SA Group Ltd

Secure by Design Assurance for Defence

Our Secure by Design (SbD) Assurance for Defence service is tailored to customers operating with or within UK Defence. We provide assurance of information systems and services at Official, Secret and Above Secret, including on premise and cloud environments. We integrate SbD with specific MOD standards, policies and procedures.

Features

• Secure by Design strategy development, implementation, and transformation
• Security Assurance of Secret and Above Secret Systems
• Secure by Design Delivery Team Security Lead
• Secure by Design Risk Assessment, Management and Assurance
• Secure by Design Security Management Plan production
• Developed Vetted (DV) and Security Check (SC) cleared staff
• Tailored Adherence to JSP440
• Adherence to JSP604 in support of ATT, IATO and ATO
• Tailored Adherence to JSP490/491 for cryptographic capabilities
• Security guidance for business case development

Benefits

• Detailed understanding of Secure by Design assurance principles and approach
• Experience of SbD Delivery within UK Defence
• Multi-classification assurance, including Cross-Domain Assurance
• Intimate knowledge of MOD Joint Service Publications (JSPs)
• Experience of SbD Assurance at multiple classifications (including Above Secret)
• Adherence and alignment to HMG and NCSC guidelines and policies
• Compliance and understanding of the General Data Protection Regulation (GDPR)
• Alignment to industry standards and best practices
• CISSP, CISM and CCSP certified personnel
• Security controls are implemented from concept through live service

£450 to £1,300 a unit a day

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at commercial@sa-group.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

427204827967017

Contact

Will Machin
+44(0)1249 280111
commercial@sa-group.com

Planning

• Planning service: Yes
• How the planning service works: SA Group proactively support the Buyers’ team implementing cloud hosting and software services through sharing of industry best practice and our experience. In addition, our accredited Quality Management System delivers a set of Critical Project Deliverables, Risk Register and Compliance Register ensuring that all implementation issues are fully addressed and mitigated. These are agreed with the Buyers’ team to ensure the project is delivered on time and in full and identifies any opportunities for improvement in delivery or cost. SA Group have identified a number of key themes based on providing the best independent, cost effective, specialist technical support and systems assurance in cloud hosting and software. Our structured approach utilises proven methodologies and innovative ways of working underpinned by experience of managing emerging challenges in the fast changing cloud hosting and software environment.
• Planning service works with specific services: Yes
• Hosting or software services the planning service works with:
  • PAAS
  • IAAS
  • Training IAAS
  • ITAAS
  • SAAS

Training

• Training service provided: Yes
• How the training service works: SA Group places significant emphasis in ensuring that the company is able to provide our Buyers with the assurance and confidence that we have robust, externally accredited systems for all services we provide. We follow the Defence Systems Approach to Training (DSAT) Methodology (quality standard). DSAT processes, performance and associated learning solutions will be specific to cloud software and hosting services and linked to human capabilities. These are fully auditable, reflecting any legal and accreditation requirements. DSAT is a tool that provides a benchmark against which performance and training can be evaluated and good practice identified and shared. When DSAT is used intelligently subsequent training will be:; Effective - All tasks and roles will be analysed to understand the operating conditions and standard that must be achieved.; Efficient - DSAT ensures optimum efficiency in terms of time, cost and other resources.; Consistent - DSAT ensures the performance and learning required is delivered to a consistently high standard across organisations. Instructors / Educators will be clear on exactly what and how to teach and assess.; Auditable - DSAT provides a clear auditable trail for a learning solution that addresses all requirements, risks, assumptions, constraints, issues and dependencies.
• Training is tied to specific services: Yes
• Services the training service works with:
  • IAAS
  • ITAAS
  • Training AAS
  • PAAS
  • SAAS

Setup and migration

• Setup or migration service available: Yes
• How the setup or migration service works: SA Group proactively support the Buyers’ team implementing cloud hosting and software services through sharing of industry best practice and our experience. In addition, our accredited Quality Management System delivers a set of Critical Project Deliverables, Risk Register and Compliance Register ensuring that all implementation issues are fully addressed and mitigated. These are agreed with the Buyers’ team to ensure the project is delivered on time and in full and identifies any opportunities for improvement in delivery or cost. SA Group have identified a number of key themes based on providing the best independent, cost effective, specialist technical support and systems assurance in cloud hosting and software. Our structured approach utilises proven methodologies and innovative ways of working underpinned by experience of managing emerging challenges in the fast changing cloud hosting and software environment.
• Setup or migration service is for specific cloud services: Yes
• List of supported services:
  • IAAS
  • ITAAS
  • Training AAS
  • SAAS
  • PAAS

Quality assurance and performance testing

• Quality assurance and performance testing service: Yes
• How the quality assurance and performance testing works: We will help prepare your organisation to adopt cloud services through comprehensive quality assurance; steps. We will help you to plan and prepare phases of testing to ensure the system and services being; delivered by your cloud journey deliver the required level of business benefit. Our experienced testing teams; will plan & implement testing strategies to ensure your cloud journey is fit for purpose & performs as user; need dictates. We produce detailed test plans & serials, co-ordinate user acceptance & map testing results; to user requirements.

Security testing

• Security services: Yes
• Security services type:
  • Security strategy
  • Security risk management
  • Security design
  • Cyber security consultancy
  • Security testing
  • Security incident management
  • Security audit services
• Certified security testers: No

Ongoing support

• Ongoing support service: Yes
• Types of service supported:
  • Buyer hosting or software
  • Hosting or software provided by your organisation
  • Hosting or software provided by a third-party organisation
• How the support service works: Our specialists have >1,000 years of experience of supporting Government Departments as well as the majority having been users of the systems we support. Our knowledge and capabilities enable Buyers to identify business value, manage risk and realise higher levels of success from the programmes and projects that they undertake transferring onto a cloud based environment.; We offer specialist services in support of cloud hosting that enable Buyers to transition to cloud hosting seamlessly. We have an established reputation for specialising in the provision of objective and independent technical and commercial support and advice in challenging and technologically complex environments. This includes supporting Buyers with their needs such as transitioning to cloud hosting and managing solutions to the risks and threats to customer’s systems and work practices as they transition. We frequently work as the ‘customer friend or Owners Engineer/Representative’ roles ensuring that suppliers are meeting the customer requirements and delivering value for money with their solutions. Typically, we save between 10 and 50% of expected costs for customers as well as ensuring projects are delivered on time and in full.

Service scope

• Service constraints: Standard SAG mobilisation constraints apply.; ; Support response times: within 1 x business day.; ; Business day being Mon - Fri. Excluding Bank Holidays

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Primarily email ticketing system - Monday - Friday, 9-5. Different levels of support available on request at extra cost.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Support levels: Standard support comprises of Mon-Fri, 9-5.; Different levels of support available on request at extra cost.

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 24/09/2019
• What the ISO/IEC 27001 doesn’t cover: There are no excluded clauses in our 27001 certification
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • CISSP
  • CISM
  • CRISC
  • CCSP

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  SA Group’s environmental and sustainability policy demonstrates our dedication, approach and methods of reducing the company’s environmental footprint. We are committed to being environmentally friendly and our Carbon Reduction Plan holds us accountable for being Net Zero by 2030. Our Carbon Reduction Plan has been completed in accordance with PPN 06/21 and associated guidance and reporting standards. Our policy requires that the company and its employees comply with all relevant environmental legislation, regulations and requirements, where applicable and where practicable: • Work remotely to minimise pollution from day-to-day commuting • Recycle all possible waste material • Reduce the amount of waste material produced • Avoid the use of paper wherever possible • Avoid the use of postal services, saving time on transportation and on paper, e.g. emailing invoices and bids where possible • Recycle equipment that is no longer of use to the company • Keep energy use low, e.g. making use of low energy light bulbs and using schedules to ensure computers & lights are turned off after work, installing solar panels to reduce electricity usage from power grid and batteries to store electricity generated by solar panels not used • Reuse of printer wastepaper where possible, making use of the blank side for notes • Use printer manufacturers schemes to recycle toner cartridges and drums • Using environmentally responsible suppliers and leveraging carbon off set schemes (ECOSIA Browser tree planting scheme) • Purchase products made with recycled paper and a lower environmental impact • Avoid unnecessary travel by making use of instant messaging, video and audio conferencing, telephone and email • Car share on journeys, utilise public transport and consider using greener transport methods e.g. electric vehicles.

  Covid-19 recovery

  Creating employment, re-training and return to work opportunities Since the Covid-19 pandemic commenced, SA Group has evaluated market trends, our working practices, employees existing skills and training gaps. We continuously recruit new personnel, particularly those impacted by Covid-19 and apply a rigorous analysis of their skills to provide the appropriate level of training so existing and new staff can deliver our product. Recovering from the impacts of Covid-19 We have communicated effectively and regularly with our more vulnerable staff who were either shielding or needed support with their mental health during the pandemic. We actively work alongside our clients to provide the best service possible, immersing our teams into their way of operating by adapting ways of working to support their needs. Some of our staff are fully remote, supporting the client via conferencing facilities. Some employees are fully on-site due to the classification of the tasks and others are adopting a hybrid of these two methods. Supporting physical and mental health We are a member of The Mental Health at Work Commitment, sponsored by the mental health charity MIND, and Mental Health First Aid England. These memberships give us access to the latest resources to support our employees and their wellbeing. Our Mental Health First Aiders (MHFA) look out for the wellbeing of our staff. An external Occupational Health Practitioner assesses individuals who are suffering from mental health issues and provide full support. To encourage good physical health, we share tips about the benefits of getting outside, exercising and eating healthily. Effective social distancing, remote working, and sustainable travel solutions Our office can accommodate social distancing practices if required. We have also facilitated remote working and encouraged individuals to travel sustainably by considering the route and only travelling when necessary whilst maintaining a Covid-19 compliant approach.

  Tackling economic inequality

  SA Group understands the problems for those who face barriers to employment due to their background, skillset or geographical location. As an SME supporting the Defence community in the provision of skills and expertise, we want to bring diversity of thought and experience to our contracts. This requires diversity across our workforce in all senses, and we acknowledge the benefit this brings to us and our clients. We currently tackle economic inequality in three ways: • Continuing our Gold Award membership and active support of the Arms Forces Covenant. • Hiring locally • Training our employees, especially new employees for this contract, in skills such as engineering, architecture and information security. Armed Forces Gold Membership The Armed Forces Covenant is a pledge that together we acknowledge and understand that those who serve or who have served in the armed forces, and their families, should be treated with fairness and respect in the communities, economy and society they serve with their lives. Over 70% of our staff are veterans, and we actively encourage and advertise to the veteran community through attendance at careers fayres, transition groups and charities such as TechVets. Hiring Locally SA Group has been a successful Wiltshire-based consultancy for over 14 years, beginning in Westbury and now located in Trowbridge. By growing in size, we can offer more opportunities, and more diverse opportunities, to the local workforce. We can also attract more skilled labour to the area as a reputable employer and contributor to the community. Training our Employees There is a recognised skills shortage across the UK, particularly in engineering, technical architecture and cyber security. We specialise in the delivery of technically complex programmes, particularly in Defence, and are committed to training our employees to have the right skills to help our clients meet their objectives.

  Equal opportunity

  We do not discriminate against any potential employees. Our Equality and Diversity policy is compliant with the Equality Act 2010. We have a number of HM Forces veterans within the company who have varying degrees of physical and mental disabilities and have employed wheelchair bound subcontractors. Supporting disabled people with new skills Irrespective of our employees’ individual capabilities or disabilities, we offer professional certifications and training to develop their skills. Influencing staff, suppliers, customers and communities If any of our people have a known disability, we liaise with our customers to ensure that they are aware of the situation and that any specialist equipment or access can be provided. We champion the support of disabled staff alongside our able-bodied staff to ensure equality throughout the workplace be it in our own offices or those of our clients. Identifying and tackling inequality in employment, skills and pay Our staff are treated fairly and equally within their peer groups and the wider workforce. Employees are allocated training to improve their skills to benefit them as individuals and the company. We review salaries on an annual basis and reward without prejudice based on performance against objectives. If inequality occurs, we have policies in place to allow for formal complaints to be raised or whistleblowing actions to be carried out. Supporting in-work progression We treat all our staff equally and encourage career progression and promotion through developing new and enhanced skills irrespective of the individual’s background. Identifying and managing modern slavery risks We have adopted a zero tolerance approach to modern slavery. To mitigate against any non-compliance relating to the Modern Slavery Act 2015 by our suppliers, we undertake due diligence checks and may request their own slavery and human trafficking statements, in accordance with our Supplier Policy. skills irrespective of the individual’s background.

  Wellbeing

  SA Group has publicly declared that our mental health at work is a priority by signing up to The Mental Health at Work Commitment, sponsored by the mental health charity MIND, and Mental Health First Aid England. These memberships give us access to the latest resources to help support our employees’ wellbeing.; Our in-house certified Mental Health First Aiders (MHFA) are qualified to offer the practical skills to spot triggers and early signs of mental health issues, reassure and support employees and signpost them towards help. Our MHFA’s can spot the early signs of poor mental wellbeing and act quickly to support that member of staff. We follow a 5-point Mental Health First Aid action plan to detect and help poor mental health.; We share physical and mental wellness tips and ideas via our company magazine, newsletters and emails from our HR Director. Tips include preventing poor mental health by encouraging staff to get outside and connect with areas like nature and sport. ; We review our suppliers’ environmental policies and health and wellbeing procedures and mandatory related training before engaging their services. We have regular meetings with all parties throughout the contract ensuring that the subject of health and wellbeing is monitored. We work within the environmental and health and wellbeing initiatives of the local community, actively encouraging our employees to do this.; We regularly support national mental health and wellbeing campaigns such as Every Mind Matters and encourage our suppliers and customers to take part.

Pricing

• Price: £450 to £1,300 a unit a day
• Discount for educational organisations: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at commercial@sa-group.com. Tell them what format you need. It will help if you say what assistive technology you use.