PRICEWATERHOUSECOOPERS LLP

PwC GBEST Services

PwC GBEST Services
Simulated targeted attack services using the methodologies of real-world attackers, including attacks against people and processes using social engineering techniques. Working either covertly or cooperatively
with client IT and response teams as required.

Features

• Red team attacks including phishing, vishing, SMiShing and other techniques
• Simulated targeted attack
• Attacks based upon real world Threat Intelligence scenarios
• Mature risk management and delivery approach
• Cross discipline engagements uncover vulnerabilities across people, process and technology
• Certified under CREST STAR, STAR-FS, CBEST, GBEST, TBEST NBEST schemes.
• Staff qualified to the highest levels
• Collaborative projects, working with clients to improve security posture
• Purple team and Rapid Find, Tune and Fix capabilities.

Benefits

• Identify vulnerabilities in applications and systems
• Discover weaknesses in your development and testing processes
• Better training for defensive practitioners (e.g. SOC or blue team)
• Assess security performance levels, including systems, people and processes
• Understand the impact of a security breach
• Measure the resilience of your organisation’s cyber defence
• Collect evidence to justify security spending
• UK and worldwide delivery capability

£500 to £3,500 a unit a day

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at uk_tender_tracker@pwc.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

640119799447370

Contact

Ian Thurlby-Campbell
028 9041 5797
uk_tender_tracker@pwc.com

Planning

• Planning service: No

Training

• Training service provided: No

Setup and migration

• Setup or migration service available: No

Quality assurance and performance testing

• Quality assurance and performance testing service: Yes
• How the quality assurance and performance testing works: A careful assessment of an organisation’s needs and different cloud service provider’s controls is required,; enabling concerns to be addressed and the correct path to the cloud to be selected.; As a trusted advisor PwC provides the framework, and the wealth of private and public sector experience,; to consider the combination of Business, customer experience and Technology activities outlined above.; There is no single answer that covers each and every client organisation; we tailor our frameworks to client; circumstances to support them:; ● As a partner through the complete lifecycle of strategy to execution; and,; ● With point business issues encountered during implementation or running the business.

Security testing

• Security services: Yes
• Security services type:
  • Security strategy
  • Security risk management
  • Security design
  • Cyber security consultancy
  • Security testing
  • Security audit services
• Certified security testers: Yes
• Security testing certifications:
  • GBEST
  • CHECK
  • CREST
  • Cyber Scheme

Ongoing support

• Ongoing support service: No

Service scope

• Service constraints: None known

User support

• Email or online ticketing support: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Support levels: On call, before and during contract

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 18/06/2022
• What the ISO/IEC 27001 doesn’t cover: PwC operates an Information Security Management System that complies and aligns with the requirements of ISO/IEC 27001:2013 for all client data that comes under our control or ownership by virtue of a contract for services between PricewaterhouseCoopers LLP and a client.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: Worldpay from IFS
• PCI DSS accreditation date: 04/02/2022
• What the PCI DSS doesn’t cover: It covers the use of all credit card facilities that PwC uses. These are the online terminal used by Collections to take card payments by clients, and handheld terminals used by the business for charity collections, and by the pharmacy for their payments.
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: BS ISO 22301:2012, Business continuity management systems requirements

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  We work with our suppliers throughout the supply chain and operations to reduce emissions. We are on target for net zero by 2030. In 2023, we were again ‘platinum rated’ for sustainability from EcoVadis, - top 1% with our environmental performance deemed ‘outstanding’. We’re a carbon management leader for our ‘strong greenhouse gases management system and decarbonisation commitments, actions and reporting capabilities’.; ; The specifics varies per engagement, but our G-Cloud service provision will tackle climate change by one or more of the following:; a. Using climate friendly (low processing) algorithms.; b. Articulating climate impact on the hosting platform.; c. Including climate impact in options analysis to minimise climate impact whilst meeting contract objectives.; d. Investing in green tech, considering impact of manufacture, usage and at end of life.; e. Engaging with VCSEs to recondition technology.; f. Having 100% green energy on all our premises.; g. Sending zero waste to energy.; ; During engagement delivery, we implement Thoughtful Travel as our greatest climate impact is business travel. Specifically, we: ; a. Collaborate online where appropriate, to avoid unnecessary travel.; b. Work in our network of BREEAM rated offices accessible by public transport (typically generating lower emissions compared to remote working); c. Enforce use of our travel booking app which prevents the least environmentally friendly modes of travel and has emissions information for different transport options. ; d. Agree travel in advance ; e. Use our climate forecaster and reporting tool to model our transport decisions and provide clear reporting of our emissions (which are our Buyers’ scope 3 emissions); ; We also induce and support our people to lower their own climate impact, facilitating circular economy principles e.g. recycling personal technology and clothing, sharing relevant practices.

  Covid-19 recovery

  Our G-Cloud services have been critical to Covid-19 recovery as follows:; a. Harnessing the power of cloud scalability and flexibility to our clients, enabling them to adjust their IT infrastructure ‘on demand’. This is important for Covid-19 recovery as Buyers still need to support remote working and online operations.; b. Reimagining how we deliver work - our cloud computing capabilities enable remote work by providing secure access to business applications and data from anywhere. This supports Covid-19 recovery in Buyers’ contracts by maintaining productivity, collaboration and service delivery.; c. Implementing robust security measures for our clients to meet increased cybersecurity risks - thus safeguarding their cloud infrastructure and data, a key issue for many government Buyers.; d. Providing robust and resilient cloud infrastructure to our clients, thus helping Buyers maintain business continuity throughout the pandemic.; e. Supporting our Buyers’ need for digital transformation, which has been accelerated by the pandemic. For example, we help organisations leverage cloud technologies to modernise their IT infrastructure, adopt agile development practices and drive innovation.; f. Providing digital skills training for people over 50, who became unemployed during Covid-19, to enable them to reskill and become economically active again.; g. Scaling up our office presence and delivering engagements in UK cold spots which include Bradford and Belfast, to support economic recovery and growth.; h. Significantly expanding our presence in areas such as Manchester and Cardiff which were also severely impacted by Covid-19.; ; We continue to innovate in emerging cloud technology to help Buyers tackle Covid-19 challenges and support a green transition, by enabling remote working, ensuring security and compliance, supporting scalability, driving digital transformation, and increasing business resilience.

  Tackling economic inequality

  Our G-Cloud 14 service provision will help tackle economic inequality as follows:; ; Increase supply chain resilience, capacity, and diversity by:; a. Teaming with diverse businesses in contract delivery e.g. Auticon, a VCSE specialising in IT consultancy, staffed by people with autistic spectrum disorders. We also team with micro and small firms depending on the engagement scope and location.; b. We procure from social enterprises for ancillary products and services - e.g. catering and stationery. We are a founding member of the Buy Social Corporate Challenge and spend about £5m p/a with social enterprises. Therefore, indirect spend will help to tackle economic inequality.; c. Structuring our procurement to be accessible by social enterprises and apprentices in their provision of services to us and having transparent, fair, and clear procurement plans.; d. Running skills development seminars to help social enterprises become contract ready in conjunction with the School for Social Entrepreneurs.; e. Offering an equitable share of profit and risk within the contract and paying promptly. Since 2018, we have reported in line with Government’s Reporting on Payment Practices and Performance regulations.; ; Tackling Human Rights & Modern Slavery:; a. We have been rated ‘outstanding’ for Human Rights by EcoVadis. We focus on Modern Slavery “hotspots” in our supply chain and have detailed our policies, governance, risk management approach and related reporting in our Human Rights & Modern Slavery Statement.; ; Modernising delivery: ; a. We team with leading technology suppliers and innovate modern ways to deliver work and horizon scan for new opportunities to drive better outcomes or more efficient delivery. ; b. Recently awarded by Google for our innovative Generative AI solution - mindful of potential concerns posed by AI.; ; Developing skills:; a. We deploy apprentices from our technology degree apprentice scheme in appropriate roles - this will form part of their portfolio submission.

  Equal opportunity

  We are a level 2 disability confident employer and our platinum EcoVadis rating includes “Outstanding” for Labour and Human Rights performance as a result of our programmes to continuously manage the human rights risk associated with our operations and supply chain, and promote diversity, equity and inclusion.; ; Our G-Cloud 14 service provision will help with equal opportunity as follows:; ; a. Providing opportunities for people from underrepresented groups, so they can gain the experience they require to progress through our business. ; b. Specifically for disabled people, we team with VCSEs e.g. Auticon to provide work opportunities. For our own people and third parties we provide assistive technology and accommodations to enable people to manage long-term conditions.; c. We collaborate with under-represented groups so that our services are accessible and culturally inclusive.; d. Within our contract delivery we measure representation at all levels and gain feedback on quality of experience as retention and development requires people to have a sense of belonging and opportunities to develop.; e. We have a technology apprenticeship programme and our service provision gives opportunities (with oversight) to our apprentices, to help develop digital skills e.g. cloud and a portfolio for qualifications.; f. We conduct outreach to attract people to attend relevant training to work on call off contracts and monitor the diversity of our security cleared talent pool so we can mobilise diverse talent at pace.; g. We offer coaching to client personnel, nominated by the Buyer, to help them with their workforce equality strategy.; h. We offer community outreach including technical and relevant core skills and raising confidence and ambitions to help people from underrepresented groups become economically active.

  Wellbeing

  Our G-Cloud service provision will help with wellbeing by our culture of support embedded within our ways of working:; a. developing an initial action plan to address typical health and wellbeing risks associated with cloud service provision. This includes checking work allocation in advance (alongside holiday and professional development), reviewing workload weekly and monitoring timesheets; providing suitable ergonomic equipment, creating a supportive environment, empowering and supporting our people to deliver their work and recognising their impact.; b. Empowering people to self-care e.g. attending routine medical appointments or attending to personal matters using everyday flexibility for work life balance.; - Collaborating with each team on wellbeing initiatives to suit their needs e.g. walking meetings, “dress for your day”, office fruit bowls, team-led yoga.; c. Sharing ideas for outside working hours e.g. using our corporate licence for the Headspace app or painting.; - Signposting corporate sources of support e.g. helplines and medical support - for PwC, Buyer and third party people, including help for issues like bereavement and firmwide resources e.g. support during world conflicts or the financial crisis. ; d. Accommodating access requirements and management of health conditions (as a Disability Level 2 Confident employer and signatory to Working With Cancer pledge).; e. We collaborate with financial organisations such as Aviva to host webinars for our people to make more informed decisions regarding their pension and as well as regular mortgage workshops.; f. Support different cultures e.g. opportunity to participate in the Ramadan challenge to promote insight and understanding during this period. ; ; We also share ideas with the wider community via LinkedIn Live for example on “digital detoxing” and promoting a culture of self-care.

Pricing

• Price: £500 to £3,500 a unit a day
• Discount for educational organisations: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at uk_tender_tracker@pwc.com. Tell them what format you need. It will help if you say what assistive technology you use.