Fifosys Limited

security audits, vulnerabuilty assements for cloud environments

We use a number of tools to gather information relating to your existing IT security locally and in the cloud. Our audit process can provide factual information to inform you of the risks and assist you in making informed decisions regarding how to mitigate these.

Features

• Audit your existing security infrastructure
• Confirm stability of your IT setup and your baseline technologies
• Evaluate the current vulnerabities within the enviornment
• Identify potential risks which havn't been considered nor accounted for
• Make recommendations to reduce the adverse impact of secuirty risks

Benefits

• Highlighting issues identified to make immediate improvement
• Improve stability of your baseline technologies
• Reduce risk assosiate with security issues or vulnerabilities
• Help you make informed decisions
• Accurately predict cloud costs

£1,500 to £50,000 a transaction

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at m.patel@fifosys.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

808998821914030

Contact

Mitesh Patel
02076442610
m.patel@fifosys.com

Planning

• Planning service: Yes
• How the planning service works: To help buyers plan how they’ll implement cloud security or determine the current security level within their cloud environment we will run an IT security audit across their IT infrastructure estate to understand what encompasses the existing environment and determine the long term options for the buyer. We ensure we gain complete clarity and insight into their current security infrastructure. It allows us to plan exactly the best way to implement and new security systems in the cloud or reduce the risks and vulnerabilities assosiated with existing systems.
• Planning service works with specific services: No

Training

• Training service provided: No

Setup and migration

• Setup or migration service available: No

Quality assurance and performance testing

• Quality assurance and performance testing service: Yes
• How the quality assurance and performance testing works: Underlining Fifosys’ commitment to quality in all we do, we sought and achieved our ISO9001 accreditation in 2010 and stil lfollow these standards by upholding effective processes that are consistently monitored and improved.; ; A number of quality and performance tests are undertaken upon migration including System Acceptance Testing where the environment as a whole will tested to ensure it is delivering the service required. User Acceptance testing where we will look for sign off from the user that the service is being delivered as expected.; ; Additional testing that takes place includes:; ; Performance test: To check the stability, scalability, performance and throughput.; Capacity test: To identify how many users the application or service can handle until the performance and stability levels are altered.; Load test: This involves imposing a load in order to see and measure the outcome.; Stress test: This has the sole purpose of pushing the application or service and making it perform under the worst conditions, helping determine which components are more prone to fail first and how this can be mitigated.

Security testing

• Security services: Yes
• Security services type:
  • Security strategy
  • Security risk management
  • Security design
  • Cyber security consultancy
  • Security testing
  • Security incident management
  • Security audit services
  • Other
• Other security services:
  • Cyber Security Social Engineering Awareness Training
  • Vulnerability assesments
  • Application assesments
• Certified security testers: Yes
• Security testing certifications:
  • CHECK
  • Tigerscheme

Ongoing support

• Ongoing support service: Yes
• Types of service supported:
  • Buyer hosting or software
  • Hosting or software provided by your organisation
  • Hosting or software provided by a third-party organisation
• How the support service works: Where possible we will install our monitoring agent Nable on the platform to assist us in providing support. This is possible on IaaS services such as servers in Azure or AWS but not always possible for other cloud services. Where we don't have full access we will require administrative access and authorisation from the user to contact the hosting provider. We can then provide support using our standard model.; ; We currently support:; ; 1) Azure; 2) Office 365; 3) AWS; 4) Google Apps; 5) Sage; 6) Xero; 7) Online backup from Datto, Asigra, Retrospect, Veeam; 8) Citrix; 9) Hosted email, Cobweb, Google Mail

Service scope

• Service constraints: We must be given authorisation to log calls with 3rd party cloud providers on the clients behalf and where possible have the ability to install our agent to provide support.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: The Fifosys service desk is available 247 365 days of the year. This service provides a fully manned operation with engineers sitting in front of screen, taking calls, responding to emails and monitoring systems. Fifosys respond to incidents much faster than our SLA. We maintain a response and resolution time of 20 minutes for 86% of incidents to our desk. Our SLA is 1 hour for a priority 2 & 3 and 20 minutes for a priority 1. But we average 8 minutes response times to email support requests. These response times do not vary at weekends.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Support levels: Fifosys provide 1st, 2nd and 3rd line support 24/7/365. Our Network Operations Centre (NOC) proactively monitor, maintain and remediate clients systems. This is all standard service as part of our pricing model. We provide a team which includes an IT Manager who manages the Service team (NOC & Support), an Account Manager who is responsible for day to day management of the account from a sales perspective, and Technical architects who are responsible for discussing and identifying the right technical solutions for our clients.; ; We encourage clients to make use of tools we provide giving full visibility of what we do, including access to a service portal to view Service Desk activity. Our incident reports and status reports give clients the information needed if anything does not meet expectations we will be open in our resolution. This forms the basis of agreed KPIs to help gain trust and sustain long professional relationships. ; ; This data is a central focus of Service Reviews and is invaluable in identifying training needs, potential problems or areas where systems aren’t delivering what the organisation needs. This detail has been noted in external quality audits and by vendors specialising in managed service applications and CRM systems.

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 14/12/2019
• What the ISO/IEC 27001 doesn’t cover: Depending on the nature of the audit we may need to work with subcontracted suppliers to test certain elements of the security. This would not be covered under own ISO27001. Where this is required we will seek permission from the customer prior to any information being shared.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  As a part of our Environmental policy we are committed to continual improvement throughout our business operations to lessen our impact on the local and global environment by conserving energy, water and other natural resources. Our Environmental Initiatives include: • Reducing energy and fuel consumption. • Incorporating sustainability considerations into our supply chain. • Saving energy by using energy efficient lighting and equipment • Encouraging flexible working and reducing the need for face to face meetings through the use of technology such as Teams. • We adopt a “cloud first” approach to technology

  Covid-19 recovery

  Fifosys have taken a number of steps to aid Covid 19 recovery for both employees and customers such as: For employees - Hybrid working model with dedicated work from home time each week. Improved workplace conditions such as sanitising stations and social distancing. For organisations - Applying discounts to allow businesses to recover financially. Changing the underlying architecture to allow users to work from home more effectively. Introducing new communications solutions to allow better collaboration and communication. We have created significant employment opportunities by bringing some of our offshore services back to the UK

  Equal opportunity

  We are committed to providing equality of opportunity in our employment practices and procedures, and to avoiding unlawful discrimination being suffered by our employees, job applicants, clients or customers. We will not discriminate directly or indirectly in recruitment or employment because of age, disability, sex, gender reassignment, pregnancy, maternity, race (which includes colour, nationality and ethnic or national origins), sexual orientation, religion or belief, or because someone is married or in a civil partnership. These are known as "protected characteristics”. We will not discriminate unlawfully against customers, contractors, suppliers or visitors using or attempting to use the goods, facilities and services that we provide. This aim of this policy is to assist us in putting this commitment into practice to ensure all our employees are treated fairly, respectfully and without prejudice, so that you are able to maximise your full potential, and do not commit and/or are not subjected to unacceptable and unlawful acts of discrimination. Our policy is implemented in accordance with the Equality Act 2010 and all other appropriate statutory requirements and has been compiled after consideration of all available guidance and relevant Codes of Practice. We will strive to ensure that our work environment remains positive, free from harassment and bullying, and that everyone is treated with dignity and respect at all times in maintaining and sustaining equal opportunities in employment.

  Wellbeing

  We promote a healthy work environment through our employee corporate wellbeing policy, initiatives include: • Adopting a hybrid work environment for all employees • Free fresh fruit deliveries • Regular Mindfulness and wellbeing sessions • Health insurance • A culture of support and celebration of achievements

Pricing

• Price: £1,500 to £50,000 a transaction
• Discount for educational organisations: Yes

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at m.patel@fifosys.com. Tell them what format you need. It will help if you say what assistive technology you use.