KPMG LLP

Cyber Security Privileged Access Management (PAM)

KPMG will help you to improve your Privileged Access Management (PAM) controls through deployment of technology-enabled PAM transformation programmes and delivery partner services. KPMG can work with you from strategy through to delivery on projects to manage passwords, implement session monitoring, implement a least privilege model and improve controls monitoring.

Features

• Experience with vendors: CyberArk, CA Technologies, Thycotic and BeyondTrust.
• PAM discovery, maturity analysis, requirement analysis and business case development
• PAM strategy, roadmap and target operating model (TOM) development
• Business change management to enable PAM service delivery and transformation
• Applying PAM to legacy infrastructure using customisation and connector technology
• PAM technology and vendor assessments
• PAM solution design and architecture
• Password safe and vault design to meet industry standards.
• PAM business requirements analysis and roadmap definition
• PAM controls testing, assurance and reporting

Benefits

• Improve user experience by centralising privileged password management
• Increased assurance on the management and use of privileged access
• Risk reduction due to increased control over privileged access
• Improved auditability of the use of privileged access
• Reduced risk relating to malicious insiders
• Increases visibility of use of shared accounts
• Reduced risk of privileged account creation going unnoticed
• Hybrid cloud and on premise deployment methodologies possible
• Digital management of privileged access reduces manual workload

£400 to £2,855 a unit a day

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at PSopportunities@kpmg.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

465389310294166

Contact

KPMG G-Cloud Team
02073111000
PSopportunities@kpmg.co.uk

Planning

• Planning service: Yes
• How the planning service works: KPMG can work with you to:; - Define the vision and strategy; - Understand the current state and identify project blockers; - Gain executive buy in and define governance structure; - Develop a detailed project plan; - Define the target operating model; - Identify privileged accounts across the estate; - Define safe and vault architecture
• Planning service works with specific services: No

Training

• Training service provided: Yes
• How the training service works: Based on our experience of working with a wide range of organisations (big, small and in various industries), we can help you benchmark your capabilities and skills. Following a situational analysis, we can identify key areas for development and create a bespoke blend of e-learning, virtual classrooms and face-to-face training.
• Training is tied to specific services: No

Setup and migration

• Setup or migration service available: Yes
• How the setup or migration service works: KPMG are experienced in implementing hybrid, on premises solutions and cloud migration. We work with you to understand and adapt your current environment into the cloud or migrate you to another hosting service. We will identify any risks in the process and help you mitigate these for a successful migration.
• Setup or migration service is for specific cloud services: No

Quality assurance and performance testing

• Quality assurance and performance testing service: Yes
• How the quality assurance and performance testing works: KPMG's Quality Assurance and Testing services include:; - Providing standardised, repeatable, and efficient testing process; - Increasing the quality of software delivered to production, and the stability of production systems; - identifying defects earlier in the development cycle when they are less costly to fix; - Reducing risk in systems deployment

Security testing

• Security services: Yes
• Security services type:
  • Security strategy
  • Security risk management
  • Security design
  • Cyber security consultancy
  • Security testing
  • Security incident management
  • Security audit services
  • Other
• Other security services:
  • NCSC CHECK
  • NCSC Tailored Assurance (CTAS)
  • NCSC Assured Service (Telecoms) (CAS(T))
  • NCSC Commercial Product Assurance (CPA)
  • Cyber Essentials & Cyber Essential Plus
  • CREST STAR
  • CREST Incident Response
  • CREST Security Architecture
  • CBEST/GBEST/TBEST
• Certified security testers: Yes
• Security testing certifications:
  • GBEST
  • CHECK
  • CREST
  • Tigerscheme
  • Cyber Scheme
  • Other
• Other security testing certifications:
  • Offensive Security Certified Professional/Expert (OSCP/OSCE)
  • CISSP - Certified Information Systems Security Professional
  • CCSK - Certificate of Cloud Security Knowledge
  • CCSP - Certified Cloud Security Professional
  • SCF - SABSA Chartered Security Architect – Foundation
  • AWS Certified Solutions Architect – Associate
  • GICSP - Global Industrial Cyber Security Professional
  • CCNA - Cisco Certified Network Associate
  • ISO27001/CAS(T) Lead Auditor
  • CISA - Certified Information Systems Auditor

Ongoing support

• Ongoing support service: No

Service scope

• Service constraints: N/A

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: KPMG will respond to all communication during UK office hours. We endeavour to provide you with a response within 24 hours.
• User can manage status and priority of support tickets: No
• Phone support: No
• Web chat support: No
• Support levels: N/A

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI IS645896
• ISO/IEC 27001 accreditation date: 05/05/2022
• What the ISO/IEC 27001 doesn’t cover: Items outside the Statement of Applicability v10
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • Offensive Security Certified Professional/Expert (OSCP/OSCE)
  • CISSP - Certified Information Systems Security Professional
  • CCSK - Certificate of Cloud Security Knowledge
  • CCSP - Certified Cloud Security Professional
  • SCF - SABSA Chartered Security Architect – Foundation
  • AWS Certified Solutions Architect – Associate
  • GICSP - Global Industrial Cyber Security Professional
  • ISO27001/CAS(T) Lead Auditor
  • CISA - Certified Information Systems Auditor

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  We’ve committed to Net Zero 2030, backed by our environment strategy, aligned to the 1.5-degree pathway, and approved by the Science Based Targets Initiative. And introduced an internal carbon price. A self-imposed tax that’s applied to our energy use and business travel. Bringing the cost of our carbon emissions back to us to fund decarbonisation projects. Initiatives have inspired our staff and gained us a top 2% Carbon Disclosure Project (CDP) A Rating, Platinum EcoVadis medal and Environmental Management (ISO 14001) and Energy Management (ISO 50001) certification. ; During contract delivery we will: ; ; ‒ Encourage our suppliers to report their carbon data to CDP, helping us to measure and encourage progress and remain on their Supplier Engagement Leader board. Reducing pollution through our supply chain.; ; ‒ Facilitate a ‘fighting climate change’ 90-minute session and create a team charter to agree:; ; o Traveling SMART | Minimising travel for those involved in the contract and measuring and monitoring all contract related business travel and carbon emissions using our proprietary KPMG carbon tracker tool.; ; o Living sustainably at home | Managing home office equipment efficiently and avoiding printing.; ; o Adopting a ‘digital first’ approach | Using collaborative technologies for data storage/ sharing to maximise effectiveness and reduce email volume.; ; Reducing travel, power consumption, and paper usage to minimise emissions and support sustainable behaviours.; ; ‒ Host a 60-minute sustainability impact modeller tool demonstration. Helping reduce your carbon footprint of cloud deployments using bespoke tooling to optimise implementation. ; ; ‒ Monitor, measure, and report commitments using the Social Value Portal. An evidence-based, data-driven tool, underpinned by the National Themes, Outcomes and Measures framework. It’s endorsed by the Local Government Association and compatible with all major ESG frameworks. Bringing rigour to commitments tracking and allowing you to flex and value the impact and hold us accountable.

  Covid-19 recovery

  The pandemic accelerated changes in the way we work, forcing us to adapt to ensure rapid recovery. Office space has been transformed for innovation, collaboration, and convening between our colleagues, clients, networks, and local communities. ; ; Contract specific commitments: ; ; ‒ Leverage market-leading devices and hybrid working plans to allow teams to be outstanding in delivery empowered by agile working. Offering greater flexibility and choice during the working week, bringing together physical and virtual worlds.; ; ‒ Welcome those who have not been able to join the workforce previously to play an active role e.g., those who couldn’t spend much time away from home due to caring commitments, those with great distances to travel to an office, or those with a disability which precludes travel. Creating a more diverse workforce.; ; ‒ Host a 60-minute future of work session to share our latest thinking. Including, helping you to consider how innovative technologies can support some of the hardest aspects of change to achieve and sustain high performance and nurture creativity.; ; ‒ Monitor, measure, and report commitments using the Social Value Portal. An evidence-based, data-driven tool, underpinned by the National Themes, Outcomes and Measures framework. It’s endorsed by the Local Government Association and compatible with all major ESG frameworks. Bringing rigour to commitments tracking and allowing you to flex and value the impact and hold us accountable.

  Tackling economic inequality

  Like you, we are committed to shaping an environment to narrow disparities, level the playing field, and create better growth opportunities for diverse businesses. During the delivery of the contract, we’ll tackle economic inequality through the following commitments: ; ; ‒ Adhere to inclusive recruitment and progression practices that follow the five foundational principles in the Good Work Plan (satisfaction, fair pay, participation and progression, wellbeing, and voice and autonomy). Increasing self-worth and motivation and improving retention and productivity.; ; ‒ Provide access to KPMG’s Introduction to Python Coding 10-week course to your staff and suppliers. Successful participants will receive a Credly digital certificate. Strengthening logic and problem-solving skills and equipping future generations with the desired skills to make them a relevant asset.; ; ‒ Extend the reach of our technology and engineering apprenticeships by partnering with local authorities and charities. Generating additional paths to employment for people from lower socio-economic backgrounds and bolstering future skills in the UK. Practical work experience is gained while working towards professional qualifications/ accreditations and earning a salary. ; ; ‒ Create business opportunities for a range of local suppliers such as entrepreneurs and start-ups. By encouraging our 1,800 active suppliers to use local sourcing in their supply chain. For example, for our national catering contract we expect the supplier to source produce locally, supporting local producers and reducing food miles. Our sustainable procurement policy is supporting SMEs and VCSEs via various initiatives e.g. the prompt payment code. ; ; ‒ Monitor, measure, and report commitments using the Social Value Portal. An evidence-based, data-driven tool, underpinned by the National Themes, Outcomes and Measures framework. It’s endorsed by the Local Government Association and compatible with all major ESG frameworks. Bringing rigour to commitments tracking and allowing you to flex and value the impact and hold us accountable.

  Equal opportunity

  We aim to attract the best talent in the market, from all backgrounds at every stage of their career and empower them to reach their full potential. Our initiatives include establishing 16 diversity networks to support individuals and voluntarily publishing diversity pay gaps and action plans to close gaps. Improving progression for our historically underrepresented groups* and placing us in the Top 5 in the Social Mobility Employer Index since 2017.; * Bridge Group – KPMG progression gap analysis. ; ; During the delivery of the contract, the following commitments will go further to level the playing field: ; ; ‒ Take a risk-based approach to policies, training, governance, and approvals to ensure human rights due diligence. Although our industry is not considered high-risk, risk can arise in our operations and supply-chain. Supporting your zero-tolerance approach to modern slavery. ; ; ‒ Invite your employees to join our Cross Company Allyship Programme. Matching mentees from ethnic minority groups with mentors from across KPMG and our client base. Creating diversity of thought, experience, providing career guidance, and building professional network and confidence. ; ; ‒ Provide employability support to people who have served with the armed forces. We’re signatories to the Armed Forces Covenant and holders of the Gold Defence Employers Recognition award. Providing successful career opportunities for those embarking on ‘civvy street.’ ; ; ‒ Ensure the contract workforce are physical/ digital accessibility trained, recognising that not all disabilities are visible. Building an awareness of the policies and standards that enhance accessibility and productivity.; ; ‒ Monitor, measure, and report commitments using the Social Value Portal. An evidence-based, data-driven tool, underpinned by the National Themes, Outcomes and Measures framework. It’s endorsed by the Local Government Association and compatible with all major ESG frameworks. Bringing rigour to commitments tracking and allowing you to flex and value the impact and hold us accountable.

  Wellbeing

  Our wellbeing strategy has been shaped by listening to our people and working with specialists. Focusing on the areas where we can have the biggest positive impact. During contract delivery, we will support wellbeing with the following commitments: ; ; ‒ Provide the contact workforce with a rich, innovative suite of specialist information, advice, services, and treatment – supplemented with focused initiatives. Shaped by listening to our people and working with specialists. Using clinical, organisational, and positive psychology to empower individuals by providing the right care, at the right time. And allowing them to be at their best. ; ; ‒ Facilitate a 90-minute wellbeing workshop for the contract workforce, using our bespoke Wellbeing EDGE tool to create a wellbeing charter. Identifying team member “non negotiables,” creating an inclusive environment, and agreeing our collective approach to maximise team wellbeing. ; ; ‒ Facilitate monthly constructive health and wellbeing check-ins using Wellbeing EDGE and a wellbeing survey to measure the success of our approach and identify additional support required. Understanding how the team can be effectively supported through emerging challenges. Ensuring the workforce witnesses our commitment to continuous improvement, including feedback being incorporated and acted on. Thus, empowering them to continue to speak up.; ; ‒ Appoint a dedicated accredited Wellbeing Ambassador, with a passion for wellbeing, to challenge mental health stigma and begin empathetic conversations with team members. Building, embedding, and maintaining a sustainable wellbeing approach and giving visible support to those struggling mentally or physically. ; ; ‒ Monitor, measure, and report commitments using the Social Value Portal. An evidence-based, data-driven tool, underpinned by the National Themes, Outcomes and Measures framework. It’s endorsed by the Local Government Association and compatible with all major ESG frameworks. Bringing rigour to commitments tracking and allowing you to flex and value the impact and hold us accountable.

Pricing

• Price: £400 to £2,855 a unit a day
• Discount for educational organisations: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at PSopportunities@kpmg.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.