Somerford Associates Limited

Securiti - unified data access & intelligence, controls & orchestration across hybrid multicloud

Securiti AI is an AI-powered platform for data security and compliance. It offers features such as data discovery, classification, and risk assessment to help organizations protect sensitive information. Securiti AI uses advanced machine learning algorithms to detect threats, automate compliance tasks, and ensure data privacy across cloud environments.

Features

• Data Discovery: Identifies and locates sensitive data across cloud environments.
• Data Classification: Categorises data by sensitivity and regulatory requirements.
• Risk Assessment: Evaluates risks linked to data exposure and non-compliance.
• Threat Detection: Uses ML to prevent security threats.
• Compliance Automation: Automates tasks for GDPR, CCPA compliance.
• Access Controls: Manages user access to sensitive data.
• Anomaly Detection: Identifies abnormal behavior and security breaches.
• Incident Response: Offers tools for quick response and remediation.
• Data Privacy Management: Ensures privacy and prevents unauthorized access.
• Continuous Monitoring: Detects risks through ongoing data access monitoring.

Benefits

• Enhanced Data Security: Protects sensitive data across cloud environments effectively.
• Regulatory Compliance: Ensures adherence to global data privacy regulations seamlessly.
• Automated Risk Management: Identifies and mitigates potential risks efficiently.
• Real-Time Threat Detection: Detects and prevents security threats instantly.
• Simplified Compliance Tasks: Automates compliance processes for streamlined operations.
• Granular Access Control: Manages user permissions for secure data access.
• Proactive Anomaly Detection: Identifies unusual activities to prevent breaches promptly.
• Rapid Incident Response: Enables swift response to security incidents.
• Robust Data Privacy: Implements measures to safeguard data privacy comprehensively.
• Continuous Monitoring: Monitors data access continuously to prevent security breaches.

£14,876 a unit a year

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at penny.harrison@somerfordassociates.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

833784419223304

Contact

Penny Harrison
07897075103
penny.harrison@somerfordassociates.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: None
• System requirements:
  • No additional software is required to access the system.
  • The Securiti's virtual data scanning appliance requires Linux OS flavors.
  • Securiti platform is a cloud-based service, accessible via web browsers.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Support response times. Mon-Fri 9am-5:30pm excl bank holidays customers receive an initial response within one business hour
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: We provide support from priority 1 to priority 4 cases on any existing configuration or part of the platform that is in total or partial failure as well as not working as expected. We also provide configuration guidance and recommendations for use cases. Each customer receives their own Account Manager who works closely with Support and ensures that cases can be followed up. Somerfords Support desk is available as a value added service in addition to the maintenance and support purchased alongside the license.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: As part of the engagement, Securiti will work with customer to ideate, design and build our implementation strategy. Securiti's Implementation Services Engineers and Solutions Architects will lead all trainings and guide in users in a self-paced fashion. It is recommended that all training sessions be recorded and stored for future use and distribution. Identifying "Power Users" for each module and following a "train the trainer" model is best practice that the Securiti team will leverage. ; ; Complete guidance and documentation is available for the administrative functionalities within the Securiti's UDC platform.; ; The following training material is provided by Securiti:; ; Tool tips within the product; Inline instructions; Education portal and certifications: https://education.securiti.ai/; Online product documentation for product features and API usage; Demos, tutorials and how-to resources; Webinars: https://securiti.ai/webinars/; Customer support; Other training mechanisms such as instructor-led training can also be offered to customers upon request.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
  • Other
• Other documentation formats: JSON
• End-of-contract data extraction: Upon termination of the subscription/contract, Securiti will provide a 30-day grace period for customers to extract any data they may wish to keep (via UI/API in CSV/JSON format), after which the tenant and all data will be deleted from the Securiti service.
• End-of-contract process: All data is portable to new vendor by end user or with support from Securiti.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Securiti does not have a separate mobile solution, but since it is a SaaS offering, mobile devices and tablets are supported.; The web user interface is designed to be responsive to support screen sizes of various kinds, including mobile browsers, tablets, notebooks, desktops etc.
• Service interface: Yes
• User support accessibility: WCAG 2.1 A
• Description of service interface: Securiti's Platform has been designed from the beginning to be used by non-technical people. It has a clean, simple and intuitive interface, with easy navigation.; Our Easy to use UI is intuitive and includes the ability to guide users through various functionalities. Tooltips are part of the UI. ; Our UI has been deigned keeping in view the usability for multiple audiences or user groups such as normal user as well as executives involved in decision making.
• Accessibility standards: WCAG 2.1 A
• Accessibility testing: The Securiti team follows both ADA and WCAG guidelines for accessibility. As these guidelines continue to be refined, the work Securiti needs to do to adhere to these guidelines will evolve.; Several members of the Securiti engineering team, responsible for these aspects of the platform, have either completed or are actively completing several accessibility certifications.; As it relates to our testing process, prior to any release, we leverage both tools and humans to check against accessibility problems or issues.
• API: Yes
• What users can and can't do using the API: • Complete API collection is provided to the customers for use; • Users can download the collection and use it.; • APIs are available in which filters can be applied and specific parameters of interest can be specified in the request body.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Securiti platform has many customizations available within each of the modules.; • All the public/end-user aspect of the product offering such as DSR UX can be customized to reflect the Customer's branding - both look-and-feel, images, as well as messaging is supported. Some examples include:; • Consent Management: This module allows for creation of customized cookie banners with full customization options.; • Privacy Center: Privacy Center is a centralized location where you can access several features of the Securiti modules, including the Preference Center, Cookie Preference Center, DSAR submission forms and the Privacy Policy Notice. You can avail these features by designing, customizing, and deploying your own Privacy Center for your website. Privacy Center can be fully customized to reflect the customer's branding and requirment, including logo text, etc.; • Data Subject Rights: Securiti provides the ability to fully customize DSR intake forms, including logos, colours, layout, etc, to match the Customer's branding.; • Privacy Policy and Notice: Build and configure a notice customized to your company's brand and provide seamless expereince to your website. ; Additionally customer's can embed their own logo on our platform. ; Assessment Automation:

Scaling

• Independence of resources: As a SaaS service, the Securiti User portal is highly scalable and already handles millions of users, globally. Securiti auto-scales the service automatically to meet demands.; The Securiti platform is architected as an elastically scalable SaaS service and leverages a global CDN to ensure a low latency response anywhere in the world. We operate a global CDN with over 100 Edge locations available globally, ensuring fast response times and local content, where relevant

Analytics

• Service usage metrics: Yes
• Metrics types: Securiti's Data Command Center has pre-built dashboards to show the relevant metrics in almost all the modules of the platform. These dashboards are automatically populated with the data and metrics once the organizations start using the platform. Additionally, Securiti's content-driven dashboards allow users to drill down into the details via context filters, search fields and our Natural Language Interface.; The dashboards offered by Securiti can also be used to create reports for executive reporting to management. The reports can be downloaded in PDF and CSV formats and the user's selection of global filters can be saved for future reuse.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: Securiti AI

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Other
• Other data at rest protection approach: Data at rest is encrypted with AES 256 encryption. Encryption standard follows NIST FIPS PUB 140-2.
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: • PDF and CSV formats are generally supported for export; • Securiti's Data Command Center platform also supports the extensive reporting API's to export data into other data reporting environments, if desired, and the data is typically presented in a JSON format.; • The reporting dashboards are available for all modules which allow the export of data based on the filters applied.
• Data export formats:
  • CSV
  • ODF
  • Other
• Other data export formats: APIs can be used to export data in JSON
• Data import formats:
  • CSV
  • Other
• Other data import formats: JSON

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: System Availability SLA for the rest of the Securiti Platform is 99.5%; To view further details please see Exhibit A (Support Services and Availability SLA): https://securiti.ai/terms/#terms-conditions
• Approach to resilience: Our SaaS tenant are architected with full resiliency and fault tolerant operations.; Securiti's product offerings are designed and implemented with the 3 pillars of RAS in mind: Reliability, Availability and Serviceability. To that end, fault-tolerance and recovery is an important aspect. ; Compute functions are spread across at least two AZs so that a failure of one AZ doesn't impact the overall RAS of the product. ; Where necessary and available, the control plane of a distributed infrastructure service is spread across three AZs to prevent split-brain issues due to networking glitches.; Background work is accomplished via granular tasks that are queued into a message broker and picked up by worker processes for processing. If a task couldn't be completed due to any failure, the task is re-queued for another worker to service in due course.; All database upgrades and code upgrades are performed "in-service" so that the product continues to be available.; For serviceability, all operations are tracked end-to-end with a correlation-id that helps us service and triage a failure effectively and remediate the fault in question.
• Outage reporting: We maintain a 99.5% uptime commitment. You can view our system status, past incidents, and system availability metrics here: https://status.securiti.ai/; Clients need to subscribe to the status messages at https://status.securiti.ai and in case of any outages, clients will be notified.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
  • Other
• Other user authentication: Securiti Platform fully supports SSO integration with any SAML 2.0 IdP. We also supports SAML 2.0 for Federated SSO, ensuring authentication can be delegated to an organization's existing identity management platform.; We currently have customers integrating with Azure AD, Okta, ADFS, OneLogin, Red Hat and others systems depending upon their use case.
• Access restrictions in management interfaces and support channels: Securiti has an authorising interface with Role Based Access Control supported offering least privilege/access principle. Different roles such as Admin, DPO, end user, etc can be assigned to individual portal users which limit privileges to those users. We also support the use of custom access profiles which allows for additional granularity.; Securiti provisions access privileges based on need to know basis and least access privilege principle.; Each Securiti employee and associate has limited access to Securiti systems and applications.; Securiti has System Access & Authorization Control Policy. As per policy, quarterly access reviews are conducted.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password
  • Other
• Description of management access authentication: Securiti's Platform fully supports SSO integration with any SAML 2.0 IdP. We also supports SAML 2.0 for Federated SSO, ensuring authentication can be delegated to an organization's existing identity management platform.; We do support SSO integration with leading vendors like Okta & SAML based SSO.; We currently have customers integrating with Azure AD, Okta, ADFS, OneLogin, Red Hat and others systems depending upon their use case.

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: The Certification Body of BARR Certifications LLC
• ISO/IEC 27001 accreditation date: 1/10/2023
• What the ISO/IEC 27001 doesn’t cover: The Certification Body of BARR Certifications LLC hereby certified that Securiti, Inc. operates an information security management system; (ISMS) that conforms to the requirements stated in the standard:; •ISO/IEC 27001:2022; The scope of the ISO/IEC 27001:2022 certification covers the ISMS supporting the AI-powered Data Security, Privacy, and Compliance; Platform, and in accordance with the Statement of Applicability version 2.0.0, dated February 13, 2023
• ISO 28000:2007 certification: No
• CSA STAR certification: Yes
• CSA STAR accreditation date: 02/22/2024
• CSA STAR certification level: Level 1: CSA STAR Self-Assessment
• What the CSA STAR doesn’t cover: Securiti has completed the CSA-CAIQ questionnaire(self assessment). For more details please refer to: https://cloudsecurityalliance.org/star/registry/securiti/services/securiti
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • ISO 27701
  • SOC2 Type 2
  • CSA Star Self Assessment

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: • Securiti is ISO/IEC 27701:2019 certified. This certification demonstrates the compliance of our platform's Privacy Information Management System (PIMS) to ISO standards as a data processor.; • Securiti is also SOC2 Type 2 certified.
• Information security policies and processes: From information security standpoint, Securiti has a formal Information Security and Privacy Program with documented policies and procedures. Securiti undergoes annual third party certifications like ISO 27001 and ISO 27701 as well as attestation report of SOC2 Type 2.; Securiti has established an Information Security and Privacy Management System (“ISMPS”) in accordance with ISO/IEC 27001 (“ISO 27001”) and ISO/ISEC 27701 (ISO 27701) that governs the processes required to protect the company and information assets.; Please refer to the above-mentioned documents in the policy packet: https://docsend.com/view/dxiitymp6p34ce37

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Securiti has a documented Change Management and Control Policy. The controlled document can be shared on request. Securiti’s change management and control policy describes how changes to the platform are proposed, reviewed, deployed, and managed.; ; Securiti has proper procedures in place for the following:; Version control; Branching model; Change initiation; Code Reviews, Change Reviews, and Change Approval; Security bugs; We use automated tools for source code repository management and version control purposes. Access to the central repository is restricted based on an employee’s role.; For more details please refer to the Change Managment Process in the policy packet: https://docsend.com/view/dxiitymp6p34ce37
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Securiti determines the severity of an issue via industry-recognized Common Vulnerability Scoring System (CVSS) scores, which all modern scanning and continuous monitoring systems utilize; Securiti performs external web application vulnerability scanning bi-weekly using BURP Suite. ; Security patches are deployed according to a risk-based approach:; ; Critical-risk Vulnerabilities must be mitigated within 15 calendar days of discovery.; High-risk Vulnerabilities must be mitigated within 30 calendar days of discovery.; Medium-risk Vulnerabilities must be mitigated within two years of discovery.; ; Please refer to the Vulnerability and Patch Management Policy in Policy Packet: https://docsend.com/view/dxiitymp6p34ce37 (link to the Policy Packet document)
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Securiti has a vulnerability management policy. Securiti determines the severity of an issue via industry-recognized Common Vulnerability Scoring System (CVSS) scores, which all modern scanning and continuous monitoring systems utilize; Securiti has a documented incident response procedure that is reviewed annually. Securiti's incident response plan provides guidelines for the employees or incident responders who believe they have discovered or are responding to a security incident.; Plan highlights the identification of 'severity' of the incidents (high severity, critical, etc.) and suggests the appropriate response steps accordingly.; For further details please refer to the incident response plan: https://docsend.com/view/dxiitymp6p34ce37
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Securiti has a documented incident response procedure that is reviewed annually. Securiti's incident response plan provides guidelines for the employees or incident responders who believe they have discovered or are responding to a security incident.; Plan highlights the identification of 'severity' of the incidents (high severity, critical, etc.) and suggests the appropriate response steps accordingly.; Also, for responding to and mitigating incidents, we have: ; ; Phishing Email Response Procedure; Infection Procedure; Malware Response Procedure; Ransomware Response Procedure; ; For further details please refer to the incident response plan: https://docsend.com/view/dxiitymp6p34ce37

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  As an organisation that works closely with the public sector, Somerford is keen to demonstrate our commitment to supporting the achievement of the Net Zero target of greenhouse gas emissions by 2050.; ; Management and staff at Somerford have been conscious of our impact upon the environment even before the Climate Change Act was introduced, and we’ve adopted environmentally friendly practices as the business has grown. Consequently, Somerford ‘s business already has a reasonably low carbon footprint, and will continue to strive for further reductions wherever possible because this is beneficial for our business, our stakeholders and the environment.; ; We will use our influence as a value added reseller of leading edge software products and supporting professional services to select supplier-partners whose own carbon reduction philosophy and plans are aligned with ours, and who can show commitment to the Net Zero target. In practical terms, this means we participate in a carbon-net-zero supply chain in the delivery of the solutions from our supplier-partners to our customers.; ; For further details, please see our Carbon Reduction Plan online at https://www.somerfordassociates.com/carbon-reduction-policy-and-plan/ As an organisation that works closely with the public sector.

  Covid-19 recovery

  During the Covid-19 pandemic, our robust business continuity measures, prudent fiscal policy, and the benefits of a highly flexible team, meant we were well prepared for the difficulties ahead. ; ; Staff wellbeing has been at the forefront of our Covid-19 recovery plans, taking care of their physical and mental health, including;; ; * home working to avoid unnecessary exposure to the virus; * providing safe office space where staff personal circumstances dictated; * regular contact, albeit remotely, to prevent isolation; * organised e-based social events to maintain interaction; ; ; As a result we have been able to:; ; * give uninterrupted service to our customers; * move our staff to home working; * avoid compulsory redundancies and minimised furlough; * in 2020, gain an 11% increase in revenues; * continue to grow the workforce by over 10% in the same year; * take on new partners to enhance our solutions portfolio; * invest in staff education to meet future customer needs. ; ; Changes in business practices due to Covid-19 have shown that flexible work patterns can be very effective, and we’re unlikely to fully return to our previous style of working. ; ; Our solutions have also helped customers to cope with their changing work patterns too - supporting their Covid recovery by providing the infrastructure, tooling and monitoring to support their own remote, flexible and sustainable ways of working.

  Tackling economic inequality

  Somerford is a healthily growing business, and actively strives to create employment opportunities that are inclusive of all socio-economic groups. For example:; ; * 47% of our staff joined us as junior.; * 17 of our team have joined us as apprentices or graduated from our in house technical academy; * We actively participate in the Armed Forces Covenant Scheme and help to redeploy and re-skill leavers from the Armed Forces. So far, 18 staff have joined us in this way;; ; Strong technical skills are key to the delivery of services to our customers, so we’ve invested heavily in staff training, as is demonstrated by 47% of our staff starting with us as juniors.

  Equal opportunity

  Somerford is an equal opportunities employer and does not discriminate on the grounds of gender, sexual orientation, marital or civil partner status, pregnancy or maternity, gender reassignment, race, colour, nationality, ethnic or national origin, religion or belief or age.; ; We do not discriminate on the grounds of disability. We take particular care to respect the rights of those with disabilities, throughout all stages of recruitment and employment. We make reasonable adjustments to ensure those with disabilities are not disadvantaged in the workplace, eg. adjusting working hours or providing special equipment to help to do their job.

  Wellbeing

  Somerford is committed to promoting and supporting the wellbeing of all of its staff. We aim to create a culture which focuses on prevention of issues in the workplace that can adversely affect staff health and wellbeing, and where issues are identified, they are managed promptly before they can have a detrimental impact.; ; This includes:; * providing staff with clarity and purpose regarding their job role;; * ensuring staff have the capability, training, support and encouragement to conduct their role confidently and effectively;; * providing a physical working environment that is suitable for the work to be carried out effectively;; * encouraging staff to maintain a sensible work-life balance;; * minimising the stressful impacts of work;; * ensuring bullying and harassment have no place in the working environment;; * managing sickness and absence effectively;; * considering requests for career breaks and sabbaticals;; * providing medical assistance to staff;; * encouraging employee fitness;; * promoting dignity at work.

Pricing

• Price: £14,876 a unit a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Free Proof of concepts , optional 1 month and extra under agreement.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at penny.harrison@somerfordassociates.com. Tell them what format you need. It will help if you say what assistive technology you use.