CGI

PCI DSS Health Check Service

As part of this service CGI will undertake a PCI DSS health check by jointly assessing the current environment, producing a gap analysis requirements and ensuring continued compliance as PCI DSS scope and requirements change.

Features

  • Analysis of current environment against PCI DSS requirements
  • Executive summary of findings
  • Gap Analysis to the PCI DSS requirements
  • Summary of recommended actions

Benefits

  • Roadmap to achieve PCI compliance
  • By showing compliance, demonstrate that systems are secure
  • Improve reputation with acquirers and payment brands
  • Minimise the risk of data breaches now and in future
  • Minimise the risk of reputational damage caused By breaches
  • Minimise risk of lawsuits, insurance claims, fines etc

Pricing

£725 to £1,498 a unit a day

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at uk.gen.ccsframeworks@cgi.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

8 1 1 1 0 8 3 7 7 6 0 0 2 2 4

Contact

CGI CCS Frameworks Team
Telephone: 08450707765
Email: uk.gen.ccsframeworks@cgi.com

Planning

Planning service
No

Training

Training service provided
No

Setup and migration

Setup or migration service available
Yes
How the setup or migration service works
The PCI-DSS requires that card information is appropriately protected and the standard defines a rigorous approach.
We have both helped organisations prepare for an external PCI-DSS audit as well as helping them through the audit.
In the context of a cloud implementation, it is essential that, before any PCI information is ported to the cloud environment, the security is appropriately validated.
We do this by both workshops/interviews based audits as well as formal penetration testing using CHECK and/or CREST qualified ethical hackers. Use of these highly qualified individuals helps assure the security of the cloud implementation.
Setup or migration service is for specific cloud services
No

Quality assurance and performance testing

Quality assurance and performance testing service
No

Security testing

Security services
Yes
Security services type
  • Security strategy
  • Security risk management
  • Security design
  • Cyber security consultancy
  • Security testing
  • Security incident management
  • Security audit services
Certified security testers
Yes
Security testing certifications
  • CHECK
  • CREST
  • Tigerscheme
  • Cyber Scheme

Ongoing support

Ongoing support service
No

Service scope

Service constraints
None

User support

Email or online ticketing support
No
Phone support
No
Web chat support
No
Support levels
This service does not provide support

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
Intertek Certification Limited
ISO/IEC 27001 accreditation date
07/04/2021
What the ISO/IEC 27001 doesn’t cover
Nothing. The certification covers "The provision of outsourcing, project and consultancy services including development and delivery activities plus the management of people, technologies and physical security in accordance with the Statement of Applicability version 6, dated 24th August 2020."
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
Yes
Other security certifications
No

Social Value

Fighting climate change

Fighting climate change

CGI is passionate about protecting the environment. Our UK corporate policy, backed by Science Based Targets (SBTs), is to be Net Zero by 2026 and to be operationally Carbon Neutral by the end of 2022.

We commit to:
- Achieving Net Zero, based on SBT measures, no later than 2026.
- Extending the climate change commitment into our supply chain such that 50% of our suppliers, by spend, will have set their own SBTs to reduce their climate impact by 2026.
- Applying our environmental programme ‘No Planet B’ to each opportunity. As part of ‘No Planet B’ we engage with our members, clients, suppliers and communities, to identify and deliver additional benefits including tree planting and canal restoration projects.

We have appointed a UK programme manager to deliver against our Net Zero targets. Alongside our absolute emission targets for operations (Scope 1 and 2) and business travel (Scope 3), we have set a supplier engagement SBT. We will engage with and support all UK suppliers ensuring they are on a Net Zero journey. We will include clients and suppliers in our No Planet B programme to collaborate and develop new initiatives aligned with their priorities.

A contract specific Sustainability Plan and reporting metrics will be developed for each engagement, aligned to the targets in our overall Carbon Reduction plan. Using established data gathering and reporting processes, we will report annually against our commitments and metrics.

Improvement plans will be driven in part by the reporting metrics and feedback from clients and suppliers. We find that our ‘No Planet B’ initiative is the biggest source of innovation.

We are proud of our Net Zero ambitions. With SBTs, contract specific sustainability plans, our reporting commitments and involvement in our ‘No Planet B’ programme, our approach and progress will be fully visible.
Tackling economic inequality

Tackling economic inequality

CGI is committed to ensuring careers in STEM are accessible for all. We will continue to provide a range of new employment and training opportunities which include professional, graduate and apprenticeships. To create new skills in the IT industry, we offer a range of IT-based apprenticeships and partner with various university training partners to deliver our Technology Industry Gold accredited Degree Apprenticeships.

We proudly support social enterprises FastFutures and Bounceback, providing mentoring, CV writing and interview skills to young people and prison leavers, enabling them to become work-ready. CGI’s EmployABILITY programme helps underrepresented students to build skills needed to pursue a successful career in STEM, through mentoring provided by our members.

CGI is supporting the Government’s priority to grow and diversify supply chains by working with a variety of partners. The majority of the 1,600 suppliers we use to support the delivery of services to our clients are UK based organisations, with over 600 Small and Medium Enterprises (SMEs). We are a Member of the Business Disability Forum and are signatories of the Prompt Payment Code.

We select our suppliers based on not just technical merit and capability but also alignment with our vision and goals. Our procurement process develops a deep understanding of each new supplier through a materiality rating checklist. All our preferred suppliers are audited against these checks annually, and actions are taken if a supplier’s rating drops.

Throughout our engagements, any change control will include a check on potential inclusion of SME, Social Enterprises or new businesses. This will include advertising opportunities on Contract Finder. We also welcome input from our clients, as they are often approached directly and have valuable insight in supplier offerings.

For transparency we will report on the number, value and proportion of contract spend being undertaken by SMEs and Social Enterprises.

Pricing

Price
£725 to £1,498 a unit a day
Discount for educational organisations
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at uk.gen.ccsframeworks@cgi.com. Tell them what format you need. It will help if you say what assistive technology you use.