Skip to main content

Help us improve the Digital Marketplace - send your feedback

IP Performance Limited

Cyber Breach Response Workshop On Demand

The Cyber Breach Response workshop is designed to equip organisations with the essential knowledge and skills to effectively respond to cyber security incidents. In an age where cyber threats are prevalent, being prepared for a breach is a necessity

Features

  • On-Demand training
  • Breach emulation
  • Playbook and RASCI Matrix

Benefits

  • Comprehensive Learning across all levels,
  • Identify Key Responisbilites within the organisation,
  • Plan Development
  • Improve Collaboration

Pricing

£8,000 to £10,550 a unit a year

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at pbright@ip-performance.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

6 0 5 9 7 0 6 7 6 0 2 0 8 6 1

Contact

IP Performance Limited Paul Bright
Telephone: 01275393382
Email: pbright@ip-performance.co.uk

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
Access to simulation scenarios will be restricted based on license authorisation.
System requirements
  • Use of a modern browser for the best experience
  • Internet speed of at least 4mbp

User support

Email or online ticketing support
Email or online ticketing
Support response times
Guaranteed response by next business day, Monday to Friday
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
No
Support levels
Uniform support structure, all customers share the same platform. This is provided as part of the subscription.
Support available to third parties
No

Onboarding and offboarding

Getting started
The web app will guide you through the on-demand videos and there will be video training on how to use and get the most out of the emulator.
Service documentation
Yes
Documentation formats
Other
Other documentation formats
Video
End-of-contract data extraction
Users can request all data that is stored on the user.
End-of-contract process
At the end of the contract and the license expires, the user will not be able to log in. Another annual license can be purchased again to restore access.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
Application to install
No
Designed for use on mobile devices
No
Service interface
Yes
User support accessibility
None or don’t know
Description of service interface
The service interface that is a web app through which the on demand content and emulator can be accessed.
Accessibility standards
None or don’t know
Description of accessibility
As this service is delivered through a Web App users can features on their browser.
Accessibility testing
None.
API
No
Customisation available
Yes
Description of customisation
Customers can request access to additional scenarios as well as purchased bespoke scenarios for their own organisation.

Scaling

Independence of resources
The service has been designed to scale with user utilisation using autoscaling.

Analytics

Service usage metrics
No

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
At least once a year
Penetration testing approach
In-house
Protecting data at rest
Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Users can request all data that is stored on their user.
Data export formats
CSV
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
Private network or public sector network
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
The deployed EC2 instances in AWS have an SLA of 99.999% of uptime for hardware.
Approach to resilience
Given the nature of the training platform in the event of an outage the platform can be restored with a code first deployment within 15 minutes. User data base is using AWS Aurora RDS base level of resilience.
Outage reporting
We have health monitoring that is performed from our reverse proxies and If they detect an issue the redirect to holding page which we have detections set up for.

Identity and authentication

User authentication needed
Yes
User authentication
Username or password
Access restrictions in management interfaces and support channels
Access to management interfaces are implemented using Role-Based-Access-Control on each account.
Access restriction testing frequency
At least every 6 months
Management access authentication
Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
Less than 1 month
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
Between 6 months and 12 months
How long system logs are stored for
Less than 1 month

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
Certified Quality Systems (CQS) LTD
ISO/IEC 27001 accreditation date
21/08/2021
What the ISO/IEC 27001 doesn’t cover
There is currently nothing that is not applicable in our Statement of Applicability. The scope of the certification is “The provision internet/networking services, products and security as well as professional certified network management and technical support services to business.”
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
Yes
Who accredited the PCI DSS certification
WorldPay Safer Payments
PCI DSS accreditation date
31/12/2016
What the PCI DSS doesn’t cover
Nothing, we are fully compliant, although card payments are preferred via telephone rather than in-person.
Cyber essentials
Yes
Cyber essentials plus
Yes
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
Our organisation is Cyberessentials+ Certified

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Any changes that require architectural changes or impact production systems must go through the following:
Clause 6.3: Planning of Changes - When the organization determines the need for changes to the QMS, the changes must be carried out in a planned manner.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Each vulnerability and it is sent through to our security team for review to identify impact and scope. Once a vulnerability has been assessed actions are implemented depending on the level of severity identified. Critical/High - Patch or mitigation in place within 14 days of the disclosure, Medium/Low - Based on the CVSS rating and discovered impact, mitigations are put in place until a patch is made available to the vendor and is patched as part of the next update window. We follow vendor advisory feeds as well as monitor for vulnerabilities impacting any of our products/systems.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
We capture network metadata of all traffic that traverses our network, host and server based systems upload audit and event log data directly to our siem. When a siem detection is triggered and our SOAR platform has determined it is true positive an alert is created in our personnel alerting system 'Opsgenie' that an incident has occurred. Internally we have the capacity to respond to a security incident within 15 mins of an alarm being raised.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
We map our incident management processes to the NIST incident response framework.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Social Value

Social Value

Social Value

Fighting climate change

Fighting climate change

Since 2012, IP Performance Ltd has purchased four wind turbines, which are operated and maintained by the DistGen Group of companies. Three are reconditioned Vestas V39 and V52 500kW turbines, generating in the region of 700,000 kWh per annum, whilst the fourth was new and rated at 850kW,generating in excess of 1m kWh. They are located in Orkney, Cheshire, Somerset and Dorset. The turbines provide electricity for the immediate area, with the bulk being fed in to the National Grid. A percentage of the funds generated are redirected to the local community in the form of a Direct Community Contribution, typically paid to the Parish Council for use at their discretion. Whilst ultimately being dependent upon wind speed, this should amount to a sum of £300,000 per site over the planned twenty year operation of each turbine.

Pricing

Price
£8,000 to £10,550 a unit a year
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at pbright@ip-performance.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.