Actica Consulting

GovAssure Stage 4 – Independent Review

Planning and conducting GovAssure Stage 4 Independent Reviews of cloud systems by verifying organisations’ self-assessments performed against the Cyber Assurance Framework (CAF); we will assess the attainment level to the relevant CAF-profile, validate the results of the self-assessment and report on findings and recommendations to both the organisation and GSG.

Features

• NCSC Assured GovAssure service provision
• Preliminary high-level assessment of organisational comments ensuring completeness and relevance
• Preliminary high-level assessment of evidence provisioned ensuring accessibility and relevance
• Validate the self-assessed findings and assess attainment against CAF profile
• Assess the effectiveness of the cyber-security controls against CAF
• Conducting periodic workshops to ensure completeness and accuracy of review
• Document justification and rationale on WebCAF
• Issuing Independent Assurance Review Report (IARR) covering observations and recommendations
• Conduct lessons-learnt workshop to provide clarifications on findings and recommendations
• Support in understanding, planning and implementing recommendations made by GSG

Benefits

• Enable accurate assessment of the level of cyber-assurance for critical-systems
• Enables a collaborative-approach for accurate representation of clients’ true cyber-maturity
• Enables clients to demonstrate transparency and alignment with HMG Cyber-Security-Strategy
• Pinpoints issues in current cyber security postures and processes
• Independent review scaled to client needs
• Enables clients to benefit from NCSC and industry best practice
• Enable alignment with Critical National Infrastructure best practice
• Highlights priority areas for improvement
• Enable clients, GSG and NCSC inform a strategic-roadmap to ‘Defend-as-One’

£300 to £1,430 a unit a day

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at cloud@actica.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

700868614965779

Contact

Michael Murphy
+44 (0) 1483484090
cloud@actica.co.uk

Planning

• Planning service: Yes
• How the planning service works: On commencement, we will hold an Initiation Meeting between key organisational stakeholders at which we will: confirm our understanding of the context and scope of the assignment; introduce stakeholders; confirm deadlines and milestones to be met; confirm the format of deliverables; agree the project management and reporting approach to be taken; agree with stakeholders the communications/reporting approach and frequencies. We will onboard the consultants that will carry out the review. This includes liaising with the appropriate stakeholders to ensure that we have access to the scoping documentation as well as all referenced evidence. We will carry out a review of scope to understand the context, threat, risk and defensive posture. When we have access to WebCAF, we will analyse the Self-Assessment responses and associated evidence at a high-level to discuss and formalise the project plan with key stakeholders. The plan will include planning workshops & offline reviews at regular intervals to enable smooth progress of the overall review. Within our plans, we will work with the stakeholders to take them through our observations and recommendations to ensure that they understand them and provide feedback. We will identify where we can work across several CAF-Objectives to deliver the final reports.
• Planning service works with specific services: No

Training

• Training service provided: No

Setup and migration

• Setup or migration service available: No

Quality assurance and performance testing

• Quality assurance and performance testing service: Yes
• How the quality assurance and performance testing works: To ensure quality of the organisational responses, we will conduct a preliminary high-level assessment of self-assessed comments to provide feedback on whether comments are relevant, sufficiently detailed and are backed up by evidence. We will also conduct high-level assessments of evidence provisioned to ensure they are accessible and relevant. We will highlight early any issues with the self-assessment or evidence provided so that they can addressed in a timely manner. This will enable us to carry out the Independent Assessments based on accurate and high-quality responses so that we can accurately assess the organisations’ true cyber maturity.

Security testing

• Security services: Yes
• Security services type:
  • Security strategy
  • Security risk management
  • Security design
  • Cyber security consultancy
  • Security testing
  • Security incident management
  • Security audit services
• Certified security testers: Yes
• Security testing certifications: Other
• Other security testing certifications:
  • National Cyber Security Centre (NCSC) Assured Consultancy
  • CCP Certified Consultants
  • Chartered Cyber Security Professionals

Ongoing support

• Ongoing support service: Yes
• Types of service supported:
  • Buyer hosting or software
  • Hosting or software provided by a third-party organisation
• How the support service works: Following the independent review, we will conduct lessons learnt workshop with the organisational stakeholders and project to work through and provide clarifications and understanding of findings and recommendations. Furthermore, following the issuance of the Get-well plan by GSG, Actica can provide support in understanding, planning and implementing recommendations made by GSG.

Service scope

• Service constraints: None

User support

• Email or online ticketing support: No
• Phone support: No
• Web chat support: No
• Support levels: N/A

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Bsi
• ISO/IEC 27001 accreditation date: 18/01/2023
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  At Actica Consulting, we are a company that cares about the environment. Our EMS (Environmental Management System) is certified to ISO14001:2015 and we are committed to reducing our already very small environmental footprint. We set annual SMART objectives as part of our commitment to continuously improve our environmental management, enhance environmental performance and reduce pollution. ; ; As stated in our published Carbon Reduction Plan, we are committed to achieving Net Zero no later than 2050 (though we aim to be much faster) and to play our part in keeping the global temperature rise within 1.5 degrees. Our CRP is updated annually to record progress and set targets for the year ahead.; ; Actions we take include, but are not limited to: establishing environmentally sensitive purchasing policies (buying recycled or long-life products; favouring products derived from natural/sustainable sources) and monitoring the environmental performance of our suppliers; ensuring that all decisions regarding working practices and purchasing take environmental considerations into account. We measure, monitor and minimise our usage of resources and consumables, and our greenhouse gas emissions. We actively look for ways to reduce waste and recycling, and encourage the use of sustainable modes of transport. We encourage home working and the use of virtual collaboration tools. Finally, we encourage our employees and suppliers to suggest ways to further develop our EMS.; ; For the provision of these services, we commit to offsetting the carbon footprint for the development of the Actica deliverables and, if requested, will provide certification verifying this action has been completed within a month of project completion. In 2023, Actica offset 5tCO2e, through similar schemes.

  Covid-19 recovery

  Since the pandemic, Actica has maintained its commitment to its people and to uplifting others by offering employment opportunities and training, and leveraging our high-growth sector to create jobs. In the period from Mar '20 to April '24, we employed 122 new staff members, resulting in a c20% net increase in the number of employees per annum.; ; Actica undertakes a range of measures to aid with economic recovery from COVID-19 - especially at a local level - including promoting the benefits of staying local and ensuring money is spent supporting local businesses. We support recruitment events away from our SE England base and have recruited staff across the UK, ensuring that they benefit directly from our activity.; ; At Actica, the health and well-being of our staff comes first. We provide office equipment, and whatever else is needed to ensure the highest level of wellbeing and support to our staff. Where in-person working is required, Actica ensures that client sites meet our high standards for COVID safety. Recognising the importance of mental health, Actica has implemented a support structure which pairs up staff for ‘kitchen chats’; providing social stimulation for a healthy working-life balance. ; ; Actica has fully embraced hybrid working, leveraging video-conferencing and online collaboration tools. We foster a close, remote-working relationship with clients through regular informal video calls. Actica is committed to retaining flexible working for our staff and engages with customers to deliver our services most efficiently - removing unnecessary travel and reducing commuting at peak times. We fully accommodate staff that require special considerations due to shielding, and allocate them specifically to remote working projects.

  Tackling economic inequality

  Actica is compliant with the processes and procedures contained within the Modern Slavery Act 2015. Our anti-slavery and human trafficking policy applies to all staff, as well as other persons representing Actica in a working capacity. This including employees at all levels, contractors and suppliers. We are committed to promoting and maintaining the highest possible ethical standards in all of our business activities, and have a zero-tolerance policy towards bribery and corruption. We are committed to acting fairly and with integrity in all of our dealings and relationships. We have implemented and currently enforce an effective system to counter bribery. Our anti-bribery policy provides details of our approach. ; ; Actica are pleased to confirm that all of our staff and associates are paid above the real living wage, in addition to receiving a pay review following every performance review. Furthermore, we hold formal accreditation from the Living Wage Foundation as a living wage employer. In our supply chain of associates, we prefer to work with known and trusted associates with well-established subcontracts and working practices. We do not use zero-hour contracts, and prefer to subcontract based on fixed-price deliverables. We are able to accommodate working both inside and outside of IR35 regulations as needed.; ; Actica has supported a number of young people to obtain an apprenticeship in Cyber Security.

  Equal opportunity

  Actica is committed to ensuring fair treatment of all stakeholders in our business from customers to employees. We are a Disability Confident Committed employer (certificate: DCS024208). We believe in equality of opportunity and inclusion, where Actica’s Equality, Diversity and Inclusion policy goes beyond what we are required to do to ensure all contributions are valued and respected. We ensure that in all our activities we promote equality and provide respect to all, irrespective of marital or civil partnership status; having or not having dependants; religion or beliefs; race (including colour, nationality, ethnic or national origin); disability; sex or sexual orientation; age; or pregnancy and maternity. This policy extends beyond our own employees to client personnel, subcontractors, suppliers and potential recruits, and underpins our approach to recruitment of staff and engagement with our supplier base.; ; We require all of our staff and people within our supply chain to uphold our equality principles. We have effective procedures in place to ensure equal opportunities for all, preventing discrimination, harassment and bullying – fostering a culture which values diversity and inclusion. Our equality and diversity policy provides more details of our approach and a member of the board actively monitors our compliance to the policy to ensure any opportunities for improvements are identified, considered and implemented as needed. Actica is covered by the Modern Slavery Act 2015; our compliance with the processes and procedures contained within the Modern Slavery Act 2015 is set out in our Modern Slavery policy and statement.

  Wellbeing

  Actica is a company that is committed to supporting the health and wellbeing of our staff, both physically and mentally. We make every effort to ensure that our people are physically comfortable working at home by providing office equipment, and whatever else is needed (subject to individual accessibility requirements). Where in-person working is required, Actica ensures that a client’s site meets our high standards for safety.; ; Actica knows that mental health is just as important as physical health. Actica has implemented a support structure - which the Directorate promotes - where staff optionally pool their names for ‘kitchen chats’; providing much-needed social stimulation. A Company Director is responsible for the Mental Health services we offer to our employees, which includes overseeing regular communications and awareness campaigns via both virtual and physical means. We have established our Metal Health First Aid team, all of whom have undergone Mental Health First Aid Training with Mental Health England and have communicated their presence and purpose to the company. Additionally, we offer private medical insurance to our staff. This includes full mental health cover which incorporates confidential access to trained counsellors.; ; Throughout service delivery, we promote a team-culture with regular, collaborative workshops and informal social team video calls, with both Actica and client team members encouraged to join. This is particularly important where individuals are unable to routinely meet and engage with colleagues. ; ; We believe in playing a responsible role in our community and giving back to society. A big part of this is fundraising. We support upReach, a charity committed to supporting undergraduates from lower socio-economic backgrounds to access and sustain top graduate jobs, and SSAFA, the Armed Forces charity. Actica also sponsors the Manchester ‘Look After Yourself’ charitable conference, which supports and celebrates the work of mental health bodies.

Pricing

• Price: £300 to £1,430 a unit a day
• Discount for educational organisations: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at cloud@actica.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.