Cyberis Limited

Vulnerability Assessment

Cyberis offers an extensive range of technical security assessments and penetration testing services to the public and private sector, including vulnerability assessments combining automated security assessments with analysis, consultancy and remediation advice from our skilled technical staff.

Features

• CHECK Team Leaders for Infrastructure and Applications
• CREST Certified Testers in Applications, Infrastructure and Simulated Attack
• Testing of applications, infrastructure, web services, mobile and cloud technologies
• Concise and comprehensive reporting
• Contextualised remediation advice, relevant to the solution's security requirements
• HMG SC cleared consultants
• Wide experience in public sector networks
• IASME Cyber Essentials and Cyber Essentials Plus

Benefits

• Identify technical vulnerabilities, weaknesses and exposures in systems and applications
• Assess whether systems and applications meet key business security requirements
• Obtain relevant tailored advice to fix vulnerabilities and mitigate risk
• Understand how to protect sensitive data assets from compromise
• Meet internal compliance requirements
• Assist in annual accreditation requirements
• Friendly, responsive and flexible consultants delivering your engagements
• Dedicated senior technical account manager throughout your engagements with us
• Services are governed by ISO9001 and ISO27001 processes, ensuring quality

£1,000 to £1,400 a unit a day

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@cyberis.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

820942198965467

Contact

Pre-Sales Team
01684353514‬
info@cyberis.com

Planning

• Planning service: No

Training

• Training service provided: No

Setup and migration

• Setup or migration service available: No

Quality assurance and performance testing

• Quality assurance and performance testing service: No

Security testing

• Security services: Yes
• Security services type: Security testing
• Certified security testers: Yes
• Security testing certifications:
  • GBEST
  • CHECK
  • CREST
  • Cyber Scheme

Ongoing support

• Ongoing support service: No

Service scope

• Service constraints: None

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Responses to email enquiries typically within one business day. Response times outside of UK working hours vary.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Support levels: Our Project Management Office (PMO) is available to support you throughout an engagement with us, from initial planning and scheduling, into project delivery. The PMO will also work with you to ensure technical, commercial and logistical preparations are in place prior to delivery.; ; The PMO will also assign a Lead Consultant who will contact you ahead of the project start date, to discuss technical delivery in more depth and introduce the other members of the team. Your Lead Consultant will be responsible for overseeing all phases of delivery and keeping you up to date with regular progress reports.; ; During the engagement, the PMO will act as an escalation point of contact should any issues arise which cannot be addressed by the Lead Consultant. You will also be provided with an Account Manager, who will provide a secondary escalation point should our PMO be unable to resolve any problems you encounter.

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 04/10/2023
• What the ISO/IEC 27001 doesn’t cover: Not applicable - the certification covers all our services
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: IASME Governance Gold

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  We are aware that reducing our direct impact on the environment represents significant benefits for us, our clients, suppliers and the wider community and as an employer Cyberis is committed to understanding and reducing our impact by actively managing our waste, emissions and consumption of natural resources. We comply fully with all environmental legislation. ; In the office environment, we have taken several small steps to reduce our energy consumption – such as installation of LED lighting throughout our premises, energy efficient hot water taps, reduction of boiler operating temperatures and the installation of smart thermostats. We also use E.ON Next, as an energy supplier providing electricity backed by 100% renewable sources. ; Transportation is the major contributor to greenhouse gas emissions, with personal automobiles accounting for more than half of the total. An estimated 98% of employee carbon footprint comes from commuting. Due to remote working, fossil fuel consumption decreases vastly and people who work from home are reported to save 3.6 million tons of greenhouse gases per year. As a result, the majority of the Cyberis team work remotely and we have implemented processes to enable most of our testing work to take place remotely, reducing the requirement for travel to client site.; For example, where we need to connect to on-premise systems on a regular basis, we have developed a secure Remote Pentest Device (RPD) that can be used to support robust and secure connectivity. We also support efficient delivery through customer VPNs and cloud-based solutions for connectivity to systems, in a secure manner, with a significant reduction in the requirement for testing to take place on site and a subsequent reduction in travel necessity and environmental impact.

  Covid-19 recovery

  Cyberis has been committed to supporting the local community in managing and recovering from the impact of COVID-19. As part of this commitment, we supported our staff, suppliers and customers in achieving these same goals. ; During the pandemic, and since that time, Cyberis supported several clients in migrating their infrastructure to the cloud in a secure manner and supporting home workers in roles that were traditionally office based. Specific security testing designed to combat the inherent risks of these business changes has enabled our clients to continue to work in a safe and secure manner while balancing the ongoing requirement for staff to work from home on a part or full-time basis. ; From the beginning of the pandemic, we retained the services of the local suppliers contracted to maintain Cyberis office spaces despite office closures during periods of lockdown, supporting them in continuing to operate and retain staff without extra financial uncertainty. ; Many of Cyberis’ staff have continued to work from home since the beginning of the pandemic, and a number of staff taken on during the period are permanently home based. In order to support the mental health and wellbeing of all staff, the entire business gather for a weekly Teams meeting, where every individual has the opportunity to talk with colleagues, seek advice, stay connected to the wider team and build collegiality. ; Cyberis have also undergone a period of expansion and have been in the position to build a training programme and support retraining within the cyber security industry, including recruitment of new team members that were affected by redundancies during COVID-19.

  Tackling economic inequality

  Cyberis is a growing SME, seeking to encourage more individuals onto career pathways within the cyber security industry where there is a real skills shortage with over 10,000 vacancies in cyber security across the U.K. ; As we facilitate remote working for all employees, opportunities with Cyberis are available UK-wide, including potentially in deprived areas and for individuals who may find working home more suitable for their circumstances, such as those with disabilities or caring responsibilities (statistically predominantly impacting women) that prevent them from travelling to an office on a regular basis.; Making this opportunity for employment open beyond those already working in cyber security will support in addressing the Cyber Skills Gap. Cyberis run a successful Academy programme which recruits individuals with no prior experience in commercial cyber security testing and comprehensively upskill them to a highly competent level.; We also support increase of supply chain resilience and capacity by actively supporting programmes within our community which aim to engage those who face barriers to employment – such as neurodiverse individuals – and get them involved in the cyber security industry. We do this by volunteering time to IASME’s neurodiverse cyber security training programme. We also support community programmes within The Cyber Scheme via volunteered/sponsored time aimed at developing skills in the cyber security market.; Additionally, our more senior consultants are experts in their fields and regularly contribute to security conferences, podcasts and articles. Articles are regularly posted on our blog covering a variety of security issues and penetration testing techniques and we are in the process of developing this resource to provide "Introduction to Penetration Testing" guides and signposts to useful third-party resources which will help industry entrants gain baseline knowledge that will improve their employment prospects when looking to navigate a route into penetration testing.

  Equal opportunity

  Cyberis is a strong supporter of inclusion and diversity within the cyber security industry and considers the importance of tackling workforce inequality throughout its policies and processes.; Cyberis has an excellent record on staff retention and supported by focusing on employee wellbeing and development opportunities. We have proactively taken steps to improve inclusivity and the health and wellbeing of our colleagues, for example, dynamically varying working patterns to support changing personal needs, accommodating requests for role and responsibility changes to accommodate changing mental health needs, appointing Mental Health First Aiders and launching a comprehensive Employee Assistance Programme. We also plan to implement the six standards in the Mental Health at Work commitment.; Our recruitment processes are also under constant review to support inclusive practices, for example utilising virtual interviews to increase inclusivity - reducing the expectation on candidates to travel for interview if this may be a blocker for them in line with our policy to facilitate remote working for all employees supporting individuals who may find homeworking more suitable for their circumstances, such as those with disabilities or caring responsibilities (statistically predominantly impacting women) that prevent them from regularly travelling to an office.; Beyond initiatives to support our own staff and new entrants, Director, Gemma Moore, helped establish CREST's Inclusion & Diversity Working Group, which is tasked with improving inclusion across the technical cyber security industry. We also actively encourage our employees to support related industry initiatives, such as the National Cyber Security Centre (NCSC) Diversity & Inclusion Survey and we have signed the Respect in Security pledge, and fully support this. We have a zero-tolerance approach to any form of harassment.

  Wellbeing

  The health and wellbeing of our colleagues is important to us, and we strive to create an inclusive and supportive environment for all employees. Cyberis has an excellent record on staff retention supported by focusing on employee wellbeing and development opportunities.; We have proactively taken steps to improve inclusivity and the health and wellbeing of our colleagues, for example, dynamically varying working patterns to support changing personal needs, accommodating requests for role and responsibility changes to accommodate changing mental health needs, appointing Mental Health First Aiders and launching a comprehensive Employee Assistance Programme. We also plan to implement the six standards in the Mental Health at Work commitment. We also plan to use the recommendations in the Voluntary Reporting Framework to help us track employee wellbeing annually and use this information to inform process change and transformation.; The dynamic working patterns support our colleagues to value their work-life balance and have enabled people to, for example, attend events at their children’s schools or allow time to participate in hobbies. Additionally, this environment of supporting and encouraging colleagues to value balance and their health and wellbeing has included supporting colleagues with additional time off work to compete in sporting events. ; Furthermore, Cyberis organises biannual team social events to support team building and wellbeing throughout the company by fostering a community spirit. We have also recently re-structured the business to appoint additional line managers improving capacity for effective people management and regular one-to-one time, which is particularly important for our remote workers.; We also improve community integration via volunteering in the community. As a member of Cyber Scheme, we volunteer ten consultant-days per year to support community projects coordinated by the Cyber Scheme. We support IASME’s neurodiverse cyber security training programme by volunteering time to provide careers talks to attendees.

Pricing

• Price: £1,000 to £1,400 a unit a day
• Discount for educational organisations: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@cyberis.com. Tell them what format you need. It will help if you say what assistive technology you use.