QualiTest Group

Security Bounty Testing

Qualitest offers a Bounty Hunting or Bounty Testing service, which delivers wide coverage and high returns, leveraging skilled ethical hackers to conduct real-time testing and provide detailed vulnerability assessments. Bounty hunting is gamified in discrete timeboxed events with rewards for identifying vulnerabilities.

Features

• Wide platform coverage: extensive testing across diverse platforms
• Skilled ethical hackers: expert professionals conducting thorough assessments
• Cyber-security crowd testing: leverage global expertise for maximum impact
• Cost-containment: access to expert talent in intensive timeboxed event
• Real-time reporting: instant feedback for rapid action
• Real-time attack scenarios: extensive coverage with managed bug bounty programs
• Customisable testing scope: tailored assessments to suit your needs
• Detailed vulnerability assessment: in-depth analysis to uncover potential weaknesses
• Secure communication channels: ensuring confidentiality and integrity
• Timely remediation guidance: detailed analysis and recommendations

Benefits

• Proactive risk mitigation: address vulnerabilities before they are exploited
• Secure: strengthens defences against cyber attacks
• Cost-effective security measures: gamified and timeboxed approach contains costs
• Rapid vulnerability identification: swift identification to address security gaps
• Licensing: ensure software complies with relevant agreements, minimising legal risks
• Regulatory: preventing potential revenue loss/fines due to breaches
• Futureproofing: establishing a robust foundation for long-term security
• Global talent access: global platform attracts cyber security experts globally
• Gamification: internal ranking and compensation for successful participants
• Pace and volume: extensive coverage quickly, identifying risks at pace

£95 a unit a day

• Education pricing available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at simon.blackmore@qualitestgroup.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

589027474948750

Contact

Simon Blackmore
07854896131
simon.blackmore@qualitestgroup.com

Planning

• Planning service: Yes
• How the planning service works: Qualitest are testing and quality assurance specialists. Our focus is on improving quality throughout the software delivery lifecycle (SDLC). We have broad and extensive experience working across all types of business change, technology and digital transformation projects including cloud.; ; We tailor our delivery approach depending on the methodology adopted by the buyer, agile, waterfall or hybrid. We provide planning services across each of these with a strong focus on quality, leveraging automation and AI, shifting left as well as focus right once deployed into live. We streamline phases of delivery, ensure appropriate quality controls and phase transition governance is in place. We support buyers in discovery, alpha, beta, live and retiring phases, covering planning, estimating, defining, designing, costing, scoping, validating, testing and reporting.; ; Key activities include problem definition, business/investment case assessment, requirements validation, solution design reviews, business/operational impact and risk assessment, test scoping, requirements traceability, functional and non-functional assessment, testing, quality assurance, integration and data flow validation, legislative and compliance testing, user and business/stakeholder acceptance, service validation, transition, and operational acceptance. We focus on cost control, reducing technology and business/operational risk, time and effort without impacting quality and using data insights to drive decision-making.
• Planning service works with specific services: No

Training

• Training service provided: No

Setup and migration

• Setup or migration service available: Yes
• How the setup or migration service works: Qualitest provides Cyber security and Penetration testing services to validate there are no security misconfigurations while migrating from on-premises to cloud or between the cloud service providers to avoid leading to security vulnerabilities. We leverage frameworks like CIS Benchmarking, NIST CSF to validate the cloud infrastructure as per best practices and identify any security misconfigurations that could lead to breach. ; ; Qualitest automates these cloud security tests as well as integrate into the Software Delivery Lifecycle (SDLC) enabling automated cloud security testing.
• Setup or migration service is for specific cloud services: No

Quality assurance and performance testing

• Quality assurance and performance testing service: Yes
• How the quality assurance and performance testing works: Qualitest is a leading Testing, Quality Assurance and Quality Engineering company. We are industry and analyst recognised providing independent quality focus.; ; We deliver end-to-end testing services, including quality assurance, functional and non-functional testing (manual and automated). We provide innovative solutions and accelerators to improve quality, reduce costs and accelerate delivery. We have reusable test asset libraries, built from experience and best practice. We have business-process and technology experts who advise buyers on the best approach to successfully deliver their transformation, reducing business and technical risk. ; ; We utilise risk-based techniques, AI and data-led insights to test what matters most to our customers, finding defects quickly, reducing effort and cost without impacting quality.; ; Our quality assurance approach provides traceability, governance, quality control and aids effective decision making. We ensure clarity across teams on quality expectations and required outcomes, using an agreed "Definition of Ready" and "Definition of Done" as we transition across test and delivery phases.; ; Our functional testing covers end-to-end business processes, integration between systems and data flows. Our non-functional testing ensures all non-functional requirements are validated and futureproofed, simulating business/operational scenarios, including stress, volume and soak testing, operational acceptance, usability, accessibility, user experience and security.

Security testing

• Security services: Yes
• Security services type:
  • Security strategy
  • Security risk management
  • Security design
  • Cyber security consultancy
  • Security testing
  • Other
• Other security services:
  • Security Controls Testing: Conducting domain specific security testing
  • QualiShield: Modular security testing framework with customised payloads
  • Shift-left Security Testing: Improve DAST coverage through functional test automation
  • Gen-AI Security Assurance: Assure against plagiarism, copyright, vulnerabilities
• Certified security testers: Yes
• Security testing certifications:
  • CREST
  • Other
• Other security testing certifications:
  • CEH (Certified Ethical Hacker)
  • OSCP (Offensive Security Certified Professional)
  • CISM (Certified Information Security Manager)
  • CISSP (Certified Information Systems Security Professional)

Ongoing support

• Ongoing support service: Yes
• Types of service supported:
  • Buyer hosting or software
  • Hosting or software provided by your organisation
  • Hosting or software provided by a third-party organisation
• How the support service works: As part of our service we may provide Qualitest's inhouse developed and hosted accelerators and tools. We may also resell and install 3rd party tools. We will maintain and support these throughout our contract. Support will not be extended beyond the contract end by default, extended support can be arranged on a case-by-case basis.

Service scope

• Service constraints: There are no constraints to our service. We can provide this service onsite and in person, or remotely from onshore or offshore locations.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Formal Service Levels are not applicable to this service. ; ; In an Agile environment our resources and management will be available on-site or online to collaborate in real time. We provide email support and escalation paths as part of our Account Management process and acknowledge within 24 hours and respond within 3 working days maximum. For online requests for support using collaboration tools our teams respond in real time. If you have specific response time requirements we will agree these with you in drafting up the Call-off Contract.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Support levels: We provide an Account Delivery Manager with a dedicated phone number and email for the engagement, and they are your Point of Contact, and you will have direct access to them. They are focused on the successful delivery of our services, and manage the governance and reporting. This will be built into the cost of the service.; ; Basic support is 8.30am to 5.30pm Monday to Friday, additional support can be arranged as needed, there may be an additional charge. Weekend cover can be provided for escalations and cutover activities on arrangement.; ; Governance and escalations are defined as a matrix which is ratified with you as the customer.

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Centre for Assessment Ltd
• ISO/IEC 27001 accreditation date: 26/07/2023
• What the ISO/IEC 27001 doesn’t cover: A.14.1.2 Securing applications services on public networks (Not Applicable, as Qualitest Group do not provide services on public networks);; A.14.1.3 Protecting application services transactions (Not Applicable, as Qualitest Group do not provide application services transactions);; A.14.2.4 Restrictions on changes to software packages (Not Applicable, as Qualitest Group do not produce or provide any software packages as a service); ; A.14.2.7 Outsourced development (Not Applicable, as Qualitest Group do not provide any Outsourced Development)
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Qualitest is committed to reducing waste, energy and water usage, and to recycling whenever possible. We encourage homeworking wherever possible, subject to our client's requirements. We leverage technology to reduce travel through online collaboration, and our expenses policy mandates the use of public transport when it is required. We have closed underutilised offices to reduce emissions and commuting. Less commuting improves air quality, reduces greenhouse emissions and the consumption of fossil fuels, while also reducing paper and single-plastic use, and office energy consumption. We provide a Cycle to Work scheme as well as an electric car hire program for our staff.; ; Qualitest Group is registered with EcoVadis. EcoVadis is a company that provides business sustainability ratings. It is known as the world's most trusted in this field. Over 1000 multinational companies work with EcoVadis to manage risks, reduce costs and drive innovation and new revenue. We currently hold the silver rating with EcoVadis. We have detailed policies and processes which outline our ESG commitments. Our Environment and Sustainability policy commits our business to: ; •Comply with all relevant environmental legislation, regulations, and approved codes of practice.; •Protect the environment by preventing and minimising our contribution to pollution of land, air, and water.; •Keep wastage to a minimum and maximise the efficient use of materials and resources.; •Manage and dispose of all waste responsible. Train our staff so that we all work in accordance with this policy and within an environmentally aware culture.; •Regularly communicate our environmental performance to our employees and other significant stakeholders.; •Develop our management processes to ensure that environmental factors are considered during planning and implementation.; •Monitor and continuously improve our environmental performance.; •Leverage our environmental impact by encouraging clients to improve their environmental performance.

  Covid-19 recovery

  Qualitest's homeworking policy (subject to our client's requirements) allows us to expand our diversity across gender and race through flexible working, encouraging an inclusive culture, and allows us to employ people in economically disadvantaged locations, including those people and regions affected by COVID.; ; We offer universal training opportunities to all our staff, with tailored development plans aligned to career aspirations and performance evaluations, promotions aligned to achievement and capability, and role rotation policies to allow everyone a chance to grow and develop.; ; We support positive mental and physical health through our Employee Assistance programme which provides 24/7 confidential support, online resources for self-help for wellbeing and links to medical resources for health concerns and access to trained wellbeing and financial councillors.; ; We support our local communities through our Charity sponsorship programs which in the UK include the Greggs Foundation Breakfast Club for schools programmes targeted at deprived areas and under-privileged children, and our Re-Engage partnership which supports old er people experiencing loneliness through social connection. All our staff also have the opportunity to get personally involved in the support of these charities.

  Tackling economic inequality

  Qualitest encourages homeworking wherever possible, subject to our client's requirements. This allows us to employ people in economically disadvantaged locations across the UK. Qualitest pays all staff above the National Living Wage. The home working also means less commuting which as well as reducing our carbon footprint also reduces the financial burden on our employees, and supports a healthy work/life balance.; ; Educational Attainment; We offer universal training opportunities to all our staff, with tailored development plans aligned to career aspirations and performance evaluations, promotions aligned to achievement and capability, and role rotation policies to allow everyone a chance to grow and develop. ; ; Fair Treatment:; Qualitest's recruitment practices and employment conditions are compliant with the five foundational principles of quality work set out in the Good Work Plan (i.e. fair pay, participation and progression, voice and autonomy). Every employee has an assigned manager with oversight and visibility of their work, and a regular feedback process with a bi-annual formalised Performance Review process linked to guided career progression, role rotation and pay progression. We hold global, regional and sector Town Halls ensuring everyone in the company has visibility of and access to the highest levels of the organisation, and a regular top-down communication and collaborative engagement from everyone through the Q&A sessions.; ; Innovation and disruptive technologies:; We have a Centre of Excellence structure dedicated to Research & Development of innovation to increase efficiency and reduce costs for our customers. We leverage AI to automate data-driven decisions and validation and generation of everything from risk assessment and requirements to test planning and deployment decisions. Our accelerators deliver measurable efficiencies, reduce cost and increase both velocity and quality.; ; Supporting our supply chain:; We have standard 30-day payment terms and target 95% of all undisputed invoices being paid within 60 days.

  Equal opportunity

  Qualitest's Diversity & Inclusion (D&I) Committee is led by our senior leadership team who define and enact our D&I Strategy. Our strategy identifies groups within our organisation and/or industry that are underrepresented and required additional support, these are:; •LGBTQ+ *; •Women **; •People of Colour (BIPOC); •People with Disabilities; •People returning to work; •Veterans ; ; Employee Resource Groups (ERGs) have their own committee, C-level Sponsor, goals and targets:; ; *Qualipride provides a safe online space for sharing of experiences without judgment, professional and personal support, and education and online resources on LGBTQ+ terminology, history and challenges. Well over 40% of our global community has participated in global or local Qualipride events.; ; **Women@Qualitest is open to women and men who wish to support their colleagues, friends and family and educate themselves through regular forums and sharing sessions. Women@Qualitest hosts external guest speakers who offer experience and advice on issues impacting women in particular and provides a safe space for sharing challenges and successes.; ; We are driving down the gender pay gap every year (in 2022 we reduced it by almost 30%) and awarding larger bonuses to our women (we saw an increase of more than 8% in 2022).; ; Every employee has access to 24/7 online training and mentorship schemes for skill attainment, an assigned manager with visibility of their work, and a regular feedback process with a bi-annual formalised Performance Review process linked to guided career progression, role rotation and pay progression.; ; We communicate our “Corporate Values” message as the Qualitest Spirit (video on our Careers page / YouTube channel). This puts into practice our group policies at every level of our organisation, building on the compulsory Learning & Development-led training.; ; We have zero tolerance towards slavery and human trafficking and our statement is on our website.

  Wellbeing

  Qualitest encourages homeworking wherever possible, subject to our client's requirements. Less commuting not only helps the environment, but reduces the financial burden on our employee and improves their work/life balance and supports their mental wellbeing.; ; We support positive mental and physical health through our Employee Assistance programme which provides 24/7 confidential support, online resources for self-help for wellbeing and links to medical resources for health concerns and access to trained wellbeing and financial councillors.; ; We provide wellbeing programs which are open to all employees, including but not limited to online yoga classes during the working day, mental health first-aiders, mental health champions, hold seminars and sharing sessions with guest speakers and training organisations, including internal management sharing their own mental health journeys and techniques. We regularly share hints and tops in bites-size communications to remind all our employees to take care of their mental health.; ; Our Cycle to Work Scheme also provides tax-efficient cycle purchase options for all staff, allowing them to increase their exercises, as well as reduce their financial burden through non-motorised travel options.

Pricing

• Price: £95 a unit a day
• Discount for educational organisations: Yes

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at simon.blackmore@qualitestgroup.com. Tell them what format you need. It will help if you say what assistive technology you use.