Amethyst Risk Management Limited

Cyber Governance Risk and Compliance (GRC)

Amethyst advise organisations on the effective implementation and management of Cyber security Governance, Risk and Compliance (GRC) based on a holistic understanding of organisations’ security management requirements. Our support is aligned with recognised standards including: NIST, HMG SPF, NCSC CAF, Cloud Security Principles and ISO 27001.

Features

• Establishment and maintenance of a cyber governance framework
• Assessment of cyber security posture and prioritised cost-effective remediation solutions
• Alignment to Government and NCSC policies and standards
• Production of cloud service strategies, policies and procedures
• Service delivered by qualified and experienced cyber security specialists
• Security Check (SC) and Developed Vetting (DV) cleared consultants

Benefits

• Identifies cost saving opportunities
• Increases organisation cyber resilience
• Protects confidentiality, availability and integrity of information
• Increases responsiveness to cyber incidents and breaches
• Improved awareness and understanding of applicable policies and standards
• Proportionate to business requirements providing value for money
• Fully documented structured and repeatable process ensuring knowledge transfer

£765 to £1,645 a unit a day

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@amethystrisk.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

792652749675202

Contact

Sales
01256 345612
sales@amethystrisk.com

Planning

• Planning service: Yes
• How the planning service works: Our Planning service is designed to facilitate the strategic implementation of cloud hosting and Digital solutions, addressing a comprehensive range of needs. Key aspects of our service include: Diverse Service Integration: We incorporate essential services such as Risk Assessment, Architecture and Design, and Compliance, tailored to your specific requirements. Collaborative Strategy Development: Our experts work closely with your team to develop solutions that integrate seamlessly with your existing infrastructure, enhancing security and operational efficiency. Security and Compliance Focus: We prioritise security measures and compliance with industry standards, ensuring robust protection against emerging threats. Expert-Led Guidance: With our deep expertise in cyber security, we guide you through the complexities of cloud deployment, ensuring your infrastructure is secure, compliant, and efficiently managed. Our comprehensive planning approach ensures that your cloud and digital initiatives are set up for success, customised to meet the unique challenges of your organisation.
• Planning service works with specific services: No

Training

• Training service provided: Yes
• How the training service works: Our Training service prepares organisations with essential skills for Digital Services and Technical Infrastructure, crucial for navigating today's evolving cybersecurity challenges. We offer: Comprehensive Cybersecurity Training: From basic cybersecurity awareness to advanced risk management and compliance techniques, our programs are designed to cover all levels of expertise. Tailored Training Modules: Our sessions are customised to address the specific cyber challenges and regulatory requirements of your organisation. Practical and Engaging Delivery: Our expert trainers use interactive methods that include hands-on exercises and real-world scenarios to ensure practical application of learned skills. Instilling a mindset of proactive cyber readiness, our training transforms your workforce into a vital component of your security strategy, empowering them to actively safeguard your organisation's digital landscape.
• Training is tied to specific services: No

Setup and migration

• Setup or migration service available: Yes
• How the setup or migration service works: This service provides comprehensive support for both establishing new digital services and transitioning to or between cloud platforms. Designed to meet a diverse range of organisational needs, our service includes: Comprehensive Framework: Starting with a strategic foundation, we enable your new setups and transitions to be secure and efficient. Customised Solutions: We tailor architectural and operational designs to optimise performance and cost-effectiveness while meeting specific business requirements. Regulatory Compliance and Security: Our approach ensures compliance with industry standards and integrates robust security measures to protect your operations. Expert Guidance: With our experienced project management, we facilitate a smooth implementation and migration process, empowering your team with the knowledge needed for ongoing success. This Setup and Migration ensures that whether you are starting anew or migrating, your digital services are set up for resilience and compliance.
• Setup or migration service is for specific cloud services: No

Quality assurance and performance testing

• Quality assurance and performance testing service: No

Security testing

• Security services: Yes
• Security services type:
  • Security strategy
  • Security risk management
  • Security design
  • Cyber security consultancy
  • Security audit services

Ongoing support

• Ongoing support service: No

Service scope

• Service constraints: N/A

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Amethyst will aim to respond to email queries from customers during normal business hours defined as Mon-Fri 9am -5pm excluding public holidays
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Support levels: Amethyst's specialists are available to support clients during normal business hours on working days as required. Amethyst will aim to respond to email or phone call requests for assistance by the close of play of the next working day. A working day is defined as between 9am and 5pm Monday through to Friday excluding national holidays.

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 16/09/2023
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  As a cyber security consultancy, our efforts align with Theme 3: Fighting Climate Change, showcasing our commitment to environmental stewardship. Green IT Practices: Transitioning to cloud-based solutions, notably Microsoft 365, has reduced our carbon emissions by 88.6% compared to on-premise hosting in 2023, demonstrating our eco-friendly approach to cyber security. Renewable Energy Usage: 80% of our operations are powered by renewable energy sources, and we strive to further lower our greenhouse gas emissions. Continuous Improvement: we review our environmental policies annually to meet evolving sustainability benchmarks. Telecommuting and Remote Work: Our telecommuting policies have reduced employee commuting emissions by 75%, with ongoing promotion of remote work and incentives for public transport and car sharing when travel is necessary. Supplier Sustainability: We prioritise suppliers with renewable energy usage and low carbon footprints to further mitigate environmental impact. Our comprehensive approach underscores our dedication to fostering a sustainable future while fulfilling our role as a socially responsible partner in cyber security.

  Tackling economic inequality

  Aligned with Theme 2: Tackling economic inequality, our strategies encompass: 1. Supporting Innovation and Disruptive Technologies: We actively foster innovation and disruptive technology adoption in the cybersecurity sector, promoting collaboration and trust across the supply chain. 2. Collaboration and Fair Approach: Transparent communication channels and regular consultations with supply chain partners ensure mutual understanding and collective problem-solving, fostering fair practices. 3. Identifying and Managing Cybersecurity Risks: Rigorous risk assessments and proactive measures mitigate cybersecurity threats, ensuring data security and supply chain resilience. 4. Creating Entrepreneurship Opportunities and Supporting Business Growth: Partnering with new and emerging companies promotes entrepreneurship and SME growth, amplifying diverse expertise within the industry. 5. Creating Employment and Training Opportunities: Recruitment strategies target diverse talent pools, including individuals facing barriers to employment, while comprehensive training programs address industry skills shortages. 6. Supporting Educational Attainment: Mentorship programs and skills development sessions, led by our experienced senior team, promote inclusivity and address the skills gap through tailored training courses. These actions collectively strive to reduce economic inequality by fostering collaboration, creating opportunities, and enhancing skills development within the cybersecurity supply chain ecosystem.

  Equal opportunity

  Addressing the Equal Opportunity Policy Outcome, our initiatives include: 1. Inclusive Recruitment Practices: Our recruitment practices are designed to foster a culture of fairness and inclusivity. We have unbiased processes that ensure all candidates are given an equal opportunity. 2. Comprehensive Training and Skill Development: Our training programs focus on upskilling and reskilling for all employees, complemented by mentorship and sponsorship programs, fostering career advancement opportunities for individuals facing inequalities. 3. Employee Engagement and Feedback: Actively soliciting feedback from all employees fosters a culture where all voices are heard and can positively impact organisational practices. Through these initiatives, we contribute to creating a fair and inclusive workplace culture while supporting broader objectives in promoting equal opportunity. Our dedication to continuous improvement and transparency ensures a positive impact on both our internal culture and the broader community.

  Wellbeing

  At Amethyst, we prioritise the health and wellbeing of our employees, recognising their vital role in meeting our clients' demanding needs. Committed to fostering a supportive and productive work environment, we have developed a comprehensive approach to enhance both the mental health within our workforce. Flexible Work Arrangements: We offer flexible work hours and remote options to maintain work-life balance without compromising service quality. Mental Health Support: We maintain partnerships with affordable mental health services, including private healthcare and income protection schemes, ensuring accessible resources for our employees. Regular Breaks and Time Off: Encouraging employees to take regular breaks and manage holiday time efficiently to foster a healthy work culture. Team Building and Social Activities: Organising team-building events and social activities to strengthen team relationships and enhance mental wellbeing. Clear Communication: Maintaining open communication channels within Amethyst, fostering a supportive environment for employees to express any concerns. Through these initiatives, we are committed to ensuring the wellbeing of our employees, enabling them to thrive in both their personal and professional lives.

Pricing

• Price: £765 to £1,645 a unit a day
• Discount for educational organisations: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@amethystrisk.com. Tell them what format you need. It will help if you say what assistive technology you use.