brightsolid online innovation Ltd.

Brightsolid Consult: Controls and Compliance

Brightsolid's Controls and Compliance service helps organisations ensure they have the right mix of security, controls and proactive compliance monitoring capabilities in an increasing complex hybrid cloud world reliant on shared responsibility with the public cloud providers (AWS, Azure, Google, etc ) providing IaaS, PaaS and SaaS services.

Features

• Initial scope to determine and develop appropriate controls
• Brightsolid's Cloud Control Framework designed to evaluate 17 key controls
• Monitor against industry best practice methodologies
• Aligned to ISO 27001, COBIT, NCSC, Center for Information Security
• Aligned to Cloud Security Principles
• Evaluate IAM, Audit Logging & Monitoring, Data Security and more
• Comprehensive Assessment of existing controls
• Detailed reports and findings, including gap analysis and recommended remediations
• Monitoring of and support for, treatment of recommendations raised
• Post-implementation assessments where agreed and appropriate

Benefits

• Targeted and contextualised consulting services aligned to your specific needs
• Tangible defined outcomes and deliverables, agreed at outset of engagement
• Ensures cloud service architecture is compliant with industry best practice
• Delivers a robust control framework enabling demonstrable understanding of risks
• Allows you to evidence the implementation of strong controls
• Identifies security and controls gaps and recommends mitigation and remediation
• Reduces likelihood of incidents and associated reputational damage
• Supports gaining certifications in industry standards such as ISO 27001
• Gives you peace of mind about your critical infrastructure environment

£0 to £1,500 a unit a day

• Education pricing available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at alan.gardiner@brightsolid.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

699587544841820

Contact

Alan Gardiner
07932710727
alan.gardiner@brightsolid.com

Planning

• Planning service: Yes
• How the planning service works: Brightsolid Controls and Compliance services can help you understand - and put a plan around – how IaaS, PaaS and SaaS solutions can be adopted into your hybrid cloud, public cloud (AWS and Azure) and private cloud environments, with the right mix of security, controls, and preventative monitoring.; ; Brightsolid's Cloud Control framework is aligned to industry standards such as ISO27001, Center for Information Security, COBIT, NCSC; Cloud Security Principles and more, and measures against 17 key controls that span Identity and Access Management, Audit Logging & Monitoring, Data Security, Secrets Management, Operating System Patching, Service Delivery, Risk Management and Governance & Oversight.; ; Using a comprehensive assessment of controls; leveraging assessment tools pre and post adding new services helps you to plan for new services, ensuring that they meet with your governance, compliance and security standards
• Planning service works with specific services: No

Training

• Training service provided: No

Setup and migration

• Setup or migration service available: Yes
• How the setup or migration service works: It's critical when migrating services to the cloud or between cloud services that migration doesn’t impact your security posture, especially when it comes to accreditations or certifications (such as ISO 27001) that your organisation may hold. Brightsolid's Controls and Compliance service allows to you assess your posture, pre and post migration ensuring that you can retain, or improve your compliance with industry best practice throughout cloud migration.
• Setup or migration service is for specific cloud services: No

Quality assurance and performance testing

• Quality assurance and performance testing service: No

Security testing

• Security services: Yes
• Security services type:
  • Security strategy
  • Security design
  • Security audit services
  • Other
• Other security services: Development of Cloud Controls and Compliance Framework

Ongoing support

• Ongoing support service: Yes
• Types of service supported:
  • Hosting or software provided by your organisation
  • Hosting or software provided by a third-party organisation
• How the support service works: Brightsolid's Controls and Compliance Service can include regular follow up assessments of your cloud hosting services to ensure these services remain in line with your security needs. This ensures that you services are supported from a compliance perspective for the long term.

Service scope

• Service constraints: Controls and Compliance workshops must be pre-booked in advance and are subject to consultant availability. Brightsolid are based in Scotland and seek to provide a trusted, personal service to customers.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Brightsolid respond to customer questions within 24 hours, Monday to Friday
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Support levels: During the professional service engagement, users will be supported by Brightsolid's named consultant throughout the engagement, with access to wider Brightsolid Service Management capability, including the Brightsolid Service Desk.

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: British Assessment Bureau
• ISO/IEC 27001 accreditation date: 12/12/23
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • ISO22301
  • ISO14001
  • ISO9001

Social Value

• Social Value:

  Social Value

  Tackling economic inequality

  Tackling economic inequality

  Tackling economic inequality; ; We provide a hugely discounted Community Cloud via our two Scottish data centres; Dundee and Aberdeen, to local community-based organisations. Benefits of the service include: ; ; Cost savings and predictable billing for organisations ; ; Significant reduction in energy costs ; ; Cap-Ex free computing Increased agility, and the ability to deliver projects more quickly ; ; The ability to foster and drive innovation ; ; The ability to scale as required, in order to drive economic growth and meet customer needs Improved resource utilisation ; ; Simplified maintenance and lower associated costs ; ; Resiliency and redundancy to provide reassurance around continuity of service ; ; We support Dundee Bairns, a local charity that has provided over 300,000 meals in the past year to the area’s most vulnerable children. We undertake a range of fundraising activities throughout the year and whatever money staff raise is matched by the organisation.

Pricing

• Price: £0 to £1,500 a unit a day
• Discount for educational organisations: Yes

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at alan.gardiner@brightsolid.com. Tell them what format you need. It will help if you say what assistive technology you use.