Cadmidium Services Ltd

Technical Assurance in the Cloud (TAC)

TAC provides comprehensive governance, project, and enduring engineering lifecycle support. Our SCIDA expertise delivers audit and engineering change management for Air/Land/Maritime services delivered using the compliant process IAW JSP 604 Leaflet 4800, applicable SI legislation and standards ensuring Confidentiality/Integrity/Availability/Resilience/Flexibility/Economy for MOD/NATO/OGD vital and sensitive systems, ICT equipment, data, and services.

Features

• Design compliance review, GFX identification & Assurance
• SCIDA qualified inspections to ensure JSP 604 Leaflet 4800
• IDA service to capture as is and future rack layout
• Provide TEMPEST Solutions to sensitive data installations
• Provide a full auditable record of change
• Engineering drawing scrutiny, for physical installation design
• Provide governance, policy, advice and guidance regarding installation standards
• Compliant installation service providing all aspects of MOD data processing
• Provide Auditing facility iaw JSP604 Leaflet 4800, Ch2 and ISO27001
• Decommissioning and disposal service – Equipment & Data

Benefits

• Confidentiality, provide advice and guidance to RADSEC requirements
• Integrity, ensuring good practices to counter any EMC
• Availability, optimising successful Configuration Management in accordance with relevant standards
• Resilience, by providing assurance to the IDA
• Flexibility, by maintaining that all documents are maintained and updated
• Economy, by ensuring spare capacity is identified and correctly utilised
• Design Assurance SMEs
• Project support, main Gate and onward to Gate 6 (HOTO)
• Auditable trail for the CyDr (DIAS)
• Provide a good level of confidence and trust

£400 to £1,000 a unit a day

• Education pricing available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at enquiries@cadmidium.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

551993974638923

Contact

Cadmidium Services
01242 861459
enquiries@cadmidium.co.uk

Planning

• Planning service: Yes
• How the planning service works: Using the TAC Accreditation support End to End process, detailed within our Service Definition Document, Cadmidium provide Planning in the form of Scoping and Design services. ; Scoping - Having a design for a cloud hosted solution is part of the journey to a successful cloud implementation. Understanding your planned environment will enable an assessment of the many threats that need to be contained and controlled with appropriate countermeasures. Our TAC service enables the correct and appropriate level of controls to be considered and applied, For example; ISO27001, National Cyber Security Centre, best practice, or specific customer requirements. ; Design - During the design process local environmental constraints are often not taken into consideration, rack face layouts may be provided but in many cases resilience from power, power requirements and space are not taken into consideration. Our TAC service assesses the design and can identify GFX requirements at an early stage to help prevent delays in delivery. During the planning phases, Cadmidium can assist in designing from the ground up or scrutinise existing designs to ensure their compliance against JSP 604 Leaflet 4800, JSP 440 and SDIP 29 where required, this is critical.
• Planning service works with specific services: No

Training

• Training service provided: No

Setup and migration

• Setup or migration service available: Yes
• How the setup or migration service works: Cadmidium have an Engineering capability which can also install new equipment to standards, any build is controlled and managed by the Cadmidium in house SCIDA capability. Cadmidium Services can also put in place the auditable controls and process necessary, so the environment is controlled through a 5-stage Engineering Change Request (ECR) process aligned to JSP 604 Leaflet 4800 and assessed for compliance. Cadmidium can control, maintain, and manage the full process and where required contribute to a stage delivery. ; When onboarding a solution into a cloud environment, it is essential that this is performed in such a way that the security of the solution or the data is not compromised. Our TAC service provides guidance on how onboarding into cloud environments can be achieved securely and can also produce the required supporting policy and procedures. ; Installations must comply to certain laws and regulations, as well as specific governmental department policy. Our TAC service provides guidance and assesses solutions to ensure that all appropriate IT regulations, laws and governmental department policy are adhered to thereby providing a secure solution that meets governmental department requirements.
• Setup or migration service is for specific cloud services: No

Quality assurance and performance testing

• Quality assurance and performance testing service: Yes
• How the quality assurance and performance testing works: To ensure Cloud environments are managed and maintained regular inspections should be scheduled and planned & updated on an annual basis. The inspection regime will ensure continued conformance with standards. Inspections should take place whenever there is a change and regular inspections will identify any unauthorised change. Cadmidium can also provide a full report following any inspection and where necessary a Remedial Action Plan (RAP) will be put into place.; Cadmidium can supply ISO 27001 Auditing, it is important that an organisations Information Security Management System (ISMS) is aligned with information security best practice. This can be assessed by determining the ISMS compliance to ISO 27001. Our service can audit ISMS’s to determine if it is compliant with ISO 27001 and to highlight areas needing attention, as well as recommending appropriate remediation activities, to improve the ISMS.; Within all work conducted by Cadmidium robust processes are followed which are ISO 9001:2015 certified, this ensures high quality outputs and successful delivery to our customers.

Security testing

• Security services: Yes
• Security services type:
  • Security strategy
  • Security risk management
  • Security design
  • Cyber security consultancy
  • Security testing
  • Security incident management
  • Security audit services
• Certified security testers: Yes
• Security testing certifications:
  • CHECK
  • CREST
  • Tigerscheme

Ongoing support

• Ongoing support service: No

Service scope

• Service constraints: The service is most successful if coupled with the client’s internal technical capability and business expertise. The customer should also consider and note any third parties involved with new deliveries relevant to the engagement scope. This may require non-disclosure or other commercial agreements for these parties to be engaged in an effective and collaborative way.

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: Dependant on the Service Level Agreement and Level of Support required, this can be analysed and agreed by both parties when requirements are established.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Support levels: Service Level Agreements and Level of Support can be analysed and agreed by both parties when requirements are established.

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: British Assessment Bureau Ltd
• ISO/IEC 27001 accreditation date: 24/08/2023
• What the ISO/IEC 27001 doesn’t cover: Access to Source code, Use of privileged utility programs, Segregation of networks, Secure coding, Outsourced development.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: Facility Security Clearance

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  We adopted home working for all of our employees using Office 365 teams and hosted our diverse IT services in a carbon neutral data centre, having closed down our CO2 producing server farm. We then started to monitor our CO2 usage, reducing our CO2 from 2500KG per month to less than 300KG. Striving for more improvement, we stood up an internal project, which looked at a range of objectives to become Carbon Neutral by April 2022, which we have now achieved by partnering with Forest Carbon to offset our current CO2 and future CO2 production.

  Covid-19 recovery

  In the early stages of Covid, we moved offices to South Glamorgan, Wales, as our previous offices were incapable of Covid security Analysis identified areas of Wales had higher than average unemployment yet contained a breadth of highly capable talent. Having established our Cyber and Software / Engineering facilities, recruitment has been successful within these areas by finding local people who otherwise may have been on furlough or unemployed.

  Equal opportunity

  We are proud to be a Silver Member of the Armed Forces Covenant supporting ex-military personnel who have been injured or disabled during their military services.

  Wellbeing

  Cadmidium strive to provide our workforce with a balanced work / home life. Cadmidium has had a wellbeing function which was established in 2018, which has provided support for a range of things. Our Wellbeing function includes internal members who are first aid trained for mental health. Since moving to home working due to Covid-19, our wellbeing officer is responsible for ensuring working practices / work life balance harmonise ensuring overall wellbeing. During Covid 19 our wellbeing officer maintained regular contact with all employees, prioritising those who were living alone (working from home) and or isolating.

Pricing

• Price: £400 to £1,000 a unit a day
• Discount for educational organisations: Yes

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at enquiries@cadmidium.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.