ADROIT CLOUD CONSULTING LIMITED

Development Security Operations DevSecOps Service

Adroit’s Cloud-based, DevSecOps services integrate continuous security into DevOps workflows, leveraging expertise in digital transformation. We provide advisory, service design, maturity assessments, and implementation, aimed at reducing cyber threats and mitigating risks. Our approach enhances security posture within standard DevOps practices, ensuring robust protection against digital vulnerabilities.

Features

• DevSecOps assessments align with ITIL 4 and Prince 2 frameworks
• Security-by-design principles meet GDS and NCSC cybersecurity standards.
• Agile methodology empowers experienced DevSecOps professionals' rapid deployment.
• Cloud-agnostic & Kubernetes solutions support Public, Private, Hybrid, on-premise clouds.
• Ensures ISO-27001, Cyber Essentials, PCI DSS compliance in all designs.
• Maturity recommendations guided by OWASP Top 10 for security.
• Training emphasises WCAG 2.1 for accessible, user-centric services.
• Supports UK Digital Strategy with cloud-first approach in solutions.
• Utilises GOV.UK Digital Service Platform tools for seamless integration.
• Advocates GDPR/ICO standards in protecting citizen data integrity.

Benefits

• Secures Kubernetes environments, enhancing container orchestration security.
• Implements network policies for secure software-defined networking in clusters.
• Automates vulnerability scanning in codebases and containers for early detection.
• Ensures cloud posture management aligns with DevSecOps security standards.
• Applies OWASP Top 10 strategies to safeguard containerised applications.
• Utilises encryption and secret management for data protection in-transit, at-rest.
• GDPR compliance in handling and processing data within CI/CD pipelines.
• Adopts ISO-27001 principles for comprehensive information security management.
• Integrates continuous monitoring tools for real-time security threat detection.
• Encourages Agile practice adoption in developing secure, scalable DevOps solutions.

£270 to £2,200 a unit a day

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at business@adroitcc.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

684449012762537

Contact

Pav Khural
07732808155
business@adroitcc.co.uk

Planning

• Planning service: Yes
• How the planning service works: Adroit's planning service for our Development Security Operations (DevSecOps) Service is structured to incorporate continuous security within your DevOps workflows. Our service commences with a DevSecOps maturity assessment, identifying your current security processes and areas for improvement. Through strategic development workshops, we align DevSecOps initiatives with your goals, ensuring security is integrated throughout the development lifecycle.; Our planning process includes:; Tailoring security-by-design principles for full delivery lifecycle coverage, adaptable to Public, Private, Hybrid, and on-premise clouds.; Leveraging our team of experienced DevSecOps professionals to devise bespoke design, automation, tooling, process, and governance services.; Compliance with leading standards such as ISO-27001, Cyber Essentials, and NCSC, reinforces your security posture against evolving threats.; Developing a detailed strategy for DevSecOps maturity enhancement, coupled with targeted training to build your internal capabilities.; This strategic approach not only minimises security risks but also embeds a robust DevSecOps culture within your teams. By accelerating agile transformation with secure delivery tools and implementing continuous monitoring, we optimise your delivery pace and service quality, ensuring your operations are equipped to match evolving cyber threats effectively. Our cloud-agnostic solutions guarantee flexibility, allowing for tailored security practices that support your specific operational needs.
• Planning service works with specific services: No

Training

• Training service provided: Yes
• How the training service works: Adroit's training service for our Development Security Operations (DevSecOps) Service leaves organisations the knowledge and skills to implement and sustain a robust DevSecOps culture. Our focus is on 'Train the Trainer' methodology, ensuring your team gains not only direct expertise but also becomes capable of distributing this knowledge internally.; Training includes: ; Core principles of DevSecOps, integrating security seamlessly into DevOps practices.; Security-by-design strategies for the entire development lifecycle, applicable across cloud environments.; Compliance standards, including ISO-27001, Cyber Essentials, and NCSC, ensure your projects adhere to stringent security protocols.; Practical sessions on design, automation, tooling, process optimisation, and governance within a DevSecOps framework.; Techniques for conducting DevSecOps maturity assessments, with strategies for continuous improvement.; Hands-on workshops focusing on the implementation and management of secure CI/CD pipelines.; Our programme is designed to facilitate accelerated internal capability building, with a special emphasis on mentoring and knowledge transfer. Team will be qquiped with the knowledge to run a secure, efficient, and compliant development process, using DevSecOps best practices. This ensures long-term sustainability and adaptability to evolving security threats.
• Training is tied to specific services: No

Setup and migration

• Setup or migration service available: Yes
• How the setup or migration service works: Adroit's setup and migration service for Development Security Operations (DevSecOps) streamlines the integration of continuous security into DevOps workflows. Our service focuses on:; Creating a migration plan that embeds DevSecOps principles into existing operations, suitable for various cloud environments.; Advising on security-by-design across the development lifecycle.; Utilising our digital transformation expertise for strategic implementation, enhancing your security posture.; Performing DevSecOps maturity assessments to identify improvement areas.; Implementing necessary design, automation, tooling, process, and governance improvements, complying with ISO-27001, Cyber Essentials, and NCSC standards.; Conducting training to build your team's DevSecOps capabilities.; Our efficient approach ensures a smooth transition to a secure, compliant DevSecOps environment, tailored to your specific organisational needs.
• Setup or migration service is for specific cloud services: No

Quality assurance and performance testing

• Quality assurance and performance testing service: Yes
• How the quality assurance and performance testing works: Our quality assurance and performance testing services are embedded from project initiation, ensuring a comprehensive examination across functional and non-functional requirements. We employ a blend of manual and automated testing techniques, providing robust quality assurance and performance assessments throughout the software development lifecycle. Our agile testing strategy integrates seamlessly with DevOps practices, including Continuous Integration/Continuous Delivery/Deployment (CI/CD), establishing an efficient and streamlined software delivery pipeline.; ; Expert QA and performance testers are actively involved from the early stages—planning, design, and implementation—adhering to GDS standards. This proactive involvement facilitates the early detection and resolution of potential quality issues, effectively minimising defects to zero within sprint cycles and enhancing overall software integrity. Our approach not only ensures the delivery of high-quality software solutions but also accelerates time to launch, reduces project risks, and improves stakeholder satisfaction by aligning product outcomes with the organisations' objectives and user expectations.

Security testing

• Security services: Yes
• Security services type:
  • Security strategy
  • Security risk management
  • Security design
  • Cyber security consultancy
  • Security testing
  • Security incident management
  • Security audit services
• Certified security testers: Yes
• Security testing certifications:
  • GBEST
  • CHECK
  • CREST
  • Tigerscheme
  • Cyber Scheme

Ongoing support

• Ongoing support service: Yes
• Types of service supported:
  • Buyer hosting or software
  • Hosting or software provided by your organisation
  • Hosting or software provided by a third-party organisation
• How the support service works: We deliver tailored solutions to help you design, implement, and manage your hosting or software services. Our offerings are adaptable to meet your specific requirements and budgets, ranging from full outsourcing to supplementing your current teams.; ; For organisations wishing to build their own in-house capabilities, we provide comprehensive support. This includes sourcing skilled professionals, from apprentices to seasoned experts, and equipping them with the necessary training to independently manage and maintain your services.; ; Our support operates around the clock, 365 days a year, ensuring reliable service at all times. We also offer proactive monitoring and alerting systems, which can be integrated with your existing tools or provided through our own solutions.; ; Additionally, we provide access to a diverse pool of talent, whether local, nearshore, or offshore, ensuring you have the right expertise to meet your operational needs.; ; Whether you require continuous support or assistance in establishing a self-sufficient team, we work closely with you to ensure your strategy is achieved effectively and efficiently.

Service scope

• Service constraints: None apply, not applicable

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Within 1-hour and response times are not different at weekends.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AAA
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Support levels: Adroit offers comprehensive support for our Development Security Operations (DevSecOps) Service, ensuring organisations benefit from continuous expert assistance. Our support structure is designed to provide immediate and effective solutions to any challenges that arise in integrating security with DevOps processes.; ; Support Service includes:; ; A 24/7 support rota, guaranteeing around-the-clock assistance for urgent DevSecOps issues.; Direct access to support via email and phone, facilitating quick resolutions.; Expert advice on implementing security-by-design principles within DevOps workflows across cloud environments, including Azure, AWS, and Google Cloud.; Guidance on designing, automating, and optimising DevSecOps processes and tooling, adhering to ISO-27001, Cyber Essentials, and NCSC standards.; Strategies for embedding a robust DevSecOps culture within teams, enhancing the security posture and compliance.; Support for DevSecOps maturity assessments and strategic development to continuously improve security practices.; Our ITIL 4 compliant support ensures your DevSecOps initiatives are backed by seasoned professionals, offering bespoke assistance tailored to your organisational needs. This ensures not just the resolution of immediate issues but also strategic guidance to foster a secure, efficient, and agile development environment.

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: British Standards Institute
• ISO/IEC 27001 accreditation date: 09/02/2024
• What the ISO/IEC 27001 doesn’t cover: Nothing
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  We encourage ethical and fair-trade purchasing and sustainable and carbon-reduction elements in our purchasing strategy. Our stated policy objective is to meet our Net Zero carbon targets while achieving our wider Social Value priorities. We have; ; Developed a circular economy model approach to our procurement strategy, environmental policy, and prevention strategies.; Ensured sustainability is considered in all purchases ; We operate a water consumption and management system that closely monitors water usage and compares performance with published targets. ; Regularly reviewed opportunities for reduction of mains water consumption. ; Installed water-efficient fittings and technology ; Reduced water consumption by 25% in 2023 and 3 m3/person/year for offices. ; To ensure new development, upgrades, and refurbishments are carried out to policies, and specifications. We apply independent environmental assessment methods to new developments. Our Waste Prevention Programme focuses on the top of the waste hierarchy, which means increasing the reuse, repair, re-manufacture, and use of industrial by-products. We monitor greenhouse gas emissions. We are committed to achieving Net Zero by 2050. ; REDUCING CARBON EMISSIONS; Remote Working: By facilitating remote and hybrid working, we actively reduce our carbon footprint by minimising commuting and business travel. This has the dual benefit of enhancing work-life balance and reducing emissions associated with transport.; Minimising Business Travel: we limit in-person meetings and opt for virtual communication tools; reducing the need for travel and associated carbon emissions.; Green Transport Initiatives: We cycle to stations for public transport wherever possible, further decreasing carbon emissions linked with car usage. We are also replacing our existing hybrid company vehicles with fully electric models to lower our emissions further.; Carbon Offsetting: We work with partners, where we plant trees locally. For each tree planted, a tonne of carbon is saved through supporting internationally verified carbon reduction projects.

  Covid-19 recovery

  Enhancing workplace conditions to support COVID-19 recovery required a comprehensive effort. Adroit implemented the following measures to safeguard the well-being of all engaged parties and the local community in order to contribute to broader recovery efforts:; Remote Working: We facilitated and promoted remote working options wherever feasible; Employee Support and Communication: Regular updates on COVID-19 developments, safety measures, and resources were communicated transparently to our employees and subcontractors; Mental Health Support: Adroit places a strong emphasis on fostering a positive and collaborative work environment. Through regular check-ins and an empathetic management approach, we maintain a healthy work-life balance and emotional wellbeing for all our team members. Employee mental wellness is integral to us.; Adroit is a workplace that fosters a culture of safety, flexibility, and employee well-being. Our commitment to improving workplace conditions contributes to the broader COVID-19 recovery effort and helps us emerge stronger as a united and resilient workforce.

  Equal opportunity

  As a digital transformation consultancy, a core focus is on creating equal employment opportunities for individuals facing barriers to employment and those located in deprived areas.; We are committed to promoting diversity and inclusivity by providing equal opportunities to all candidates based on their skills and potential. We actively seek talent from disadvantaged communities to contribute to their economic growth. Our dedication to creating meaningful employment opportunities drives our mission to positively impact and foster a diverse and inclusive work environment.; To demonstrate our dedication to this goal, we have implemented several actions:; Regular Audits: We conduct regular audits of our workforce to identify disparities in employment opportunities, skills development, and pay. These audits help us understand the areas that need improvement and ensure transparency in our practices.; Equal Pay Policy: Our equal pay ensures that all workers receive fair and equitable compensation for their work regardless of their contract status.; Skill Enhancement Programmes: We offer skill enhancement programmes to all employees, providing them with opportunities to develop and grow professionally. By investing in their skills, we aim to level the playing field and empower them for future career advancement.; Diversity and Inclusion Training: We conduct training sessions for our workforce to promote diversity and inclusion. These sessions raise awareness about fairness and respect, fostering a culture that values diversity.; Regular Feedback Mechanisms: We encourage open communication and feedback from our subcontractors. This helps us identify and address any concerns or issues related to inequality promptly.; We are dedicated to creating an inclusive and supportive work environment where all employees, regardless of their contractual status, have equal opportunities to thrive and succeed.

  Wellbeing

  We have identified the needs of our workforce and local communities, worked with health professionals (also using our Occupational Health service providers) and workforce representatives/community leaders, conducted surveys, held focus groups, and talked to community leaders to provide our Care well-being Support Programme, supporting the Mental Health at Work Plan: our volunteers and certified partner organisation provide health and wellbeing support for our temporary workers, internal staff and local communities; ; Mental health Wellbeing & Floor Walking / Desk-Side Mental Health First Aider (pastoral support for disadvantaged groups; helping to reduce stigma surrounding mental health conditions); Healthy living ; Financial and legal well-being and Fair Work Planning; 24/7 GP consultation ; Smoking cessation ; Mental & physical health support & confidential helpline, especially during Covid-19 remote working/recovery ; Burnout prevention ; Life events counselling ; Team Coach (confidential work-based safe environment coaching support) ; Get fit programme, healthy eating at home ; Diet support/Healthy diet at work ; Financial/Legal guidance ; The programme is monitored quarterly to take feedback from participants to help us drive improvements. We especially focus on the feedback from individuals with mental health problems. Our internal volunteers are professionally trained to deliver mentoring and support. ; We work with local community organisations such as The Rainbow Project, Action Mental Health and Inspire Wellbeing, who provide support and resources to support underrepresented communities.; We work with Cancer Pledge which aims to abolish the stigma and insecurity that exist for people with cancer in the workplace. They stand together to provide a more open, supportive, and recovery-forward culture at work for all. We recently joined the pledge, in our continuous commitment to be inclusive and to create a supportive environment for our employees and candidates. We are committed to continuously raising awareness and creating specific policies and programs, to accommodate specific needs of cancer patients and caregivers in the workplace.

Pricing

• Price: £270 to £2,200 a unit a day
• Discount for educational organisations: Yes

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at business@adroitcc.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.