Naimuri

DevSecOps/Secure Cloud Software Development

We are data exploitation, national security and law enforcement experts who leverage public cloud through DevSecOps services. We operate from a List X facility. We help clients move from legacy ways of working, to secure, automated and DevSecOps enabled capabilities for cloud access and development. We create accredited DevSecOps environments.

Features

• Assessment & implementation of public cloud features and benefits
• Cloud migration, heritage applications to cloud. Product and Technology Selection
• DevSecOps (GDS Alpha, Beta to Live) and DevOps Service Definition
• Security Consultancy - Software Development - Open Source Intelligence OSINT
• Data engineering, rapid innovation sprints and PoCs
• Agile delivery methods. Deploy services rapidly, providing value at pace
• Data intelligence search capability utilising DevSecOps Elasticsearch expertise (Elastic partner)
• Secure by design - RBAC/IAM deployment and integration across services
• Full end to end Data intelligence lifecycle services
• Service Support integrated with ITL systems ensuring reliability and resilience

Benefits

• Improved operational efficiency through use of public cloud
• Increased automation of development reducing errors
• Expert knowledge and experience of cloud offering and workings
• Accelerated discovery, pilots and innovation
• Improved collaboration and data insights through cloud based solutions
• Agile adoption and best-practice through coaching and client support
• Integrated applications across operational, policy and technology landscape
• Secure by design utilising DevSecOps and Cloud Architecture best practices
• Improved client ability & resilience post engagement through Knowledge Transfer
• Operational benefits and reduced risk through user-led feedback & engagement

£302.10 to £1,396.02 a user a day

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at business@naimuri.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

700024638009312

Contact

Rob Steadman
07393631316
business@naimuri.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Hybrid cloud
• Service constraints: NA
• System requirements: NA

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Monday - Friday; 0900 - 1700 ; response times can be agreed upon request
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Contract dependent
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Collaboration and agile delivery methods
• Service documentation: No
• End-of-contract data extraction: Contract dependent
• End-of-contract process: Time and Materials contract

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: Yes
• What users can and can't do using the API: Naimuris API's are created bespoke for our customers needs. We develop features based on your functional and non-functional needs.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: We provide an agile delivery capability that can be developed in line with our customer's ways of working. Our approach to providing support is based on the needs of the customer. We use the SRE (Site Reliability Engineering) Approach to maximise our support and development activities. Beyond this, we will aim to deliver a support service that fits the needs of the customer - This can include in person, telephone, email or web support.

Scaling

• Independence of resources: This is a software delivery service - the users will have a Time and Materials contract guaranteeing access to our service 'the people'

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Other
• Other data at rest protection approach: Bespoke services for our customers can be developed that will address customer's key challenges
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Contract dependent - we can develop bespoke services to suit the customer
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • JSON
  • XML
  • Parquet
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • JSON
  • XML
  • Parquet

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Contract dependent
• Approach to resilience: Contract dependent
• Outage reporting: Contract dependent

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
• Other user authentication: Single Sign On
• Access restrictions in management interfaces and support channels: Contract dependent
• Access restriction testing frequency: At least once a year
• Management access authentication: Other
• Description of management access authentication: Contract dependent - we support the following: ; * 2-factor authentication; * Public key authentication (including by TLS client certificate); * Identity federation with existing provider (for example Google apps); * Limited access over government network (for example PSN); * Dedicated link (for example VPN or bonded fibre); * Username or password; * Other

Audit information for users

• Access to user activity audit information: You control when users can access audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: You control when users can access audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Citation ISO Certification
• ISO/IEC 27001 accreditation date: 10/06/2023
• What the ISO/IEC 27001 doesn’t cover: Solutions and or technologies not owned by Naimuri. When staff utilise IT systems belonging to clients, partners, or associates, their actions and the information related to both the staff and Naimuri still apply. They must still follow Naimuri’s baseline security standards, even though the IT assets themselves are not directly owned or managed by Naimuri but by another entity.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Contract dependent and:; ; SPF (Security Protective Framework),; HMG Information Assurance Standards (IS1, etc.); ,OWASP; ,10 Steps to Cybersecurity; ,EUD Security Principles; ,Cloud Security Principles; , Different types of accreditation/certification, i.e. ISO27001, Cyber Essentials, etc

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Contract dependent to meet customer requirements
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Contract dependent to meet customer requirements, including Cyber Essentials & ISO27001, IT Health Checks supported by various threat intelligence reports.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Contract dependent - platform specific requirements and tools for the management approach.
• Incident management type: Supplier-defined controls
• Incident management approach: Contract dependent, both customer defined and Naimuri incident management processes followed

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Naimuri has an Environmental Impact Power Group responsible for coordinating the firm wide approach to sustainability and environmental impact.; Key approaches include:; Set up recording and monitoring of our Scope 1, 2 and 3 carbon emissions.; Created a carbon reduction plan - committed to achieving Net Zero emissions by 2050 or sooner.; We are establishing carbon literacy workshops for colleagues and partners to improve understanding and encourage more sustainable operations and behaviours.; Engaging with other customers and suppliers to look into more sustainable upstream and downstream results.

  Equal opportunity

  At Naimuri we actively promote a diverse and inclusive environment. We have partnerships with Manchester Digital (promoting women in IT), Coding Black Females, NorthCoders (An IT Bootcamp for people who are cross training or reskilling), and other initiatives.; ; We actively seek to recruit people from various backgrounds to build diversity in our teams, making sure we don’t just recruit degree qualified individuals. Each year we take on Apprenticeships, Graduates and early careers (people swapping careers or returning to work), and invest in their growth and progression thorough our early careers progression framework.; ; Our approach to recruitment is centred on our values and culture. We provide benefits to promote flexible working patterns including part time working, which allows many people who have found this a barrier to entering tech roles, the opportunity to join us and pursue their career. Our culture promotes a flat delivery structure on projects, giving everyone an equal voice in how the team operates and delivers.

  Wellbeing

  We encourage, invest and enable our people to develop what’s important to them, resulting in company initiatives (we call them Power Groups). These promote people's wellbeing and improve our environmental impact. This in turn has led to people becoming training mental health first aiders or skilled to perform environment audits.; The Naimuri Mental Health Wellbeing Group has established multiple measures, including investment in time and funding, to support MH & Wellbeing. Regular wellbeing support and activities are established as BAU. There are regular monthly updates to firm wide briefings to maintain a strong leadership approach for values and messaging relating to MH & Wellbeing and the enablers required to support this (e.g., appropriate resourcing of projects).

Pricing

• Price: £302.10 to £1,396.02 a user a day
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at business@naimuri.com. Tell them what format you need. It will help if you say what assistive technology you use.