ARCULUS LIMITED

Third Party Assurance Services

As a NCSC Assured Consultancy, Arculus third-party assurance service provides an in-depth assessment of your Third-Party suppliers’ security position. We perform controls-based engagements to help assess third-party risk management exposure and supplier suitability. Arculus provides assurance services to obtain assurance of third-party arrangements including partnerships, service-providers, suppliers and supply-chain contracts.

Features

• Identification of existing third-party arrangements and their sub-contracts
• Define Third-Party Security programme to mitigate business exposure
• Objective reporting that expresses an opinion about your control environment
• Assess your control posture
• Control costs, mitigate risk and enhance trust and transparency
• Provide the assurance your customers, suppliers, regulators, other stakeholders require
• Residual risk assessment for each existing outsourced arrangement
• Reduce disruption to your business with efficient procurement support
• Provide advice on applicable frameworks to manage third-party contracts
• Identification of relevant legislation, standards, best practice for each service

Benefits

• High-level strategic, Third Party Security roadmap and program development
• Assessment Report on analysis of your suppliers' security position
• Risk scoring and prioritised recommendations for remediation
• Independent verification of your Third-Party supply chain security
• Improvement in third-party management maturity
• Increased compliance reduces risks to reputation damage and regulatory fines
• Experienced professional risk advisors holding CISSP, NCSC CCP, CISM, CIPPE
• Significant experience using frameworks, methodologies and industry best practice approaches
• UK-based consultants with extensive public sector and industry experience
• NCSC ACSC

£550 to £1,250 a unit a day

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@arculus-cyber.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

717727138570873

Contact

Cath Downie
+44(0)845 299 3009
info@arculus-cyber.co.uk

Planning

• Planning service: Yes
• How the planning service works: Arculus has a proven end-to-end planning and delivery process for all engagements, managed by a lead consultant to suit customer timescales.
• Planning service works with specific services: No

Training

• Training service provided: Yes
• How the training service works: Arculus offers a range of training services including hands-on skills transfer, Security Awareness training sessions for groups both large and small. These sessions are designed to meet the specific requirements of the user groups involved, from technical staff to senior managers.
• Training is tied to specific services: No

Setup and migration

• Setup or migration service available: No

Quality assurance and performance testing

• Quality assurance and performance testing service: No

Security testing

• Security services: Yes
• Security services type:
  • Security strategy
  • Security risk management
  • Security design
  • Cyber security consultancy
  • Security testing
  • Security incident management
  • Security audit services
• Certified security testers: Yes
• Security testing certifications:
  • CHECK
  • CREST
  • Cyber Scheme

Ongoing support

• Ongoing support service: Yes
• Types of service supported:
  • Buyer hosting or software
  • Hosting or software provided by a third-party organisation
• How the support service works: Highly experienced consultants are available for support, with skills specific to each engagement.; Technical account managers are provided for larger engagements.

Service scope

• Service constraints: No specific constraints

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Support services provided during core business hours (9-5.30) Monday to Friday unless otherwise agreed
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Support levels: Standard support Monday to Friday 9-5.30; other times by arrangement. Account manager will act as single point of contact

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: NQA
• ISO/IEC 27001 accreditation date: 01/06/2021
• What the ISO/IEC 27001 doesn’t cover: Nothing
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Arculus has a commitment to sustainability, and has the following measures in place: ; ; All staff work remotely, using video conferencing for nearly all engagements. ; ; Travel to customer sites is kept to a minimum and only when the work cannot be carried out remotely. Any such travel is by public transport wherever practical. ; ; Where flights are the only practical means of travel, we use carbon offsetting to counter the impact. ; ; For any onsite working, we will use a local consultant where possible, or other UK consultants who will travel to site by public transport where practical. Owing to the wide geographic coverage of our consultants across the UK, we are often able to use consultants who are based close to the engagement. ; ; We do not print documents unless this is essential and work almost entirely with electronic documents. Where printing is required, output is securely shredded and recycled. ; ; We will always endeavour to use suppliers based locally to our clients, both to reduce our carbon footprint and to support local businesses. ; ; End-of-life equipment is securely disposed of, using accredited disposal companies who will recycle components as far as possible. ; ; We have a Carbon Reduction Plan, seeking to achieve net zero by 2025.

  Covid-19 recovery

  Arculus works in accordance with all customer Covid-19 protocols. ; Arculus has a number of employees who have cross-trained from other backgrounds into cybersecurity as a result of the pandemic.; By providing an option of working remotely, we enable staff to continue to work in the event that they should present an infection risk to others, and to accommodate clients who prefer to work remotely.

  Tackling economic inequality

  Arculus is mindful of inequalities within society, and address this in our recruitment and supply chain through several initiatives. These include: recruiting staff in areas of the country that are less economically wealthy; and actively seeking staff who have a more disadvantaged background, such as career changers. We provide training and mentoring as required, and allowing flexibility to fit with caring responsibilities. ; ; Our Principal Consultants are all members of relevant trade bodies such as BCS and CIISec, and engage in a range of community outreach programmes to encourage disadvantaged young people with potential to consider a career in IT or cybersecurity. ; ; Volunteering Days - we encourage our team to take paid time off to donate their time to local causes. We have recently run Capture-the-Flag events with a local secondary school. Volunteer days also include cybersecurity advice to local charities. We also support a range of good causes and have CyberScheme STEM ambassadors. ; ; We have an apprenticeship programme, with our first apprentice having completed a Level 8 apprenticeship, and a further apprenticeship in progress. We also have cybersecurity graduates. Attracting young people into STEM careers is of great importance in reducing future skills shortages. ; ; We offer free-of-charge CV review services to those looking to join the cyber workforce.

  Equal opportunity

  We are committed to fair treatment and fair pay, and ensuring a diverse and evolving workforce is only part of the challenge. We have made cost of living bonus payments to all staff, as well as being signed up to the Living Wage scheme. Our remote working policy opens up opportunities to communities which given their geographic nature would not sit within an immediate tech hub / cyber area.

  Wellbeing

  We have always taken a people first approach and actively encourage our staff to reach out for help whenever they feal the need. Arculus implemented a fully funded private medical insurance programme available to all staff.; ; Positive Work Environment – At Arculus we are very proud of the friendly, professional, and approachable environment we have built within the company. We are a close team who regularly get together for social functions and gatherings. During our regular team meetings feedback is given to members of staff so everyone understands the positive affects their contribution has and how their efforts are valued and appreciated. ; ; Arculus employees have regular review meetings with their direct manager, in which they are encouraged to talk about how they are doing as a person both in their business and personal life, encouraging people to talk and having the confidence to open up and talk to colleagues is something encouraged at Arculus. Our managers adopt active listening, acknowledging a staff members situation and being as open and honest as possible as a way to provide help and support. ; ; We fully understand that people who develop mental health problems can recover well, if they have the right support from people on their personnel as well as business life. ; ; For neurodiverse employees, we have made specific adaptations, such as providing information in written form as well as verbal where this is helpful. We also provide time for self-development that the individuals consider helpful for their well-being. ; ; Actions to invest in the physical and mental health and wellbeing of the contract workforce. ; ; Arculus recognises that our staff are our biggest asset, and as an ethical company, it is at the core of our culture that we treat staff, contractors and customers with respect, empathy, compassion and understanding at all times.

Pricing

• Price: £550 to £1,250 a unit a day
• Discount for educational organisations: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@arculus-cyber.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.