SUDOCYBER LIMITED

Gamified Cyber Learning Platform

Through our SudoRange learners are able to practice and learn new skills in the format that suits them best in pseudo real-world environments. Our platform is the perfect playground for experts and beginners, offering varied levels of difficulty while learning or practicing skills from across the cyber domain.

Features

• Gamified Learning
• Learn skills including Red-Team, Blue-Team, Programming, Networking
• Industry recognised courses
• Remotely accessible from all popular browsers
• Private, safe and secure lab environments
• Real-time activity reporting
• Regular competitions
• Organisation, competition and individual scoreboards
• Continuous content updates for latest threats
• Varied levels of difficulty

Benefits

• Stable content for through-time learning and training delivery
• Learning paths increasing in difficulty for continuous learning
• Prepare for industry qualification in a real-world environment
• Aquire new skills and prevent skills fade
• Compete individually or in teams reinforcing behaviours and skills
• Industry expert content added regularly
• Customised content available for specific organisation needs
• Support requests managed while you play with no interruption
• Fast and scalable platform so labs are always available
• Learn - Practice - Compete: Your learning, your way!

£20.00 a user a month

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at marc@sudocyber.net. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

433698039165562

Contact

Marc Del-Valle
07794081617
marc@sudocyber.net

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: N/A
• System requirements:
  • A Computer (Laptop or Desktop)
  • Stable internet connection
  • A modern internet browser

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We respond to all tickets raised within 1 working day Monday to Friday 09:00 - 17:00
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: No
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: All accounts have access to a built-in support ticketing system for technical and accounts queries. These tickets are monitored 09:00 - 17:00 Monday to Friday and responded to within 1 working day. On-site support with content delivery is available along with training for delivery in-house at a daily rate.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Onsite and online training is available for organisations. Documentation is included within the platform at relevant stages and an intuitive design has been used to help guide new users through interactions within the user interface.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: When a contract comes to an end, users are notified in advance and have the option to download their data in PDF format. This extraction is available throughout the use of the platform and all data is treated in line with GDPR requirements.
• End-of-contract process: When a contract comes to an end, a user has the option to remove their account and all associated data or revert to a free tier access which will allow for historic achievements within the platform to be saved without the need for further payment should the user wish to return at a later date. All data stored within the system, whether on an active subscription or a free tier access is treated in line with GDPR requirements. Users are able to terminate their contract at their next billing date automatically.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: No
• Customisation available: Yes
• Description of customisation: Display elements within the platform can be customised at a user and organisational level. Multiple Language support is also available.

Scaling

• Independence of resources: The SudoRange operates entirely on AWS Scalable architecture and is enabled with no limits to ensure scalability as required. We also make use of 'overprovisioning' features to ensure that loading and wait times for scaling are minimised throughout usage.

Analytics

• Service usage metrics: Yes
• Metrics types: Usage metrics are available to all users within the the platform. These include current lab, course and competition progress along with current scores and other relevant information.; ; Organisations can also see the usage statistics for their users within the management area for the organisation.
• Reporting types:
  • Real-time dashboards
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Users are able to download their data as a PDF from within the platform at any time.
• Data export formats: Other
• Other data export formats: PDF
• Data import formats: Other
• Other data import formats: Not Applicable

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: We do not currently offer a guarantee or refund policy within our service level agreement. We target a 99% uptime and are currently running at a rate of 99.9%
• Approach to resilience: This information is available upon request
• Outage reporting: Email alerts are used to notify users of any system outages.

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: Privileges are managed wihtin the platform with management access only granted as required. These users are formally recorded and reviewed periodically to ensure there are no unused privileged accounts. Internal administrator level accounts are also subject to MFA and Certificate Authentication.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: Cyber Esssentials. Working towards Cyber Essentials Plus and IASME Governance.
• Information security policies and processes: We are currently undergoing the process of preparing for Cyber Essentials Plus and IASME accreditation. Once these have been achieved, we will look to obtain ISO27001. Currently we have a security first approach to all of our development and service offerings. Training is conducted with all new staff members including information security and data protection guidance as well as all members of staff being given and having access to all policies and required procedures for data privacy and security incident handling.; ; We are registered with the ICO as a data controller and we currently have in place policies and procedures for the following areas related to governance of information security:; ; - Information Security; - Data Protection; - Business Continuity ; - Disaster Recovery

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All platform changes are tracked and released in line with our SDLC including extensive functional and security testing prior to release. Where applicable to users, email notification of updates are sent with notes detailing the contents of any new updates. Users are able to raise requests for change via the platform and these are then added to the development pipeline and the user kept informed as these are released.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Continuous monitoring is in place for all system components and a SIEM system is used to alert suspicious and malicious activity. Regular internal and external penetration tests are also in place to assess new vulnerabilities both prior to and throughout a component's release. Additional vulnerability and threat information is gathered from public feeds including NCSC CiSP and Police Cyber Alarm and reviewed for applicability. Should a new vulnerability be discovered, a patch is issued for this at the earliest opportunity and where appropriate, users will be notified.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We utilise continuous monitoring for all system components and operate an SIEM for alerting to suspicious and malicious activity. If a potential compromise is identified, our incident response policy and procedures are followed including notification in line with legal requirements for GDPR and CMA. Our technical team operate a 24-hour on-call rota for responding to potential security incidents and all incidents are initially investigated within 4 hours and appropriate action then agreed and carried out.
• Incident management type: Supplier-defined controls
• Incident management approach: We have a defined internal policy for incident handling, details of which are available upon request. Users are able to report incidents from within the platform via the ticketing system or via email directly to our technical team. Incident reports are produced and shared with relevant users as determined by the incident handlers.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Covid-19 recovery:

  Covid-19 recovery

  SudoCyber is committed to helping the country recover from the Covid-19 pandemic and we are fulfilling this commitment in the following ways.; ; Free licensing was given to colleges, universities and schools during the pandemic to assist them with remote delivery of courses without the need to invest in or configure additional infrastructure.; ; Virtual Masterclass Events have been and continue to be provided free of charge in conjunction with Cyber Wales to allow students learning remotely access to subject matter experts and additional support.; ; All of our staff members now work remotely to ensure no unnecessary risks of transmission are taken. This includes a preference for virtual meetings where feasible to do so. All internal meetings are also conducted remotely.; ; We are also currently working with Gower College Swansea to offer apprentiships starting in the academic year 22/23 to assist those out of work to re-engage with employment.; ; Staff training has also been given to existing employees on how to best protect themselves against Covid-19 and any future potential viruses and this training is also now a part of our onboarding process for new starters.; ; Additional paid leave was also granted to any staff suffering from the effects of Covid-19 as well as any staff with a requirement to care for an individual who was either at high risk or suffering from Covid-19.
• Tackling economic inequality:

  Tackling economic inequality

  SudoCyber believe that tackling economic inequality is a challenge for every member of society and as such are taking the following measures to assist with this challenge.; ; Recruitment of apprentices and graduates to support young people into work as well as continuous training for staff, including certification where available to ensure future earnings potential.; ; Offering free of charge industry talks to schools, colleges and academia with members of staff also being seconded as World Skills Ambassadors, NCSC Cyber First Ambassadors and STEM Ambassadors for these engagements.; ; Signing of the Armed Forces Covenant and further policy commitments to ensure that no individual is disadvantaged for any reason including but not limited to race, religion, economic circumstance and health needs.
• Equal opportunity:

  Equal opportunity

  SudoCyber actively support education of those with mental and physical disabilities within the cyber industry and work with partner organisations to support these learning schemes free of charge. ; ; In addition, apprentiships will be offered in line with our equality policies beginning in acadmeic year 22/23 where no individual applying will be disadvantaged as a result of their circumstances or disabilities.; ; A standardised flat pay scale is used for all employees to ensure that all employees employed for similar roles are paid fairly and to ensure there is no pay gap within the organisation based on gender, race, disability, or any other non-role related information.; ; We also operate and inform our staff during onboarding an Anti Modern Slavery policy along with policies for safe reporting of any harassment, bullying or offensive behaviour being intrinsic to our staff handbook.; ; Additional leave is also granted where appropriate for serving members of the military, those with health conditions and other needs as well as offering all employees flexible working to assist with managing non-work commitments such as childcare.
• Wellbeing:

  Wellbeing

  SudoCyber are conscious of our responsibility to our staff, customers and suppliers which is why we are signatories of the Mental Health at Work Commitment and endeavour to support all of our stakeholders with any mental health concerns or needs that they may have.

Pricing

• Price: £20.00 a user a month
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: We offer a 7-day free trial with access to a range of content from within the platform.
• Link to free trial: https://sudocyber.net/signup/

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at marc@sudocyber.net. Tell them what format you need. It will help if you say what assistive technology you use.