Skip to main content

Help us improve the Digital Marketplace - send your feedback

Computacenter (UK) Ltd

Computacenter - Wiz Advanced

Wiz is a CNAPP security platform that helps customers protect everything they build and run in the cloud, providing full-stack agentless cross-cloud support for AWS, Azure, GCP, OCI and Kubernetes.

Features

  • Cloud Visibility & Inventory Cloud Security Posture Management
  • Container Security & Shift-left Security for Pipeline Integration
  • Cloud Workload Protection
  • Cloud Infrastructure Entitlement Management
  • Data Security Posture Management
  • Vulnerability Management
  • AI Security
  • Threat Detection
  • Malware Detection
  • Patch Management

Benefits

  • Connect in minutes agentlessly via a single API per cloud
  • Uncover the attackers view to a potential breach
  • Risk prioritisation, identify the most critical combinations, remove alert fatigue
  • Remediate risks without the guesswork
  • Control CI/CD pipelines with a single, unified policy framerwork
  • Integrations to make communication across Engineering teams more efficient
  • Focus teams efforts on the risks that matter
  • Replacement of multi security tools & Accelerate
  • Accelerate AI innovation and gain full-stack visibility into pipelines
  • Granular access control allows team to segment complex environments

Pricing

£73.77 a unit

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at government@computacenter.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

6 6 5 4 8 1 9 9 7 8 9 9 2 6 3

Contact

Computacenter (UK) Ltd Karen Baldock
Telephone: +44 (0) 1707 631000
Email: government@computacenter.com

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
No. Wiz is a true CNAPP platform
System requirements
  • Internet access to the Wiz portal and its subsidiary services
  • In some scenarios outbound network connectivity to the Wiz backend
  • Wiz IP addresses must access customer cloud APIs.

User support

Email or online ticketing support
Email or online ticketing
Support response times
24x7x365 Support
Priority 1 (Critical) - < 1 Hour
Priority 2 (High) - 2 Hours
Priority 3 (Medium) - 4 Hours
Priority 4 (Low) - 8 Business Hours
Support Service Level Agreements (SLA) are identical for Monday to Friday and Weekends/Public Holidays
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
Web chat
Web chat support availability
24 hours, 7 days a week
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
Wiz uses Intercom to provide users with chatbox support within the platform.
Web chat accessibility testing
N/a
Onsite support
Yes, at extra cost
Support levels
Wiz provides a mixture of self paced training & enablement and remote delivery services to help organisations operationalise the platform across the security, operations and engineering teams. Today these services, including support, are included as part of the license cost. Wiz will provide premium service options in the future such as technical account managers.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Wiz provides user documentation, online training plus customer success teams to support operationalisation of the service.
Service documentation
Yes
Documentation formats
HTML
End-of-contract data extraction
If a paid subscription ends or is terminated, Wiz retains customer data stored in the Wiz database in a limited-function account for 90 days to enable the subscriber to extract the data e.g. via management reports. After the 90-day retention period ends, Wiz disables the account and deletes the customer data. However, such data may reside in Wiz's backups for up to 180 days.
End-of-contract process
At the end of the contract, the tenant would be suspended and all "connectors" would stop polling for data. No further interaction with Wiz would be provided. Being a SaaS service and agentless, there is no further action required on the customer with the exception of revoking permissions that have been given to Wizand extracting any data necessary via management reports.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
Application to install
No
Designed for use on mobile devices
No
Service interface
Yes
User support accessibility
WCAG 2.1 AAA
Description of service interface
Wiz offer various ways to interact with its platform, such as through cloud connectors for different cloud providers, integrations with CI/CD pipelines, and the use of its CLI tool and API. Wiz also provides an inventory of workloads deployed in the cloud(s) which provides predictability on service usage. The primary function of Wiz is to provide deep security analysis and monitoring for cloud environments, rather than offering tools for monitoring the performance of the Wiz platform. Users can view system health and deployment status within Wiz, which may indirectly provide some insights into the performance of the Wiz application.
Accessibility standards
WCAG 2.1 AAA
Accessibility testing
N/a
API
Yes
What users can and can't do using the API
With the Wiz API, users have the power to programmatically perform every task and action available within Wiz. This includes performing actions such as bulk add connectors, mimic UI behaviour in textual format, or perform complex data manipulation operations.
API documentation
Yes
API documentation formats
  • HTML
  • Other
API sandbox or test environment
No
Customisation available
Yes
Description of customisation
Features within the product such as those relating to securing, visualising and reporting on customer environments are highly customisable. Wiz comes with nearly 1,000 controls out-of-the-box but but these can be customised if needed.

Scaling

Independence of resources
Wiz is a multi-tenant service with a shared tenancy model. Our approach to isolation relies on several layers of protection both at rest and in runtime. Wiz has proven performance at scale for some of the largest cloud customers in the world.

Analytics

Service usage metrics
Yes
Metrics types
Inventory of cloud workloads which provides predictability on service usage.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Reseller providing extra support
Organisation whose services are being resold
Wiz

Staff security

Staff security clearance
Conforms to BS7858:2019
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
User control over data storage and processing locations
Yes
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
  • Other
Other data at rest protection approach
The physical and environmental security controls are provided by our underlying IaaS provider (AWS), this includes security cameras, lighting, fire detection/suppression, and power redundancy. Wiz employees do not have physical access to any of the data centers. AWS is responsible for implementing an appropriate set of controls in order to address physical security issues. Wiz reviews the Service Organisation Control (SOC) reports of AWS (subservice organisations) on an annual basis. Documentation of the review is retained.
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Logs and specific findings be exported either through the API or generating custom reports (either in CSV for solely data, or Executive reports which are formatted in PDF).
Data export formats
  • CSV
  • Other
Other data export formats
  • PDF
  • JSON
Data import formats
Other
Other data import formats
  • Rego
  • JSON

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
Guaranteed Up Times
The service availability to customers is 99.5% of all Scheduled Available Time calculated on a monthly basis and excluding Scheduled Downtime as defined below, or circumstances beyond reasonable control.
Downtime
Downtime refers to any periods within the Scheduled Available Time (excluding Scheduled Downtime) during which the Customer’s security team or users authorized by Customer are unable to log on with proper credentials. Scheduled Downtime for planned upgrades and maintenance will be detailed to the Customer, giving at least 48 hours prior notice. Wherever possible this will be targeted for Sundays and limited to a maximum of four hours. Scheduled Downtime will not exceed 10 hours per calendar year. Any overrun beyond the planned completion time or the yearly limit will be considered Downtime.

Monthly Uptime Percentage: The Monthly Uptime Percentage is calculated using the following formula:

"User Minutes - Downtime" /"User Minutes" x 100

where Downtime is measured in user-minutes; that is, for each month, Downtime is the sum of the length (in minutes) of each Incident that occurs during that month multiplied by the number of users impacted by that Incident.
Service Credits:
Monthly Uptime Percentage Service Credit
< 99.5% = 10%
< 99% = 25%
Approach to resilience
Wiz runs isolated in multiple datacentres. Additionally, from a data perspective, we perform continuous backups and Business Continuity and Disaster Recovery (BCDR) readiness supporting immediate transition to another availability zone or another region as required. Each Wiz data centre has a central region and a backup region which can become active within hours.
Outage reporting
Current and historical information is available on https://status.wiz.io. Plus it's possible to subscribe to status alerts.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
Wiz has defined various user roles, according to the various positions and activities in the company. Each Wiz employee and contractor is assigned one of these roles and receives the relevant access control privileges.

Users are required to log in to Wiz's Single Sign-on portal in order to access their user accounts. The authentication method employed depends on the sensitivity of the information asset, the authorization level requested by the user and the access method used.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Between 6 months and 12 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
Between 6 months and 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
IQNet
ISO/IEC 27001 accreditation date
09/09/2024
What the ISO/IEC 27001 doesn’t cover
Our ISO/IEC 27001 certification relates to the information security management system and not the products or services of the certified organisation.
ISO 28000:2007 certification
No
CSA STAR certification
Yes
CSA STAR accreditation date
N/a
CSA STAR certification level
Level 1: CSA STAR Self-Assessment
What the CSA STAR doesn’t cover
N/a
PCI certification
No
Cyber essentials
No
Cyber essentials plus
No
Other security certifications
Yes
Any other security certifications
  • SOC2 Type 2
  • HIPAA
  • SOC3
  • SIG
  • ISO27701
  • CyberGRX
  • CAIQ

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
SOC2 Type 2
SOC3
ISO27701
HIPAA
CyberGRX
CAIQ
SIG
Information security policies and processes
Wiz leverages multiple layers of defense to protect key information and handles all critical facets of network and application security, including authentication, authorization, and assurance. As a security provider focusing on security architecture, Wiz designed its internal architecture from the ground up for minimal manual intervention in the deployment and maintenance process. The production update process is fully-automated, greatly reducing the risks to the service and to customers' data. The security program systematically evaluates our information security risks, taking into account the impact of company threats and vulnerabilities.
For reporting and transparency, Wiz provides a public Trust Center, which is the single source of truth for the most accurate and up-to-date copies of security policies, certifications, and reports. Stakeholders can request access to the Compliance Command Center through the Trust Center to review these documents. More information can be provided with our security pack, including our attestations.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Security incidents detected by Wiz employees, clients or business partners are reported to the Chief Security Officer (CSO). The CSO acts according to Wiz's "Incident Response Plan" procedure in classifying, handling, documenting and reporting the incident. The incident response plan is available under NDA.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
We leverage the Wiz natively-built controls engine to continuously validate the state of the infrastructure, review the inventory and ensure compliance with the required configuration baseline. More information is available under NDA.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
We leverage the Wiz natively-built controls engine to continuously validate the state of the infrastructure, review the inventory and ensure compliance with the required configuration baseline. More information is available under NDA.
Incident management type
Supplier-defined controls
Incident management approach
Wiz has an incident response plan which is monitored as part of our SOC2 report audit.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Social Value

Social Value

Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

Fighting climate change

Computacenter ensures that our business practices deliver effective stewardship of the environment in line with the Social Value Model. Computacenter's science-based emissions reductions targets are approved with the SBTi. Our Net Zero Journey Group Emissions is now just 16% of 2015 levels as outlined in our carbon reduction plan to achieve ‘Net Zero’ carbon emissions by 2040.

Business travel is necessary, both for our customer requirements and for our staff. We have materially reduced business travel, ensuring all business trips are necessary, helping reduce carbon emissions. We are investing in technology to allow greater use of existing communication platforms as part of our ‘hybrid working’ strategy. One of the key benefits we believe this will help us realise is reducing emissions from business travel by 35 per cent by 2025 (compared to 2019). For G-Cloud services this means that we will drive the use of virtual, technology-enabled meetings as much as possible for all internal and external sessions, including those with our wider supply chain.

Further to this we can provide customer advisory services which include guidance and recommendations on how to improve their sustainability performance to help inform customer decision making whilst achieving the desired commercial and technical outcomes through the services being provided.

Computacenter has introduced incentives to encourage the replacement of the existing Fleet with Ultra Low Emission Vehicles. We have 44 electric charging points across 2 of our locations to encourage the adoption of electric and hybrid vehicles, either through our company car scheme or privately. For this framework specifically, this means that our consultants, project managers and engineering resource will have access to a ULEV vehicle via our company car scheme and the ability to charge a vehicle at Computacenter office locations.

Covid-19 recovery

Throughout the pandemic we have closely followed and implemented government guidance relating to the workplace and COVID-19. We created a COVID-19 risk assessment to enable us to understand the improvements that need to be made to our workplace conditions in line with the Government COVID-19 secure workplace guidelines and the business advice that is now current. It looks at the risks of COVID-19 in the workplace, such as hygiene, & cleaning and then states what we must put in place to mitigate these risks.

As we enter the recovery phase of the pandemic, we have introduced hybrid working for our employees. This will allow most employees including those delivering G-Cloud services increased flexibility in how and where they work ensuring that we still deliver the best service to our customers whilst looking after our people.

Our COVID-19 steering committee is there to identify activities that will improve workplace conditions then plan, build and regularly monitor various programmes focused on supporting the COVID-19 recovery effort. At these meetings, chaired by our Chief People Officer (‘CPO’) Sarah Long, our CIO John Gibbs and Services operations, the steering committee discuss changes that need to be implemented, identify areas of improvement, and review our roadmap of new activities.
Throughout the life of the contract, we will use our existing activities (as well as those that are in development in due course) to continue to improve workplace conditions in support of the COVID-19 recovery effort.

Questions relating to travel were included in the COVID-19 surveys that were issued through the pandemic. The assessment highlighted concerns people had about public transport. To help all employees; managers were coached and given guidance about being flexible with start/finish times. We continue to adapt our approach based on feedback received through the steering committee and employee surveys.

Tackling economic inequality

As a diverse and inclusive organisation with a strong focus on equality and driving in-work progression, our approach to recruitment and employment is aligned to recognised industry best practices such as the 5 principles of quality work as set out in the Good Work Plan.

Our Employee Impact Groups for disadvantaged or minority groups provide representation, support, and community engagement, feeding into our People Panel ensuring all voices are heard, underpinning our wider ambition of building a sustainable business for the long term.

We put specific measures in place to provide opportunities to under-represented groups or those who face barriers to employment, including comprehensive outreach programmes for schools and universities, as well as partnerships with non-profit organisations within our communities. We continue focus on reaching harder to reach groups and people who are underrepresented in our sector by working with charities and schools in the local community to offer career talks and work experience opportunities. Our school outreach programme has over 130 volunteers dedicating over 2,600 hours running activities for employability and life skills in schools, colleges, and universities.

Computacenter is one of the 9 founding members of ‘Technology Community for Racial Equality’ (‘TC4RE’), a group set up to drive racial equality throughout the technology industry, with which we are delivering a half-day virtual event on ‘Enabling Ethnic Diversity’ featuring a series of expert keynotes, live panel discussions and interactive workshops with representation from across the UK technology community.

Furthermore, Computacenter are a silver level partner in the Armed Forces Covenant and has introduced a programme that provides the opportunity to attain a degree and ServiceNow certification whilst receiving full salary for armed forces leavers. This programme is the first of many programmes we intend on running to help ex-forces personal transition back into the workplace and the IT industry.

Equal opportunity

Computacenter is committed to providing equal opportunities to all through fair recruitment practices and employment conditions across our organisation.
We are a Disability Confident ‘Committed’ employer, committed to making lasting changes to our business creating a diverse talent pool. We work with partners through our community outreach, who are specialists in disability. An example is our work with Knightsfield School in Welwyn Garden City, a specialist school for deaf children.  We run at least 3 ‘get work ready’ events with them, as well as offer up to 4 work experience opportunities and onsite visits every year.

For this contract, we will use existing initiatives (as well as others that are in development) to provide career opportunities for individuals from under-represented groups to address requirements for specific skills or roles with a focus on increasing skillsets through the life of the contract. This will include apprenticeships aligned to security and cloud/infrastructure departments, as well as industrial placements and graduate schemes for our ServiceNow Centre of Excellence, with specific focus on delivering cloud-based services to our customers.

Our workforce for services delivered under this framework will have access to existing initiatives aimed at supporting in-work progression and development for those from disadvantaged/minority groups. For example, our gender diversity initiatives include our Growing Together programme, which over 150 women have been through so far, of which over one-third have been promoted or taken a new role within a year following the mentoring and coaching provided.

We are also committed to driving racial equality across our business and the wider technology industry. We are a founding member of ‘Technology Community for Racial Equality’ which recently delivered a half-day virtual event on ‘Enabling Ethnic Diversity’ featuring a series of expert keynotes, live panel discussions and interactive workshops with representation from across the UK technology community.

Wellbeing

We understand how important employee Wellbeing is for a sustainable business model, therefore we are committed to creating a sustainable supply chain. Ensuring the wellbeing of our employees are looked after will positively affect productivity, recruitment, and retention rates.

In November 2021, a designated UK wellbeing manager was appointed and has since launched our wellbeing strategy, which aligns with the Social Value Model and the 6 standards of the Mental Health at Work Commitment, signed in July 2021. We are actively implementing the enhanced mental health standards as recommended through the ‘Thriving at Work’ review, and NICE mental health at work guidelines, as part of our Wellbeing strategy. The strategy encompasses four pillars of wellbeing, mental, physical, financial, and social.  We are a Menopause friendly organisation and have created a support network for those in need.

We have 109 Mental Health First Aid (MHFA) accredited staff in the UK, trained by Mind, who act as Wellbeing Champions providing mental health first aid support and promoting our wellbeing services which those delivering G-Cloud service provisions will have access to. These champions are from every business area and from different seniority. We hold events throughout the year organised by our UK wellbeing manager and Champions, which have included celebrating World Mental Health days, Menopause awareness, financial wellbeing webinars and sponsored events to raise money for our mental health charity partners.

2021 also saw the launch of our new groupwide app-based programme ‘Be Well’ which gives our people access to over 3,000 fitness, nutrition, health and wellbeing courses through Humanoo. Through this app we have launched an extremely popular groupwide step challenge and has encouraged our people to be more active, with over 35% of our workforce now using the app and covering over 1.8bn steps so far.

Pricing

Price
£73.77 a unit
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at government@computacenter.com. Tell them what format you need. It will help if you say what assistive technology you use.