CLOUD NATIVE LTD

Security (Information Assurance) Architecture

The design, documentation and assurance of secure technical architectures used for hosting applications. e.g. the Security Architecture that underpins a Risk Management Accreditation Document Set or equivalent. The mitigation of vulnerabilities. Quality Assurance of existing capability. Use of government standards e.g. Security Policy Framework (SPF).

Features

• Providing the language bridge between the technical and compliance worlds
• Designing and documenting secure applications, platforms and networks
• Assessing and documenting technical risk, security architecture
• Evaluating vulnerabilities and designing mitigations
• Applying industry best practice to new capabilities
• ISO 27001 and Baseline Control Set style evaluation
• Documenting the security strategy (e.g. production of RMADS)
• GDPR, Data Protection Act DPA 2018, Privacy Impact Assessment PIA
• NCSC cloud security principles, GPG13, MOD JSP440, JSP604
• Defence IS1, IS2, Risk Balance Case (RBC), DART, WARP, MODCERT

Benefits

• Independent impact assessment e.g. BIA
• IA Architecture qualifications (e.g. CISSP, CCP, CESG Certification)
• SME with no commercial links, obligations or interests
• Long experience of highly secure applications and sensitive data
• Reduction of technical risk carried by customer
• Extensive public, private and hybrid cloud experience
• Information Security Management System (ISMS) using JIRA and Confluence
• Security Cleared staff
• Experience in Business Continuity Planning BC, BCP, DR, DRP
• Implimentation and operation of Protective Monitoring and Security Event Management

£599 to £1,600 a unit a day

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at DigitalMarketPlace@cloudnative.ltd. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

485742753064211

Contact

G-Cloud and Digital Outcomes Enquiries Team
08445885265
DigitalMarketPlace@cloudnative.ltd

Planning

• Planning service: Yes
• How the planning service works: Cloud Native provides experienced technical specialists who will support the buyer in planning the implementation of this service. Our specialists are well versed in the activities and processes required to ensure that change is controlled and successful. For example we can help with the early engagement of accreditation and governance organisations. Development of Accreditation Management Plans.; Defining and explaining the technical approach and components of proposed solutions.
• Planning service works with specific services: No

Training

• Training service provided: Yes
• How the training service works: Cloud Native specialists will provide mentoring as part of the service delivery. They can provide other training services as agreed with the buyer as part of the service delivery.
• Training is tied to specific services: No

Setup and migration

• Setup or migration service available: Yes
• How the setup or migration service works: Comparison of the security profiles of different options.
• Setup or migration service is for specific cloud services: No

Quality assurance and performance testing

• Quality assurance and performance testing service: Yes
• How the quality assurance and performance testing works: Cloud Native technical specialists will assist the buyer in setting the required performance standards and quality assurance measurements required for this service. Our specialists can then also assist the buyer in the assessment of this service to ensure it is delivered to their satisfaction. For example, review of business proposals, technical and compliance documentation.

Security testing

• Security services: Yes
• Security services type:
  • Security strategy
  • Security risk management
  • Security design
  • Cyber security consultancy
  • Security incident management
  • Security audit services

Ongoing support

• Ongoing support service: Yes
• Types of service supported:
  • Buyer hosting or software
  • Hosting or software provided by your organisation
  • Hosting or software provided by a third-party organisation
• How the support service works: We provide a range of managed service support capabilities for our clients. This includes first line user support through to third and fourth line technical support of applications and infrastructure on both public, private and Hybrid clouds. We can also provide on going part time engagement (e.g. attending Security Working Group meetings).

Service scope

• Service constraints: Buyer may have to supply hardware and/or software appropriate to the security classification of task.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Standard hours - weekdays.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: MS Teams
• Web chat accessibility testing: We have not done any testing but Microsoft provides reports on their products here: https://www.microsoft.com/en-us/trust-center/compliance/accessibility
• Support levels: First, second and third line support covering both infrastructure and applications. Support Levels are tailored to the client requirements to maximise benefit and minimise costs. A lead consultant is assigned to all engagements who will have over sight of the team/services with a strong technical and management background.

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery

  Fighting climate change

  Embracing Electric Vehicles (EVs) for Travel Championing electric vehicles (EVs) for travel sets us on a path towards achieving carbon negativity. This dedication not only addresses climate change but also enhances societal wellbeing by curbing harmful emissions and pollution. Carbon Reduction - Significant Investments in Solar and Battery Technology Significant investments in solar and battery technology further propel us towards a sustainable future. By harnessing renewable energy sources and advancing battery technology, we can reduce our carbon footprint and create a cleaner environment.

  Covid-19 recovery

  Optimising Post-COVID-19 Ways of Working Optimising our post-COVID-19 ways of working presents an opportunity to further mitigate climate change while boosting overall wellbeing. Embracing remote work and flexible schedules reduces commuting emissions and stress, contributing to cleaner air and improved mental health.

Pricing

• Price: £599 to £1,600 a unit a day
• Discount for educational organisations: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at DigitalMarketPlace@cloudnative.ltd. Tell them what format you need. It will help if you say what assistive technology you use.