Intec Systems Ltd

HCL AppScan on Cloud

HCL AppScan is a dynamic application security testing solution designed for security experts and pen testers to use when performing security tests on web applications and web API. It runs automated scans that explore and test web applications based on one of the most powerful scanning engines available.

Features

• Application Security Testing
• Fast, accurate and agile.
• Static Application Security Testing (SAST)
• Dynamic Application Security Testing (DAST)
• Interactive Application Security Testing (IAST)
• Software Composition Analysis (SCA)
• Open Source Analysys (OCA)
• Multi platform, including mobile devices
• Highly secure, resilient and scalable
• Open Standards

Benefits

• Reduce malware and ransomware attacks
• Automated management to provide cost savings
• Automated deployment
• Industry-standard Open SSL encryption, secure data at rest and motion

£257.80 a licence a year

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at slaurie@intec.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

419436397777258

Contact

Steven Laurie
07841493822
slaurie@intec.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Hybrid cloud
• Service constraints: None
• System requirements:
  • Windows or Mac based
  • Suitable web browser

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: During business hours:; Severity 1 = 1 hour; Severity 2 = 2 hours; Severity 3 = 1 working day; Severity 4 = 2 working days
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Depending on the nature of the support query, Intec can provide first line support and work with the client to agree appropriate course of action.; For more detailed software support, clients can submit requests directly with the vendor (HCL).
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Training sessions provided to the Admin/super user.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Clients can extract data at any time.
• End-of-contract process: The service is switched off completely, so as to avoid any misuse. Also the customer is provided with access to all the customer data.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: Customised integration can we created with appropriate documentation provided.
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Clients can choose which functions to deploy and can customise accordingly.

Scaling

• Independence of resources: Consultation with the client to discuss sizing and load balancing information.

Analytics

• Service usage metrics: Yes
• Metrics types: Transaction history report, performance report, exception report, login logout report, offline report, geo fencing report.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: HCL Software

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Physical access control, complying with another standard
• Data sanitisation process: No
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: The client can export data by selecting the export function on the dashboard reports of the Admin application.
• Data export formats:
  • CSV
  • Other
• Other data export formats: .pdf
• Data import formats:
  • CSV
  • Other
• Other data import formats: Excel: .xls .xlsx

Data-in-transit protection

• Data protection between buyer and supplier networks: Other
• Other protection between networks: Follow industry standards and compliance within GDPR guidelines.
• Data protection within supplier network: Other
• Other protection within supplier network: Data within the network travels in binary format. Each request or response data is associated with a security token.

Availability and resilience

• Guaranteed availability: 99.9%
• Approach to resilience: Architecture will be discussed with client to build resilience into final solution and ensure meets requirements.
• Outage reporting: Planned outages will be communicated as required.

Identity and authentication

• User authentication needed: Yes
• User authentication: Public key authentication (including by TLS client certificate)
• Access restrictions in management interfaces and support channels: 1. Each user is provided with an access role. The access to the system functionalities are directly linked with the access role permissions.; 2. When the user logs into the application, only allowed functionalities are visible to the user.
• Access restriction testing frequency: At least every 6 months
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: You control when users can access audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: You control when users can access audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Bureau Veritas
• ISO/IEC 27001 accreditation date: 16/10/2020
• What the ISO/IEC 27001 doesn’t cover: Intec is a Platinum Parter of HCL's and the software security standards and certifications relate to HCL.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: Currently working towards Cyber Essentials Plus

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: ISO 9001
• Information security policies and processes: HCL has adopted ISO/ IEC 27001: 2013 standard for ensuring protection from a variety of threats and minimising the business damage in its endeavour to provide Mobile Application implementation and support services. HCL is also Cyber Essentials and Cyber Essentials Plus certified.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: A repository maintains all versions of individual work products to help/ permit developers to revert to previous versions during testing and debugging.; ; Dependency tracking and change management covers relationships between enterprise entities and processes, parts of an application design, design components and the enterprise information architecture, design elements and other work products.; ; HCL tracks all the requirements, design and construction components and deliverables that result from a requirements specification.; ; An audit trail is maintained about when, why and by whom changes are made, with source information of changes as specific objects in the repository.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: HCL performs quarterly and/or annual vulnerability scans to get a snapshot at that point in time. Regular scanning ensures new vulnerabilities are detected in a timely manner and are fixed before they occur. The HCL vulnerability management process consists of the following phases:; 1. Preparation; 2. Vulnerability scan; 3. Define remediating actions; 4. Implement remediating actions; 5. Rescan.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: HCL AppScan is a tool used to find and handle potential threats and address them.
• Incident management type: Supplier-defined controls
• Incident management approach: Incident management is designed with a goal to restore normal service operation as quickly as possible and to minimise the impact on business operations. The incident management process follows these steps:; ; 1. Incident identification and logging by the customer; 2. Incident categorisation and prioritisation by the customer; 3. HCL works on the incident response performing diagnosis and investigation followed by resolution and bringing the incident to closure; 4. Corrective and preventive action are taken to avoid repeat or similar incident in future.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Intec is a small business but can contribute to climate emergency by adopting best practice in business operations. The business looks to optimise transportation through car sharing whenever possible, offering working from home and holding at least 50% of client meetings via web meeting when they would have previously been held in person.; ; Our business solutions are focused on Software-as-a-Service (SaaS), adopting server and storage capacity from key vendors, thus reducing footprint of servers in our clients' businesses and reducing energy consumption. Internally, replacing appliances with more efficient devices and adopting 'green' energy tariffs.; ; Promote recycling and reducing all forms of waste - educating employees to be more effective and adopting best practice at work and home.

  Covid-19 recovery

  Intec can play a part in supporting COVID-19 recovery by promoting and maintaining effective hygiene levels, continuing to offer remote working and sustainable travel solutions, particularly for those employees who are vulnerable or shielding. Taking on employee feedback to assess and improve workplace conditions and offer staff training to raise awareness on health and wellbeing. Reviewing status at monthly management reviews to ensure any improvements can be implemented quickly. Providing effective support to employees affected by COVID-19 either directly or family members.

  Tackling economic inequality

  The purpose of this policy is to provide equality and fairness for all in our employment and not to discriminate because of age, disability, gender reassignment, marriage and civil partnership, pregnancy and maternity, race, ethnic origin, colour, nationality, national origin, religion or belief, sex and sexual orientation. We oppose all forms of unlawful and unfair discrimination.; ; All employees, whether part-time, full-time or temporary, will be treated fairly and with respect. Selection for employment, promotion, training or any other benefit will be on the basis of aptitude and ability. All employees will be helped and encouraged to develop their full potential and the talents and resources of the workforce will be fully utilised to maximise the efficiency of the organisation.; ; Intec support decent working conditions for all employees throughout the business and wider supply chain where possible.; Continually provide education and training to improve skills of the workforce.; Invest in R&D which aligns to sustainable development to drive economic growth and improve productivity.

  Equal opportunity

  Intec Systems Limited is committed to eliminating discrimination and encouraging diversity amongst our workforce. Our aim is that our workforce will be truly representative of all sections of society and each employee feels respected and able to give their best.; ; To that end the purpose of this policy is to provide equality and fairness for all in our employment and not to discriminate because of age, disability, gender reassignment, marriage and civil partnership, pregnancy and maternity, race, ethnic origin, colour, nationality, national origin, religion or belief, sex and sexual orientation. We oppose all forms of unlawful and unfair discrimination.; ; All employees, whether part-time, full-time or temporary, will be treated fairly and with respect. Selection for employment, promotion, training or any other benefit will be on the basis of aptitude and ability. All employees will be helped and encouraged to develop their full potential and the talents and resources of the workforce will be fully utilised to maximise the efficiency of the organisation.; ; Our commitment:; To create an environment in which individual differences and the contributions of all our staff are recognised and valued.; ; Every employee is entitled to a working environment that promotes dignity and respect to all. No form of intimidation, bullying or harassment will be tolerated.; ; Training, development and progression opportunities are available to all staff.; ; Equality in the workplace is good management practice and makes sound business sense.; ; We will review all our employment practices and procedures to ensure fairness.; ; Breaches of our equality policy will be regarded as misconduct and could lead to disciplinary proceedings.

  Wellbeing

  Intec adopts inclusive and accessible recruitment practices, development practices and retention focused activities including recruiting, managing and developing people with a disability or health condition.; Investing in the physical and mental health and wellbeing of the workforce. Employees have a clear process of raising concerns or ideas to the management team. Monthly management meetings and weekly 'check-in' calls ensure requests and ideas can be considered and actioned quickly and effectively.; ; Improving Mental Health at work by offering flexibility and working from home to enable employees to manage work/life balance effectively.; Providing 25 day holiday entitlement plus Bank Holidays (33 days total); Providing family healthcare cover; ; Intec recently transitioned to become an employee-owned business run through an employee ownership trust (EOT), which enabled the company to be acquired by a Trust which exists for the benefit of all the company employees, who will then indirectly own the business. EOTs were established in the Finance Act 2014 to encourage companies to become employee owned. This ownership model is seen by the government as having an enduring ownership structure and tangible employee benefits, resulting in a long-term strategic view and increased business investment, to the benefit of not just the employees, but customers and business partners also.

Pricing

• Price: £257.80 a licence a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: HCL offers a one month trial licence - contact us for further detail.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at slaurie@intec.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.