ACTICA CONSULTING LIMITED

Cyber Security and Information Assurance

Actica provides expert security, management and accreditation advice on all aspects of cloud-related information assurance and cyber security, including the HMG Security Policy Framework (SPF), ISO27001, NCSC CAF, NIST CSF, Data Protection Act (DPA), GDPR and NIS. Our partners (Fidus Infosec, ProCheckup) work with us to provide certified security testing

Features

• Cyber security and information assurance (IA) strategy development and review
• Cyber security policy, cyber security standards and cyber security procedures
• Enterprise cyber security and information assurance (IA) capability development
• Risk assessment, risk management and technical security design and implementation
• Effective integration of cyber security into your Agile methodologies
• Cloud cyber security assessment and assurance
• Cyber security and information assurance (IA) audit and review
• ISO27000 series and Security Policy Framework (SPF) compliance consultancy
• Assessment against NCSC CAF, NIST CSF, NIST 800-series and CIS
• UK CISSP, CSC chartered and NCSC certified cyber security professionals

Benefits

• Reduces operational cyber security risks
• Enables a proportionate response to cyber security threats
• Ensures information assurance (IA) is an enabler, not a constraint
• Partnership working and skills transfer to enhance your capability
• Assurance of IaaS, PaaS and SaaS cloud solutions
• Services available at TOP SECRET and ABOVE SECRET classification
• Sectors: Defence, Education, Health, Justice, Local Authority, Police, Transport

£300 to £1,430 a unit a day

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at opportunities@actica.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

823078686263060

Contact

Michael Murphy
+44 (0) 1483484090
opportunities@actica.co.uk

Planning

• Planning service: Yes
• How the planning service works: Actica can provide expert security advice on all aspects of information assurance and security, including the implications of the HMG Security Policy Framework (SPF), the Government Classification Scheme, the International Standard on Information Security Management (ISO 27001), NCSC CAF, NIST CSF, CIS, the Data Protection Act, the Privacy and Electronic Communications Regulations (PECR) and the General Data Protection Regulation (GDPR). We develop security management systems to ensure secure operation (including multi-sourced ICT), specify the security requirements and architecture for your cloud solutions (including platforms such as AWS, Azure, GCP, MODCloud), and develop security documentation. We can advise on Protective Monitoring, Incident Management, Forensic Readiness, Disaster Recovery (DR) and Business Continuity Planning (BCP), providing supplier security assurance and supporting compliance and audit activities. In the planning stage of an initiative, we assist with:; •Development of information and cyber security strategy and policies; •Business Impact Assessment to identify the required level of security; •Development and analysis of IT/IS/cyber security policies; •Data Protection Impact Assessments in accordance with ICO guidelines; •Development of business continuity and disaster recovery plans; •Security architecture and design, including Waterfall and Agile development and delivery; •Support to the design and development of secure networks and infrastructures
• Planning service works with specific services: No

Training

• Training service provided: No

Setup and migration

• Setup or migration service available: Yes
• How the setup or migration service works: Actica can provide expert security advice on all aspects of information assurance and security, including the implications of the HMG Security Policy Framework (SPF), the Government Classification Scheme, the International Standard on Information Security Management (ISO 27001), NCSC CAF, NIST CSF, CIS, the Data Protection Act, the Privacy and Electronic Communications Regulations (PECR) and the General Data Protection Regulation (GDPR). We can provide security support to the secure development and delivery of digital, corporate and line-of-business systems in accordance with agile and traditional methodologies. We can support efficient system accreditation, and develop and implement security management systems to ensure secure operation, including with multi-sourced ICT. We can specify the security requirements and architecture for your cloud solutions, develop security documentation and provide security support to migration activities. We can advise on Protective Monitoring, Incident Management, Forensic Readiness, Disaster Recovery (DR) and Business Continuity Planning (BCP), providing supplier security assurance and supporting compliance and audit activities. It is important to do this when migrating to new services or platforms so that vulnerabilities are not introduced which your organisation could suffer from later.
• Setup or migration service is for specific cloud services: No

Quality assurance and performance testing

• Quality assurance and performance testing service: Yes
• How the quality assurance and performance testing works: Actica can provide expert security advice on all aspects of information assurance and security, including the implications of the HMG Security Policy Framework (SPF), the Government Classification Scheme, the International Standard on Information Security Management (ISO 27001), the Data Protection Act, the Privacy and Electronic Communications Regulations (PECR) and the General Data Protection Regulation (GDPR). We can provide security support to the secure development and delivery of digital, corporate and line-of-business systems in accordance with Agile and traditional methodologies. We can support efficient system accreditation, and develop and implement security management systems to ensure secure operation, including with multi-sourced ICT. We can specify the security requirements and architecture for your cloud solutions, develop security documentation and provide security support to migration activities. We provide Proportionate Assurance and Accreditation support as well as physical security analysis and advice on countermeasures, security processes and procedures to ensure security assurance is being delivered at the level of quality you expect.

Security testing

• Security services: Yes
• Security services type:
  • Security strategy
  • Security risk management
  • Security design
  • Cyber security consultancy
  • Security testing
  • Security incident management
  • Security audit services
• Certified security testers: Yes
• Security testing certifications:
  • CHECK
  • CREST
  • Tigerscheme
  • Cyber Scheme
  • Other
• Other security testing certifications:
  • National Cyber Security Centre Assured Consultancy
  • CCP Certified Consultants
  • Chartered Cyber Security Professionals

Ongoing support

• Ongoing support service: Yes
• Types of service supported:
  • Buyer hosting or software
  • Hosting or software provided by a third-party organisation
• How the support service works: Actica can provide expert security advice on all aspects of information assurance and security, including the implications of the HMG Security Policy Framework (SPF), the Government Classification Scheme, the International Standard on Information Security Management (ISO 27001), the Data Protection Act, the Privacy and Electronic Communications Regulations (PECR) and the General Data Protection Regulation (GDPR). We can advise on Protective Monitoring, Incident Management, Forensic Readiness, Disaster Recovery (DR) and Business Continuity Planning (BCP), providing supplier security assurance and supporting compliance and audit activities. We can help you specify any security testing and IT Health Check (ITHC) required, arrange for these to be performed by a CREST and/or PCI approved supplier, and help you in undertaking any remediation as necessary. Ongoing security and information assurance support can be provided to a tailored specification, often including:; • Data handling assessments in accordance with the SPF, including governance and culture; • Maturity assessment and implementation against NIST CSF, PRISMA and C2M2; • Data Protection Act (DPA), PECR and GDPR support; • Security incident investigation and information forensics; • ISO 27001 support, including gap analysis and ISMS implementation; • Cyber and security support to the delivery of digital systems

Service scope

• Service constraints: None

User support

• Email or online ticketing support: No
• Phone support: No
• Web chat support: No
• Support levels: N/A

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Bsi
• ISO/IEC 27001 accreditation date: 18/01/2023
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  At Actica Consulting, we are a company that cares about the environment. Our EMS (Environmental Management System) is certified to ISO14001:2015 and we are committed to reducing our already very small environmental footprint. We set annual SMART objectives as part of our commitment to continuously improve our environmental management, enhance environmental performance and reduce pollution. ; ; As stated in our published Carbon Reduction Plan, we are committed to achieving Net Zero no later than 2050 (though we aim to be much faster) and to play our part in keeping the global temperature rise within 1.5 degrees. Our CRP is updated annually to record progress and set targets for the year ahead.; ; Actions we take include, but are not limited to: establishing environmentally sensitive purchasing policies (buying recycled or long-life products; favouring products derived from natural/sustainable sources) and monitoring the environmental performance of our suppliers; ensuring that all decisions regarding working practices and purchasing take environmental considerations into account. We measure, monitor and minimise our usage of resources and consumables, and our greenhouse gas emissions. We actively look for ways to reduce waste and recycling, and encourage the use of sustainable modes of transport. We encourage home working and the use of virtual collaboration tools. Finally, we encourage our employees and suppliers to suggest ways to further develop our EMS.; ; For the provision of these services, we commit to offsetting the carbon footprint for the development of the Actica deliverables and, if requested, will provide certification verifying this action has been completed within a month of project completion. In 2023, Actica offset 5tCO2e, through similar schemes.

  Covid-19 recovery

  Since the pandemic, Actica has maintained its commitment to its people and to uplifting others by offering employment opportunities and training, and leveraging our high-growth sector to create jobs. In the period from Mar '20 to April '24, we employed 122 new staff members, resulting in a c20% net increase in the number of employees per annum.; ; Actica undertakes a range of measures to aid with economic recovery from COVID-19 - especially at a local level - including promoting the benefits of staying local and ensuring money is spent supporting local businesses. We support recruitment events away from our SE England base and have recruited staff across the UK, ensuring that they benefit directly from our activity.; ; At Actica, the health and well-being of our staff comes first. We provide office equipment, and whatever else is needed to ensure the highest level of wellbeing and support to our staff. Where in-person working is required, Actica ensures that client sites meet our high standards for COVID safety. Recognising the importance of mental health, Actica has implemented a support structure which pairs up staff for ‘kitchen chats’; providing social stimulation for a healthy working-life balance. ; ; Actica has fully embraced hybrid working, leveraging video-conferencing and online collaboration tools. We foster a close, remote-working relationship with clients through regular informal video calls. Actica is committed to retaining flexible working for our staff and engages with customers to deliver our services most efficiently - removing unnecessary travel and reducing commuting at peak times. We fully accommodate staff that require special considerations due to shielding, and allocate them specifically to remote working projects.

  Tackling economic inequality

  Actica is compliant with the processes and procedures contained within the Modern Slavery Act 2015. Our anti-slavery and human trafficking policy applies to all staff, as well as other persons representing Actica in a working capacity. This including employees at all levels, contractors and suppliers. We are committed to promoting and maintaining the highest possible ethical standards in all of our business activities, and have a zero-tolerance policy towards bribery and corruption. We are committed to acting fairly and with integrity in all of our dealings and relationships. We have implemented and currently enforce an effective system to counter bribery. Our anti-bribery policy provides details of our approach. ; ; Actica are pleased to confirm that all of our staff and associates are paid above the real living wage, in addition to receiving a pay review following every performance review. Furthermore, we hold formal accreditation from the Living Wage Foundation as a living wage employer. In our supply chain of associates, we prefer to work with known and trusted associates with well-established subcontracts and working practices. We do not use zero-hour contracts, and prefer to subcontract based on fixed-price deliverables. We are able to accommodate working both inside and outside of IR35 regulations as needed.; ; Actica has supported a number of young people to obtain an apprenticeship in Cyber Security.

  Equal opportunity

  Actica is committed to ensuring fair treatment of all stakeholders in our business from customers to employees. We are a Disability Confident Committed employer (certificate: DCS024208). We believe in equality of opportunity and inclusion, where Actica’s Equality, Diversity and Inclusion policy goes beyond what we are required to do to ensure all contributions are valued and respected. We ensure that in all our activities we promote equality and provide respect to all, irrespective of marital or civil partnership status; having or not having dependants; religion or beliefs; race (including colour, nationality, ethnic or national origin); disability; sex or sexual orientation; age; or pregnancy and maternity. This policy extends beyond our own employees to client personnel, subcontractors, suppliers and potential recruits, and underpins our approach to recruitment of staff and engagement with our supplier base.; ; We require all of our staff and people within our supply chain to uphold our equality principles. We have effective procedures in place to ensure equal opportunities for all, preventing discrimination, harassment and bullying – fostering a culture which values diversity and inclusion. Our equality and diversity policy provides more details of our approach and a member of the board actively monitors our compliance to the policy to ensure any opportunities for improvements are identified, considered and implemented as needed. Actica is covered by the Modern Slavery Act 2015; our compliance with the processes and procedures contained within the Modern Slavery Act 2015 is set out in our Modern Slavery policy and statement.

  Wellbeing

  Actica is a company that is committed to supporting the health and wellbeing of our staff, both physically and mentally. We make every effort to ensure that our people are physically comfortable working at home by providing office equipment, and whatever else is needed (subject to individual accessibility requirements). Where in-person working is required, Actica ensures that a client’s site meets our high standards for safety.; ; Actica knows that mental health is just as important as physical health. Actica has implemented a support structure - which the Directorate promotes - where staff optionally pool their names for ‘kitchen chats’; providing much-needed social stimulation. A Company Director is responsible for the Mental Health services we offer to our employees, which includes overseeing regular communications and awareness campaigns via both virtual and physical means. We have established our Metal Health First Aid team, all of whom have undergone Mental Health First Aid Training with Mental Health England and have communicated their presence and purpose to the company. Additionally, we offer private medical insurance to our staff. This includes full mental health cover which incorporates confidential access to trained counsellors.; ; Throughout service delivery, we promote a team-culture with regular, collaborative workshops and informal social team video calls, with both Actica and client team members encouraged to join. This is particularly important where individuals are unable to routinely meet and engage with colleagues. ; ; We believe in playing a responsible role in our community and giving back to society. A big part of this is fundraising. We support upReach, a charity committed to supporting undergraduates from lower socio-economic backgrounds to access and sustain top graduate jobs, and SSAFA, the Armed Forces charity. Actica also sponsors the Manchester ‘Look After Yourself’ charitable conference, which supports and celebrates the work of mental health bodies.

Pricing

• Price: £300 to £1,430 a unit a day
• Discount for educational organisations: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at opportunities@actica.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.