CYPRO CONSULTING

Cyber Security as a Service (CaaS)

Simplify the management of your cyber security with our comprehensive managed service. From establishing new governance, to proactive threat detection to routine security assessments, we handle every aspect of your cyber security, allowing you to focus on growing your business.

Features

• Comprehensive managed service for cyber security
• End-to-end cyber operations management provided
• Proactive threat detection and response services
• Routine security assessments and audits conducted regularly
• Establishment of new governance frameworks as needed
• Continuous improvement of security controls implemented consistently
• Scalable services tailored to specific business requirements available
• Cost-effective solution reducing operational expenses significantly
• Release of internal resources for core business activities facilitated
• Peace of mind with comprehensive security oversight assured

Benefits

• Coverage of end-to-end cyber security operations assured
• Continuous improvement to combat evolving threats ensured
• Cost savings through reduced operational expenses achieved
• Flexibility and scalability to meet business demands
• Enhanced security posture with regular assessments
• Alleviation of burden and workload on internal resources
• Executive confidence in governance and compliance adherence
• Improved resilience against cyber threats and attacks
• Assurance that cyber security is managed comprehensively given
• Business and cyber insurance premiums reduced

£525 to £1,400 a unit a day

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at accounts@cypro.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

463502821667104

Contact

Jonny Pelter
020 80 888 111
accounts@cypro.co.uk

Planning

• Planning service: Yes
• How the planning service works: 1. Governance & Cyber Strategy​ - Your vCISO will take ownership of cyber security defining and driving the cyber strategy.; 2. Security Operations - We will monitor your network (e.g. Azure and AWS) for suspicious activity and investigate incidents.​; 3. Security Awareness - We will nurture a strong cyber security culture, enabling your staff to become well-versed in recognising and mitigating threats. We do this via innovative training, impactful communications, and engaging simulation exercises.​; 4. Secure Software Development​ - We will implement new controls to ensure that historic and newly developed code for your products is secure and resilient. For example, secure code training for developers, container scanning, static vulnerability scanning, etc. ​; 5. Incident Response & Recovery​ - We will develop an incident response plan and a set of runbooks to prepare you for a major cyber incident. You’ll have access to our cyber forensics and incident response experts via the CyPro Talent Community, who have invaluable hands-on experience managing incidents.​; 6. Annual Assurance & Testing​ - Each year we conduct:​; ​; A) a cyber maturity assessment measuring strategic progress.​; B) Penetration testing of core IT infrastructure.​; C) ISO 27001 surveillance audit to maintain accreditation.​
• Planning service works with specific services: No

Training

• Training service provided: Yes
• How the training service works: Cloud Security Best Practices Training: Cover encryption, access management, and secure configurations for the chosen cloud platform.; Threat Identification and Response Training: Educate on detecting and mitigating common cloud security threats like data breaches and DDoS attacks.; Compliance Training: Ensure awareness of industry-specific compliance requirements and methods to maintain adherence.; Incident Response Procedures Training: Teach reporting security incidents and coordinating with cloud service providers effectively.; Emerging Threat Awareness Training: Provide updates on evolving threats and trends in cloud computing security.; Interactive Workshops and Simulations: Engage participants in hands-on learning through workshops, simulations, and real-world scenarios.; Security Awareness Programs: Foster a culture of security awareness and responsibility across your organisation.; ; All this can be delivered via in-person training, eLearning, virtual instructor-led training (VILT), interactive training simulations, blended learning approach, gamified learning or access to peer learning communities.
• Training is tied to specific services: No

Setup and migration

• Setup or migration service available: Yes
• How the setup or migration service works: Data Encryption: Utilize TLS for transit encryption and AES for data at rest to secure data during migration.; Identity and Access Management (IAM): Implement RBAC, MFA, and least privilege principles to secure user access.; Network Architecture: Strengthen security with firewalls, segmentation, VPNs, and intrusion detection/prevention systems.; Vulnerability Management: Conduct regular assessments and penetration testing to identify and remediate cloud security weaknesses.; Logging and Monitoring: Set up cloud-native monitoring tools and SIEM systems to track user activities and security incidents.; Data Loss Prevention (DLP): Enforce measures to protect sensitive information during migration, including data classification and encryption.; Compliance and Governance: Ensure adherence to regulatory requirements and industry standards using governance frameworks like the CSA Cloud Controls Matrix.; Disaster Recovery and Business Continuity: Develop and test DR/BC plans with cloud-native backup, failover, and recovery services.; Secure Development Practices: Implement secure coding and DevSecOps methodologies to build and deploy applications securely.; Security Awareness Training: Provide education on security best practices to mitigate human error and insider threats during migration.
• Setup or migration service is for specific cloud services: No

Quality assurance and performance testing

• Quality assurance and performance testing service: Yes
• How the quality assurance and performance testing works: - Test Planning: Develop a comprehensive plan outlining objectives and methodologies for QA and performance testing.; - Functional Testing: Verify security service functionality, including IAM, encryption, and DLP, ensuring compliance with requirements.; - Penetration Testing: Simulate real-world attacks to identify and address vulnerabilities in the cloud environment.; - Vulnerability Assessment: Use automated tools and manual analysis to detect and prioritise security weaknesses.; - Load and Stress Testing: Assess performance and scalability under peak traffic conditions to ensure reliability.; - Resilience Testing: Validate failover mechanisms and disaster recovery plans for business continuity.; - Logging and Monitoring Testing: Confirm effectiveness in capturing security events and generating timely alerts.; - Compliance Testing: Ensure alignment with regulatory mandates such as GDPR and PCI DSS.; - Documentation and Reporting: Document findings and recommendations for stakeholders, facilitating informed decision-making.; - Continuous Improvement: Implement feedback-driven enhancements to adapt to evolving threats and technology trends.

Security testing

• Security services: Yes
• Security services type:
  • Security strategy
  • Security risk management
  • Security design
  • Cyber security consultancy
  • Security testing
  • Security incident management
  • Security audit services
  • Other
• Other security services:
  • Secure architecture review
  • Secure solution designs
  • Vulnerability scanning and discovery
  • Secure cloud migration
  • Identity and access management audits
  • 24/7 cyber security monitoring
  • Cyber security accreditation (ISO 27001, Cyber Essentials, SOC 2)
  • IT Disaster Recovery Planning
  • Cyber security project and program management
  • Cyber threat assessments
• Certified security testers: Yes
• Security testing certifications:
  • GBEST
  • CHECK
  • CREST

Ongoing support

• Ongoing support service: Yes
• Types of service supported:
  • Buyer hosting or software
  • Hosting or software provided by a third-party organisation
• How the support service works: - Cloud Security Assessments: Evaluate the security posture of cloud environments to identify vulnerabilities and compliance gaps.; - Secure Cloud Architecture Design: Develop robust and scalable cloud architectures with built-in security controls and best practices.; - Identity and Access Management (IAM) Solutions: Implement IAM solutions to manage user access and permissions, ensuring least privilege principles.; - Data Encryption and Key Management: Secure sensitive data in transit and at rest through encryption and robust key management practices.; - Continuous Monitoring and Threat Detection: Monitor cloud environments continuously to detect and respond to security threats in real-time.; - Security Incident Response and Forensics: Develop and implement incident response plans and conduct forensic investigations to mitigate security incidents effectively.; - Vulnerability Management and Penetration Testing: Identify and remediate vulnerabilities through regular assessments and penetration testing exercises.; - Compliance Audits and Governance Frameworks: Ensure compliance with regulatory requirements and industry standards through audits and governance frameworks.; - Secure DevOps and CI/CD Pipeline Integration: Integrate security into the software development lifecycle to automate security checks and ensure code integrity.; - Security Awareness Training and Education: Educate employees on security best practices and emerging threats to promote a culture of security awareness and responsibility.

Service scope

• Service constraints: We can provide on-site resource but only to organisations within the UK.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Depends on the service level agreement.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Support levels: We provide different support levels depending on the needs of the client:; ; 1. Basic Support: Offers essential support services such as email or ticket-based assistance during standard business hours. Basic support may include help with basic troubleshooting, account setup, and general inquiries.; ; 2. Standard Support: Provides more comprehensive assistance with faster response times and extended support hours. Standard support often includes phone support, dedicated support representatives, and access to a self-service portal.; ; 3. Advanced Support: Offers advanced technical support services such as proactive monitoring, performance optimization, and regular health checks. ; ; 4. Advanced support may include on-site visits, dedicated account managers, and customised solutions tailored to the client's specific needs.; ; 5. 24/7/365 Support: Delivers round-the-clock support for critical security incidents and emergencies. This level of support ensures rapid response and resolution to security incidents regardless of the time of day.

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Energy Efficiency Assessments: we can evaluate the energy usage of existing IT infrastructure and recommend strategies for optimizing energy consumption through cloud migration and resource consolidation.; Server Utilisation Optimisation: we analyse server workloads and resource utilisation patterns to optimise server usage and reduce energy consumption in cloud environments.; Renewable Energy Integration: Assist in integrating renewable energy sources such as solar, wind, and hydroelectric power into cloud data center operations to minimize reliance on fossil fuels.; Green Data Center Design Consulting: Provide guidance on designing environmentally sustainable data centers, including efficient cooling systems, modular architecture, and waste heat reuse.; Remote Work Enablement Solutions: Implement cloud-based collaboration tools and remote work solutions to reduce commuting and office energy consumption, supporting environmental sustainability efforts.; Lifecycle Management Services: Manage the entire lifecycle of IT hardware, from procurement to decommissioning, in an environmentally responsible manner, including recycling and disposal programs.; Workload Optimisation Solutions: Implement workload optimisation strategies using cloud services such as auto-scaling, load balancing, and serverless computing to streamline resource usage and improve energy efficiency.

  Equal opportunity

  Recruitment and Hiring Practices: We employ fair and unbiased recruitment processes that focus on qualifications, skills, and experience, ensuring that all candidates are evaluated based on merit alone. We actively seek candidates from diverse backgrounds and underrepresented groups to build a talented and diverse workforce.; Diversity and Inclusion Training: We provide ongoing training and education on diversity and inclusion topics to our employees. This training helps raise awareness of unconscious biases, promotes inclusive behaviors, and fosters a culture of respect and belonging.; Equal Pay: We adhere to principles of pay equity and provide equal pay for equal work, regardless of gender, race, ethnicity, age, sexual orientation, or other personal characteristics.; Career Development and Advancement: We offer career development opportunities and support for all employees to reach their full potential. This includes mentorship programs, training workshops, and leadership development initiatives aimed at advancing individuals from underrepresented groups into leadership roles.; Flexible Work Arrangements: We recognize the importance of work-life balance and offer flexible work arrangements, including remote work options, flexible hours, and part-time schedules, to accommodate diverse lifestyles and responsibilities.; Zero Tolerance for Discrimination and Harassment: We have strict policies in place to prevent discrimination, harassment, and retaliation in the workplace. We investigate all complaints promptly and take appropriate action to address any violations of our policies.; Community Engagement and Partnerships: We engage with external organisations and community partners to promote diversity and inclusion initiatives, support underrepresented groups, and contribute to positive social change.

  Wellbeing

  Health and Safety Measures: We implement robust health and safety protocols in the workplace, including ergonomic workstations and compliance with regulations.; Mental Health Support: We offer counseling services and mental health resources to help employees manage stress, anxiety, and other challenges.; Work-Life Balance: We promote work-life balance through flexible work arrangements, including remote work options and flexible hours.; Wellness Programs: We provide wellness activities and programs to promote physical health, such as fitness challenges and nutrition workshops.; Employee Assistance Programs: We offer confidential support services through employee assistance programs for personal and work-related issues.; Professional Development: We invest in the professional growth of our employees through training, workshops, and tuition reimbursement programs.; Recognition and Appreciation: We regularly recognise and appreciate the contributions of our employees to cultivate a positive work environment.; Social Connections: We encourage social connections and community engagement through team-building activities, social events, and volunteering opportunities.; Wellbeing Policies: We have policies in place to support employee wellbeing, including flexible work policies and anti-harassment policies.; Leadership Support: Our leadership team prioritizes employee wellbeing and serves as role models for healthy work habits and self-care practices.; Feedback Mechanisms: We provide avenues for employees to provide feedback and suggestions for improving workplace wellbeing, ensuring their voices are heard and valued.; Health and Wellness Resources: We offer access to resources such as health screenings and wellness workshops to empower employees to take proactive steps towards their wellbeing.; Community Involvement: We engage in community initiatives and partnerships focused on health, wellness, and social responsibility, providing opportunities for employees to make a positive impact beyond the workplace.

Pricing

• Price: £525 to £1,400 a unit a day
• Discount for educational organisations: Yes

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at accounts@cypro.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.