Skip to main content

Beta Help us improve the Digital Marketplace - send your feedback

CYRISK LIMITED

Cloud Assurance Service

CyRisk Cloud Assurance Service offers a range of activities which can be procured individually or grouped to support phases or through-life functions. Examples include a single supplier assessment, threat model or design workshop, support for a feasibility exercise or migration project or multiple services thorough the service life.

Features

  • Threat Modelling
  • Risk Management (Risk Assessment and Risk Treatment)
  • Policy, Process and Procedure (Development, Review and Implementation)
  • Management System and Framework Compliance and Certification Support
  • Security Architecture
  • Security Design Authority
  • Security Testing Support (Scoping, Delivery Support and Remediation Management)
  • Lifecycle and Vulnerability Management (SAST, DAST, Dependency Management)
  • Supplier Assessment and Assurance
  • Operational Security including Protective Monitoring, Incident Management and Audit

Benefits

  • Choose individual activities, single phase/function or end to end service
  • Guided activities produce deliverables whilst training and upskilling staff
  • Options for guidance and advice or self-contained delivery
  • Experience with Amazon Web Services (AWS) and Microsoft Azure
  • Vendor agnostic approach
  • Delivery by CIISec and CCP scheme members
  • Tiered supplier assurance approach to support phase and risk level
  • Experience with ISO27001, NIST CSF, CIS18 and NCSC CAF
  • Experience working with Central Departments, ALBs, Devolved Administrations and Police
  • Services designed to support knowledge transfer

Pricing

£1,150 a unit a month

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at hmg@cyrisk.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

4 9 8 5 9 1 4 4 5 1 6 6 0 3 4

Contact

CYRISK LIMITED Phil Harding
Telephone: 0203 637 8058
Email: hmg@cyrisk.co.uk

Planning

Planning service
Yes
How the planning service works
The CyRisk Cloud Assurance Service works with buyers from intial feasability stage to understand the risks and mitigations of various cloud hosting options with the following activities:
- Developing threat models and functional risk assessments.
- Developing conceptual security architectures to understand potentially tiered delivery models.
- Investigating options for migrating between cloud services or from on-premise to cloud services.
- Conducting initial supplier assessments to understand ability of suppliers to deliver requirements.
- Support the development of procurement requirements and formal supplier evaluations.
Planning service works with specific services
No

Training

Training service provided
No

Setup and migration

Setup or migration service available
No

Quality assurance and performance testing

Quality assurance and performance testing service
No

Security testing

Security services
Yes
Security services type
  • Security strategy
  • Security risk management
  • Security design
  • Cyber security consultancy
  • Security audit services

Ongoing support

Ongoing support service
No

Service scope

Service constraints
Standard service delivered remotely from locations within the mainland UK during office hours. Enhanced service available including onsite presence and extended operating hours at additional cost.

User support

Email or online ticketing support
Email or online ticketing
Support response times
Standard service offers initial response to email requests within four working hours.
User can manage status and priority of support tickets
No
Phone support
No
Web chat support
No
Support levels
Standard support is offered 9:00-17:30, Monday to Friday excluding public holidays in England and Wales.
On call support will be charged at 50% of the appropriate SFIA day rate.
Scheduled out of hours support (such as for periods of special interest, migrations, etc) or work conducted in response to a call out will be charged at 200% of the appropriate SFIA day rate (plus travel time and expenses if appropriate).
Routine activities will be scheduled in advance, support requests outside of scheduled activities need to raised by email with options for email, telephone, video conference or onsite response (onsite response at additional cost).
All customers will be assigned a lead consultant to act as single point of contact for delivery.

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2019
Government security clearance
Up to Developed Vetting (DV)

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
No
Other security certifications
No

Social Value

Social Value

Social Value

  • Fighting climate change
  • Tackling economic inequality

Fighting climate change

CyRisk operate a sustainable delivery approach which minimises the amount of travelling which our consultants have to undertake and when travelling is required favour the use of lower carbon options.

Tackling economic inequality

CyRisk supports employees in spending time supporting organisations and initiatives which promote the growth of cybersecurity skills and businesses in the UK. Recently this has included employees holding volunteer roles within the Chartered Institiute of Information Security and the East Midlands Cyber Security Cluster.

Pricing

Price
£1,150 a unit a month
Discount for educational organisations
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at hmg@cyrisk.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.