C3IA SOLUTIONS LIMITED

Development, Security and Operations (DevSecOps)

As Secure by Design (SbD) practitioners, C3IA’s security consultants are adept at DevSecOps. By integrating security testing at every stage of the software development process, C3IA delivers true collaboration between developers, security specialists and operations teams to build software that is both efficient and secure.

Features

• ‘Baked-in’ software security from project commencement
• Security outcomes aligned with project scale and pace, including AGILE
• Technical assurance at CHECK or CREST
• Threat modelling process development
• Providing Cloud and security architectures that minimise the attack surface
• Secure change and configuration management
• Security issues addressed as they arise during development
• Shared security ownership across dev and security teams
• Software that is ‘safer and sooner’ to production

Benefits

• Improved Software Design Lifecycle through vulnerability detection
• Improved security risk management including architecture and design
• Reduced project duration and costs
• Compliance with regulatory requirements through professional security practices
• Creation of a security-aware culture
• Better security risk management throughout the entire ICT lifecycle
• Increased stakeholder confidence that projects will deliver successful outcomes
• Cost reduction especially during service change

£497 to £1,720 a unit a day

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at s.roff@c3ia.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

621925936466385

Contact

C3IA Solutions Ltd - Sian Roff
01202721123
s.roff@c3ia.co.uk

Planning

• Planning service: Yes
• How the planning service works: C3IA supports its clients in the delivery of Cloud services in line with the HMG Government Cloud First which recommends the use of SaaS. Cloud Service “Service Level Agreements” (SLAs) are brokered with the nominated Service provider and these can be negotiated based on the Risk Appetite of the client and the levels of service provided by the provider. Brokering of services can be used to define Data Backup Regime, Restoration timelines and priorities, Disaster Recovery support, performance and availability requirements.
• Planning service works with specific services: No

Training

• Training service provided: No

Setup and migration

• Setup or migration service available: Yes
• How the setup or migration service works: C3IA will support you during your engagement with the preferred supplier, support the migration of data and services to the cloud, and should you require it, support in any move away from cloud services to either a hybrid solution or on-prem data storage solution. The C3IA approach to the delivery of its DevSecOps services is to include security from the very beginning following a Secure by Design approach. C3IA will project manage the assurance of the project to ensure that security outcomes are aligned to the project’s scale and pace and integrate into the project management methodology being followed, such as AGILE. Threat modelling will be developed and a security architecture designed to minimise the attack surface.
• Setup or migration service is for specific cloud services: No

Quality assurance and performance testing

• Quality assurance and performance testing service: Yes
• How the quality assurance and performance testing works: C3IA’s performance testing includes CHECK, CREST, vulnerability assessments and IT Health Checks to ensure that the services implemented are operating in accordance with the security architecture and that security controls are effective and working as designed. ; Offering ; - The services to be provided, in the form of an execution plan. ; - The methodology and resources by which the services will be provided. ; - The business outcome of the service provision plan. ; - How performance will be evaluated, and outcomes accepted. ; ; Execution ; - Successful execution will result in the achievement of the business objectives identified as part of the offering; these are routinely re-evaluated. ; - During the execution phase, progress and performance will be managed and evaluated against the agreed plan. This follows project management principles with the options for milestone control points, earned value management and progress reviews. ; ; Closure ; - Effective and successful closure relies entirely on Offering and Execution being managed effectively. Final customer evaluation and agreement is conducted to ensure contractual obligations have been met. ; - All lessons learned and continual service improvements are captured including requesting and receiving customer feedback.

Security testing

• Security services: Yes
• Security services type:
  • Security strategy
  • Security risk management
  • Security design
  • Cyber security consultancy
  • Security testing
  • Security audit services
  • Other
• Other security services:
  • Data Protection compliance assessment
  • Cyber Essentials Plus support & certification
  • Secure by Design assessments and review
  • Technical Security Countermeasures assessments
  • Penetration Testing
  • Acoustic Management assessment
  • Physical Security Assessments (FSC)
• Certified security testers: Yes
• Security testing certifications:
  • CHECK
  • CREST
  • Tigerscheme
  • Cyber Scheme

Ongoing support

• Ongoing support service: No

Service scope

• Service constraints: There are no service constraints applied to this service

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Within 1 working day.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Support levels: Support is usually agreed as part of the commercial agreement during project initiation with services matched according to client requirements. The client will have a nominated Lead Consultant responsible for delivery oversight and making adjustments to the service support as the client's needs evolve.

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: URS - United Registrar of Systems
• ISO/IEC 27001 accreditation date: 22/09/2023
• What the ISO/IEC 27001 doesn’t cover: The ISO/IEC 27001 Certification encompasses the scope of the service.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • NCSC Assured Cyber Security Consultancy
  • IASME Cyber Essentials Certification Body

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  C3IA is fully committed to delivering social value in our day-to-day business operations and in our commercial activities. ; ; We care about the environment and are committed to decreasing our already small environmental footprint. Our dedication to achieving Net Zero no later than 2050 is demonstrated through our annual Carbon Reduction plan where we outline our reduction targets and initiatives; we transparently share this on our website. We are also working to achieve ISO 14001, Environmental Management, to further demonstrate our enthusiasm towards the environment and reducing our impacts. ; ; Where Fighting Climate Change is a buyer-specified SV requirement for a contract we will commit to delivering appropriate value under the Policy Outcome ‘Effective stewardship of the environment’, and the associated Model Award Criteria benefits. ; ; We will provide information in our proposal about how we will add value during the contract period and post contract award we will work with clients and the supply chain to deliver the agreed outcomes. We will report social value information as agreed with the client and respond to all reasonable requests in an open, honest and transparent manner, subject to commercial or confidentiality constraints within the supply chain. ; ; C3IA will monitor contracted SV activity at Board level to ensure our commitments are met.

  Covid-19 recovery

  C3IA is fully committed to delivering social value in our day-to-day business operations and in our commercial activities. ; ; We care about COVID-19 recovery and throughout the pandemic and beyond have supported all employees across the business. We heavily invest in the continual professional development of our staff, which we consider is of the upmost importance. The physical and mental health and wellbeing of all our staff is vital, therefore we provide numerous internal and external support and helplines for all employees and all our line managers have undertaken specialist line manager mental health training. Furthermore, we have supported and continue to support local schools and sports teams as we understand the importance they have to individuals and their future. Finally, we have embraced hybrid working, utilising technology to effectively collaborate and communicate with individuals and teams across the business. ; ; Where COVID-19 recovery is a buyer-specified SV requirement for a contract we will commit to delivering appropriate value under the Policy Outcome ‘Help local communities to manage and recover from the impact of COVID-19’, and the associated Model Award Criteria benefits. ; ; We will provide information in our proposal about how we will add value during the contract period and post contract award we will work with clients and the supply chain to deliver the agreed outcomes. We will report social value information as agreed with the client and respond to all reasonable requests in an open, honest and transparent manner, subject to commercial or confidentiality constraints within the supply chain. ; ; C3IA will monitor contracted SV activity at Board level to ensure our commitments are met.

  Tackling economic inequality

  C3IA is fully committed to delivering social value in our day-to-day business operations and in our commercial activities. ; ; We care about tackling economic inequality and are committed to being socially responsible. We support new businesses, entrepreneurs, start up’s, Small and Medium Enterprises, Voluntary, Community and Social Enterprises and Mutuals which all have much to offer both the community and economy. We proactively engage with local schools, colleges and universities to encourage STEM participation and interest, especially in those from disadvantaged backgrounds and socially deprived areas, offering presentations and demonstrations from our team to inspire the next generation into the ICT & Cyber Security industry. Alongside this, we host work experience for higher and further education so individuals can learn more about the industry and how to successfully enter it. ; ; Where tackling economic inequality is a buyer-specified SV requirement for a contract we will commit to delivering appropriate value under the Policy Outcomes ‘Create new businesses, new jobs and new skills’ and ‘Increase supply chain resilience and capacity’ and the associated Model Award Criteria. ; ; We will provide information in our proposal about how we will add value during the contract period and post contract award we will work with clients and the supply chain to deliver the agreed outcomes. We will report social value information as agreed with the client and respond to all reasonable requests in an open, honest and transparent manner, subject to commercial or confidentiality constraints within the supply chain. ; ; C3IA will monitor contracted SV activity at Board level to ensure our commitments are met.

  Equal opportunity

  C3IA is fully committed to delivering social value in our day-to-day business operations and in our commercial activities. ; ; We care about equal opportunities and this forms apart of everything that we do, as demonstrated throughout our company policies. Our commitment is also demonstrated by our inclusion of bullying & harassment and equality, diversity and inclusion training as part of our e-learning service that all employees have access to. ; ; We employ a wide-ranging workforce which include many ex-service men and women, irrespective of age, gender or socioeconomic background. Every employee is enrolled in our CPD programme where they are encouraged to maintain momentum by completing industry and role specific courses and qualifications to aid their personal progression. Finally, we require our people and supply chain at all levels to uphold the same values where we actively prevent discrimination, harassment & bullying. ; ; Where equal opportunity is a buyer-specified SV requirement for a contract we will commit to delivering appropriate value under the Policy Outcome ‘Reduce the disability employment gap’, ‘Tackle workforce inequality’ and the associated Model Award Criteria benefits. ; ; We will provide information in our proposal about how we will add value during the contract period and post contract award we will work with clients and the supply chain to deliver the agreed outcomes. We will report social value information as agreed with the client and respond to all reasonable requests in an open, honest and transparent manner, subject to commercial or confidentiality constraints within the supply chain. ; ; C3IA will monitor contracted SV activity at Board level to ensure our commitments are met.

  Wellbeing

  C3IA is fully committed to delivering social value in our day-to-day business operations and in our commercial activities. ; ; As a people-centric company we care about the wellbeing of our team and those we work with. We are committed to creating a positive and psychologically safe working environment for all and provide a variety of training, support and help resources to our team which can be tailored to the individual and looks at the wellbeing of the whole person. ; ; We have implemented an e-learning management system which includes focus on mental health and wellbeing and have weekly communication explaining both the internal and external support that is available. We also have a team of mental health first aiders who work across the business. Where agreed with clients, they could also support clients when working on client sites. ; ; Where wellbeing is a buyer-specified SV requirement for a contract we will commit to delivering appropriate value under the Policy Outcomes ‘Improve health and wellbeing’ and ‘Improve community integration’ and the associated Model Award Criteria benefits. ; ; We will provide information in our proposal about how we will add value during the contract period and post contract award we will work with clients and the supply chain to deliver the agreed outcomes. We will report social value information as agreed with the client and respond to all reasonable requests in an open, honest and transparent manner, subject to commercial or confidentiality constraints within the supply chain. ; ; C3IA will monitor contracted SV activity at Board level to ensure our commitments are met.

Pricing

• Price: £497 to £1,720 a unit a day
• Discount for educational organisations: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at s.roff@c3ia.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.