QinetiQ Limited

Cyber Security Risk Assessment

Conducting cyber risk assessments to identify/analyse/prioritise information for cyber security risks and mitigations outcomes based on your asset/system criticality. Working with clients to ensure specific business risks are described and understood in business language. Identification and use of appropriate risk assessment methodologies and supporting tools for outcome driven results.

Features

• Alignment to government and NCSC policies, standards and guidance
• Alignment to international standards including ISO/IEC 27005, 27018,
• Alignment to Cloud Security Principles
• Delivered by experienced NCSC CCP cyber risk assessment specialists
• Independent product-agnostic advice
• Report documented in business language with RAG status executive summary
• Recommendations and advice to support early remediation and quick wins
• Report supported with customer presentation and follow-up meetings
• Preparation of risk balance cases and mitigations plan
• Supports effective risk management and treatment

Benefits

• Advice and guidance compliant with industry best practice
• Compliant with HMG security policy and guidance
• Compliant with ISO/IEC 27005 risk management framework
• Understanding of risk assessment process throughout the organisation
• Senior business engagement and awareness of cyber security risks
• Proportionate to business requirements providing value for money
• Access to Lead, Senior and Practitioner level CCP certified specialists
• Fully documented structured and repeatable process
• Identification of Risk assessment methodologies and tools appropriate for customer
• Knowledge transfer and training provided

£602 to £1,943 a unit a day

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ost@qinetiq.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

404739806521820

Contact

QinetiQ Opportunity Support Team
07786174902
ost@qinetiq.com

Planning

• Planning service: Yes
• How the planning service works: We work with our clients to plan services that add real value to their business, ensuring their requirements are met. This requires a wider understanding of the problem, the ability to tailor services, which ultimately focuses effort to where it is most needed.
• Planning service works with specific services: No

Training

• Training service provided: No

Setup and migration

• Setup or migration service available: No

Quality assurance and performance testing

• Quality assurance and performance testing service: No

Security testing

• Security services: Yes
• Security services type:
  • Security strategy
  • Security risk management
  • Security design
  • Cyber security consultancy
  • Security testing
  • Security incident management
  • Security audit services
  • Other
• Other security services:
  • Cloud Cyber Security Exercising
  • Cloud Supply Chain Resilience
• Certified security testers: Yes
• Security testing certifications:
  • CHECK
  • CREST
  • Cyber Scheme
  • Other
• Other security testing certifications:
  • CHECK
  • CREST
  • Cyber Scheme

Ongoing support

• Ongoing support service: No

Service scope

• Service constraints: None.

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: The Helpdesk operates between 08:00 to 18:00, Monday to Friday excluding UK public holidays (reduced service between Christmas and New Year). During these hours, email queries will typically be responded to within 4 hours, but usually within one hour.; Support emails received outside these hours will be responded to when the Helpdesk is back online as above.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AAA
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Support levels: Our Cyber Security Risk Assessment service is sold as a consultancy service so experts provide bespoke advice and support to the client. QinetiQ employs a four tier priority system for incidents, problems, changes and service requests aligned with ITIL standards.

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  QinetiQ is experienced in delivering measurable and meaningful environmental outcomes and will offer customers a detailed Social Value plan tailored for individual contracts. This will include specific, measurable commitments that will be implemented by the Project Manager, supported by our internal environmental subject matter experts. ; ; Commitments will be designed to deliver additional environmental benefits, and influence staff, customers, suppliers and communities. Contract-specific commitments agreed with the customer, will be proportionate to the scale of the contract, and could include: ; >All staff supporting G-Cloud14 projects will undertake sustainability training as part of on-boarding for the contract, this can include Carbon Awareness Training. ; >Creation and delivery of an annual bespoke sustainability workshop for G-Cloud14 customers and employees working on G-Cloud14 projects; this will be tailored to the customer’s key focus areas.; >Ongoing commitment to net zero and proactively looking for ways to deliver in a low carbon manner in line with the Science Based Targets Initiative. ; >All involved on G-Cloud14 projects will undertake a minimum of one annual volunteering day – we will signpost those working on G-Cloud14 projects to environmental not-for-profit organisations located in customer’s local area, focusing on environmental issues relevant to that location. Additionally, we will encourage them to offer their skills to assist environmentally focused not-for-profit organisations with things such as software development or website development which these organisations may otherwise struggle to access. ; >Offering slots on our sustainability lunch and learn programme to local charities and community organisations where they will be able to share key messages and invite QinetiQ staff to take part in volunteering days.; Contract specific commitments will be included as part of the project management plan and reported to the customer at agreed intervals.

  Tackling economic inequality

  QinetiQ will deliver measurable and impactful initiatives to create new businesses, new jobs and build new skills, and increase supply chain resilience and capacity. Tailored commitments will be agreed on an individual contract basis to meet the specific challenges around economic inequality in the customer’s industry and locality.; ; Commitments will be proportionate to the scale of the contract, and could include:; ; • Integration of G-Cloud14 opportunities into our early careers programme, wherever possible, involving graduates and apprentices within G-Cloud14 contracts to provide opportunities to develop skills delivering these services. ; • Delivering annual employability skills sessions for all apprentices and graduates in the Customer’s local area, or targeting a region with high levels of deprivation and relative proximity to a customer site. ; • Offering STEM outreach sessions delivered by our skilled and experienced team using their allocated volunteering days. Locations for delivery and subject theme areas can be agreed with the customer to ensure relevance to their industry and the skillsets they require. This activity helps to generate interest and develop skills to build a pipeline of future talent locally. ; • Flexible working arrangements remove barriers to employment experienced by many groups, including carers, we will offer remote working and a 9-day fortnight wherever possible. ; • Uphold our commitment to fair recruitment and employment conditions through all recruitment under the G-Cloud14 framework, this includes use of diverse recruitment agencies, partners and platforms to attract a wide range of candidates.; • Offering support such as assistance with JOSCAR registration, to the following types of organisation to facilitate their growth: Small to medium sized enterprises, Voluntary, Community and Social Enterprises, Mutuals, Entrepreneurs ; Commitments will be implemented and monitored by the Contract’s Manager with support from internal HR and Supply Chain experts. Progress will be measured and reported to Customers at agreed intervals.

  Equal opportunity

  All recruitment, management and training actions undertaken to support G-Cloud14 contracts will be performed in alignment with our organisational commitments to reduce the disability employment gap and tackle workforce inequality. This includes, but is not limited to: ; ; >Each person working on G-Cloud14 services will be paid a real living wage with annual pay reviews. Additionally, we implement the Living Wage Foundation concept of a Living Pension by offering a minimum salary threshold that ensures a real living wage, plus sufficient funds to put 7% into their pension fund without falling below the National Minimum Wage. This enables employees to choose to put this payment into their pension to take advantage of the maximum 10.5% matching contribution from QinetiQ.; >Each employee will receive a dedicated training budget of £500 annually to spend on training and development. ; >All employees have access to thousands of online training programmes through our internal platform, Success Factors, LinkedIn Learning and through partner organisations, e.g. Henley Business School.; >Mentorship opportunities from a senior role who is not linked to the employees’ team. ; >Flexible working options include hybrid working arrangements and 9-day working fortnights. This supports people to overcome barriers to work including caring responsibilities and mobility challenges. ; ; Additionally, tailored initiatives will be offered, for example:; >G-Cloud14 specific training placements can be created dependent on contract duration and suitability. ; >Delivering an annual Modern Slavery awareness day for G-Cloud14 customers and supply chain partners. This will be run by our Supply Chain Lead for Sustainable Procurement.; >Reasonable adjustments to physical working environments to support those with disabilities work on G-Cloud14 contracts.; ; Commitments will be implemented and monitored by the Contract’s Project Manager with support from internal Human Resources and Supply Chain experts. Progress will be measured and reported to Customers as part of an agreed reporting frequency.

  Wellbeing

  Physical and mental wellbeing is a key consideration in our workplace culture and this carries through to delivery of customer contracts. In addition to our strong corporate offerings to all employees, G-Cloud14 employees will receive tailored commitments that are designed on a per contract basis to meet the needs of the service and working environment. ; ; Contract-specific commitments will be agreed with the customer, will be proportionate to the scale of the contract, and could include: ; >Improving community integration through use of volunteering days to support not for profit organisations in communities local to customer sites. This could involve skills donation or project work that both benefits local communities, and the individual’s mental and physical health. ; >Uphold the mental health at work commitment through the delivery of all G-Cloud14 contracts. ; >Establishing a contract-specific Employee-led Wellbeing group to guide employees to organisation wide offerings, and to implement contract specific initiatives that meet the needs of the contract workforce.; >Bespoke G-Cloud14 guidance to support individuals and line managers which could involve specialist coaching or online training courses. ; >Ensuring access to Mental Health First Aiders; >Occupational health support for home working environments, when working onsite for a customer or on QinetiQ sites. ; >Access to our Employee Assistance Programmes which provides access to a GP services, independent counselling, financial advice and legal assistance to employees and their immediate families. This has 24/7 access via the web, phone, or face-to-face.; >Access to Yu Life App which supports wellbeing though physical activity challenges including meditation. Employees can earn reward points that can be exchanged for vouchers (e.g., from Amazon) or donated to charities (e.g., Earthly).; ; Commitments will be implemented and monitored by the Contract’s Project Manager with support from internal experts. Progress will be measured and reported to Customers at an agreed reporting frequency.

Pricing

• Price: £602 to £1,943 a unit a day
• Discount for educational organisations: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ost@qinetiq.com. Tell them what format you need. It will help if you say what assistive technology you use.