Cisilion Limited

Cloud SASE Service

Cisilion provide customers with a range of services including cloud consultancy, professional services and ongoing support or managed services for the deployment and support of SASE solution based on Cloud Security (Unbrella), Zero Trust Network Access (Duo), SD-WAN (Meraki) and Observability (Thousand Eyes)

Features

• Design and commissioning of SASE solution, combining Cloud Security,
• Zero Trust, network access, SD-WAN and Observability via Thousand Eyes.
• Full UK based 24/7/365 monitoring and management via Cisilion
• cloud management
• Visibility of solution availability and performance via dashboard
• Secure and customised portal to log, view and track incidents
• Access to Cisilion’s Cisco engineers
• Access to Cisco Support via our escalation process
• Response Based SLA with P1 Response within 15 minutes
• Includes Change Enablement, Service requests, feature and release management

Benefits

• Turnkey project to realise the SASE benefits
• Pre-Defined and customisable SLAs to meet your business needs
• Secure online support portal to log, view and track tickets
• Compliments, extends or replaces your internal support team
• P1 call response within 15 minutes
• Access to Cisco Certified Professionals
• Access to Cisco Eco-System Experts
• Single Point of Ownership with Eco-System Vendor Escalation
• Cloud Adoption Analysis and Reporting
• Regular Service reports and service review meetings

£1 to £4 a user a month

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at drichardson@cisilion.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

596698698666603

Contact

Debbie Richardson
01372 201145
drichardson@cisilion.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Hybrid cloud
• Service constraints: None
• System requirements: No specific system requirements

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: P1 will be responded to immediately when logged by phone as recommend
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 A
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Platinum -24x7 for P1; 24x5 for P2/P3, Dedicated Technical Account Manager; Gold -24x7 for P1; 24x5 for P2/P3, and 24 x7 Global Support; Basic 24 x5 Email Support ; ; In addition Cisilion will provide a dedicated account team which includes, Account Director and Service Delivery Manager
• Support available to third parties: No

Onboarding and offboarding

• Getting started: As part of the on boarding service Cisilion provide installation, commissioning , user adoption and training services to ensure the customer has full understanding of the provided Cloud SASE Service . A service delivery manager is assigned to the customer as part of the on going program and continual improvement exercise. Customer employees are also invited to the Cisilion success hub where more formal classroom based training can be provided.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • ODF
  • PDF
• End-of-contract data extraction: As part of our Exit management strategy Cisilion is committed to run a series of workshops with the customer during the transition phase in order to define an acceptable exit strategy for the customer. Based on the results of the workshops Cisilion will provide an exit plan which will define as a minimum:  Separate mechanisms for dealing with Ordinary and Emergency exits;  The management structure to be deployed during both transfer and cessation of the services;  A detailed description of both the transfer and cessation processes including timetables;  Description of how the service to be transferred to/from an existing/replacement contractor;  Description of the legal and financial issues;  Termination obligations, etc. The guiding principle of the plan is to ensure a smooth transfer of whole or part of the services as appropriate, which minimises risk to service continuity throughout the exit period.
• End-of-contract process: Cisilion would intend to develop the Exit plan with the customer to an agreed final version three months after contract start date. The plan will be reviewed at six monthly intervals thereafter to ensure it remains current to the prevailing service operations. Upon invocation of the handover period we would appoint a Project Manager to manage the Exit Plan through to its successful completion. This individual would also secure the required project resources and liaise with the customer and a successor service provider on all relevant aspects of the plan’s execution. This is included in the project costs.

Using the service

• Web browser interface: No
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: None
• Service interface: No
• User support accessibility: WCAG 2.1 A
• API: No
• Customisation available: Yes
• Description of customisation: Each customer has their own management portal, through which they can configure their organisation's security policies. Global policies can be set for standard users, with exceptions applied to groups of users, such as security officers. Bypass codes can be configured for special users. Block pages can be customised / branded. Full reporting engine is available to report on activity per user / device / group etc. Users cannot bypass the secure DNS service once deployed to their device, which ensures protection whilst off the corporate network or outside of a corporate VPN

Scaling

• Independence of resources: Cisco public hosted cloud service with 100% uptime over the last 5 years. Fully scalable to millions of users without any impact on service performance.

Analytics

• Service usage metrics: Yes
• Metrics types: Full reporting engine on end user devices, by user, device, group, location. Full reports on security activity by threat, location, type.
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Organisation whose services are being resold Cisco

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Within a Web Portal
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: IPsec or TLS VPN gateway
• Data protection within supplier network: IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: 100% service availability
• Approach to resilience: Resilient routing to resilient Cisco public cloud data centres
• Outage reporting: Email alerts and a public dashboard.

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: IP restrictions, two factor authentication of approved users and protective monitoring/logging
• Access restriction testing frequency: At least every 6 months
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users receive audit information on a regular basis
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users receive audit information on a regular basis
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: The British Assessment Bureau
• ISO/IEC 27001 accreditation date: 19/08/16
• What the ISO/IEC 27001 doesn’t cover: Everything is covered under the IT Systems Integrator certification.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: ISO9001

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Cisilion are ISO27001 accredited .

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All our services are aligned to the best practices set out in ITILv3 for key activities such as Change management for resolution of incidents, problems, service requests and changes. Where a change is identified, the change must documented with the reason , any known implications including security impacts, and any proposed times for the change . Changes are reviewed prior to implementation to ensure their awareness of the potential change. The potential change is then approved and the change can be made. Cisilion will work with the customer to determine the optimal time for change, scheduled maintenance and support operations.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Cisilion are notified about vulnerability patches when they are released by the vendors, we also subscribe to forums that provide information about potential vulnerabilities in the systems and services that we use. These are analysed and, where necessary, verified by our Infrastructure Team. Once a manufacturer releases a patch this will be deployed to the live environment as soon as possible .
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Cisco manage their end to end service for protective monitoring.; ; As part of Cisilion ISO 27001 certification we follow the method of identifying potential security issues through penetration testing, which is undertaken both internally and, where appropriate, through approved third parties. When a potential compromise in the security of our systems and network is identified we investigate asap and provide a solution to the issue. If as a result of the tests it is determined that an actual incident has occurred, our incident management protocols commence immediately upon discovery, to enable rectification as soon as possible.
• Incident management type: Supplier-defined controls
• Incident management approach: Cisco manage the end to end Incident Management approach; In addition the customer can utilise their Cisilion Service desk as interface into Cisco.; Incidents can be logged with either , phone, email or online. Once a call has been logged with Cisilion a ticket number is issued, the calls with be managed in line with the agreed SLAs. Customers can track progress by phone, e-mailing, or online customer Portal. All incident reports will be available on the online portal or requested from the customer Service Delivery Manager

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  We continually strive to reduce our carbon impact year on year, initiating additional projects and activities that will further reduce our impact locally and globally, and contribute towards global UN carbon offsetting initiatives. Our commitment to the environment extends to our customers, our communities, our employees, our suppliers and other countries in which we operate. Our Carbon Reduction Plan is based upon the following principles: 1. Comply with, and exceed where practicable, all applicable legislation, regulations and codes of practice; 2. Integrate environmental and sustainability considerations into all our business decisions; 3. Endeavor to reduce our environmental impact year on year; 4. Ensure that all employees are fully aware of our Environmental and Sustainability Policy; 5. Ensure all employees are committed to implementing and improving our policy; 6. Ensure clients and suppliers are aware of our Environmental and Sustainability Policy, and encourage them to adopt sound sustainable management practices; 7. To review, annually report, and to continually strive to improve our environmental and sustainability performance. 2. Commitment • Cisilion are committed to reducing our impact on the environment and to achieving our goal of becoming net zero by 2050. • We will partner with Ecologi, a Carbon Avoidance organization. • We will plant 7,500 trees throughout Financial Year 2024 (“FY24”).

  Covid-19 recovery

  Cisilion External Statement Cisilion are closely monitoring the developments both at home, and around the globe with respect to the COVID-19 outbreak. In addition to our commitments to supporting our customers, Cisilion views as one of its highest priorities the health and wellbeing of its employees. Because of this, we have a clear business continuity plan and sickness procedure which the Company will continue to adopt in the pandemic situation, following the World Health Organisation (WHO) pandemic level definitions for triggering our response. In accordance with government guidelines issued on the 23 of March, and previously as the situation developed, we have initiated a program where our employees are able to continue to work from home in isolation. The measures that we have taken are designed to ensure that there is the minimum of disruption to services to our customers as well as minimising the risk to our staff at this difficult time. We ask our customers to understand that despite this, there is an increase in demand on parts of our services. We are prioritising the support of our customers with services which are vital to the efforts to contain the pandemic. This may mean that there could be some minor delays in responding to issues and project work, although we are working to keep this to a minimum. Due to the current situation with enforced social distancing, project and engineering work requiring site visits, is having to be risk assessed on a case by case basis. Our own infrastructure which is used to support our clients continues to operate as normal. As a flexible organisation, all internal systems are accessible to our employees from remote locations. We have facilities in place already to ensure all employees have the equipment needed, to work from alternative locations seamlessly.

  Tackling economic inequality

  Learning and development plays a huge part in Cisilion’s culture. This includes our induction and awareness training, as well as creating platforms for unlearning and unconscious bias. Cisilion conduct all learning and development via LearnAmp, our online Learning Management System. As part of our induction process, we include Diversity and Inclusion Training, along with enhanced Grievance procedure outlines and Anti-Harassment training. Employees are then required to complete refresher training every 6 months. Diversity and inclusion play a key role in Cisilion’s core business objectives and values. Cisilion recognise that as a Company, more can be done to improve our diversity and inclusion practices and this will continue to be a working directive through the organisation, to support underrepresented groups. The recruitment teamwork within our People function at Cisilion and therefore liaise continuously to ensure proactive recruitment identifies a diverse set of candidates and supports those throughout the interview processes. While we understand that not all individuals feel comfortable in disclosing their identity, we continue to monitor and track our performance against self-created targets for LGBTQIA+, gender and ethnicity within the recruitment processes and within our workforce, where at all possible. Cisilion engage with current employees from underrepresented groups, who feel comfortable in doing so, to address any other areas of suggested improvement, and to include their voice in future initiatives.

  Equal opportunity

  Invest in our economy to provide equal opportunities for employment, innovation and growth. Each month, a mixture of the HR, People and Recruitment team members alongside the Cisilion management team, will provide a mixture of 2 hour workshops and 1 hour long one to one sessions. The workshops will be run by our Recruitment team, covering topics such as interview best practice, CV formatting and job hunting tools available. Individuals will also be able to register for one to one advice with a member of our management team as a coaching session and more personal advice related to the unemployed persons experience so far. Cisilion have been running apprenticeship and graduate schemes for the past 5 years and partner with 3 specialist recruitment and training providers who are experts in finding work for and training unemployed young people. Cisilion are a Microsoft and Cisco gold partner, who are keen supporters of assisting young people into work. Cisilion often engage with Cisco and Microsoft for support with apprenticeship programmes and are familiar with other employment initiatives that we will be able to share with the unemployed people during the workshop sessions. Cisilion are also aware of and understand the current Quick Start government scheme of which we will be able to provide details and guidance to unemployed individuals

  Wellbeing

  Cisilion operate a robust health and wellbeing programme, partnering with Vitality Health and Medicash. On an annual basis, all 160 employees on our scheme conduct an Online Health Review, giving employees an understanding of specific areas of health that they need to improve upon, i.e. cholesterol, blood pressure, alcohol intake, physical activity levels and blood glucose level. If employees do not know the figures for these key areas, they can take a free health assessment to provide them with this data. Vitality Health offer their Member Zone to all members, giving access to videos, tips and our monthly Vitality calendar covering a range of topics from women’s health to mental health and nutrition

Pricing

• Price: £1 to £4 a user a month
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at drichardson@cisilion.com. Tell them what format you need. It will help if you say what assistive technology you use.