Workspace-IT

Vulnerability Management

Workspace IT offers an easy, fully managed vulnerability management service using cloud-hosted Tenable platform.

Features

• Vulnerability Management
• Threat Detection
• Malware
• Security
• Active scanning
• Threat intelligence
• CVSS
• Web-based administration

Benefits

• Vulnerability Detection
• Windows Updates
• Application Updates

£3,000.00 to £10,000.00 a unit

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at dan.ogilvie@workspace-it.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

674475477665089

Contact

Dan Ogilvie
01184320017
dan.ogilvie@workspace-it.com

Service scope

• Service constraints: None
• System requirements: Tenable Nessus licenses

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Same day (or quicker) during UK office hours
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: Chat will connect you to the next available technician
• Web chat accessibility testing: N/a
• Onsite support: Yes, at extra cost
• Support levels: Full support is offered for the duration of the Proof of Concept. Ongoing support post-implementation is discussed on an individual. Standard support is provided during UK office hours.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: The Tenable PoC is fully managed, Workspace IT will drive the tenant provisioning and access for relevant users.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: No user or customer data is stored during the Proof of Concept
• End-of-contract process: At the end of the Proof of Concept the trial Tenable tenant will expire and all accounts used to access it will no longer work.; The internal infrastructure will be left in place for decommissioning, or can be decommissioned (deleted) by Workspace IT no extra cost assuming sufficient permissions are available.

Using the service

• Web browser interface: Yes
• Using the web interface: Tenable has a full web-based management platform.
• Web interface accessibility standard: None or don’t know
• How the web interface is accessible: https://tenable.com
• Web interface accessibility testing: Managed in the cloud and powered by Nessus technology, Tenable Vulnerability Management provides the industry's most comprehensive vulnerability coverage with the ability to predict which security issues to remediate first. Available as a stand-alone solution or as part of Tenable One, you get complete end-to-end vulnerability management.
• API: Yes
• What users can and can't do using the API: API Explorer provides complete reference documentation for all available Vulnerability Management, Web App Scanning, Identity Exposure, Cloud Security, Container Security, PCI ASV, Attack Surface Management, MSSP, and Downloads API endpoints based on OpenAPI 3 (formerly known as Swagger) specification. You can try most of the API calls out of the box.
• API automation tools:
  • Ansible
  • Chef
  • OpenStack
  • SaltStack
  • Terraform
  • Puppet
• API documentation: Yes
• API documentation formats: HTML
• Command line interface: No

Scaling

• Scaling available: Yes
• Scaling type: Automatic
• Independence of resources: The platform is managed by the vendor to scale as capacity is required.
• Usage notifications: No

Analytics

• Infrastructure or application metrics: No

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Tenable

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: Never
• Protecting data at rest: Other
• Other data at rest protection approach: N/a the service does not touch client data
• Data sanitisation process: No
• Equipment disposal approach: In-house destruction process

Backup and recovery

• Backup and recovery: No

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: Other
• Other protection within supplier network: N/a - our network is not required for the service

Availability and resilience

• Guaranteed availability: Tenable has the industry’s first uptime guarantee of 99.95% to ensure your service is always on. Tenable implements and enforces measures to ensure that Tenable services are highly available, guarded against attacks or simple faults and outages and always usable.
• Approach to resilience: Tenables uses the AWS platform and other leading technologies to ensure high availability. Using fault tolerant and redundant components, Tenable ensures you get the best possible service with minimal downtime.
• Outage reporting: https://status.tenable.com/

Identity and authentication

• User authentication: 2-factor authentication
• Access restrictions in management interfaces and support channels: Citrix Cloud services fully supports two-factor authentication.
• Access restriction testing frequency: At least every 6 months
• Management access authentication: 2-factor authentication
• Devices users manage the service through: Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: Between 1 month and 6 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: Between 1 month and 6 months
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: Workspace IT take security, integrity and compliance very seriously. We have several customers whose business operates in a secure environment and are used to complying with the strictest of rules. We are happy to adhere to standards or compliancy stipulations that the client requires.; All of Workspace IT consultants are UK based and qualified to work in the UK.; ; All Workspace IT employees and contractors are checked at the commencement of their employment against BPSS to verify their identity, employment history, right to work and criminal record.
• Information security policies and processes: Workspace IT take security, integrity and compliance very seriously. We have defined internal policies for information and data security which are available on request.; Note - this service does not require access to any customer data.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Workspace IT has templates for change management for all the processes required for the service. These are applied to the clients own change management systems and processes.
• Vulnerability management type: Undisclosed
• Vulnerability management approach: We are not a security company, however we are very aware of our place in identify threat and taking action. Workspace IT constantly monitors a number of security feed from organizations such as CISA.
• Protective monitoring type: Undisclosed
• Protective monitoring approach: - monitor news feeds for security incidents e.g. CISA; - Regularly update Windows and key applications; - Critical vulnerabilities are assessed the same day and fix or patch issued for deployment as quickly as is practical
• Incident management type: Undisclosed
• Incident management approach: We have an online reporting tool via our website. Customers are provided a monthly report detailing incidents logged.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: No

Energy efficiency

• Energy-efficient datacentres: No

Social Value

• Social Value:

  Social Value

  Fighting climate change

  Fighting climate change

  Workspace IT are proud signatories to Techie Go Green - https://www.techiesgogreen.com/. The environmental impact of IT is at the heart of every piece of work that we undertake and we will always engage with our customers to try an reduce the impact of IT transformation on the environment.

Pricing

• Price: £3,000.00 to £10,000.00 a unit
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at dan.ogilvie@workspace-it.com. Tell them what format you need. It will help if you say what assistive technology you use.