SECARMA GROUP LIMITED

Cloud Security Configuration Review

Cloud Configuration review services for applicable Cloud environments

Features

• Review and audit for Azure, Microsoft 365 and AWS environments
• Review and audit services for Dynamics 365 Power Platform
• Audit non complex infrastructure migrations or complex microservice architectures
• Reporting options for review of set benchmarks or control matrixes
• Specific remediation advice and mitigation actions for each report finding

Benefits

• Demonstrate compliance against recognised technology and security control benchmarks
• Demonstrate compliance against NHS Secure Email Standard (DCB1596)
• Reduce information security risks following migration
• Services delivered by a CREST approved Penetration Testing expert
• Testing delivered by experienced qualified security consultants
• Clearly details the security posture of in use cloud environments
• Comprehensive reporting in an easy to navigate report deliverable
• Provides pragmatic remediation actions and mitigation advice
• Competitive pricing

£900 to £1,200 a unit a day

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at actnow@secarma.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

460753466425694

Contact

Megan Evans
0161 513 0960
actnow@secarma.com

Planning

• Planning service: Yes
• How the planning service works: As Cloud Cyber security experts we work collaboratively with internal security teams and system owners to clearly understand their information security and compliance requirements. To provide tailored and bespoke advice and create risk and vulnerability programs that provide high value and high impact improvements.; ; All services are scoped as a bespoke offering and can be discussed prior to engagement as part of the planning and scoping phase.
• Planning service works with specific services: No

Training

• Training service provided: Yes
• How the training service works: Secarma's bespoke training services can be provided for any cloud infrastructure engineers, practitioners or strategists looking to work towards Microsoft or Amazon learning and examination paths, or for organisations looking to upskill internal security resources within their organisation.
• Training is tied to specific services: No

Setup and migration

• Setup or migration service available: No

Quality assurance and performance testing

• Quality assurance and performance testing service: No

Security testing

• Security services: Yes
• Security services type:
  • Security strategy
  • Security risk management
  • Cyber security consultancy
  • Security testing
  • Security audit services
  • Other
• Other security services:
  • Active Directory Configuration Review Services
  • VPN/Breakout Assessment
  • External/Internal Infrastructure Assessment
  • Web Application Assessment
• Certified security testers: Yes
• Security testing certifications:
  • CREST
  • Tigerscheme
  • Other
• Other security testing certifications:
  • OSCP
  • OSCE
  • OSWE
  • CRTL
  • CRTO

Ongoing support

• Ongoing support service: No

Service scope

• Service constraints: Secarma's standard UK operating hours are 9:00am - 5:30pm ; ; Out of hours is available for customers depending on agreed SLA's but is not included within the standard cost of service deliverables

User support

• Email or online ticketing support: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Support levels: Secarma provides comprehensive support during the full service delivery process for all Penetration Testing services. From pre-test scoping assistance (such as helping the organisation to define the agreed scope and objectives) through to providing guidance on on how to interpret and benchmark the provided results and recommendations. Support services outside of the proposed engagement are priced based upon the technical resource it requires and is calculated based upon the subject matter experts associated daily rate for penetration testing. All engagements are assigned a dedicated senior penetration tester and account manager for aiding with project management, commercial negotiations and resource scheduling.

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 23/04/2022
• What the ISO/IEC 27001 doesn’t cover: Nothing- full portfolio of services is included within the scope of the certification
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  During the delivery of any customer contracts, Secarma are always looking for ways to reduce our carbon footprint. Our management team have approved our commitment to halve our overall carbon emissions by 2030.; ; To support this, we have developed processes to allow for remote delivery of the majority of our testing and audit services which has drastically reduced our carbon footprint through the reduce need for consultants to travel to site. Unless expressly requested by a customer during delivery of our contractual services. Secarma will always look to deliver engagements remotely to minimise our carbon footprint and impact.; ; Outside of this we have implented the following processes to improve our commitment to help fight climate change:; ; We separate our waste to reduce the amount sent to landfill.; We promote a paperless office approach but use 100% recycled paper where necessary.; We are committed to reducing our environmental impact by using collaborative tools to reduce travel needs.; Our ‘Cycle to Work’ scheme provides vouchers to encourage better ways to travel to the office.; We encourage the use of public transport and car sharing and have schemes in place. Travel card loans are available to encourage use of public transport.; Staff members have access to our Electric Vehicle leasing scheme with Octopus.; We promote a high level of recycling activities and encourage our staff to reduce single use plastic.

  Covid-19 recovery

  During COVID-19 Secarma transitioned to a remote working model immediately with our employees having the immediate ability to work from home as they had personal work laptops and mobile phones. We have also invested in remote working and webinar tools such as Microsoft Teams which enables us to communicate and collaborate effectively internally and with customers whilst working from home and reduces the need to travel for onsite meetings. This resulted in a efficient period of transition and supported our teams to continue delivering services without customer impact to the same high standard.; ; On any contracted service Secarma will endeavour to support organisations and businesses to manage and recover from the impacts of COVID-19, including the remote delivery of services where appropriate to limit the risk of COVID-19 transmission and any financial costs for our customer such as expenses.

  Tackling economic inequality

  Throughout Secarma’s growth and expansion, we as a business have created new jobs and developed skills to tackle economic equality and through our security assurance and consultancy offerings. Help our customers to identify gaps within their information security teams which could be filled via recruitment activities or staff training and development.; ; Secarma have tackled this challenge by rethinking our corporate social responsibility and recruitment policies and requirements. Allowing us to explore conversations with candidates who have been unsuccessful or unlucky in previous recruitment opportunities, designed collaborative initiatives with universities and school leavers, implement more flexible hybrid working policies, put a greater emphasis on investment in skills and career development for internal staff members and ensuring all staff members earn a living wage.; ; By doing this we also add value to our customer engagements by reviewing risks within their own supply chains which may not have been considered such as legacy, unauthorised or vetted subcontractors or suppliers, excessive working hours that could lead to a disgruntled employee becoming an insider threat, deviations from social media or branding best practices that could lead to potential defamation risks alongside many others.

  Equal opportunity

  Secarma have defined ‘Equal Opportunity’ and ‘Equality and Diversity’ policies in line with our ISO policies and management systems. Which outline our commitment to providing equal opportunities to all employees. These are taken into consideration across the delivery of all customer engagements within the scope of a proposed customer contract and when looking to recruit new staff members or explore career progression opportunities for staff members.

  Wellbeing

  To ensure Secarma staff are happy, healthy and feel like they have a safe environment they can succeed and excel in even when non office based and working remotely. ; ; We set ourselves the aim of creating an open door culture that promoted openness to remove stigma around mental health concerns and honesty on tackling mental and physical health challenges. We implemented several mental and physical wellbeing initiatives that are available to all staff members. These include:; Dedicated Mental Health First Aiders- Our MHFA team members play a key role in supporting colleagues across the company.; External access to trained specialist counsellors where required; AXA Doctor at Hand - providing a private online GP service, available 24x7 for all staff members.; Access to AXA Private Medical Insurance; Quarterly Team Building Events, Socials and our Annual Snowdon Hiking Trip and Skills School; Saved links to commonly used external support and mental health services - including Samaritans, Mind, CALM, Anxiety UK, Mind Out and several smaller community charities.; ; Additionally, all members of the Secarma Leadership and Management Team have an Open Door Policy and are available if employees need someone to talk to without having to go through their line manager.

Pricing

• Price: £900 to £1,200 a unit a day
• Discount for educational organisations: Yes

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at actnow@secarma.com. Tell them what format you need. It will help if you say what assistive technology you use.