Deloitte LLP

Cyber Strategy, Governance and Risk Management

Deloitte provides cloud security strategy and governance services that enable clients to achieve their corporate strategic objectives. We support the development of governance structures that drive the delivery of the cloud security programme to keep pace with the rapidly evolving threat landscape, understanding, managing and minimising their risk exposure.

Features

• Deloitte’s Cyber Strategy Framework (CSF), delivered through an online portal.
• Customisable online platform to align governance with industry standards.
• Implementation of cyber risk management frameworks & standards e.g. ISO27017.
• Risk assessments aligned to organisational risk appetite, including insider threat.
• Mobilisation, management and delivery of Cyber Transformation Programmes.
• Design and delivery of bespoke Cyber Target Operating Models.
• Development of Security Policies & Standards across IT and OT.
• Development of Cyber Security Metrics & Reporting.
• Cyber Risk Culture & Behaviour guidance, training and delivery.
• Development of GDPR and NIS Directive strategies and programmes.

Benefits

• Enables organisations to monitor/report on cyber risk & act promptly.
• Allows organisations to make risk informed decisions.
• Empowers executives to improve decision-making via streamlined information feeds.
• Provides a structured approach to improving cyber security and resilience.
• Enables clients to assess the level of insider threat faced.
• Guides clients on achieving, assessing, and delivering compliance programmes.
• Educates users, changes behaviours, creates a culture of security awareness.
• Expertise from the UK’s market leading cyber security consultancy (Gartner).

£450 a unit a day

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at publicsectorbidteam@deloitte.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

556467385751788

Contact

Donna Farrell
0207 303 0913
publicsectorbidteam@deloitte.co.uk

Planning

• Planning service: Yes
• How the planning service works: We understand what it takes to make cloud security successful. We help plan and deliver our cloud security services with user needs at the core, with clear routes to business benefits, and with known strategies for scaling up and maintaining an enterprise level solution. We follow the Service Standard, enhancing it with our experience in adjacent areas like business planning and organisation design. We plan with some or all of the following activities:; • Validating policy, operational and financial goals, and refining the business case; • Completing a Discovery to identify user needs, dependencies and solution options; • Completing an Alpha product to prove the concept for the solution, flush out more detailed requirements and identify operating model implications; • Planning and delivering an MVP as a Beta product, aiming for known outcomes; • Planning and delivering a Live product that is continuously improved over time ; ; Our planning takes account of:; • Security architecture and cyber threats; • Technical and technology analysis, design, build and test; • Resource requirements and availability; • Dependencies on third parties and legacy systems; • Organisational constraints and opportunities; • Policy/legal constraints; • User research and user testing strategies; • Service assessment and governance needs
• Planning service works with specific services: No

Training

• Training service provided: Yes
• How the training service works: Training available for all services.
• Training is tied to specific services: No

Setup and migration

• Setup or migration service available: Yes
• How the setup or migration service works: Our service helps buyers adopt cyber governance solutions in the cloud, and move from existing services (either cloud or non-cloud) onto cyber governance cloud solutions. We support buyers with:; • Selecting appropriate cloud products and modules to meet their business needs; • Business migration planning (e.g. support models, user needs); • Data migration planning (e.g. master data strategy, migration planning and execution); • Technical planning (e.g. solution architecture design and validation); • Security planning (e.g. data residency, information governance, security architecture, cyber threat vector analysis)
• Setup or migration service is for specific cloud services: No

Quality assurance and performance testing

• Quality assurance and performance testing service: Yes
• How the quality assurance and performance testing works: Our service helps buyers deliver high quality solutions. This includes:; • Quality assurance of plans, designs, architectures and solutions; • Providing delivery management expertise to mitigate implementation risk; • Providing technical and business expertise for high quality “right first time” services; • Defining agile delivery strategies that bake quality in; • Designing and delivering performance testing for services during design, build and release (at Alpha, Beta and Live phases)

Security testing

• Security services: Yes
• Security services type:
  • Security strategy
  • Security risk management
  • Security design
  • Cyber security consultancy
  • Security testing
  • Security incident management
  • Security audit services
• Certified security testers: Yes
• Security testing certifications:
  • GBEST
  • CHECK
  • CREST
  • Other
• Other security testing certifications:
  • TIBER-EU
  • ICAST
  • CREST Certified Simulated Attack Manager (CCSAM)
  • CREST Certified Simulated Attack Specialist (CCSAS)
  • CREST Certified Tester (CCT) (APP)
  • CREST Certified Tester (CCT) (INF)
  • CREST Practitioner Security Analyst (CPSA)
  • CREST Registered Tester (CRT)
  • Offensive Security Certified Expert (OCSE)
  • Offensive Security Certified Professional (OSCP)

Ongoing support

• Ongoing support service: Yes
• Types of service supported: Hosting or software provided by your organisation
• How the support service works: We provide support for services that we have built and implemented. The exact scope of support services is agreed on a case-by-case basis to match buyer needs, and can include:; ; • First line support for users; • Second or third line support for users; • Ticket tracking and resolution; • Continuous delivery of bug fixes and enhancements; • Monitoring of user feedback, and maintenance of a backlog of enhancement/improvement needs; • Continuous improvement services to address further needs

Service scope

• Service constraints: N/A

User support

• Email or online ticketing support: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), 7 days a week
• Web chat support: No
• Support levels: We can offer different support levels based on the service requirement. We would agree this with the client at the time of order. Cost may be in accordance with our rate card/pricing document.

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI Assurance UK Limited
• ISO/IEC 27001 accreditation date: 01/04/2022
• What the ISO/IEC 27001 doesn’t cover: The scope of the Information Security Management System is limited to the scope of Deloitte LLP and its subsidiaries in the UK, Gibraltar, Switzerland and Liechtenstein.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Deloitte is committed to delivering effective stewardship of the natural environment both with our clients and within communities. We do this through our methodologies, how we run projects, how we work in partnership with our Social Value Delivery Partners and how we think about the future direction of our business. Specific action we would take to support a client with this theme would depend on the scale and scope of the engagement, the Social Value Model Award Criteria (MACs) deemed relevant to the contract, and the locality/beneficiaries/communities we are targeting. ; Each engagement will be designed as an impact led service, with Social Value run as a workstream in parallel with the core phases/deliverables of the contract. A Social Value Lead will be assigned to each engagement to agree KPIs and oversee progress and delivery of commitments.; We have infrastructure in place to deliver against this theme. Our Social Value Team manages our ecosystem of Social Value Delivery Partners, and shapes our commitments for delivering additional environmental benefits and influencing environmental improvement and protection. This is done in collaboration with our WorldClimate team, Responsible Business team and Net Zero Transformation, Strategy and Innovation Team.; Our WorldClimate strategy focuses on four objectives where we can make the biggest impact: achieving Net Zero by 2030: Operating Green; empowering individuals through education and sustainability challenges/tools; and engaging ecosystems by collaborating with our clients, alliance partners, NGOs, industry groups, suppliers, and others to address climate change at a systems and operations level.; Our engagement teams can undertake volunteering activities with our climate related Social Value Delivery Partners as social value commitments, contributing to habitat creation and increasing biodiversity (e.g. WWT, WDC). We also have partnerships where we can co-design commitments around green skills, green jobs and carbon literacy.

  Covid-19 recovery

  Deloitte is committed to integrating the five Social Value (SV) themes within the UK Government’s SV Model into engagements through our methodologies, how we run projects, how we work in partnership with other organisations and how we think about the future direction of our business. Specific action we would take to support a client with this theme would depend on the scale and scope of the engagement, the SV Model Award Criteria (MACs) deemed relevant to the contract, and the locality/beneficiaries/communities we are targeting. ; Each engagement will be designed as an impact led service, with Social Value run as a workstream in parallel with the core phases/deliverables of the contract. A Social Value Lead will be assigned to each engagement to agree KPIs and oversee progress and delivery of SV commitments.; Our dedicated SV Team provides the bidding and governance infrastructure to deliver against all 5 themes. The team manages our ecosystem of SV delivery partners, shapes our commitments, promotes good practice, and monitors delivery/impact for our clients to ensure the policy outcomes are met. ; Via our social impact strategy, 5 Million Futures (5MF), we also have access to a broad range of societal partners across 24 geographies in the UK, 16 nationwide partnerships and 34 partnerships with schools. The priority areas within our strategy are digital skills, education and employability, with inclusion at their core. The Strategy focuses the firm's resources and efforts on addressing inequality, helping people/communities to develop job skills and recover from the impact of the Covid-19 pandemic, improve educational outcomes and access opportunities to succeed in this rapidly changing economy. We have also co-developed a range of products and services with our 30+ Social Value Delivery Partners, enabling us to deliver a range of activities specific to an engagement.

  Tackling economic inequality

  Deloitte is committed to integrating the five Social Value (SV) themes within the UK Government’s SV Model into engagements through our methodologies, how we run projects, how we work in partnership with other organisations and how we think about the future direction of our business. Specific action we would take to support a client with this theme would depend on the scale and scope of the engagement, the SV Model Award Criteria (MACs) deemed relevant to the contract, and the locality/beneficiaries/communities we are targeting. ; Each engagement will be designed as an impact led service, with Social Value run as a workstream in parallel with the core phases/deliverables of the contract. A Social Value Lead will be assigned to each engagement to agree KPIs and oversee progress and delivery of SV commitments.; Our dedicated SV Team provides the bidding and governance infrastructure to deliver against all 5 themes. The team manages our ecosystem of SV delivery partners, shapes our commitments, promotes good practice, and monitors delivery/impact for our clients to ensure the policy outcomes are met. ; Via our social impact strategy, 5 Million Futures (5MF), we also have access to a broad range of societal partners across 24 geographies in the UK, 16 nationwide partnerships and 34 partnerships with schools. The priority areas within our strategy are digital skills, education and employability, with inclusion at their core. The Strategy focuses the firm's resources and efforts on addressing inequality, helping people/communities to develop job skills and recover from the impact of the Covid-19 pandemic, improve educational outcomes and access opportunities to succeed in this rapidly changing economy. We have also co-developed a range of products and services with our 30+ Social Value Delivery Partners, enabling us to deliver a range of activities specific to an engagement.

  Equal opportunity

  Deloitte is committed to integrating the five Social Value (SV) themes within the UK Government’s SV Model into engagements through our methodologies, how we run projects, how we work in partnership with other organisations and how we think about the future direction of our business. Specific action we would take to support a client with this theme would depend on the scale and scope of the engagement, the SV Model Award Criteria (MACs) deemed relevant to the contract, and the locality/beneficiaries/communities we are targeting. ; Each engagement will be designed as an impact led service, with Social Value run as a workstream in parallel with the core phases/deliverables of the contract. A Social Value Lead will be assigned to each engagement to agree KPIs and oversee progress and delivery of SV commitments.; Our dedicated SV Team provides the bidding and governance infrastructure to deliver against all 5 themes. The team manages our ecosystem of SV delivery partners, shapes our commitments, promotes good practice, and monitors delivery/impact for our clients to ensure the policy outcomes are met. ; Via our social impact strategy, 5 Million Futures (5MF), we also have access to a broad range of societal partners across 24 geographies in the UK, 16 nationwide partnerships and 34 partnerships with schools. The priority areas within our strategy are digital skills, education and employability, with inclusion at their core. The Strategy focuses the firm's resources and efforts on addressing inequality, helping people/communities to develop job skills and recover from the impact of the Covid-19 pandemic, improve educational outcomes and access opportunities to succeed in this rapidly changing economy. We have also co-developed a range of products and services with our 30+ Social Value Delivery Partners, enabling us to deliver a range of activities specific to an engagement.

  Wellbeing

  Deloitte is committed to integrating the five Social Value (SV) themes within the UK Government’s SV Model into engagements through our methodologies, how we run projects, how we work in partnership with other organisations and how we think about the future direction of our business. Specific action we would take to support a client with the wellbeing theme would depend on the scale and scope of the engagement, the SV Model Award Criteria (MACs) deemed relevant to the contract, and the locality/beneficiaries/ communities we are targeting. ; Each engagement will be designed as an impact led service, with Social Value run as a workstream in parallel with the core phases/deliverables of the contract. A Social Value Lead will be assigned to an engagement to agree KPIs and oversee progress and delivery of SV commitments.; Our dedicated Social Value Team provides the bidding and governance infrastructure to support engagement teams. The team manages our ecosystem of Social Value Delivery Partners, shapes our commitments, promotes good practice, and monitors delivery/impact for our clients to ensure the policy outcomes of improving the health and wellbeing within the contract workforce and community cohesion are met. ; We have an extensive programme of wellbeing initiatives, tools and events to support our contract workforce. Our Future of Wellbeing team also specialises in wellbeing impact measurement, strategy, and culture, and can work with clients on improving these areas in their organisation. Their methodology is informed by best practice from around the world (e.g. CIPD, COMB-model of behaviour change, World Happiness Report, BSI ISO 45003, Thriving at work standards Stevenson/Farmer, City Mental Health Alliance).

Pricing

• Price: £450 a unit a day
• Discount for educational organisations: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at publicsectorbidteam@deloitte.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.