstances, including embracing the benefits of remote and flexible working. This has resulted in a hybrid home-working culture to support our staff and environmental goals post-pandemic.

  Tackling economic inequality

  MASS is committed to tackling economic inequality by developing an inclusive, diverse culture, welcoming people from all backgrounds and encouraging them to be their best selves and contribute their unique insights, helping us to drive innovation, enhance employee engagement and accelerate our performance.; ; To ensure MASS understand the effects of economic inequality and tackle it appropriately within the business we have implemented processes, including:; • Becoming a part of the deprived areas UK Levelling Up agenda, a mission to challenge and change unfairness of opportunity; • Offering apprenticeships, graduate programmes and Science, Technology and Mathematics (STEM) outreach programmes.; • Ensuring personal development plans are in place for all new and existing personnel; • Ensuring MASS’ pay approach is representative of external market value, through an annual market value assessment; • Committing to providing a fair, equitable and competitive reward package aligned to the external market; • Helping to raise awareness within the business of the role that everyone can play into creating an inclusive environment through training and engagement; • Providing inclusive recruitment training and workshops; • Encouraging regular communication with employees through and listening forums run by managers and the People team.

  Equal opportunity

  MASS are dedicated to ensuring equal opportunities within the workplace, MASS has implemented policies and processes to ensure that this remains at the forefront of our business, including:; • As part of the induction process all staff must:; o commit to our company policies (including our Equality & Diversity and Environmental Policy); o Undertake training on Equal Opportunities; o Be provided points of contact within MASS; o Be shown repositories of information to ensure that there is always a set of guidance available to ensure staff are aware of their responsibilities.; • Guidelines accessible to the People team writing job vacancies to ensure they are advertised to all backgrounds and educational and professional levels; • Regular company wide communications to raise awareness of updated policies, training and related practices; • All managers are provided with guidance on managing behaviours and performance; • Reward employees that demonstrate positive behaviours through our Applause Awards (nominated by colleagues; • All employees included within the training, policies and recognition schemes; • Members of the Bloomberg Gender Equality Index to measure and benchmark our performance; • Partnered with other defence and security organisation to achieve change through initiatives including the Woman in Defence charter and WeAreTechWomen; • Work with charities including SSAFA (include definition) to understand barriers to employment; • Employees are encouraged to develop and enhance their skills and maintain certifications including, LinkedIn Learning courses (recognised technical courses and personal development courses); • MASS’ Apprenticeship Programme encourages individuals from deprived backgrounds to access employment and provides opportunities for formal qualifications up to degree level, along with a structured training programme; • MASS are signatories for the Armed Forces Covenant and Tech Talent Charter; • MASS are part of the 5% Club.

  Wellbeing

  MASS take the mental and physical wellbeing of our employees seriously. To ensure that this remains a priority we have implemented a Mental Health and Wellbeing Programme that incorporates:; • A corporate policy committing the company to advancing health, safety and wellbeing; • Comprehensive risk assessments and safe systems of work, including high-demand environments; • Training and guidance; • Employee engagement, particularly regarding workloads and levels of work-related stress; • Monitoring, measuring and reporting up to Executive level; • Learning lessons to continuously improve.; ; We use a range of sources to identify health and wellbeing issues our staff may face. These are:; • Partnering with a professional HR provider, Croner, who provide health and wellbeing advice; • Feedback from staff through Line Managers’ 1:1 check ins, appraisals, staff engagement surveys, and open employee forums.; • Partnering with an Employee Assistance Programme provider, Care First, to understand the range of issues our staff may face and provide webinars to support staff; • Employee Safety Programme; • Mental Health First Aiders; • Anonymous staff suggestions.; ; To support health and wellbeing we: ; • Provide private medical insurance, including a mental health and wellbeing mobile application ; • Raise awareness of mental health throughout the year using team briefings and bulletins ; • Maintain a dedicated mental wellbeing page on our intranet ; • Participate in Mental Health Awareness Month ; • Maintain a regular Employee Forum, at which staff can raise concerns or suggestions for improvement ; • Employ a Health and Safety Manager (qualified to IOSH) with responsibility for wellbeing

Pricing

• Price: £0 a unit
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at frameworks@mass.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.