Frazer-Nash Consultancy

Cyber Security Vulnerability Management & VPN

Frazer-Nash provides a range of Cyber-Security products, including:
NordLayer, which provides Virtual Private Networking and protects against malware and data loss on IOS, Mac OS, Windows and Android mobile Devices.
Protects devices against malware and phishing
Prevents data loss via stolen devices and Wi-Fi snooping
Third-party MDM support available

Features

• ThreatBlock: Protects your users and devices from malware, ransomware, viruses
• Auto-Connect to a VPN-server once an internet connection is detected
• NordLynx (WireGuard) Increased performance benefits without compromising your privacy.
• Link Checker Machine Learning Model to recognize zero-day phishing
• Customer Support 24/7 customer support team and live chat.
• AES 256-bit Encryption
• Link Checker monitors third-party sources for malicious websites
• Management Reporting, Multi-Layered Network Security
• Multi-factor authentication (2FA), single-sign-on (SSO), biometric authentication.
• Multiple Global servers for protection of users around the world

Benefits

• Reduce the risk of attack by improving the security posture
• Full encrypted data communications when outside of the UK
• 14+ Years of operation with extensive library of malware information
• Protection from malicious email data if viewed in browser only
• Protection from malicious web site
• Protection against advertising sites
• Encrypted VPN stops man in the middle attacks
• Speeds up web browsing
• Management Service greatly reduces customer administration
• Reduces customer cost due to service management efficiency

£54.22 to £193.82 a licence

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ccs@fnc.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

693270709839677

Contact

Andy Spears / Vicky Hannigan
01925404000
ccs@fnc.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: We will always ensure our services remain safe, legal, ethical, and within our competencies - however we have no other specific service constraints.
• System requirements:
  • An internet connection will be required to download antivirus definitions
  • Download the Protection application from relevant store

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Within 6 hours
• User can manage status and priority of support tickets: No
• Phone support: No
• Web chat support: No
• Onsite support: No
• Support levels: 1st /2nd line support ; Cost included ; Initial response and escalation where required
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Frazer-Nash is a Nord Security Partner with a proven track record of deploying Cyber-Security products into Central & Local Government, Education, 3rd Sector and Private sector.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Both during the contract and after the end of contract, the customers may request a copy of the licence usage report for the previous periods.
• End-of-contract process: Deliberate end of contract. NordLayer is a subscription based service, which can only be legally used when in contract. If the subscription is not renewed (automatically or manually), the service is suspended.; ; Accidental end of contract. If a renewal was missed but the service is still needed, the customer should immediately contact its account manager to discuss renewal options. If renewed within 7 days, the customer may receive the same dedicated server. Otherwise, a new dedicated server will have to be assigned and re-configured. NordLayer sends multiple renewal reminders before the subscription expires.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The NordLayer client can be deployed and used on both Desktop and Mobile devices.; Link to Downloads page: https://nordlayer.com/download/; These NordLayer features: Always On VPN and Browser Extension are only available on Desktop devices.; Additionally, the NordLayer client may have slightly different settings available for each Operating system, based on platform limitations.
• Service interface: No
• User support accessibility: None or don’t know
• API: No
• Customisation available: No

Scaling

• Independence of resources: Quick and easy to integrate with existing infrastructure, hardware-free, and designed with ease of scale in mind. Intuitive user management system, therefore, scaling up is very easy to perform.

Analytics

• Service usage metrics: Yes
• Metrics types: The Activity section of the Control Panel showcases two types of activity information categories:; (1) user actions activity and (2) connection activity information.; Here you can see which gateways and devices organization members connect to and review all Control Panel actions you or designated organization admins make on the system.; Activity monitoring allows admins to react if someone from the organization breaches company security requirements quickly. It also collects helpful information for Security Compliance audits.; You can extract the last 60-day worth of reports despite your subscription plan, there is an option to download these reports in a CSV file.
• Reporting types:
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: Nord Security

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest: Other
• Other data at rest protection approach: Encrypted using AES-256
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Exporting Connections and Actions activity from CP of the last 60 days.
• Data export formats: CSV
• Data import formats: Other
• Other data import formats: Text-based when inviting new members in bulk

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Other
• Other protection between networks: TLS 1.3, TLS 1.2 and/or AES 256-bit encryption. ; ; All the traffic of our information is through VPN.
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: TLS 1.3, TLS 1.2 and/or AES 256-bit encryption.; ; All the traffic of our information is through VPN.

Availability and resilience

• Guaranteed availability: Backup data stored in minimum two sources, therefore if one source is not available, we would rely and backup data from secondary source. Cloud based solutions also add additional layer of data integrity.
• Approach to resilience: Available upon request
• Outage reporting: Information about scheduled maintenance is reported by email beforehand. Outage reporting: https://status.nordlayer.com/

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
  • Other
• Other user authentication: Biometrical verification
• Access restrictions in management interfaces and support channels: Admins get pre-defined roles that grant them access to admin control panel, allowing them to see restricted data and make changes.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Username or password
  • Other
• Description of management access authentication: Additional identification measures when additional support actions needed

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: Between 1 month and 6 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Between 1 month and 6 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Lloyd's Register Quality Assurance Limited
• ISO/IEC 27001 accreditation date: 30/11/2015
• What the ISO/IEC 27001 doesn’t cover: There are no exclusions
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • SOC 2 Type 2
  • HIPAA

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: SOC 2 Type 2 certified; HIPAA compliant
• Information security policies and processes: Nord Security has implemented an Information Security Management System in accordance with ISO/IEC 27001, HIPAA, SOC 2 and GDPR.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: In Nord Security change management is described in Change Management Policy. This document establishes procedures for managing changes to critical information assets, including documentation, risk assessment, testing, approval, communication, implementation, rollback planning, documentation maintenance, business continuity alignment, emergency changes, monitoring, information confidentiality, and patch management.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: In Nord Security vulnerability scan results are reviewed after scan by responsible employees for patching and biweekly monitored by board Members. Most of the patching is done automatically but some are addressed manually, like upgrading server versions.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: All of our endpoints and systems are monitored. We also have a dedicated SOC team which is responsible for monitoring and reviewing information security / privacy events and managing incidents in Nord Security
• Incident management type: Supplier-defined controls
• Incident management approach: We have an Information Security Incident Response Standard based on best practices. ; The actions, roles, responsibilities, and metrics to respond in the occurrence of an incident are outlined in the Information Security Incident Response Process. The Process includes Detection & Analysis; Containment, Eradication & Notification; Recovery & Post Mortem Analysis.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  How we will reduce environmental impacts. Our business is ISO14001 accredited, in addition we have recently produced and published our Carbon Reduction Plan which underpins our commitment to achieve Net Zero by 2050. This runs in tandem to our existing commitment to the Science Based Targets initiative (SBTi) who approved our near and long-term science based emissions reduction targets in December 2023: ; - Our approved targets include reducing absolute scope 1 and 2 GHG emissions 90% by 2030 from a 2022 base year and also reducing absolute cope 3 GHG emissions 50% within the same timeframe.; - For our 2040 commitment we will maintain at least 90% absolute scope 1 and 2 GHG emissions reductions from 2030 through 2040 and commit to reduce absolute scope 3 GHG emissions 90% by 2040 from a 2022 base year.; ; Throughout contract delivery our objectives are:; ; • To raise awareness on environmental issues internally and work to reduce our carbon footprint by considering environmental impacts in all we do.; • To comply with the law, relevant standards, client requirements and best practice to minimise our environmental impacts as far as reasonably practical.; • To ensure our EMS is continually improved and meets and exceeds stakeholder expectations. ; • To provide processes, training and mentoring (where needed) to enable the technical delivery of solutions to our clients with minimal environmental impacts.

  Covid-19 recovery

  Creating employment, re-training and return to work opportunities for those left unemployed by COVID-19 (MAC 1.1).; Throughout the global pandemic we have continued to offer employment opportunities to both graduates and to those whose livelihoods have been affected by COVID and who wish to work in the engineering and technology sector. Over the course of the last year, we recruited 177 (Jan - Dec 21) individuals, of whom 45 were graduates. We expect to recruit a further 200 full time staff over the course of this FY (143 perm / 168 including placements already accepted and due to start) with a target of 51 graduates, 16 summer students and 9 year in industry placements.; ; Supporting organisations and businesses to manage and recover from the impacts of COVID-19 (MAC 1.2).; Under the ‘Business Heroes’ scheme, we are one of three companies sponsoring membership of Devon & Plymouth Chamber of Commerce. Through this scheme we fund the membership of Social Enterprises operating to the benefit of communities right across the county of Devon. ; ; Improving workplace conditions that support the COVID-19 recovery effort (MAC 1.5); In response to Covid-19, our business moved swiftly to remote working, providing industry-leading tools to aid communication and collaboration during this period. We continue to engage with colleagues at all levels of the business through both informal channels like team meetings and more formal mechanisms such as employee surveys in order to gauge what support is needed to create a safe and enjoyable workplace that is sustainable and will support the COVID-19 recovery effort.

  Tackling economic inequality

  Create diverse supply chains (MAC 3.1); We believe diverse supply chains hold the key, not only to promoting innovation and value, but also flexibility and resilience within our supply chain. A significant number of our approved suppliers are SMEs. As the Prime Contractor for the MoD’s ‘Serapis’ Lot 6 we have helped Dstl reach new suppliers, small and medium-sized enterprises and academia.; ; Support to innovation and disruptive technologies (MAC 3.2); We have extensive experience of supporting innovation in our supply chain and pride ourselves on our track record of collaboration with SMEs and Academia, working at the cutting edge of technology. ; As a supplier to the Government Office for Science’s ‘Futures Framework’ we regularly collaborate with academia and SMEs to help public sector clients identify and capitalise upon opportunities presented by innovative and disruptive technology.; ; Identify and manage cyber security risks in the delivery of the contract and the supply chain (MAC 3.5); We are a Cyber Essentials Plus (CE+) accredited organisation; we actively work with our suppliers to ensure they either have, or are working towards, CE as a minimum. Currently 50% of our Supply Chain hold a valid CE certificate. For those suppliers who don't hold CE, we offer advice and support to help them build cyber resilience into their business.; ; Our team of over 60 dedicate Cyber and Security professionals can help you understand, mitigate and manage potential cyber risks associated with this contract and to drive cyber resilience in your supply chain.; ; On behalf of Dstl, we undertook an extensive research study on improving the resilience of organisations to cyber-attacks from a people and process perspective. We would be delighted to share the findings and the resultant ‘PREPARE’ model with you and your wider Supply Chain in raise Cyber Awareness throughout the duration of this contract.

  Equal opportunity

  We conduct regular Equality & Diversity surveys of our organisation to understand exactly how we are doing against our diversity targets. Alongside this, through our Health and Safety processes, we conduct an annual survey of our staff to understand any challenges they might be facing and what changes we can make to our infrastructure, processes and tools that will ensure an inclusive and accessible working environment for all our employees. To deliver on our commitment to Equal Opportunity we offer:; • Inclusive and Accessible recruitment. All our recruitment literature carries a clear pledge to adapt any part of our process as necessary to ensure that our recruitment and retention practices are inclusive, accessible and meet the needs of those with a disability. ; • Working conditions that promotes retention and progression. We are a ‘Time to Change’ employer, committed to treating physical and mental illness on an equal footing. We use a professional Occupational Health provider to advise us on adaptations we can make to our business to meet the needs of colleagues with disabilities. We also support our staff through corporate membership of a private healthcare scheme in recognition of the fact that most disabilities are acquired through an individual’s working life. ; • Equal Pay and Progression. Our HR team conduct regular equal pay audits and review promotion across the business unit to ensure we are meeting our commitment to equal pay and progression.; • In-work progression and the development of skills – To support the development of digital skills in our business, we have committed to an investment of £1.5m over the course of this Financial Year. For staff members with disabilities, we will engage specialist service providers to tailor the learning package to the specific needs of that individual’s disabilities.

  Wellbeing

  Support health and wellbeing in the workforce (MAC 7.1); We are committed to supporting the wellbeing of our staff. In addition to the private healthcare cover available to all our employees (and their dependents if they so choose) we are signatories to the Time to Change Pledge which demonstrates our commitment to mental health. ; ; We are rolling out mental health awareness and training across the business. We have also put in place a number of mental health ‘champions’ to provide a network of support available to all. As a result, we are better able to monitor our staff wellbeing and have seen minimal disruption to our ability to deliver our projects.; ; Our wellbeing strategy focuses on 5 pillars of wellbeing:; ; • Physical - Making healthy lifestyle choices that help you have the energy for work and life.; • Financial - Knowing when your money is coming in and going out and being prepared for current and future financial obligations.; • Emotional - Coping with normal stresses, handling life’s ups and downs and realising your potential. Additionally, as a ‘Time to Change’ employer we treat mental and physical health issues with parity, actively supporting and engaging in discussions around mental health.; • Social - Engaging in meaningful relationships and connections with individuals and the community.; • Personal - Having a sense of accomplishment and achievement in your home and work life

Pricing

• Price: £54.22 to £193.82 a licence
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ccs@fnc.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.