Prism Infosec

Application Code Review

Prism Infosec is a CREST-approved penetration testing (IT Health Check / ITHC) supplier, delivering tests of cloud services and supporting applications. This has included code reviews of critical and sensitive applications across HMG of code written in Java, C#, PHP, ABAP, Objective C, Swift, C, C++, Go and others.

Features

• Assurance of cloud architecture and application code
• Reviews of cloud-based application deployments
• Application penetration testing
• Application code reviews
• Java, C#, C++, C, Swift, Objective C, Go, PHP
• ABAP, Python, JSON, HTML, SQL

Benefits

• Assurance of cloud applications
• Assurance of ongoing cloud security
• Identification of software flaws, backdoors and other weaknesses
• Assurance of management and operational security

£950.00 to £1,200.00 a unit a day

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at contact@prisminfosec.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

743650492232633

Contact

Robin Mulligan
01242652100
contact@prisminfosec.com

Planning

• Planning service: No

Training

• Training service provided: No

Setup and migration

• Setup or migration service available: Yes
• How the setup or migration service works: Prism Infosec can provide expert consultancy on the secure setup and migration of services into the cloud. Using best practice guidelines from the NCSC and the Cloud Security Alliance, as well as our own experience on conducting many assessment of infrastructure and application services in the cloud, Prism Infosec will be able to provide guidance on correct architecture and configuration to manage cyber security of cloud migrations.
• Setup or migration service is for specific cloud services: No

Quality assurance and performance testing

• Quality assurance and performance testing service: Yes
• How the quality assurance and performance testing works: The test service will identify quality assurance issues associated with cloud application development.

Security testing

• Security services: Yes
• Security services type:
  • Security strategy
  • Security risk management
  • Cyber security consultancy
  • Security testing
  • Security audit services
• Certified security testers: Yes
• Security testing certifications:
  • CHECK
  • CREST
  • Cyber Scheme
  • Other
• Other security testing certifications: OSCP

Ongoing support

• Ongoing support service: No

Service scope

• Service constraints: None

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We will respond within 2 working days.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Support levels: We typically provide support during office hours with regard to the delivery of ongoing penetration testing services or reports delivered within the last 3 months with a 6 hour response window. This is included in the cost of delivery of a penetration test. The principal consultant responsible for the delivery of a penetration test shall be responsible for customer's technical account.

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Alcumus ISOQAR
• ISO/IEC 27001 accreditation date: 10/03/2020
• What the ISO/IEC 27001 doesn’t cover: The company does not have any in house development and therefore Annex A controls 14.2 ‘Security in development and support processes’ and 14.3 ‘Test data’ are excluded within the Statement of Applicability.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • IoT
  • Check
  • Assure
  • CREST STAR

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  We have declared a climate emergency - what we are doing/will do:; - Recording our carbon footprint using UK government recommended indicators ; - Set a target of net zero by 2028; - Set out our plans in our annual CSR employee bulletin; - Continue to use renewable energy providers for our main business activities; - promote green activities among the workforce (recycle signs in the main office kitchen); - Third party assurance questionnaire ensures prospective suppliers are aligned with our commitments

  Covid-19 recovery

  Covid-19 recovery; Covid 19 has forced the world to re-evaluate it’s approach in all aspects of business and life. We at Prism Infosec pride ourselves at being agile in our approach and very quickly adjusted our approach to be more flexible and have put measures in place to be able to provide our services safely and securely from a remote location if needed. We have adjusted very well to the pandemic and have adopted a similar approach coming out of the pandemic. This gives us also the opportunity to provide a more sustainable service that is less impact on the environment as well as the cost to the client.

  Tackling economic inequality

  Tackling economic inequality; Additionally, Prism Infosec are supporting the DWP and IASME ‘Kickstart’ Scheme, which is a government initiative which provides funding to employers to create jobs for 16 to 24 year olds on Universal Credit. We currently have a ‘Kickstart’ vacancy pending and are in the process of conducting interviews to fill this position and add a Kickstart based resource into our team. We align with the philosophy of this programme as it seeks to encourage individuals into our industry who may well have missed out as they have not progressed through into the further education environments that traditionally fuel our industry Other initiatives have included the sponsorship of industry related events, to the extent that we have been the major sponsor of the previous Liverpool ‘BSides’ event. BSides Liverpool is a cyber security industry driven, community event, that relies on sponsorship to happen. The event itself has strong social values as it looks to inform and provide workshops relating to our industry and to attract individuals into it . BSides believe that these are inclusive events and places where all people should feel safe and respected and welcome diversity in age, race, ethnicity, national origin, range of abilities, sexual orientation, gender identity, financial means, education, and political perspective.

  Equal opportunity

  Equal opportunity; 1.1 Policy Statement Prism Infosec Ltd (“the Company”) is committed to achieving a working environment which provides equality of opportunity and freedom from unlawful discrimination on the grounds of race, sex, pregnancy and maternity, marital or civil partnership status, gender reassignment, disability, religion or beliefs, age or sexual orientation. This Policy aims to remove unfair and discriminatory practices within the Company and to encourage full contribution from its diverse community. The Company is committed to actively opposing all forms of discrimination. The Company also aims to provide a service that does not discriminate against its clients and customers in the means by which they can access the services and goods supplied by the Company. The Company believes that all employees and clients are entitled to be treated with respect and dignity.

  Wellbeing

  Wellbeing; In 2022 Prism has implemented a private medical scheme to its employees, that provides them with therapies like mental health included in the cover. We have also provided channels for employees to talk about their mental health or any other related wellbeing issues.

Pricing

• Price: £950.00 to £1,200.00 a unit a day
• Discount for educational organisations: Yes

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at contact@prisminfosec.com. Tell them what format you need. It will help if you say what assistive technology you use.