Virgin Media Business

Cisco Security from Virgin Media O2 Business

Cisco leads the way with solutions that are driving the industry in SASE, XDR, and zero trust. Integrating it all is Cisco SecureX, Cisco's security platform that provides simplicity, visibility and efficiency across the Buyer's security infrastructure.

Features

• Cisco Secure Access by Duo
• Cisco Secure Email
• Kenna Security
• Cisco Secure Endpoint
• Next-Generation Firewalls (Firepower)
• Cisco Identity Service Engine (ISE)
• Cisco Umbrella
• Cisco Cloudlock
• Cisco AnyConnect
• Cisco Secure Workload

Benefits

• Improved Security Posture
• Reduced System Complexity
• Improved, Simplified Security Management
• Automated alerts and monitoring
• Consolidate platforms and reduce security spend
• Improved threat visibility and control
• Significantly reduce time to detect breaches
• Reduce time to respond

£10 a user a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at publicprocurement@virginmedia.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

830918731621716

Contact

Diane Murray
07973 622296
publicprocurement@virginmedia.co.uk

Service scope

• Service constraints: Service constraints listed per Cisco products.
• System requirements:
  • Administrators of the service interact via web browser only
  • An industry standard web browser that support TLS 1.0+

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Yes, email support is provided for Cisco Security product suites. http://www.cisco.com/c/dam/en_us/about/doing_business/legal/docs/omnibus-cloud-security.pdf
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Details on Cisco Technical Support Offerings can be found here: http://www.cisco.com/c/dam/en_us/about/doing_business/legal/docs/omnibus-cloud-security.pdf
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Cisco Security Cloud Solutions are sold as standalone resell only. Professional Services and installation services are available at additional costs.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Cisco does not store any customer information except metadata. All audit logs, incidents, activities can be exported at anytime to a CSV file and/or PDF when the contract ends at which time Cisco's Dev Ops team will delete customer audit data from its databases.
• End-of-contract process: Standard Terms and Conditions require that data is deleted upon contract termination.

Using the service

• Web browser interface: Yes
• Using the web interface: Administrators of the service interact with the customer dashboard via web browser only, no client side software required. An industry standard web browser that support TLS 1.0, 1.1, or 1.2 is sufficient. We support the last major version and 1 previous major version of the big 3: IE, Chrome, Firefox.
• Web interface accessibility standard: None or don’t know
• How the web interface is accessible: Not applicable.
• Web interface accessibility testing: Not applicable.
• API: Yes
• What users can and can't do using the API: See setup for more details.
• API automation tools: Other
• Other API automation tools: Postman
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
  • Other
• Command line interface: No

Scaling

• Scaling available: Yes
• Scaling type: Automatic
• Independence of resources: With no hardware to deploy, the company can configure new offices, remote branches and stores quickly. Cisco does not require the need to backhaul traffic to your headquarters location or major data centres. Connections to our Cisco cloud can go straight out to the internet. As the company shifts to a decentralized model, this will be a crucial value add.
• Usage notifications: No

Analytics

• Infrastructure or application metrics: No

Resellers

• Supplier type: Reseller (no extras)
• Organisation whose services are being resold: Cisco Security

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Other
• Other data at rest protection approach: When leveraging the virtual appliance or roaming client, all data is encrypted from the UK Government to Cisco datacenters. No data is stored locally at the UK Government, Data in the backend database is not encrypted. A customer's dashboard password is BCrypt hashed prior to storage in the database.
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: In-house destruction process

Backup and recovery

• Backup and recovery: No

Data-in-transit protection

• Data protection between buyer and supplier networks: Other
• Other protection between networks: Where possible, best of breed encryption is used to protect customer queries in transit.
• Data protection within supplier network: Other
• Other protection within supplier network: Where possible, best of breed encryption is used to protect customer queries in transit.

Availability and resilience

• Guaranteed availability: For Service Availability Commitments, please see the following: http://www.cisco.com/c/dam/en_us/about/doing_business/legal/docs/omnibus-cloud-security.pdf
• Approach to resilience: For Service Availability Commitments, please see the following: http://www.cisco.com/c/dam/en_us/about/doing_business/legal/docs/omnibus-cloud-security.pdf
• Outage reporting: Email alerts.

Identity and authentication

• User authentication: 2-factor authentication
• Access restrictions in management interfaces and support channels: On request.
• Access restriction testing frequency: Less than once a year
• Management access authentication: 2-factor authentication
• Devices users manage the service through:
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device on a government network (for example PSN)
  • Dedicated device over multiple services or networks
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: British Standards Institution
• What the ISO/IEC 27001 doesn’t cover: The ISO 27001 certificate covers the protection of Buyer and Supplier employee information that is managed within the Supplier's organisation.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • ISO 22301 Business Continuity Management
  • ISO 20000 IT Service Management

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: • Cyber Essentials Plus • ISO 20000 IT Service Management • ISO 22301 Business Continuity Management • ISO 9001 Quality Management System
• Information security policies and processes: The Supplier and Cisco's information security policies are designed to meet the ISO/IEC 27001 Information Security Management Systems (ISMS) requirements and are available on the respective intranets to all employees, contractors, consultants, temporary and other workers. In certain cases, we have implemented more stringent internal controls to comply with legal, regulatory or customer security requirements. Information Security policies and supporting standards are reviewed and approved by cross-functional groups including IT, Legal, Information Security, and HR. Policies are reviewed biennially and standards are reviewed annually.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Cisco uses a formal change management system that documents, maintains, and archives changes made to the IT infrastructure. All the Changes go through Risk and Business Impact assessment via the Change Management process and CAB. Each change request is assigned risk/impact score (high, medium, low or very low) based on the answers to the risk assessment questions, the number of resources included as affected resources, and the priority of the listed resources.
• Vulnerability management type: Undisclosed
• Vulnerability management approach: The Corporate Information Security team performs periodic vulnerability analysis, penetration testing, and risk assessments to determine areas of vulnerability and to initiate appropriate remediation. Policies, standards, and guidelines are classified Cisco Confidential and cannot be redistributed. The Security Alert tiger team evaluates vulnerabilities which are identified through various organizations, categorizes them as applicable to Cisco's environment and rates them using the CVSS scale. These ratings are reviewed with the appropriate support teams who analyze business impact and collectively determine implementation timeframes (i.e. in next patch cycle or immediate fix required).
• Protective monitoring type: Undisclosed
• Protective monitoring approach: The Cisco Computer Security Incident Response (CSIRT) monitors Intrusion Detection Systems (IDS) using various Security Information Management Systems (SIMS). Cisco uses both network- and host-based IDS. Cisco has deployed IDS at the perimeter and other internal network choke points to provide alerts for security incidents. The audit log reviews determine the level of monitoring and controls in place to ensure authorized activity. The following activities are reviewed: ;  Authorized access information including user ID, files accessed, and event notifications;  Use of administrative/root accounts ;  Unauthorized access attempts including failed attempts ;  System alerts and failures
• Incident management type: Undisclosed
• Incident management approach: The Cisco Computer Security Incident Response monitors Intrusion Detection Systems using various Security Information Management Systems. Cisco uses both network- and host-based IDS. Cisco has deployed IDS at the perimeter and other internal network choke points to provide alerts for security incidents. CSIRT has full-time, dedicated resources that run daily reports for potentially dangerous activities. The audit log reviews determine the level of monitoring and controls in place to ensure authorized activity. The activities are reviewed: Authorized access information including user ID, files accessed, event notifications Use of administrative/root accounts Unauthorized access attempts including failed attempts System alerts and failures.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Supplier
• Virtualisation technologies used: Hyper-V
• How shared infrastructure is kept separate: On request.

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: ISO14001 certified with energy-efficient processes in place such as water, lighting and recycling.

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  The Supplier’s approach to protecting the environment is detailed in our Environment Policy and guided by certification to internationally recognised standards and systems including ISO14001:2015. The Supplier has internal policies regulating water usage, waste disposal, minimising single-use plastics and carbon emission reduction. ; ; In April 2023, we received validation from the Science Based Target initiative (SBTi) for the following carbon-reduction goals: ; • Net zero by 2040 with a 90% reduction in value chain emissions (Scope 1, 2 and 3). ; • Reducing operational emissions (scopes 1 and 2) by 90% and scope 3 emissions by 50% by the end of 2030.; • Reducing operational emissions (scopes 1 and 2) by 60% and scope 3 emissions by 25% by the end of 2025. ; ; As of February 2024, the Supplier has reduced operational emissions by 45% (baseline FY2020). Here are some examples of the actions we’re implementing to achieve our goals:; • A stringent Code of Conduct requiring suppliers to have a board-approved carbon reduction plan with SBTi-aligned Net Zero goals and interim targets.; • Continuing to source 100% renewable electricity to power our network where we control the bill.; • Delivering a Mast De-Carbonisation Project to drive the landlords of third-party sites to source green electricity. In 2023, the Supplier has de-carbonised 1,128 masts.; • Transitioning our fleet of over 4,000 vehicles to electric by the end of 2030.; • Free-of-charge carbon footprint estimations for our solutions, so customers are better equipped to implement technology sustainably. Our model has been certified by the Carbon Trust.; ; The Supplier also aims to achieve zero waste operations and zero waste products by the end of 2025. To support this, all customers (including public sector organisations) can receive cash for trading in their unwanted devices and a minimum of 95% of this waste is recycled.

  Covid-19 recovery

  Immediate response to the pandemic:; The Supplier’s priority during the COVID-19 pandemic was to ensure that communities were safe and supported. Actions included:; • Providing 40GB of free data a month to support home-schooling families struggling to connect during lockdown. ; • Offering any customer who worked for the NHS an extra 10GB of data monthly for six months from Summer 2020. ; • Partnering with environmental charity, Hubbub, to launch ‘Community Calling’, which works with 400+ local community organisations to re-distribute smartphones to people who need them most. ; • Offering vulnerable customers on mobile contracts unlimited minutes and an extra 10GB of data ; • Launching an Essential Broadband tariff for existing customers who receive Universal Credit, Pension Credit, Income Support, Income-based Jobseekers Allowance and/or Income-based Employment Support. ; ; Continued support for those impacted by COVID-19: ; The Supplier recognises that COVID-19 exacerbated existing economic and social challenges, and created new ones, so we’re continuing to contribute to economic recovery and support the most vulnerable. Actions include:; • Continuing to provide return-to-work opportunities – the Supplier recently announced 200 new entry-level positions being created in 2024.; • To ensure our customers can access the information they need, the Supplier offers over 60 zero-rate sites including National Energy Action, Citizens Advice and National Debtline.; • 9.7 million people are now eligible to benefit from the Supplier’s Essential Broadband tariff.; • In 2022, the Supplier provided a £400,000 grant fund to launch the Tech Lending Community. This initiative makes tablets and free data available to community organisations supporting vulnerable individuals across the UK, all while extending the life of second-hand tech. ; • In June 2021, the Supplier announced its support for the ‘Together Coalition’, by offering grants of £1,000 to 400 small charities that champion and celebrate the community spirit, belonging and togetherness across the UK.

  Tackling economic inequality

  The Supplier is committed to tackling economic inequality across the UK. This includes: ; • Hiring over 2,600 apprentices since our award-winning scheme began in 2008. Our ‘blind recruitment’ process opens opportunities to those who have potential but may lack relevant experience.; • Working with organisations, such as ‘Blind in Business’ and ‘Step into STEM’ to help create opportunities for groups often facing barriers to employment. ; • Supporting business creation and growth, through Wayra (start-up cohort) and 5G accelerator hubs. ; • Hosting a virtual work experience programme for 14–16-year-olds, focused on driving diversity in STEM careers.; ; The Supplier works directly with our customers to provide employment and upskilling opportunities in their communities. For example, our nationwide network of 170+ ‘Future Careers Ambassadors’ provides support and guidance to pupils from groups traditionally underrepresented in STEM. The Supplier pays around £2.5m every year through the Apprenticeship Levy and has spent 55% of the levy to date on apprenticeships (versus a UK average of 39%). ; ; Additionally, the Supplier has a significant focus on addressing digital exclusion since this is a key barrier to economic equality. By 2025, we aim to:; • Connect 1 million digitally excluded individuals.; • Equip 6 million people with digital skills, confidence, and tools.; ; The Supplier’s customers benefit from access to subject matter experts in this space, as well as our established partnerships. Our digital inclusion initiatives include:; • Partnership with the Good Things Foundation to create the National Databank, which provides free-of-charge SIMs for individuals experiencing data poverty. Since 2022, over 78,568 SIMs have been distributed. ; • The Supplier’s nationwide ‘Connect More’ programme enables our employees to use their five paid volunteering days to deliver digital skills training through local authority and third-sector drop-in centres. ; • As part of our ‘Community Calling’ initiative, over 18,292 phones have been re-homed.

  Equal opportunity

  The Supplier is dedicated to tackling inequality and enabling everyone across the UK to fulfil their potential.; The Supplier’s diversity, equity, and inclusion strategy, ‘All In’, sets bold ambitions to be achieved by 2027. These are measured and reviewed regularly to ensure that the Supplier is on track.; To support ‘All In’, the Supplier has created an Inclusive Recruitment Programme to ensure our end-to-end recruitment journey for internal/external talent is fully inclusive.; The Supplier also reduces barriers through our policies aimed at providing the right support and flexibility for all employees. This includes:; • Industry-leading Family Friendly people policies which include up to 26 weeks’ paid maternity and adoption leave, 14 weeks’ paternity leave and up to 12 weeks’ paid neonatal leave, plus paid time off for caring, bereavement, emergencies, and more.; • Optimising our workplace adjustment process in collaboration with industry leaders, ‘Microlink’.; • Our ‘Work Smarter, Live Better’ hybrid working policy empowers our people to work in a way that helps them thrive.; • Integrating an ‘Adjustment Passport’ into our HR system, which provides comprehensive documentation of the accommodations provided for employees. This eliminates the necessity to divulge personal information.; • Regularly collaborating with our employee networks which represent the LGBTQ+ community, gender, disabled people, people who are neurodivergent, unpaid carers, and underrepresented ethnic groups.; • Signing up to the Government’s Disability Confident scheme and working towards achieving the Level 2 Disability Confident Leader standard. ; • Attaining the 'Carers Confident' Level 1 classification and actively progressing toward Level 2. ; • Funding gender transition treatment for our transgender and non-binary employees and helping them access medical care and support.; ; Additionally, all our suppliers must provide a Modern Slavery Transparency Statement detailing the actions they have taken to minimise the risk of Modern Slavery in their operations and supply chains.

  Wellbeing

  Improving Health and Wellbeing:; The Supplier promotes a culture of health, education, and wellbeing so that we can support all employees, both personally and professionally. ; Our ‘Thrive’ programme provides a comprehensive range of advice, tools and policies to ensure our people can be their best at work. As part of Thrive, our employees have free 24/7 access to confidential support and advice from trained therapists via Bupa Healthy Minds. Our people can also access free online treatment, such as Computerised Cognitive Behavioural Therapy.; The Supplier offers the following management development modules: ; 1) Stamp Out Stigma: Managers’ mental health awareness; 2) Anxiety and Depression: Managers’ toolkit; 3) Workplace Stress: Managers’ survival kit. ; To support physical wellbeing, the Supplier’s employees are enrolled on the Bupa Medical plan from day one. Our people can even choose to extend this to their partner and/or children by paying an amount every month. The Supplier also offers a Ride-to-Work scheme to help our people improve their fitness, reduce their carbon footprint, and save money on the cost of a bike. ; Personal development also has a crucial role in wellbeing, so the Supplier ensures that our people have the right knowledge, skills and behaviours to reach their full potential. We have a wealth of learning and development tools available, including unlimited access to 16,000+ online courses on LinkedIn Learning, which are taught by passionate real-world professionals.; ; Community Integration:; When delivering social value propositions, the Supplier prioritises collaborating with the community to help deliver a shared vision for the area. This includes partnering with the public sector, private sector, and third sector.; Additionally, all the Supplier's employees have five paid volunteering days per year to support and connect with their local communities, digitally and in person. Since 2023 alone, our people have supported over 443 charitable causes.

Pricing

• Price: £10 a user a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: On request.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at publicprocurement@virginmedia.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.