Mnemonic AS

Cloud Security Assessment

mnemonic's cloud security assessment helps organisations identify technical risks and architectural flaws within their public cloud deployments.

Features

• Identify dangerous attack paths within a cloud deployment
• Identify configuration weaknesses within the public cloud services
• Review a cloud deployment architecture for deviation from best practices
• Identify areas for improvement within the cloud security architecture
• Review your approach and implementation of IAM within the deployment
• Identify missing security controls within the cloud security architecture
• Remediate dangerous vulnerabilities

Benefits

• Gain an overview of you cloud security posture
• Receive advice for remediating dangerous, exploitable security issues
• Identify weaknesses the latest cloud technology introduces in your environment
• Prioritise security efforts
• Enable DevOps teams
• Receive documentation on the execution of a security test
• Understand what modern weaknesses cloud technology introduces in your environment

£1,150 to £1,800 a unit a day

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at nathan@mnemonic.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

772941310661216

Contact

Nathan Jones
+447891234688
nathan@mnemonic.co.uk

Planning

• Planning service: Yes
• How the planning service works: Organizations are increasingly looking to public cloud providers to host their infrastructure, and to provide managed services that enable developers to realize business value quickly in new projects. However, this poses challenges for security teams - the rapid pace of devOps teams coupled with the constant changes within a cloud deployment lead to dangerous attack paths and misconfigurations that easily fly under the radar of a security team.; ; mnemonic's public cloud security assessment can help your organization to identify technical risks associated with your cloud deployment. Whether your organization has devOps teams with a PaaS-first approach, operations teams attempting to lift and shift traditional applications to a cloud provider, or a combination of both, our penetration testers and cloud security consultants can help identify security issues in your cloud deployment.; ; Our expert cloud security consultants are equipped with the knowledge and resources to evaluate your deployment in any of the major public cloud providers, including Microsoft Azure, Amazon Web Services, and Google Cloud Platform.
• Planning service works with specific services: No

Training

• Training service provided: No

Setup and migration

• Setup or migration service available: No

Quality assurance and performance testing

• Quality assurance and performance testing service: No

Security testing

• Security services: Yes
• Security services type:
  • Security design
  • Cyber security consultancy
  • Security testing
• Certified security testers: Yes
• Security testing certifications:
  • CREST
  • Other
• Other security testing certifications: SANS

Ongoing support

• Ongoing support service: No

Service scope

• Service constraints: N/A

User support

• Email or online ticketing support: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Support levels: All customers receive the same support level. At the start of each project, the customer is assigned a Technical Account Manager (TAM) from mnemonic whose responsibility is to coordinate and attend regular service meetings. The TAM serves as a trusted adviser to the customer to make recommendations on how to improve the service and security in general. This is all included in the service cost.

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: DNV GL - Business Assurance
• ISO/IEC 27001 accreditation date: 31/05/2005
• What the ISO/IEC 27001 doesn’t cover: The certificate is valid for the following scope:; ; Security solutions sales, support and system integration. Security solutions consulting. Managed security services. Risk-based vulnerability analysis, penetration testing, security audit of applications, networks and security systems. In accordance with Statement of Applicability version 136, 2022-02-16.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: SRC - Security Research and Consulting, GmbH
• PCI DSS accreditation date: June 2018
• What the PCI DSS doesn’t cover: N/A
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • ISO 9001:2015
  • NSM quality scheme for incident handling
  • SOC 2 - SOC for Service Organizations

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Wellbeing

  Fighting climate change

  mnemonic complies with national and international environmental legislation, and has operationalized its environmental commitment through specific measures as part of the certification as an Environmental Lighthouse.; ; With this, the company can document compliance with strict criteria within energy, transport, purchasing, waste, emissions, aesthetics and working environment. Eco-Lighthouse places strict demands on management and mnemonic's employees, and shows our suppliers, customers and partners that we take environmental work seriously.; ; The certificate is valid for the period 2019-2022. mnemonic moved its head office to Indekshuset, Oslo in August 2019. The building has a green profile with a high degree of waste recycling, activity-based lighting and ventilation that significantly reduces the climate footprint.

  Tackling economic inequality

  mnemonic acts in accordance with social legislation, including: Forced labor / slave labor (ILO Convention Nos. 29 and 105) Trade union organization and collective bargaining (ILO Convention Nos. 87, 98, 135 and 154) Child labor (UN Convention on the Rights of the Child, ILO Convention Nos. 138, 182 and 79, ILO Recommendation No. 146) Discrimination (ILO Conventions Nos. 100 and 111 and the UN Convention on the Elimination of All Forms of Discrimination against Women) Brutal treatment (UN Convention on Civil and Political Rights, Art. 7) Health, safety and the environment (ILO Convention No. 155 and Recommendation No. 164) Wages (ILO Convention No. 131) Working hours (ILO Convention Nos. 1 and 14) Regular employment (ILO Convention Nos. 95, 158, 175, 177 and 181) Marginalized population groups (UN Convention on Civil and Political Rights, Articles 1 and 2)

  Wellbeing

  Working environment is an important focus for the company, and is described in our Code of Conduct. We work actively to ensure good working conditions for our employees, which has yielded results. mnemonic is consistently rated amongst the top employers in Norway and Europe.; ; In 2023 mnemonic was rated 1st in the “Great Place to Work” assessment for Norway. Based on a company culture with shared incentives for long term value, the employee retention rate has always been above 96%.

Pricing

• Price: £1,150 to £1,800 a unit a day
• Discount for educational organisations: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at nathan@mnemonic.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.