Skip to main content

Help us improve the Digital Marketplace - send your feedback

UBDS IT Consulting Ltd

Boundary Security Protection (BSP)

Security boundary protection that mitigates risks of DoS, data exfiltration, enumeration, exploitation. Security protections that can be customised for your environment. Technology based on NCSC principles (ROSA). Ability to integrate with SIEM products such as SPLUNK and ELASTIC.

Features

  • Accurate real time monitoring and reporting
  • Generation of custom threat intelligence data
  • Ability to detect DoS, DDoS and sophisticated APT level attacks
  • Developed using NCSC architectural principles from ROSA
  • Generation of data enrichment provides quick investigation and action
  • Multiple SIEM integration
  • NCSC certified training

Benefits

  • Reduces need for in-house expertise
  • Provides a high level of assurance to detect malicious activity
  • Provides deep visibility into attacks
  • Identifies exfiltration
  • Reduces risks due to misconfiguration or design errors
  • Security monitoring methodology based on ROSA
  • Minimal ongoing maintenance (configure once)
  • Non intrusive architecture ensures no loss of service
  • Minimal capital outlay, instant benefits realisation

Pricing

£2,257 to £2,786 a unit a month

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at frameworks@ubds.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

8 8 2 1 0 1 4 8 6 2 5 2 6 7 9

Contact

UBDS IT Consulting Ltd Ann Gaskell
Telephone: 03301110066
Email: frameworks@ubds.com

Service scope

Service constraints
Supported on Amazon Web Services;
Physical edge deployments required
System requirements
  • AWS VPC
  • EC2 instance being monitored being of type AWS Nitro system

User support

Email or online ticketing support
Email or online ticketing
Support response times
Dependent on SLA requirements We will reply to generic questions within next business day Service response times are based on incident priority Incident management is based on 24x7x365 coverage
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 AAA
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
Web chat
Web chat support availability
24 hours, 7 days a week
Web chat support accessibility standard
WCAG 2.1 AAA
Web chat accessibility testing
We have ensured or helpdesk system has been tested as part of service onboarding
Onsite support
Yes, at extra cost
Support levels
All service support levels are supported by specialist service management support and cloud engineering. Severity - P1 Key site or multi-site outage, or loss of service for an application. An issue that significantly affects all staff not able to perform their role. An issue that significantly affects the activities of the business. The impact on the reputation of the business is high. An issue that poses a significant risk to the customer’s applications and data security. 30 mins 2 Hours Next Business Day Availability – 24x7x365 Severity P2 Standard site outage or lose Critical functionality or network access interrupted or degraded. An issue that significantly affects a moderate number of staff, with an impact on performing their role. An issue that will moderately affect activities of the business. The impact on the reputation of the business is moderate. Poses some risk to the customer’s data security. 60 mins 4 Hours Next Business Day Availability – 24x7x365 Severity P3 Causes no significant impact on business activities. Affects a minimal number of staff, minimal impact An issue that will minimally affect business activity 4 hours 8 Hours Next Business Day Availability – 24x7x365 Severity P4 12 hours 2 Days 5 Business Days
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Training can be delivered onsite, or offsite. Training is 1-day in duration. Further training can be provided at additional cost. User documentation can be provided if required which can be customised specifically for the customers services being protected. Engineers can be deployed to assist with configuration and resolution of onboarding issues.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
  • Other
Other documentation formats
Word
End-of-contract data extraction
A copy of packets and metadata is received and stored to inspect non-legitimate data. This stored data can be exported at the end of the contract. The data is in JSON and RAW formats.
End-of-contract process
Service is disabled / decommissioned.
All data is destroyed
Data can be returned to the customer

Using the service

Web browser interface
Yes
Using the web interface
We will provide a web interface to the solution dashboard in read only mode. This will allow customers to gain full visibility of the service and help to plan for any additional requirements. No changes will be possible through the solution dashboard. Any change management requests will be done through our ITSM system
Web interface accessibility standard
WCAG 2.1 AAA
Web interface accessibility testing
We have carried out testing with accessible users for our solution and service management dashboards
API
No
Command line interface
No

Scaling

Scaling available
Yes
Scaling type
Manual
Independence of resources
Each instance is independent of one-another. Therefore one customer service does not impact another customer
Usage notifications
Yes
Usage reporting
  • API
  • Email
  • SMS
  • Other

Analytics

Infrastructure or application metrics
Yes
Metrics types
  • CPU
  • Disk
  • Memory
  • Network
  • Number of active instances
Reporting types
Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2019
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with another standard
Data sanitisation process
Yes
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
A third-party destruction service

Backup and recovery

Backup and recovery
Yes
What’s backed up
  • Data from non-legitimate traffic
  • Configuration data
  • Configured ruleset
Backup controls
The only components of the solution that is unique to the customer is;
1. The configuration of the service (network IP address, default gateway, syslog server address).
2. The ruleset required to detect non-legitimate traffic. This is a single files that can be backed-up by the customer.
3. Data of identified non legitimate traffic. This is in JSON and RAW formats. Each can be backed up on separate schedules.
Datacentre setup
Multiple datacentres with disaster recovery
Scheduling backups
Users schedule backups through a web interface
Backup recovery
Users contact the support team

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
The service is using AWS infrastructure, which provides as a minimum 99.99% uptime.

For every 1% below this SLA, the customer will be refunded the corresponding % of the monthly billing
Approach to resilience
The service is using AWS infrastructure using a single instance.

For an additional fee multiple availability zones can be used to provide a level of assurance with regards to resilience
Outage reporting
Email alerts
Phone calls

Identity and authentication

User authentication
2-factor authentication
Access restrictions in management interfaces and support channels
Management access is only possible using mutual TLS authentication, which requires a valid certificate on the client. The client can be configured for certificate pinning to mitigate man-in-the-middle attacks.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Dedicated link (for example VPN)
Devices users manage the service through
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device on a government network (for example PSN)
  • Dedicated device over multiple services or networks

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
QMS
ISO/IEC 27001 accreditation date
06/06/2021
What the ISO/IEC 27001 doesn’t cover
No exceptions
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
Yes
Other security certifications
Yes
Any other security certifications
  • FIPS 140-2 Level 1
  • Common Criteria
  • Security Technical Implementation Guides (DISA for DoD)
  • ISO9001
  • ISO22301

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
Cyber Essentials Plus ISO9001 ISO22301
Information security policies and processes
Instances are created using a repeatable automated build process which follows the defined secure build standard.

All management of the solution requires mutual authentication using digital signatures (certificates) with TLS, this ensures only validated user can access the service, which is defined in the security policy for managing the service.

The reporting structure is via the DPO and then CISO

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
The change management process for software changes follows a strict process to determine the risk and potential impact. Any releases are signed off on by appropriate parties.

To minimise the risk of corruption due to changes and the accidental removal of security controls a formal change control procedure is followed when making changes to any production system.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
The service is hardened and has a well defined attack surface.

Any vulnerabilities are assessed against the attack surface and determined if they impact the confidential, integrity or availability of the service.

If the vulnerability can not be mitigate with other security controls software patches are tested and deployed. From testing to deployment we aim for 48 hours as a maximum
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Vulnerabilities are identified and tracked. Vulnerabilities are identified by:

Receiving vendor and security researcher vulnerability announcements, Monitoring vendor reporting distribution lists and reporting forums, monitoring public reporting forums (CERT and NCSC)

Incidents are responded to depending on the severity. For a potential compromise this would be within an hour
Incident management type
Supplier-defined controls
Incident management approach
We have a complete service reporting and management reporting process that augments and works with our clients operating model

Secure development

Approach to secure software development best practice
Supplier-defined process

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
Yes
Who implements virtualisation
Third-party
Third-party virtualisation provider
AWS
How shared infrastructure is kept separate
Native AWS seperation

Energy efficiency

Energy-efficient datacentres
Yes
Description of energy efficient datacentres
AWS Hosted datacentres

Social Value

Fighting climate change

Fighting climate change

UBDS recognises that we can make a difference through implementing environmental performance that protects and improves the communities we operate in. We are ISO14001 accredited, have an Environmental Management Scheme and we have created and published a Carbon Reduction Plan.
We track the environmental impact of our operations, ensuring that we reduce emissions in line with our carbon reduction plan during all activities, including operational delivery. We see carbon reduction as an exercise in continuous improvement and it is a key part of our work.
Our GCloud contracts enable us to fight climate change in a number of ways:
• We engage with buyers before the contract start to discuss initiatives such as remote working to minimise emissions.
• We engage with the supply chain to see evidence of commitments to net zero and discuss initiatives to reduce a contract’s environmental impact.
• We will support and promotes local environmental projects to promote positive stewardship and sustainable practices in the communities in which we work.
• We support and promotes environmental initiatives and projects that our customers have developed or are part of.
• We work proactively with clients throughout the contract to deliver environmental benefits, e.g.:
- Facilitating the implementation of a Cloud first approach, which can reduce a service’s energy consumption by c. 88% due to public cloud economies of scale.
- Implementing “Green by Design” services that self-optimise energy consumption, e.g. auto-scaling cloud infrastructure on demand, automatic powering-down of infrastructure not in use.
- Partnering with technology providers with carbon emission goals e.g. AWS and Azure have commitments to achieve zero or negative carbon emissions.
Covid-19 recovery

Covid-19 recovery

UBDS recognises the impact of Covid-19 on communities across the country and we have made efforts through our work to support local areas and help them recover. We will continue to do this through GCloud contracts, with initiatives such as:
• Providing Digital Skills Training
UBDS can provide digital skills training for disadvantaged people within the communities we work in, meaning that they have enhanced employment opportunities, something that is particularly important in areas where jobs have been lost through Covid-19. We also support digital enablement programmes and make donations of equipment to groups/charities (such as wiped equipment that we are replacing).

• Developing partnerships with local schools and colleges
We work with schools and colleges near our contracts to provide careers advice, curriculum and literacy support, with team members acting as Enterprise Advisors to local schools. We also develop retraining, mentoring and work placement programmes with colleges

• Supporting local SMEs/VCSEs
We do this by providing advice to SMEs and VCSes, as well as through inclusion in our supply chain.
Where practical, UBDS commit to recruiting and deploying locally sourced skills and services. This is something which is important in supporting local economies affected by Covid-19, as well as the environmental benefits of minimising peoples’ daily commute. 
This is particularly evident in our sourcing activities, particularly with regards to customer engagements. We look to make use of local suppliers whenever there is a requirement outside of our own immediate expertise.
This approach boosts innovation, brings new perspectives and unlocks potential savings through the agility and value for money SMEs offer as well as helping local economies to rebuild post-Covid-19.
• Charity work
We encourage our staff to participate in, an contribute to, charity events and community schemes in their local area, including projects to support those affected by Covid-19.
Tackling economic inequality

Tackling economic inequality

We will seek to address economic inequality within communities we work with on GCloud contracts through activities that drive investment, stimulate the local economy. create employment and increase job security:
• Our apprenticeship scheme
UBDS’ apprenticeship scheme is designed to offer opportunities to young people and/or those facing barriers to employment. Our Digital Academy in London and Salford hires local apprentices and graduates, including from deprived areas. We are committed to hiring new apprentices over the next year from the areas we have contracts in. Our apprentices are provided with training and mentoring to develop skills and we work closely with customers to facilitate practical work experience.

• Creating employment opportunities through our work
UBDS has experienced significant growth through the contracts that we have won and this has enabled us to create employment contracts in London and Salford, as well as in other areas across the UK. We believe that GCloud will lead to further opportunities and contracts.

• Payment of at least the living wage at all times

• Supporting local companies, including SMEs and VCSEs, through the course of our contracts by bringing them into our supply chain and through the provision of advice on developing their business.
Equal opportunity

Equal opportunity

We are fully committed to equal opportunity as an organisation and will seek to use GCloud contracts to help us to embed equality and diversity throughout our work and our partnerships. We recognise that diverse teams bring unique value to our work and we celebrate the depth, breadth and diversity of experiences and backgrounds that drive our innovation and delivery of well-rounded solutions for the public. We feed this through our supply chain, including recruitment processes and work with customers to promote inclusive working environments. We:
• Build diversity into our company policies, for example flexible working and benefits that are fair to all.
• Recognise unconscious bias may occur and encourage staff to suggest ways to improve promotion of diversity.
• Use hiring methods to remove bias from the process, for example evaluation without viewing information that could disclose race, gender or age.
• Ensure equality and accessibility in recruitment to attract diverse candidates, giving opportunities to those who do not fit a typical profile.
• Develop genuinely diverse teams across our business and mentor new staff.
• We report on diversity within our organisation and work with partners who commit to doing so. We can use this information when working with customers to develop KPIs around diversity and reporting on these.
Wellbeing

Wellbeing

UBDS recognises the importance of the wellbeing of our staff and our suppliers and we have built a supportive, inclusive environment to support that. This supports and champions diversity as well as being sensitive to mental health related issues and mirrors our commitment to equal opportunities. Our approach is fed through all of our GCloud contracts and includes:
• Building diversity into our company policies, for example flexible working and benefits that are fair to all.
• Recognising unconscious bias may occur and encourage staff to suggest ways to improve promotion of diversity.
• Use hiring methods to remove bias from the process, for example evaluation without viewing information that could disclose race, gender or age.
• Ensuring equality and accessibility in recruitment to attract diverse candidates, giving opportunities to those who do not fit a typical profile; eg, we recently recruited a team member on an asylum seeker visa.
• Developing genuinely diverse teams across our business and mentor new staff
• Providing mental health “first aiders” within our organisation
• Ensuring that all of our buildings are fully accessible and assessing any needs new starters have in terms of equipment etc.
• Encourage staff to take time out to volunteer within the local community and for charities, with paid time off to support this
• Encourage healthy routes to work (e.g. cycling, walking) and participation in schemes to support this.

Pricing

Price
£2,257 to £2,786 a unit a month
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at frameworks@ubds.com. Tell them what format you need. It will help if you say what assistive technology you use.