I10 LIMITED

Cloud Privacy and Compliance Audit

How well are you complying with your policies for managing and securing PII/PCI?

Using InsightMaker, we perform a full scan of text based documents in one location to show you the prevalence of Personal Data in that location and its exposure to your staff. Fully understand your remediation requirements.

Features

• Forensic examination of your unstructured information
• Categorise compliance risk by data type and exposure
• View personal data types, data subjects and security by document
• Aggregate risk into buckets by author, location, type
• Produce detailed remediation reports in CSV format
• Flexible configuration to remove false positives
• Find and categorise PII, Personal Data and PCI

Benefits

• Understand where personal data, PII and PCI is held
• Build a programme to improve policy compliance
• Remediate existing risk
• Use provided reports to move or lock down data
• Inform cloud or hybrid technology adoption and migration decisions
• Black box solution with limited draw on your resources
• Accelerated rapid approach: complete within 3 weeks

£15,000 a unit

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at mark.hastings@i-10.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

501543334987515

Contact

Mark Hastings
020 805 01091
mark.hastings@i-10.co.uk

Planning

• Planning service: Yes
• How the planning service works: Our privacy and compliance audit provides you with the capability to catalogue all of the Personal Data, PII and PCI in a given location on your infrastructure (shared drive, SharePoint, Content Server, DropBox, Google Drive, Azure BLOB) and understand how this information complies with the security policies that you put in place to protect such data. At a glance, view the percentage of data on your source that is high risk (due to the number of data subjects mentioned, the types of personal data and the exposure to your organisation) and see who is creating that content. Using this information, you can plan enhanced data protection training focussed on individuals who are breaching policy, list the documents or data to move or to lock down. Alternatively, the audit may tell you that compliance with policy is just as you would want it to be! If you have had a breach and need an audit of the exact PII / PCI or Personal Data and the Data Subjects in the breached location, we can help you get this together quickly so that you can inform the Information Commissioner and plan your communications to affected parties.
• Planning service works with specific services: No

Training

• Training service provided: Yes
• How the training service works: We provide direct end-user training to the team or group of individuals that will use the InsightMaker application for the duration of the audit. We also provide user guides and on-line help through the user interface.
• Training is tied to specific services: Yes
• Services the training service works with: InsightMaker

Setup and migration

• Setup or migration service available: Yes
• How the setup or migration service works: The software solution that is used for the audit is provided as a cloud hosted, private cloud hosted, hybrid or on-premises implementation. We will provide an architectural design appropriate to your infrastructure with a hardware and software pre-requisites document. Once you have provided the relevant infrastructure, we install and configure the software to crawl your source location(s). The design will allow for integration with your directory service for single sign on for the agreed user base. The audit also includes decommissioning of the application and associated index at the end of the process.
• Setup or migration service is for specific cloud services: No

Quality assurance and performance testing

• Quality assurance and performance testing service: No

Security testing

• Security services: Yes
• Security services type: Security audit services

Ongoing support

• Ongoing support service: No

Service scope

• Service constraints: The audit will be limited to a three week period where your staff will have full use of the application for reviewing your compliance data. At the end of this period, the analytics gathered will be used to report back and the application will be removed. Audits will be limited to one data source from our list of standard connectors (network drives, SharePoint / SharePoint Online, OneDrive, Content Server, ShareFile, Azure BLOB, Google Drive, DropBox)

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Usually within 24 hours
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Support levels: You will have a dedicated Customer Experience team consultant for the engagement who will be your primary point of contact and will be able to answer questions on the service for the duration of the engagement.

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: Aiimi

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Social Value

• Social Value:

  Social Value

  Fighting climate change

  Fighting climate change

  We will plant 1,000 trees for each piece of work commissioned under this service to offset the carbon generated by the work. We partner with Ecologi to provide buyers with an independent audit trail to validate our carbon offsetting. We ensure that the planted trees are in Restor-registered sites, using an ‘employ to plant’ model, providing a consistent income for local people who work as planters, nursery staff and forest guards, allowing the local community greater access to education, nutrition and healthcare. Our partners at Ecologi ensure that sustainable land-use practices are followed. The trees planted will provide new food sources for local people, including avocado, lemon and papaya trees. This approach aligns with UN Sustainable Development goals. i10 has already offset our carbon footprint dating back to the year we were formed, and we believe we’re the first business consultancy to the UK public sector to carbon offset its projects, making them routinely carbon neutral and ensuring we remain carbon negative.

Pricing

• Price: £15,000 a unit
• Discount for educational organisations: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at mark.hastings@i-10.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.