TIMBREL Information Governance Ltd

Cloud Security Review

Provides organisations with an independent assessment of their current cyber security position and that of their Cloud service provider(s). A Cloud Security Review enables an organisation to understand the risks and opportunities associated with Public/Private/Hybrid Cloud services, to articulate security risk exposure and to develop a proportionate and achievable response.

Features

• Assessment based on NSCS guidance and international security standards
• Includes, SaaS, PaaS, IaaS, RMaaS
• Tailored to meet organisational security, contractual and legal requirements
• Provides workable Cloud entry and exit strategies
• Includes appraisal, analysis, recommendation, implementation
• Promotes understanding for key stakeholders, investors, regulators and customers
• Review of Cloud offerings, associated risks and opportunities
• Assessment against security frameworks such as NCSC and NIST
• Understand geographical and security challenges of data processing and storage
• CNI expertise, public and private sector, utility companies

Benefits

• Cloud Security leadership that aligns with organisational goals
• Key risks are identified and managed appropriately
• Protects key business assets
• Reduces business costs and wasted effort
• Informs key management decisions
• Promotes positive security culture and awareness
• Significantly enhances business resilience
• Enables optimised spending
• Enables compliance with legal, regulatory and contractual security requirements
• Enables compliance, e.g. with ISO27001, NIST, and GDPR.

£450 to £1,650 a unit a day

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at phaylett@timbrelig.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

693127978648478

Contact

Philip Haylett
07789 522237
phaylett@timbrelig.com

Planning

• Planning service: Yes
• How the planning service works: We will appoint a lead consultant to coordinate and undertake a thorough analysis, identifying potential data privacy, security or compliance risks. The lead consultant will collaborate closely with the Customer lead, key stakeholders and relevant teams to identify and implement proportionate security and privacy controls throughout development, migration, and into live services. The lead consultant will liaise throughout with key stakeholders, following using best practice risk assessment and risk management techniques, enabling informed decision making at all times. Director oversight is provided for all contracts and to act as an escalation point if needed.
• Planning service works with specific services: No

Training

• Training service provided: No

Setup and migration

• Setup or migration service available: Yes
• How the setup or migration service works: As with the planning service, we will appoint a lead consultant to coordinate and undertake a thorough analysis, identifying potential data privacy, security or compliance risks. The lead consultant will collaborate closely with the Customer lead, key stakeholders and relevant teams to identify and implement proportionate security and privacy controls throughout development, migration, and into live services. The lead consultant will liaise throughout with key stakeholders, following using best practice risk assessment and risk management techniques, enabling informed decision making at all times. Director oversight is provided for all contracts and to act as an escalation point if needed.
• Setup or migration service is for specific cloud services: No

Quality assurance and performance testing

• Quality assurance and performance testing service: Yes
• How the quality assurance and performance testing works: We thoroughly assess organisations against their legal, regulatory and contractual obligations, as well as industry standards ISO27001, ISO27017 and NIST Cyber Security Framework. We will carry out a gap-analysis based on security good practices and articulate the risks to enable informed management decisions around the implementation and maintenance of secure Cloud services. Our quality assurance processes are designed to enable organisations manage risks effectively, implement proportionate security and privacy controls in line with good security practices, and meet their legal, regulatory and contractual security requirements.

Security testing

• Security services: Yes
• Security services type:
  • Security strategy
  • Security risk management
  • Security design
  • Cyber security consultancy
  • Security testing
  • Security incident management
  • Security audit services
  • Other
• Other security services:
  • Managed Security Operations Centre (SOC)
  • Virtual CISO
  • Virtual DPO
• Certified security testers: Yes
• Security testing certifications: Other
• Other security testing certifications:
  • NSCS Consultancy
  • CPP Certified
  • Certified Information Systems Security Professional (CISSP)
  • Certified Cloud Security Professional (CCSP)
  • Cyber Information Security Manager (CISM)

Ongoing support

• Ongoing support service: Yes
• Types of service supported:
  • Buyer hosting or software
  • Hosting or software provided by a third-party organisation
• How the support service works: We offer ongoing support tailored to an organisation's specific requirements. Our flexibility allows us to adjust support levels to accommodate fluctuations in demand. For instance, enhanced support during transition or roll-out phases, ongoing support relating to compliance with standards or regulations, monitoring, reviewing, reporting and promoting continuous improvement. We will map benefits realisation with ongoing security support. Where needed, our highly skilled consultants will collaborate with client teams to facilitate effective skills and knowledge transfer in pursuit of organisational objectives.

Service scope

• Service constraints: Our service model is flexible with no specific constraints. We will tailor a service package as needed to support the business requirements.

User support

• Email or online ticketing support: No
• Phone support: No
• Web chat support: No
• Support levels: N/A

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • Certified Information System Security Professional (CISSP)
  • Certified Cloud Security Professional (CCSP)
  • Certified Information Security Manager (CISM)

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  We operate flexible working to reduce travel and increase well-being of our staff. We operate as a fully digital, paperless organisation. We encourage and support staff, partners and third party suppliers to adopt environmentally friendly working practices.

  Tackling economic inequality

  We provide employment and training opportunities throughout the United Kingdom.

  Equal opportunity

  We are fully committed to promoting equality, diversity and inclusion through our practices and policies as a business and through delivery of our contracts, for all staff, Customers and third parties, irrespective of age, disability, gender, gender reassignment, marital or civil partnership status, pregnancy or maternity, race including colour, ethnic or national origins and nationality, religion or belief or sexual orientation. We respect an individual’s right to choose whether to belong to a trade union and this will have no bearing on an applicant’s suitability for employment or result in any detrimental treatment when working for us.

  Wellbeing

  We operate a number of initiatives intended to protect the wellbeing of our employees whilst providing them with the support to grow their careers. We encourage all staff to prioritise their health and well-being above anything else and will provide whatever support we can to help individual circumstances as they arise. We discourage long working hours and provide flexibility for staff to work at a location, in a way and at a time that suits individual commitments or interests, such as childcare, caring for others, hobbies, volunteering and charitable work.

Pricing

• Price: £450 to £1,650 a unit a day
• Discount for educational organisations: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at phaylett@timbrelig.com. Tell them what format you need. It will help if you say what assistive technology you use.