Pionen

Managing Security Risk - Risk Management Service

Providing appropriate organisational risk management structures, policies, and processes to help understand, assess, and systematically manage security risks to the network, information systems and supply chain functions. (Governance, Risk Management, Asset management, Supply Chain Assurance) NIST, HMG, ISO 27001, RMADS, NCSC Cyber Assessment Framework CAF. Cyber Security Risk Assessment.

Features

• Effective organisational security risk management, articulated clearly in policies.
• Establishing roles and responsibilities for data security and systems security.
• Ensure accountability for network security, data security, information system security.
• Ensure essential functions for information system risks are considered.
• Network risk assessment: identify, assess, and understand security risks.
• Establishing holistic risk driven organisational approach to risk management.
• Confidence building in people, processes, technology, and essential functions.
• Our consultants are certified, including CESG, CISM, CISSP and NIST.
• We are Experts in HMG Standards, ISO27000, RMADS and ISMS.
• Proportionate supply chain risk management (SCRM) for cyber risk protection.

Benefits

• Embedded cyber risk management at enterprise scale.
• Straightforward security policy implementation with affective process adoption.
• Defined cyber security roles with documented processes, accountability, and responsibility.
• Risk management training with clear process maps and upskilling opportunities.
• Identification of proportionate risk assessment methodologies and tools.
• Implement best practice and approach compliant risk management framework.
• Ensure cost reduction and increase visibility of cyber risk management.
• Enable cyber security risk management with informed decision making.
• Information security assurance with risk driven methods for supply chains.
• Assess supply chain risk enabling clear oversight and risk mitigation

£400 to £1,400 a unit a day

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at steve.moran@pionen.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

425424075307997

Contact

Steve Moran
01743 296 535
steve.moran@pionen.co.uk

Planning

• Planning service: Yes
• How the planning service works: We will always work closely and collaboratively with our client to understand their objectives, needs and capabilities and then agree how we can most effectively assist them in planning how they will implement cloud hosting or software services. We offer a tailor-able, full-lifecycle project and programme definition and delivery capability.
• Planning service works with specific services: No

Training

• Training service provided: Yes
• How the training service works: We work closely with our clients throughout the project and service lifecycle to fully understand their training needs and build a customised approach to ensure your transition to cloud services is successful.
• Training is tied to specific services: No

Setup and migration

• Setup or migration service available: Yes
• How the setup or migration service works: We provide a comprehensive set-up and migration service to support your transition to cloud hosting or cloud software. We follow a proven multi-stage migration path with full operational engagement to ensure secure and managed migration from legacy to new. We recognise the need to migrate with minimal disruption to operational services and reduce the risk of outage and data loss through structured planning, test and execution.
• Setup or migration service is for specific cloud services: No

Quality assurance and performance testing

• Quality assurance and performance testing service: No

Security testing

• Security services: Yes
• Security services type:
  • Security strategy
  • Security risk management
  • Security design
  • Cyber security consultancy
  • Security incident management
  • Security audit services
  • Other
• Other security services:
  • Security Engineering
  • Security Capability Delivery
  • Security Operations Centre

Ongoing support

• Ongoing support service: Yes
• Types of service supported:
  • Buyer hosting or software
  • Hosting or software provided by your organisation
  • Hosting or software provided by a third-party organisation
• How the support service works: We can provide any ongoing support package that a client may require. We are able to flex levels of support to meet changes in demand, for example we can provide enhanced support during transition or roll-out phases.

Service scope

• Service constraints: Our service model is flexible and has no absolute constraints. We are able to offer bespoke packages to clients that include only the features that they need to support their business or organisation.

User support

• Email or online ticketing support: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), 7 days a week
• Web chat support: No
• Support levels: Our support levels include onsite, email and telephone assistance, our projects typically employ an account management structure as as part of our delivery, support and quality assurance processes.

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Centre for Assessment
• ISO/IEC 27001 accreditation date: 20/04/2022
• What the ISO/IEC 27001 doesn’t cover: Out of Scope; ; Partner company Greenfield IT, Pink Spaghetti (Secretarial Services), Business Applications service providers, Microsoft Azure/ MS Office 365 and Atlassian environments. (in-line with the Shared Responsibility Model for SaaS); ; Customer networks are also out of scope and covered by their own security programme.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Social Value

• Social Value:

  Social Value

  Fighting climate change

  Fighting climate change

  Pionen has a well developed method statement on the subject of fighting climate change. Depending on the time of year our activities will be varied in this domain. However we endeavour to measure and report, if requested, on the specific activities our team are participating in. This list if not exhaustive but includes things like reducing energy consumption, reducing travel when possible, investment in green technology and planting trees to offset carbon.

Pricing

• Price: £400 to £1,400 a unit a day
• Discount for educational organisations: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at steve.moran@pionen.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.