Skip to main content

Help us improve the Digital Marketplace - send your feedback

DAINTTA LTD

CyINTer

CyINTer is a cyber-security resilience management service. It is an AI-based innovative capability that develops holistic cyber-security, risks, and resilience insights. It empowers organisations to deliver their strategic objectives whilst meeting cyber-security obligations. It takes organisation's unique situation, aligns it with government-standards and tailors insights to individual responsibilities and accountabilities.

Features

  • Communicate cyber security and resilience against government approved standards
  • Compare and benchmark cyber-resilience against peers, industry and the changing-threat-landscape
  • Contain the cyber-security impact by recommending prioritised risks and mitigations
  • AI-based innovative capability that develops holistic cyber-security resilience insights
  • Obtain rapid cyber-resilience-insights using self-assessment top-down compliance and risk analysis
  • A single-view articulating the organisation's cyber-risks, insights, and resilience
  • Aggregation capability per organisation across multiple assessments and systems
  • SME advisory to tailor cyber-risks, insights, and resilience recommendations
  • Detailed impact and analysis to critical identified risks from assessment

Benefits

  • Empowers organisations to deliver strategic objectives whilst meeting cyber-security-obligations
  • Empowers stakeholders to articulate cyber-security risk, regardless of their role
  • Maintains organisations' competitive advantage in an evolving threat landscape
  • Focuses investment where it has the greatest impact on cyber-resilience
  • Manages cyber-resilience by alignment of organisation's unique-situation with government standards
  • Tailors cyber-resilience insights to individual responsibilities and accountabilities
  • Enables data-driven decision making at different governance levels within organisations

Pricing

£500 to £3,500 a unit

  • Education pricing available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at commercial@daintta.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

5 3 5 5 3 2 7 1 4 9 1 4 9 3 2

Contact

DAINTTA LTD Daintta Commercial Team
Telephone: 07484261888
Email: commercial@daintta.com

Service scope

Software add-on or extension
No
Cloud deployment model
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
Service constraints
Planned and scheduled maintenance and business continuity testing, that are always conducted in collaboration with our customers and aligned with SLAs.
System requirements
  • Internet access
  • Modern and up to date web browser on a desktop/laptop

User support

Email or online ticketing support
Email or online ticketing
Support response times
Typically response within 2 working days. At extra cost, we offer different response SLA covers to customers based on their requests and needs.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
The offering of our standard support is:
- UK based.
- Via email with response within 2 working days.
- Reasonable endeavour to resolve 80% of Priority 1 issues or provide workaround within 5 working days.
- We offer phone support, where needed to resolve the issues.

At extra costs, we offer:
- different levels of SLAs depending on customers' needs and circumstances.
- dedicated time with appropriate Subject Matter Expert to talk through specific support recommendations
Support available to third parties
Yes

Onboarding and offboarding

Getting started
All customers receive:
- Built-in guides.
- Introductory guiding videos.

At extra costs, and depending on the subscription the customer selected, we offer:
- dedicated time with appropriate Subject Matter Expert to talk through specific service recommendations.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
  • Other
Other documentation formats
  • Video
  • Online computer based training
End-of-contract data extraction
Customer's data will be deleted at the end of the subscription. Alongside supported data export functions, any extra requests for different extraction of customer's data can be agreed with the customer throughout their active subscription provided it was received with reasonable notice.
End-of-contract process
A renewal notice is sent to customers, otherwise the subscription ends at no additional cost, users will no longer be able to access and utilise the service, and customer's data will be deleted.

Using the service

Web browser interface
Yes
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
Application to install
No
Designed for use on mobile devices
No
Service interface
Yes
User support accessibility
None or don’t know
Description of service interface
Web-based online dashboard by which various graphical user interface widgets are used to deliver the service features that customers subscribed for including analytics and reporting features.
Accessibility standards
None or don’t know
Description of accessibility
Users can point and click the dashboard's various widgets to interact with the service to deliver the service features. The service has been designed using user experience methodologies with ease of use and visibility in mind.
Accessibility testing
We performed various quantitative and qualitative tests with users based on persona, pain-point, and user journey analysis.
API
Yes
What users can and can't do using the API
Based on customer's needs and at extra costs, APIs are available to support the service meet the customer's circumstances, these include, but not limited to:
- data input API(s)
- data assessment(s)
- export of results and other data items
API documentation
Yes
API documentation formats
  • Open API (also known as Swagger)
  • PDF
  • Other
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
Depending on the features and subscription the customer signed up for, the following can be customised:
- Number of systems to be assessed
- The targeted compliance profile they wish to achieve
- The advisory effort needed with a Subject Matter Expert (SME) to tailor recommendations
- The advisory effort to provide detailed impact and risk analysis on top 10 identified risks from the assessment

Scaling

Independence of resources
Auto-scaling and load balancing are used across the system to ensure continuity of service and performance; ensuring any impact to users is eliminated or minimised. We use monitoring tools to ensure usage trends including spikes are identified and do not affect users of the service.

Analytics

Service usage metrics
Yes
Metrics types
At extra costs, service usage reports can be provided upon requests.
Reporting types
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2019
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Customers can export their data: using the service supported features the customer's subscribed to, using agreed APIs, and using bespoke methods and formats that can be agreed with the customer depending on their needs
Data export formats
  • CSV
  • Other
Data import formats
  • CSV
  • Other

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
We provide over 99.8% availability for the critical features of the services we provide.
Approach to resilience
The system, its components, and environment are highly resilient by design, further specific information is available upon request.
Outage reporting
We provide email alerts for any outages and/or appropriate messages in our service dashboard.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels
Role based access controls are in place and support functions also along with regular monitoring for unauthorised/irregular or suspicious access.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
Between 1 month and 6 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
Between 1 month and 6 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
Yes
Other security certifications
Yes
Any other security certifications
  • DSPT
  • CAF
  • Other independent security assessments

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
Other
Other security governance standards
Others include: CAF, DSPT, and CE Plus.
Information security policies and processes
We have accredited and we adhere to a documented Information Security Policy. All data centres used to serve this service are accredited. We hold Cyber Essentials Plus Accreditation, DSPT, and we are CAF compliant. Training is conducted routinely and consistently, and security responsibilities are reflected in job descriptions. IT systems have restricted access and processes defined for system support are fully audited. We have other external independent information security risk assessment conducted regularly to ensure we regularly comply with high cyber security resilience and lower the information cyber security risks by having appropriate information security policies and processes.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
We have a dedicated in-house service team, product manager, and security officer, that are in charge of managing our approach to configuration and change management procedure. All changes can only be authorised by the security officer or product manager and must follow our documented change management process which consist of the following key stages: documentation of the change needed, plan and preparation for the change including potential security impact and backup strategy, change implementation including tracking from start to finish with rollback strategy, reinforcing the change, and finally sustaining the change.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
We have a documented vulnerability management process which consists of: governance (policy, and ownership), assessment (periodic scanning via appropriate analysis tools including periodic pen-testing or upon major change, planning and prioritising of results including actions (e.g. via patching and fixes), validating (testing before deployment as part of our CI/CD pipeline), and finally deployment (e.g. application of patches or fixes as soon as possible depending on the priority).

We retrieve information about potential threats from sources such as OWASP, the Cloud Security Alliance, static analysis tools and various other bulletins.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
We identify compromises via multiple methods, these include appropriate security scan results or static analysis tools. The compromise and relevant logs will be highlighted via an appropriate method e.g. automated email and collected via appropriate portal when the alerting is triggered. In the event of a compromise our Incident Management Plan will be enacted on the first day of the compromise being discovered and any third party notified in timely manner.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
We have a documented Incident Management Plan as part of our polices and processes. It covers general events and more focused areas including actions on for data loss, infringement of integrity or confidentiality and loss of availability. The plan details responsibilities, time frames, contact details, collection of evidence, key actions to be taken and other responsibilities. The incident report log will be completed and passed to the security officer to be reviewed appropriately. Relevant staff are trained within their induction/ refresher training on suspected incidents types.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Social Value

Social Value

Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Equal opportunity

Fighting climate change

Daintta takes its responsibility towards protecting the planet seriously. We strive to continuously reduce our impact on the environment from emissions in all scopes and other aspects such as waste. Daintta is committed to being net zero as early as possible and before 2050. Our Carbon Reduction Plan sets out our baseline greenhouse gas emissions and plans for reducing these to net zero by 2050. These plans include offsetting emissions using a certified offsetting scheme, educating staff on ways to be more energy efficient particularly when working from home. For business travel we firstly only travel when absolutely necessary and when we do, we consciously choose methods which are most environmentally friendly, this includes train travel for longer journeys and walking or cycling for more local journeys. Similarly, when working with suppliers we ensure that they follow similar environmental policies in delivering the contract. Our entire IT ecosystem is cloud based; therefore we do not require energy consuming dedicated IT hardware and server rooms.

Covid-19 recovery

As a company formed in the early stages of the Covid-19 pandemic Daintta knows all too well the challenges in recovering for businesses and the community. We have embraced a hybrid working environment which provides staff with the flexibility to work from whichever location works best for them, taking in to account their physical and mental health and wellbeing. This includes our own offices, local coworking spaces, client offices, home, or any other suitable location. When delivering contracts for clients and working with suppliers we operate in ways to manage and recover from the impacts of Covid-19 such as hybrid working to only travel when necessary while still supporting local businesses through trickle down effects. As part of our social value policy we have created opportunities for graduates to join the team as part of the Government Kickstarter scheme. We have also partnered with GoodWork to provide internships for people from disadvantaged background. This provides opportunities for those who have found it difficult to find employment as a result of the pandemic and due to social mobility. Through these schemes we are able to train graduates in technology and cyber security, areas recognised to be high growth and have a skills shortage.

Equal opportunity

Daintta is an equal opportunity employer and works hard to ensure we provide equal opportunities for everyone we employ and work with. We have a diverse workforce in terms of race, gender, sexual orientation, and disability with over half our employees being from a BAME background. Our values of being Transparent, Fair and Daring mean we take equality in to account in every decision we make as a business. We support tackling workforce inequality through our support of the Kickstarter scheme which has created employment opportunities for those who may have faced barriers to employment, and provide training and development opportunities in the high growth sector in which we operate.

Pricing

Price
£500 to £3,500 a unit
Discount for educational organisations
Yes
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at commercial@daintta.com. Tell them what format you need. It will help if you say what assistive technology you use.