Cyber Security Services

Service scope

Service constraints: Buyers should be aware of planned maintenance schedules, potential compatibility limitations with specific hardware or software configurations, and support restrictions based on system requirements. Our service's security measures may impact performance, and data sovereignty considerations should be evaluated, especially regarding regulatory compliance. While scalable, practical limitations may exist on deployment size or user numbers. By understanding these constraints, buyers can plan effectively for implementation and ensure smooth operation within their organisations.
System requirements: Compatible with Windows, Linux, and macOS operating systems.

Minimum hardware specs for servers, workstations, and networking equipment.

Compatibility with required software frameworks, libraries, or platforms.

Adequate network infrastructure to support security solution deployment.

Valid licenses for security software, ensuring legal compliance.

Anti-virus and anti-malware software installed on all endpoints.

Support for virtualization technologies like VMware or Hyper-V.

Reliable internet connectivity for cloud-based security services.

Implementation of strong authentication mechanisms, like multi-factor authentication.

Adherence to industry standards and regulatory compliance requirements.

User support

Email or online ticketing support: Email or online ticketing
Support response times: Support response times - 08:30 - 18:00 Weekdays, excluding Bank Holidays. Out of hours support available where necessary. 30 minutes to 8 hour response dependent on priority call, P1 - 30 mins, P2 - 1 hour, P3 - 4 hours, and P4 - 8 hours.
User can manage status and priority of support tickets: Yes
Online ticketing support accessibility: WCAG 2.1 A
Phone support: Yes
Phone support availability: 9 to 5 (UK time), Monday to Friday
Web chat support: Web chat
Web chat support availability: 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard: WCAG 2.1 A
Web chat accessibility testing: We have not conducted any testing of web chat accessibility with users employing assistive technology.
Onsite support: Onsite support
Support levels: End-user training can be provided at an ad hoc cost. We provide a UK based Service Desk for support. Out of hours support is available. Our helpdesk is made up of 1st, 2nd and 3rd Line technical expertise. A Technical Account Manager will be assigned as standard as a part of our standard and premium IT Support, see our pricing schedule and SFIA Rate Card for details.
Support available to third parties: Yes

Onboarding and offboarding

Getting started: We assist users in getting started through a mix of onsite and online training, supplemented by thorough documentation.

Onsite Training: Our skilled instructors conduct hands-on sessions, guiding users through setup, configuration, and operational aspects of the service. This method encourages direct interaction, allowing users to address specific questions and gain practical insights.
Online Training: We offer flexibility with webinars, and virtual classrooms, enabling users to learn at their own pace from any location. These resources provide convenience and accessibility, accommodating various learning preferences.
User Documentation: Extensive manuals, guides, FAQs, and knowledge base articles serve as valuable references. Covering setup instructions, troubleshooting, best practices, and advanced configurations, these resources empower users to navigate and optimise their experience independently.
By providing diverse training methods and comprehensive documentation, we ensure users receive tailored support to suit their needs and preferences. This multifaceted approach equips users with the knowledge and resources needed to confidently and effectively use our service, enhancing their overall experience and maximising the value obtained from it.
Service documentation: Yes
Documentation formats: PDF
End-of-contract data extraction: Exported upon request. Contact the Support Helpdesk or Technical Account Manager.
End-of-contract process: At the end of the contract services will continue on a rolling 30 day agreement until either party serves notice. If it is decided the client will exit, Creative Networks will assist in transitioning and migration of services ensuring continuity and a smooth handover. We will, where applicable deliver an Exit Plan which sets out the proposed methodology for achieving an orderly transition of Services on the expiry or termination of the contract. The Exit Plan will contain at minimum: Separate mechanisms for dealing with Ordinary Exit and Emergency Exit. The management structure to be employed during both transfer and cessation of the services and a detailed description of both the transfer and cessation processes, including a timetable. Document how the Services will transfer including details of the processes, documentation, data transfer, systems migration, security and the segregation of technology components. Specify the scope of the Termination Services that may be required and any charges that would be payable for the provision of such Termination Services and detail how such services would be provided. Provide a timetable and identify critical issues and set out the management structure to be put in place and employed during the Termination Assistance Period.

Using the service

Web browser interface: No
API: No
Command line interface: No

Scaling

Scaling available: Yes
Scaling type: Automatic
Independence of resources: Hosted on cloud scalable solution.
Usage notifications: Yes
Usage reporting: Email

Analytics

Infrastructure or application metrics: Yes
Metrics types: CPU
Reporting types: Real-time dashboards

Regular reports

Reports on request

Resellers

Supplier type: Not a reseller

Staff security

Staff security clearance: Conforms to BS7858:2019
Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations: Yes
Data storage and processing locations: United Kingdom
User control over data storage and processing locations: Yes
Datacentre security standards: Managed by a third party
Penetration testing frequency: At least once a year
Penetration testing approach: Another external penetration testing organisation
Protecting data at rest: Physical access control, complying with another standard
Data sanitisation process: Yes
Data sanitisation type: Explicit overwriting of storage before reallocation

Deleted data can’t be directly accessed
Equipment disposal approach: A third-party destruction service

Backup and recovery

Backup and recovery: Yes
Backup controls: Backups can be scheduled by contacting the support team.
Datacentre setup: Single datacentre with multiple copies
Scheduling backups: Users contact the support team to schedule backups
Backup recovery: Users contact the support team

Data-in-transit protection

Data protection between buyer and supplier networks: TLS (version 1.2 or above)
Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability: We guarantee a high level of availability for our service, typically backed by Service Level Agreements (SLAs) outlining uptime commitments. Contact hello@creative-n.com for more information.
Approach to resilience: Our service is intricately designed for resilience, employing various strategies to ensure uninterrupted operation and data integrity. We invest in redundant infrastructure, utilising duplicate hardware, networking components, and data centres to mitigate the impact of potential failures. Additionally, our architecture is engineered with high availability in mind, integrating failover mechanisms to swiftly redirect traffic and services during disruptions.

Load balancing distributes incoming traffic across multiple servers or resources, preventing overloads and bolstering system stability. Critical data undergoes replication across multiple storage locations or data centres, safeguarding against data loss in the event of a catastrophic failure. Continuous monitoring systems vigilantly oversee system health and performance, promptly alerting our team to any anomalies for proactive resolution.

Regular backups are conducted to secondary storage locations, ensuring swift data restoration in cases of corruption or loss. Furthermore, stringent security measures are integrated to ward off cyber threats and unauthorised access, preserving the confidentiality, integrity, and availability of data.

Through these resilient design principles and strategies, our service maintains robust availability and operational continuity, even in the face of unforeseen challenges or disruptions.
Outage reporting: Email alerts.

Identity and authentication

User authentication: Username or password
Access restrictions in management interfaces and support channels: Supplier defined controls.
Access restriction testing frequency: Less than once a year
Management access authentication: Username or password
Devices users manage the service through: Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Access to user activity audit information: Users contact the support team to get audit information
How long user audit data is stored for: Less than 1 month
Access to supplier activity audit information: Users contact the support team to get audit information
How long supplier audit data is stored for: Less than 1 month
How long system logs are stored for: Less than 1 month

Standards and certifications

ISO/IEC 27001 certification: Yes
Who accredited the ISO/IEC 27001: UKAS
ISO/IEC 27001 accreditation date: 24/10/2022
What the ISO/IEC 27001 doesn’t cover: Areas not covered by ISO/IEC 27001 certification include specific business processes unrelated to information security, certain third-party services or suppliers, or compliance with other industry-specific regulations.
ISO 28000:2007 certification: No
CSA STAR certification: No
PCI certification: No
Cyber essentials: Yes
Cyber essentials plus: Yes
Other security certifications: No

Security governance

Named board-level person responsible for service security: Yes
Security governance certified: Yes
Security governance standards: ISO/IEC 27001
Information security policies and processes: Organisations adhering to ISO 27001 establish robust information security practices. They develop policies aligned with ISO 27001 requirements, covering areas like access control, data protection, and incident response. Through risk assessments, they identify and prioritise security risks, implementing controls to mitigate them. Employees receive training on security policies and procedures to enhance awareness and compliance. Monitoring and review processes ensure the effectiveness of security controls, with regular audits and assessments conducted. A designated individual or team oversees the implementation and maintenance of the Information Security Management System (ISMS), reporting to senior management or the board. To ensure policy adherence, organisations employ various mechanisms such as audits, reviews, and ongoing monitoring. Non-compliance issues prompt corrective actions and improvements to the ISMS. By following these practices, organisations demonstrate their commitment to information security and continuously strive to enhance their security posture in line with ISO 27001 standards.

Operational security

Configuration and change management standard: Supplier-defined controls
Configuration and change management approach: Creative Network's have in place a Change Management Process that follows the ISO 20000 Standard. A change is proposed with the Change Manager and then added to the Changes-overview. The change is scheduled to be executed and a roll back plan is created (if necessary). Rollback is actioned immediately upon confirmation as per following the rollback matrix, resources are freed and announcements are published. Periodically, the overview of archived changes is checked.
Vulnerability management type: Supplier-defined controls
Vulnerability management approach: Creative Network's have a Vulnerability Management process that implements the following: Receives information about zero day threats from the National Cyber Security Center; subscribe to newsletters from vendors and used products, in contact with special interest groups; Technical vulnerabilities are handled either using the Incident management process or the Change management process; Patches are tested following the Installation of software on operational systems.
Protective monitoring type: Supplier-defined controls
Protective monitoring approach: All devices have a monitoring agent on them which can identify potential issues and report back to our service desk. If an issue is identified we have an internal 4 hour SLA to ensure remedial actions are carried asap, the seriousness of an incident will be assessed on discovery so that any priority issues can be responded to quickly.
Incident management type: Supplier-defined controls
Incident management approach: Fully developed Business Continuity and Disaster Recovery management process developed in line with ISO 22301. Creative Network's have a pre-defined Incident Management Process in place where by an incident is reported with the Incident Manager and then added to the Incidents-overview. After which, relevant log files (from all systems affected) and evidence is gathered. The incident is corrected by implementing a patch, temporary fix or workaround. It is determine whether future occurrences of the incident can be prevented, e.g. by modifying/strengthening one or more controls. Periodically, the overview of archived incidents is checked for apparent trends and effectivity of corrections.

Secure development

Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
Who implements virtualisation: Third-party
Third-party virtualisation provider: Hyper-V
How shared infrastructure is kept separate: Each instance is virtualised using Hyper-V.

Energy efficiency

Energy-efficient datacentres: Yes
Description of energy efficient datacentres: Our Data Centre follows the ISO 14001 standard. We have in place a robust environmental management system • Procuring consumed energy from sustainable energy sources wherever possible

Social Value

Fighting climate change
Covid-19 recovery
Tackling economic inequality
Equal opportunity
Wellbeing

Fighting climate change

By bolstering cybersecurity, we help organisations operate more efficiently in the digital sphere, reducing reliance on physical infrastructure and travel, thereby cutting carbon emissions.

Covid-19 recovery

Post-pandemic, our services facilitate secure remote work environments, supporting business continuity and economic recovery, while guarding against cyber threats targeting healthcare and vaccine distribution systems.

Tackling economic inequality

We promote fair competition by offering affordable cybersecurity solutions, ensuring businesses of all sizes can defend themselves against cyber threats and compete equitably in the digital economy.

Equal opportunity

Through security awareness training and access to cybersecurity resources, we empower individuals from diverse backgrounds, including underrepresented groups, to pursue careers in cybersecurity, fostering equality of opportunity in the tech sector.

Wellbeing

Safeguarding digital assets and personal information enhances individuals' sense of security and privacy, promoting overall wellbeing in an increasingly digitised world. Additionally, by preventing cyber attacks on critical infrastructure, we ensure public safety and societal stability, further enhancing wellbeing.

Pricing

Price: £300.00 to £2,000.00 a unit
Discount for educational organisations: Yes
Free trial available: No

Features

Benefits

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Backup and recovery

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Separation between users

Energy efficiency

Pricing

Service documents

Cookies on Digital Marketplace

Cyber Security Services

Features

Benefits

Pricing

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Backup and recovery

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Separation between users

Energy efficiency

Social Value

Pricing

Service documents