Skip to main content

Beta Help us improve the Digital Marketplace - send your feedback

THE SIENA PARTNERSHIP LTD

CISO-as-a-Service

Our CISO-as-a-Service model empowers organisations to capitalise on our extensive security expertise and industry experience, eliminating the need for substantial capital investment.

Features

  • Independent advisory and/or leadership from a proven CISO
  • Guidance on enhancing cybersecurity through people, processes, and technology.
  • Provision of cybersecurity education, training, and awareness.
  • Management of security budgets and optimisation of cost processes.
  • Introduction of specialist knowledge from outside the business
  • A third party mediating between board and technical SMEs
  • Advisory on conducting third-party vendor assessments.
  • Assurance of organisational adherence to industry standards and frameworks.
  • Provision of independent insights to enhance the organisation's security posture.

Benefits

  • Improved executive buy-in for cyber investment
  • Enhances approach to cyber risk
  • Improves confidence in cyber assurance and compliance processes
  • Improves relationships with third parties and managed services
  • Improved cyber-literacy across the wider organisation
  • Improves the delivery of ongoing cyber programmes
  • Helps to develop a cyber roadmap for the long term
  • Provides impartial assessment of cyber risk
  • Supports the development of controls

Pricing

£425 to £1,400 a unit a day

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at barney@thesienapartnership.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

4 9 2 3 0 4 3 5 5 7 1 9 5 4 1

Contact

THE SIENA PARTNERSHIP LTD Barney Machen
Telephone: 07979901000
Email: barney@thesienapartnership.com

Planning

Planning service
Yes
How the planning service works
Risk Assessment: Evaluate security risks associated with the cloud environment.
Security Strategy: Develop a comprehensive cloud security strategy to protect data and applications.
Architecture Design: Design a secure cloud architecture that complies with industry standards and regulations.
Policy Development: Create and implement security policies and procedures for cloud operations.
Compliance Assurance: Ensure the migration complies with legal and regulatory requirements.
Incident Response Planning: Develop and refine incident response strategies for potential security breaches.
Vendor Evaluation: Assess and select cloud service providers based on security standards.
Data Protection: Implement data encryption, access controls, and other security mechanisms.
Employee Training: Conduct security awareness and training programs for employees about cloud risks.
Continuous Monitoring: Establish systems for ongoing monitoring and threat detection in the cloud environment.
Planning service works with specific services
No

Training

Training service provided
Yes
How the training service works
We offer a comprehensive training service to facilitate the successful adoption of cloud services, customized to client needs throughout the project lifecycle. Our training solutions include:
• Targeted Training: One-to-one coaching, group sessions, video tutorials, and documentation.
• Mentoring: Ongoing support and knowledge transfer to staff and suppliers.
• Knowledge Repository: Support in creating a central hub for resources and templates.
We specialize in training for platforms like Salesforce and Amazon Web Services, and in coaching on modern DevOps tools like Docker and GitHub.
Training is tied to specific services
No

Setup and migration

Setup or migration service available
Yes
How the setup or migration service works
A third party can support the cloud security component of a cloud migration. This can support vendor conversations, support the development of secure cloud architecture and the development of effective controls.
Setup or migration service is for specific cloud services
No

Quality assurance and performance testing

Quality assurance and performance testing service
Yes
How the quality assurance and performance testing works
Security Policy Review: Evaluating the organization’s existing security policies and practices to identify gaps and areas for improvement.
Vulnerability Assessment: Conducting regular vulnerability scans and assessments to identify potential security weaknesses before they can be exploited.
Penetration Testing: Simulating cyber-attacks to test the resilience of systems and networks against security breaches.
Risk Management: Analyzing and prioritizing risks associated with the organization's assets and implementing strategies to mitigate these risks effectively.
Compliance Audits: Ensuring that the organization complies with relevant cybersecurity standards and regulations, such as GDPR, HIPAA, or PCI-DSS.
Performance Benchmarking: Establishing performance benchmarks for security frameworks and regularly testing against these benchmarks to ensure they are met consistently.
Security Training and Awareness: Developing and delivering training programs to enhance security awareness among employees.
Incident Response Testing: Testing the organization’s incident response plan through drills and simulated breaches to ensure rapid and effective action in real scenarios.
Security Tools Assessment: Evaluating the effectiveness and efficiency of deployed security tools and technologies, ensuring they are optimally configured.
Reporting and Improvement Plans: Providing detailed reports on QA and performance testing outcomes, and recommending improvements to enhance the security posture continuously.

Security testing

Security services
Yes
Security services type
  • Security strategy
  • Security risk management
  • Security design
  • Cyber security consultancy
  • Security testing
  • Security incident management
  • Security audit services
  • Other
Other security services
  • DevSecOps / Shift Left
  • Security Architecture
  • Security of CNI
Certified security testers
Yes
Security testing certifications
  • GBEST
  • CHECK
  • CREST
  • Tigerscheme
  • Cyber Scheme

Ongoing support

Ongoing support service
No

Service scope

Service constraints
N/A

User support

Email or online ticketing support
Email or online ticketing
Support response times
To be agreed with the client
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Support levels
A dedicated CISO-level practitioner paired with an account director to ensure successful service delivery and deploy specific expertise as and when required.

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2019
Government security clearance
Up to Developed Vetting (DV)

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
No
Other security certifications
No

Social Value

Social Value

Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

Fighting climate change

We are committed to sustainable practices that minimise our environmental impact. We prioritise reducing our carbon footprint, conserving resources, and promoting recycling across all operations.
Our policy enforces strict adherence to environmental laws and seeks innovative solutions to enhance eco-efficiency.
Our commitment extends to training employees in sustainability practices, ensuring that every aspect of our operation contributes to a healthier planet

Tackling economic inequality

We support Little Lives charity to provide young children with computers, enhancing their skills and workplace readiness. We collaborate with independent workers from diverse backgrounds and help SMEs grow by connecting them with top talent.
Our actions and partnerships demonstrate our commitment to economic equality, diversity, and inclusivity.
Through initiatives like supporting Little Lives, we empower children for future opportunities and help SMEs drive innovation and growth in the economy.

Equal opportunity

We are committed to embracing and promoting diversity in all business activities and developing a culture that reflects this belief. We aim to recruit through diverse media to ensure a varied employee and candidate base and help our clients achieve their diversity goals.
We continuously review recruitment processes to prevent unlawful or undesirable discrimination.
We ensure equal treatment for all, regardless of sex, sexual orientation, gender identity, marital status, age, disability, race, nationality, religion, political beliefs, union membership, or past convictions. We also provide ongoing equal opportunities training for all staff.

Wellbeing

We prioritise the wellbeing of our staff as a core aspect of our business philosophy. We are committed to creating a supportive and positive work environment where employee health and happiness are paramount.
Our comprehensive wellness programs, flexible working policies, and ongoing support initiatives reflect our dedication to ensuring that every team member feels valued, supported, and equipped to thrive both personally and professionally.
Our wellbeing initiatives include:
Unlimited Holiday Entitlement
Flexible working
Access to additional Healthcare Support
Access to Mental Health support
Office Healthy Snacks and Drinks
Fitness at work

Pricing

Price
£425 to £1,400 a unit a day
Discount for educational organisations
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at barney@thesienapartnership.com. Tell them what format you need. It will help if you say what assistive technology you use.