DAINTTA LTD

CyINTer

CyINTer is a cyber-security resilience management service. It is an AI-based innovative capability that develops holistic cyber-security, risks, and resilience insights. It empowers organisations to deliver their strategic objectives whilst meeting cyber-security obligations. It takes organisation's unique situation, aligns it with government-standards and tailors insights to individual responsibilities and accountabilities.

Features

• Communicate cyber security and resilience against government approved standards
• Compare and benchmark cyber-resilience against peers, industry and the changing-threat-landscape
• Contain the cyber-security impact by recommending prioritised risks and mitigations
• AI-based innovative capability that develops holistic cyber-security resilience insights
• Obtain rapid cyber-resilience-insights using self-assessment top-down compliance and risk analysis
• A single-view articulating the organisation's cyber-risks, insights, and resilience
• Aggregation capability per organisation across multiple assessments and systems
• SME advisory to tailor cyber-risks, insights, and resilience recommendations
• Detailed impact and analysis to critical identified risks from assessment

Benefits

• Empowers organisations to deliver strategic objectives whilst meeting cyber-security-obligations
• Empowers stakeholders to articulate cyber-security risk, regardless of their role
• Maintains organisations' competitive advantage in an evolving threat landscape
• Focuses investment where it has the greatest impact on cyber-resilience
• Manages cyber-resilience by alignment of organisation's unique-situation with government standards
• Tailors cyber-resilience insights to individual responsibilities and accountabilities
• Enables data-driven decision making at different governance levels within organisations

£500 to £3,500 a unit

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at commercial@daintta.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

535532714914932

Contact

Daintta Commercial Team
07484261888
commercial@daintta.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
• Service constraints: Planned and scheduled maintenance and business continuity testing, that are always conducted in collaboration with our customers and aligned with SLAs.
• System requirements:
  • Internet access
  • Modern and up to date web browser on a desktop/laptop

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Typically response within 2 working days. At extra cost, we offer different response SLA covers to customers based on their requests and needs.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: The offering of our standard support is:; - UK based.; - Via email with response within 2 working days.; - Reasonable endeavour to resolve 80% of Priority 1 issues or provide workaround within 5 working days.; - We offer phone support, where needed to resolve the issues.; ; At extra costs, we offer:; - different levels of SLAs depending on customers' needs and circumstances.; - dedicated time with appropriate Subject Matter Expert to talk through specific support recommendations
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: All customers receive:; - Built-in guides.; - Introductory guiding videos.; ; At extra costs, and depending on the subscription the customer selected, we offer:; - dedicated time with appropriate Subject Matter Expert to talk through specific service recommendations.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
  • Other
• Other documentation formats:
  • Video
  • Online computer based training
• End-of-contract data extraction: Customer's data will be deleted at the end of the subscription. Alongside supported data export functions, any extra requests for different extraction of customer's data can be agreed with the customer throughout their active subscription provided it was received with reasonable notice.
• End-of-contract process: A renewal notice is sent to customers, otherwise the subscription ends at no additional cost, users will no longer be able to access and utilise the service, and customer's data will be deleted.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Web-based online dashboard by which various graphical user interface widgets are used to deliver the service features that customers subscribed for including analytics and reporting features.
• Accessibility standards: None or don’t know
• Description of accessibility: Users can point and click the dashboard's various widgets to interact with the service to deliver the service features. The service has been designed using user experience methodologies with ease of use and visibility in mind.
• Accessibility testing: We performed various quantitative and qualitative tests with users based on persona, pain-point, and user journey analysis.
• API: Yes
• What users can and can't do using the API: Based on customer's needs and at extra costs, APIs are available to support the service meet the customer's circumstances, these include, but not limited to:; - data input API(s); - data assessment(s); - export of results and other data items
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • PDF
  • Other
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Depending on the features and subscription the customer signed up for, the following can be customised:; - Number of systems to be assessed; - The targeted compliance profile they wish to achieve; - The advisory effort needed with a Subject Matter Expert (SME) to tailor recommendations; - The advisory effort to provide detailed impact and risk analysis on top 10 identified risks from the assessment

Scaling

• Independence of resources: Auto-scaling and load balancing are used across the system to ensure continuity of service and performance; ensuring any impact to users is eliminated or minimised. We use monitoring tools to ensure usage trends including spikes are identified and do not affect users of the service.

Analytics

• Service usage metrics: Yes
• Metrics types: At extra costs, service usage reports can be provided upon requests.
• Reporting types:
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Customers can export their data: using the service supported features the customer's subscribed to, using agreed APIs, and using bespoke methods and formats that can be agreed with the customer depending on their needs
• Data export formats:
  • CSV
  • Other
• Data import formats:
  • CSV
  • Other

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: We provide over 99.8% availability for the critical features of the services we provide.
• Approach to resilience: The system, its components, and environment are highly resilient by design, further specific information is available upon request.
• Outage reporting: We provide email alerts for any outages and/or appropriate messages in our service dashboard.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: Role based access controls are in place and support functions also along with regular monitoring for unauthorised/irregular or suspicious access.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: Between 1 month and 6 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Between 1 month and 6 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • DSPT
  • CAF
  • Other independent security assessments

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: Others include: CAF, DSPT, and CE Plus.
• Information security policies and processes: We have accredited and we adhere to a documented Information Security Policy. All data centres used to serve this service are accredited. We hold Cyber Essentials Plus Accreditation, DSPT, and we are CAF compliant. Training is conducted routinely and consistently, and security responsibilities are reflected in job descriptions. IT systems have restricted access and processes defined for system support are fully audited. We have other external independent information security risk assessment conducted regularly to ensure we regularly comply with high cyber security resilience and lower the information cyber security risks by having appropriate information security policies and processes.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: We have a dedicated in-house service team, product manager, and security officer, that are in charge of managing our approach to configuration and change management procedure. All changes can only be authorised by the security officer or product manager and must follow our documented change management process which consist of the following key stages: documentation of the change needed, plan and preparation for the change including potential security impact and backup strategy, change implementation including tracking from start to finish with rollback strategy, reinforcing the change, and finally sustaining the change.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: We have a documented vulnerability management process which consists of: governance (policy, and ownership), assessment (periodic scanning via appropriate analysis tools including periodic pen-testing or upon major change, planning and prioritising of results including actions (e.g. via patching and fixes), validating (testing before deployment as part of our CI/CD pipeline), and finally deployment (e.g. application of patches or fixes as soon as possible depending on the priority).; ; We retrieve information about potential threats from sources such as OWASP, the Cloud Security Alliance, static analysis tools and various other bulletins.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: We identify compromises via multiple methods, these include appropriate security scan results or static analysis tools. The compromise and relevant logs will be highlighted via an appropriate method e.g. automated email and collected via appropriate portal when the alerting is triggered. In the event of a compromise our Incident Management Plan will be enacted on the first day of the compromise being discovered and any third party notified in timely manner.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: We have a documented Incident Management Plan as part of our polices and processes. It covers general events and more focused areas including actions on for data loss, infringement of integrity or confidentiality and loss of availability. The plan details responsibilities, time frames, contact details, collection of evidence, key actions to be taken and other responsibilities. The incident report log will be completed and passed to the security officer to be reviewed appropriately. Relevant staff are trained within their induction/ refresher training on suspected incidents types.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Equal opportunity

  Fighting climate change

  Daintta takes its responsibility towards protecting the planet seriously. We strive to continuously reduce our impact on the environment from emissions in all scopes and other aspects such as waste. Daintta is committed to being net zero as early as possible and before 2050. Our Carbon Reduction Plan sets out our baseline greenhouse gas emissions and plans for reducing these to net zero by 2050. These plans include offsetting emissions using a certified offsetting scheme, educating staff on ways to be more energy efficient particularly when working from home. For business travel we firstly only travel when absolutely necessary and when we do, we consciously choose methods which are most environmentally friendly, this includes train travel for longer journeys and walking or cycling for more local journeys. Similarly, when working with suppliers we ensure that they follow similar environmental policies in delivering the contract. Our entire IT ecosystem is cloud based; therefore we do not require energy consuming dedicated IT hardware and server rooms.

  Covid-19 recovery

  As a company formed in the early stages of the Covid-19 pandemic Daintta knows all too well the challenges in recovering for businesses and the community. We have embraced a hybrid working environment which provides staff with the flexibility to work from whichever location works best for them, taking in to account their physical and mental health and wellbeing. This includes our own offices, local coworking spaces, client offices, home, or any other suitable location. When delivering contracts for clients and working with suppliers we operate in ways to manage and recover from the impacts of Covid-19 such as hybrid working to only travel when necessary while still supporting local businesses through trickle down effects. As part of our social value policy we have created opportunities for graduates to join the team as part of the Government Kickstarter scheme. We have also partnered with GoodWork to provide internships for people from disadvantaged background. This provides opportunities for those who have found it difficult to find employment as a result of the pandemic and due to social mobility. Through these schemes we are able to train graduates in technology and cyber security, areas recognised to be high growth and have a skills shortage.

  Equal opportunity

  Daintta is an equal opportunity employer and works hard to ensure we provide equal opportunities for everyone we employ and work with. We have a diverse workforce in terms of race, gender, sexual orientation, and disability with over half our employees being from a BAME background. Our values of being Transparent, Fair and Daring mean we take equality in to account in every decision we make as a business. We support tackling workforce inequality through our support of the Kickstarter scheme which has created employment opportunities for those who may have faced barriers to employment, and provide training and development opportunities in the high growth sector in which we operate.

Pricing

• Price: £500 to £3,500 a unit
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at commercial@daintta.com. Tell them what format you need. It will help if you say what assistive technology you use.