Oracle Security Service
"Oracle Security Service is a comprehensive solution that safeguards sensitive data and critical systems from cybersecurity threats. It offers advanced security features, including access controls, encryption, threat detection, and compliance management. This service ensures data protection, regulatory compliance, and business continuity in an increasingly digital and interconnected world.
Features
- Advanced security features safeguard data and critical systems effectively.
- Access controls enforce authorization policies for secure data access.
- Data encryption protects sensitive information from unauthorized access.
- Threat detection and response capabilities for proactive cybersecurity measures.
- Compliance management tools ensure adherence to regulatory standards.
- Multi-layered security for comprehensive protection against cyber threats.
- Real-time monitoring and alerting for threat identification and mitigation.
- Continuous security updates and patches for system resilience.
Benefits
- Access controls enforce authorization policies, ensuring secure data access.
- Data encryption protects against unauthorized data breaches and leaks.
- Proactive threat detection and response for cybersecurity readiness.
- Multi-layered security defends against a wide range of cyber threats.
- Regular updates and patches maintain system resilience and security.
- Expert support ensures a robust and up-to-date security posture.
Pricing
£50 a unit a month
- Education pricing available
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
6 0 4 0 7 8 6 8 1 5 8 6 2 2 0
Contact
DEFENCE DATASEC LTD
Mohamed Amri
Telephone: 07772866727
Email: info@defencedatasec.co.uk
Service scope
- Software add-on or extension
- Yes, but can also be used as a standalone service
- What software services is the service an extension to
- Custom web application development, software development, application hosting, support, creative design,
- Cloud deployment model
-
- Public cloud
- Private cloud
- Hybrid cloud
- Service constraints
- N/A
- System requirements
-
- A standard browser, either desktop or mobile
- Appropriate bandwidth and Connectivity to the Internet
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- Within a Day
- User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- WCAG 2.1 AAA
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), 7 days a week
- Web chat support
- No
- Onsite support
- No
- Support levels
- Defence DataSec provide support for the customer requirement. Typically this will be remote support for systems hosted in the Cloud. Priority 1 Support - for production system outages, 9 to 5 (UK time), Monday to Friday coverage and 1 hour response. Priority 2 Support - for non urgent production system incidents, 9 to 5 (UK time), Monday to Friday coverage and 3 hour response. Priority 3 Support - for non-production support incidents, 9 to 5 (UK time), Monday to Friday coverage and 3 hour response. All customers are allocated an account manager.
- Support available to third parties
- No
Onboarding and offboarding
- Getting started
- We provide training in all formats both in person and online
- Service documentation
- Yes
- Documentation formats
-
- HTML
- End-of-contract data extraction
- By request
- End-of-contract process
- We would provide all software applications and data for the current live version of the product within the contract.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Opera
- Application to install
- Yes
- Compatible operating systems
-
- Android
- IOS
- Linux or Unix
- MacOS
- Windows
- Windows Phone
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- We use Mobile First design principles
- Service interface
- Yes
- User support accessibility
- WCAG 2.1 AAA
- Description of service interface
- We provide an online Ticket helpline and support CRM service
- Accessibility standards
- None or don’t know
- Description of accessibility
- Accessible via an online portal, email or telephone
- Accessibility testing
- We are committed to a progressive multi-year plan to make all of our systems compliant with Web Content Accessibility Guidelines.
- API
- Yes
- What users can and can't do using the API
- Our API is fully Swagger compliant and secure behind a public private key.
- API documentation
- Yes
- API documentation formats
-
- HTML
- ODF
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
- All user facing information can be customised including user authenticated data.
Scaling
- Independence of resources
- We provide services which we can fulfil for the duration of the contract through our own inhouse team and capacity.
Analytics
- Service usage metrics
- Yes
- Metrics types
- We typically use Google Analytics and AWS Stats and we also develop custom reporting defined by clients
- Reporting types
-
- API access
- Real-time dashboards
- Regular reports
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Conforms to BS7858:2019
- Government security clearance
- Up to Developed Vetting (DV)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least every 6 months
- Penetration testing approach
- ‘IT Health Check’ performed by a CHECK service provider
- Protecting data at rest
-
- Physical access control, complying with CSA CCM v3.0
- Encryption of all physical media
- Data sanitisation process
- Yes
- Data sanitisation type
-
- Explicit overwriting of storage before reallocation
- Deleted data can’t be directly accessed
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
- On request
- Data export formats
-
- CSV
- ODF
- Data import formats
-
- CSV
- ODF
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- Private network or public sector network
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Legacy SSL and TLS (under version 1.2)
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Legacy SSL and TLS (under version 1.2)
Availability and resilience
- Guaranteed availability
- We guarantee 99.95% availability and can include this within any SLA on request.
- Approach to resilience
- Available on request.
- Outage reporting
- There is an API available and email/SMS alerts too.
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Identity federation with existing provider (for example Google Apps)
- Dedicated link (for example VPN)
- Username or password
- Access restrictions in management interfaces and support channels
- Through the user authentication and role management
- Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Dedicated link (for example VPN)
- Username or password
Audit information for users
- Access to user activity audit information
- Users contact the support team to get audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- User-defined
- How long system logs are stored for
- Between 1 month and 6 months
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- QMD Certification
- ISO/IEC 27001 accreditation date
- 22/12/2020
- What the ISO/IEC 27001 doesn’t cover
- N/A
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- Yes
- Other security certifications
- Yes
- Any other security certifications
-
- ICO - Data Protection
- GDPR
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
- Adherence to Cyber Essentials guidelines
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
- We use DevOps and DevSecOps process using GitLab as our version control and Pen testing through development
- Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
- We receive updates and risk alerts from our supplier security centres or use pen testing with custom software and respond to deploy patches within 48 hours or sooner if require.
- Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
- We receive updates and risk alerts from our supplier security centres or use pen testing with custom software and respond to deploy patches within 48 hours or sooner if require
- Incident management type
- Supplier-defined controls
- Incident management approach
- We receive updates and risk alerts from our supplier security centres or use pen testing with custom software and respond to deploy patches within 48 hours or sooner if require. Incidents are then recorded, reviewed and integrated into future risk assessment and mitigation processes.
Secure development
- Approach to secure software development best practice
- Conforms to a recognised standard, but self-assessed
Public sector networks
- Connection to public sector networks
- No
Social Value
- Social Value
-
Social Value
- Fighting climate change
- Covid-19 recovery
- Tackling economic inequality
- Equal opportunity
- Wellbeing
Fighting climate change
Defence DataSec Ltd is founded upon our core principles, which drive our decisions, initiatives, and investments. We are deeply committed to social responsibility, environmental protection, and community welfare. As part of this commitment, we have introduced the LeMones Bottle, a reusable stainless steel water bottle aimed at reducing single-use plastic consumption. This initiative aligns with the Press release by the Department for Environment, Food & Rural Affairs, issued on November 20, 2021, announcing plans to ban single-use plastics, endorsed by The Rt Hon George Eustice MP.
Moreover, Defence DataSec Ltd's investment in LeMones bottles contributes significantly to reducing the carbon footprint associated with plastic bottles, thereby supporting our fight against climate change. We actively promote sustainable transportation practices among our team members, encouraging walking, biking, carpooling, and the use of public transportation whenever possible. Through these efforts, we strive to minimize greenhouse gas emissions and foster a culture of environmental stewardship within our organization.Covid-19 recovery
Defence DataSec Ltd brings the same passion and commitment to our communities and society as we do to our clients and the work we deliver every day. We are providing insights and guidance to small businesses searching for ways to cope with the operational stress generated by COVID-19. Our teams organized the donation and delivery of hundreds of thousands of personal protection and medical equipment pieces. Defence DataSec Ltd has donated and had delivered thousands of meals to the places and people that needed them. We are committed to supporting various food back supplies, contribute to charity fundraising for serving the vulnerable and less privileged ones in our society. We believe that today's young generation is the future of our economic stability. Hence, it is essential to bring them up to speed by developing modern skills and knowledge through fostering their future through apprenticeship programs. We are glad to declare our strategic plan to introduce a range of degree apprenticeship programs to support our government's economic recovery.Tackling economic inequality
At Defence DataSec Ltd, we firmly believe that today's youth represent the cornerstone of our economic stability. Therefore, it is imperative to equip them with contemporary skills and knowledge through our apprenticeship programs. Our commitment extends to addressing economic inequality at its core. We are pleased to announce our strategic initiative to launch a diverse range of degree apprenticeship programs. These programs aim to mitigate the unequal distribution of income and opportunity across various demographic groups in our society while simultaneously bolstering our government's economic recovery efforts.Equal opportunity
About 48% of Defence DataSec Ltd's workforce consists of individuals from Black, Asian, and other minority backgrounds, while approximately 40% are women. As an equal opportunity employer, we recognize and embrace the advantages of having a diverse workforce. Diverse perspectives enrich our decision-making processes, as employees bring unique experiences, skills, and beliefs to the table. This diversity fosters innovative thinking and leads to more comprehensive problem-solving approaches, resulting in enhanced performance.
Moreover, we prioritize inclusivity by ensuring that every employee feels equally valued and supported in all aspects of the workplace. Annual diversity training further reinforces our commitment to fostering an inclusive environment, which has yielded tangible benefits such as reduced turnover costs, increased productivity and revenues, and improved access to diverse customer markets.
Defence DataSec Ltd has integrated diversity into its core policies and practices, with a willingness to adapt and enhance workplace policies to promote inclusivity and diversity at every level, including hiring, performance evaluations, promotions, and benefits. Additionally, we offer prestigious internships and training opportunities, along with continuous professional development support, enabling individuals to advance swiftly into key roles within the organization.Wellbeing
At Defence DataSec Ltd, we recognize that our consultants, experts, resources, and staff are our most valuable assets. Therefore, we prioritize their well-being and that of their loved ones. We support their professional growth and career advancement by providing training and assistance to attain certifications. Our commitment to their welfare is reflected in their long-term tenure with us, as we ensure their satisfaction and fulfillment in their roles.
To foster a culture of continuous learning and collaboration, we conduct weekly stand-up meetings where all consultants across different projects come together to share knowledge, exchange experiences, and address any challenges. Additionally, we have a dedicated mental health champion who participates in these meetings to provide guidance and support. Our monthly mental health sessions, led by the champion, have proven invaluable, particularly during times of lockdown and transition back to the workplace.
Understanding the diverse impacts of lockdowns on individuals, we prioritize open communication and support. Line managers regularly engage with team members, providing a platform for discussing both work-related and personal concerns. We have cultivated an environment where staff feel comfortable expressing themselves, whether in writing or verbally. Regular feedback mechanisms, including questionnaires and interviews, allow us to closely monitor the well-being of our team members and address any issues promptly.
Furthermore, we conduct comprehensive 360-degree feedback evaluations twice a year, as well as at the conclusion of each project, to assess employee performance from multiple perspectives, including self-evaluation, supervisor feedback, and input from clients and suppliers. Our annual medical tests also serve as an additional measure to gauge the mental well-being of our staff, ensuring their holistic health and wellness.
Pricing
- Price
- £50 a unit a month
- Discount for educational organisations
- Yes
- Free trial available
- Yes
- Description of free trial
- We provide free initial consultation meetings and demonstration of services and solutions we can provide.