GAMMA NETWORK SOLUTIONS LIMITED

Managed Security Operations (SOC)

Gamma's Managed SOC service has been designed and structured based on a partnership driven approach, ensuring that we understand from the ground up organisations pain points and issues to ensure we are providing the best service available.

Features

• 24/7 Managed Security Operations Centre (SOC)
• UK based operations
• Experienced and Vendor Certified analysts
• Tailored Use-cases based on MITRE ATT&CK framework
• Partnership driven expert advisory approach to Security
• Experienced and Vendor Certified analysts
• Automation & Orchestration though robust workflows and playbooks
• Templated On-Boarding to ensure quick ROI

Benefits

• Continous security posture assesment and enhancements
• 24/7 access to expert advisory assistance
• Maximise deployed technologies to enhance return on investment
• Governance on regular service reviews
• Enablement of internal security function to focus elsewhere
• We will work directly with customer partners
• Security team with 15+ years experience
• Partnership driven, extension of a customers security team
• Hybrid/Co-Managed approaches to SIEM depending on customer requirements

£7,500 a unit

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@gamma.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

916845453528970

Contact

Public Sector Sales Team
0333 043 7330
gcloud@gamma.co.uk

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Aas part of our managed service we utilise the Microsoft Security Stack [Defender, Sentinel]. The servcie wrap is built as an overlay.
• Cloud deployment model:
  • Public cloud
  • Hybrid cloud
• Service constraints: SIEM technology is Microsoft Sentinel.
• System requirements:
  • Azure and M365 Tenant
  • Appropriate Microsoft licensing, E5 desirable.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Gamma's Service Desk is 24x7 and any emails or online tickets are handled as per the below SLA.; General Questions are classified as a informational and have an update SLA of 48 hours.; However, other severity classifications have a response time as per below:; Priority 1 -15 min initial response min, 1 Hour Response time for follow up ticket. ; Priority 2 - 2 - 4 hours; Priority 3 - 8 - 16 hours; Priority 4 - 1 week
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Gamma's offers the same level of support for all managed SOC customers, via a dedicated support process. Our experienced and knowledagble team are available 24*7, 365 days a year. Our support is associated incidents, or threats and we assign the following service levels:; Priority 1 -15 min initial response min, 1 Hour Response time for follow up ticket. ; Priority 2 - 2 - 4 hours; Priority 3 - 8 - 16 hours; Priority 4 - 1 week
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We have tailored an extensive on-boarding plan that builds the foundations of our relationship with our customers. Key deliverables are captured and shared via our project plans and service documentation and monitored over a series of project calls.
• Service documentation: Yes
• Documentation formats:
  • PDF
  • Other
• Other documentation formats:
  • .mpg
  • .doc
• End-of-contract data extraction: Customer data is retained within their own tenant, so even after the contract ends it's available. The only caveat is the configured retention periods.
• End-of-contract process: At the end of a contract/termination the customer will no longer receive support from the service. As part of the off-boarding process, access to customer systems/our systems [if applicable] will be removed.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Our service is built around Microsoft Sentinel, all customers have access to this interface as it's generally hosted within their MS tenant. Customers who wish to have access to our service desk have visibilty of tickets and so on, customers who wish to integrate with their own service desk also have visbiility.
• Accessibility standards: None or don’t know
• Description of accessibility: Standard web-browser access with standard accessibility options associated with those web-browsers.
• Accessibility testing: We are interface testing at present.
• API: Yes
• What users can and can't do using the API: API is used within the SIEM primarily as a capability to collect and ingest data from various data sources. API is provided by vendors used as part of the service and not maintained internally.
• API documentation: Yes
• API documentation formats: HTML
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: Customisation is tailored towards additional services such as managed vulnerability services, posture assessment assurance. The managed service itself, although can be customised in terms of operating hours, full 24*7 or 9-5, the service offering itself in terms of monitoring and escalation has been designed to be standard. Examples of customisation:; use case development; dashboards

Scaling

• Independence of resources: We undertake a monthly Capacity Planning Forum whereby the utilisation of every network component is reviewed against planning rules and sales forecast to ensure that we have sufficient capacity and overhead to manage our customer's requirements. Additionally there is weekly planning review on capacity management adjustments. Each Horizon customer's resource requirements are taken into account and sufficient network is allocated to them. We also manage our network to spread traffic during very busy periods.

Analytics

• Service usage metrics: Yes
• Metrics types: The SOC managed service will provide reporting throughout the lifespan, these will vary from high level overviews around areas such as SLA's, metrics etc which will be provided during the service reviews; as well as technical reports around detection, remediation and recommendations.; ; There are two areas for reports/dashboards to be created, one from the SIEM itself (Sentinel), the other within the ticketing system Satisnet SOC (Freshservice). The reports/dashboards surrounding metrics SLA's etc can come from either location, however, the technical dashboards will be from within Sentinel.; ; Metrics include:; KPI KRI; number of incidents; SLA breached; Events per second; other metrics
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Our Web Portal allows users access to their associated number ranges. Typically users will extract their applicable data in Excel or CSV format.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • Excel
  • PDF
• Data import formats:
  • CSV
  • Other
• Other data import formats: Excel

Data-in-transit protection

• Data protection between buyer and supplier networks: Private network or public sector network
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: MS Sentinel and Azure infrastructure have been chosen because of the rich set of redundancy capabilities available. ; All aspects of our environment are zone redundant, with a seamless failover.
• Approach to resilience: We hold ISO 22301:2012 Business Continuity Management accreditation. As this information is sensitive, further specific information is available on request.
• Outage reporting: A public network status dashboard; Email alerts; Portal alerts; Text messages to opted in mobile numbers; Service desk verbal communication

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: Customer administrators can set permissions for other users to give them access to certain areas of the portal. They are able to restrict access to certain areas of the management and support interfaces.
• Access restriction testing frequency: At least once a year
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Alcumus ISOQAR
• ISO/IEC 27001 accreditation date: 30/09/2024
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: ISO22301

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: Cyber Essentials; Cyber Essentials Plus
• Information security policies and processes: Gamma has deployed an Information Security Management System Manual (ISMS) which meets and is certified to ISO 27001:2013, Cyber Essentials and Cyber Essentials Plus. It is supported by numerous policies and processes including but not limited to the following:; ; Information Security Policy; Information Security Incident Policy; Acceptable use policy; Access Control Procedure; Backup Plan; Business Continuity Plan; Confidential Data Policy; Data Protection Policy; ; The Reporting structure is from employees or customers to the Information Security Manager to the Information security Forum which is attended by several Directors and heads of departments. The Information Security Forum meets monthly to review all security incidents and events and corrective actions are agreed and tracked at this forum.; ; To raise awareness Gamma uses a computer based training platform for Security Awareness which is repeated annually. Line Managers have a responsibility to ensure their staff are aware of and follow these policies.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Change Control Process covers changes made to operational systems, to mitigate the risks and impacts that any change has and ensures good communication at all stages. ; Change Management ensures changes to core infrastructure and services are performed and implemented correctly.; Best practice guidance, aligned to ITIL (OGC), recommends that the starting point for any change should be a review of generic questions or the ‘seven Rs’. ; A risk and impact assessment is carried out for each change this involves detailing the assets under change.; The Change Advisory Board (CAB) has a representative from each impacted business area.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: We use failure mode effects analysis process, conducting regular, systematic assessments of vulnerabilities to determine the necessity of safeguards, countermeasures and controls, monitoring for changes to maintain an acceptable level of risk. Includes identifying key information assets and subjecting them to specific risk assessments, assessing exposure to a list of common threats and vulnerabilities, maintaining risk registers, implementing technical, policy, business continuity and management initiatives;; Each patch is assessed and deployed accordingly: ; High - Urgently.; Medium - ASAP.; Low - as time permits.; Gamma utilise many Vendor sources and industry RSS feeds, CERT, Ubuntu and Debian. Member of CiSP.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Gamma utilises GPG 13 guidance. Gamma has built a Security Information & Event Management Solution (SIEM) to identify potential compromises. If a compromise is found it is investigated. A Security Incident is raised to track the investigation, root cause and solutions if required to rectify or improve the situation. We respond to incidents as close to real time as practicable.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Gamma has an Incident Management process which has numerous pre-defined sub groups of staff designated for particular products or scenarios. It can be initiated by any member of staff and is managed by the 24/7 Network Operations Centre (NOC). Any incident is reported by the customer to the Service Desk, it is recorded in a customer relationship management tool (CRM) and an Incident report is produced after root cause analysis has taken place. Any Incident reports are made available to end users via pdf.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Understanding environmental impact ; Gamma recognises the increasing risk climate change poses to our planet. Although Gamma as a service business has a lower impact on the environment than many other businesses and many of its services have a positive impact by reducing the need for travel, Gamma understands that we have a responsibility to act. ; ; We adopted the UN Sustainable Development Goals (SDGs), including Goal 13 (Take urgent action to combat climate change and its impacts). ; In 2021, Gamma set its baseline energy and carbon emissions data which will be used to support future emissions reduction targets, this was used to formulate Gamma's ambition by committing to becoming a carbon net-zero company by 2042.; ; Furthermore, we set near and long-term Company-wide emission reductions in line with climate science with the Science Based Target initiative (SBTi) and Gamma will seek validation of its target within the SBTi timeframe of 24 months from commitment. ; We have constructed a plan over five, four-year carbon emissions reduction periods, ensuring the Company’s efforts are consistent with the need to decarbonise the wider economy. ; ; Taking climate action; Gamma has held ’Certified Carbon Neutral Company’ status since 2006. The offsetting projects supporting the UN SDGs include:; • Acre Amazonian Rainforest Conservation Project-(Brazil) ; • Meru and Nanyuki Community Reforestation Programme-(Kenya) ; • Improved Water Infrastructure Project-(Uganda); ; Gamma is ISO14001 certified. ; ; Reducing energy consumption; Energy and carbon reduction is the priority in implementing a science-based net-zero plan. Initiatives include:; • Ongoing emissions reduction projects. ; • Moving Gamma's small fleet of cars/vans over to self-gen hybrids is ongoing, with completion expected in 2023. Gamma will switch over to electric vehicles prior to 2030 in line with the reduction activities.; • Improve the energy efficiency of data centres and its technology. ; • Optimise its heating, ventilation and air-conditioning in key data centres.

  Covid-19 recovery

  Gamma Support and Recovery Packages; Gamma’s commitment and loyalty to customers has never been more evident than in its response to the global pandemic. Quick to react and first out of the blocks, Gamma developed two robust packages to help businesses weather the Covid-19 storm. ; ; The Gamma Support Package launched on 1st April 2020, with a raft of immediate measures to assist partners and their end-customers. We looked at specific ways we could help secure new business, including introducing new 30-day rolling contracts for our UC propositions: Horizon, Collaborate and Microsoft Teams Direct Routing.; ; As the nation began to emerge from lockdown and get back to business, Gamma was on the front foot and launched a Recovery Package, to provide the tools to continue to address the changing needs of businesses and the ‘new normal’. This was built to specifically support our partners and help them to identify new opportunities and also to support them in the event of the loss of end-customer businesses that sadly do not weather this period of economic hardship. ; ; Unlike other packages and in-line with Gamma's 'easy to do business with' fashion, the measures outlined in both Packages were designed to be delivered automatically, this ensured an easy, autonomous way without unnecessary bureaucracy or terms and conditions getting in the way. ; ; Collaborate Offer; As technology requirements changed overnight with many people forced to work from home, getting Gamma’s Horizon Collaborate product enabled for end-users was an urgent requirement. We started by offering our business-only cloud based Unified Communications solution free of charge for 4 months. We worked with our customers to enable this through delivering over 300 hours of training and support in 3 months. This included revamping our accreditation process to be able to deliver it online.

  Tackling economic inequality

  As part of the 2021 social plan within Gamma’s ESG strategy, the Company committed to supporting the communities in which it is based and enhancing its charitable giving plan. ; ; Supporting the UN SDG 8: Decent work and economic growth, Gamma’s technology teams provide remote Hi-Tech Horizons sessions through an initiative run by the Education Business Partnership. The initiative aims to engage and inspire the future workforce, raising awareness of the hi-tech sector and the opportunities available.; Additionally, Gamma has partnered with Speakers for Schools to deliver STEM insight to pupils in the North-West of England during Virtual Work Experience week in April, and Digital Careers in September. Gamma has a range of colleagues that volunteer to support these events to inspire students and provide them with a wider perspective on what their options are for their future careers and opportunities.; ; Working in the communities in which the Company operate, Gamma Direct has worked with local authorities in the Manchester and Portsmouth areas to support their efforts in tackling digital poverty, address emerging skills gaps and prepare young people for the world of work in addition to providing employment. ; ; Gamma is committed to maintaining these relationships as well as building new ones during 2022 and the Company will endeavour to contribute to the UN SDG 10: Reduced Inequalities through the extension of initiatives.; ; We continue to invest in our Apprenticeship programme to gain valuable work experience, to continue their education and to obtain nationally recognised qualifications. ; ; Also, Gamma has been working closely with the Graduate Recruitment Bureau to onboard 10 graduates by September 2022. The aim of the programme is to offer graduates experience of four different areas of technology across a two-year period. Gamma guarantees the graduate a permanent position at the end of successfully completing the programme.

  Equal opportunity

  Gamma adopted the following UN Sustainable Development Goals and considers all within the ESG Strategy in its policy.; • Goal 5: Achieve gender equality and empower all women and girls; • Goal 8: Promote sustained, inclusive and sustainable economic growth, full and productive employment and decent work for all; • Goal 10: Reduce inequality within and among countries; ; Gamma will be focusing on Equality, Diversity and Inclusion. we partnered with ENEI (Employers Network for Equality and Inclusion) to complete a benchmarking exercise to understand the gaps and strengths in its current approach. The exercise will focus on key areas such as Gamma’s workforce, strategy, leadership and accountability, recruitment and attraction, training and development and other employment practices. The outcomes will be used to set the ED&I strategy moving forward. ; ; As part of Gamma’s goal to impact and inspire young people the Company has formally partnered with Speakers for Schools and is designing a nationwide programme to support young people with understanding the technology industry, raising their confidence levels, mentoring and providing opportunities for work experience. ; ; Gamma is also targeting talent communities internally and externally. Internally, the Company will be creating employee communities, to strengthen inclusion and belonging. In 2021, we joined the Disability Confident scheme. ; ; Externally, its Recruitment team has started to build networks to broaden the Company’s connections with specific groups, focusing on Women in Technology, apprenticeships, and other underrepresented groups. This will include participation in hosted events and the creation of targeted recruitment campaigns to attract a more diverse talent pool. Gamma’s Senior Leadership Team has committed that all senior roles at Gamma must have a diverse shortlist and Gamma will ensure its partners in executive search are working to deliver this.

  Wellbeing

  At Gamma we have an internal wellbeing programme that was launched in April 2020. The programme promotes health, happiness, and productivity by providing access for our employees and their families to resources, support, and guidance to be healthy in body and mind, to be supportive to others, and to enable people to be at their best.; ; Our wellbeing initiative enables us to have an open and supportive culture for our employees mental and physical wellbeing.; ; Gamma has 12 qualified Mental Health First Aiders working on a rota system across all UK office locations, sign posting to external organisations where applicable and offering ‘in-house’ and ‘bite-sized’ training on topics such as managing remotely, dealing with stress, and work-life balance. The Employee Assistance Programme has provided employees with access to online information and advice.; ; Our Wellness Week (9-13 May 2022) aimed at raising awareness of important topics related to wellness kicked off with a different theme for each day providing daily tips and advice in overcoming daily challenges, themes included healthy minds and mindfulness, nutrition, mental health, Employee Assistance Programme and 'Feel Good Friday'. ; ; Financial wellbeing is also important to Gamma’s employees and the Company offers a salary sacrifice pension scheme, life assurance and income protection. Gamma offers a reward package which includes: the government cycle to work scheme, childcare vouchers, as well as access to a health cashback plan. The flexible holiday trading package offers employees the opportunity to purchase additional holidays or sell back holidays, with additional trading windows open during the pandemic. Gamma has also partnered with Reward Gateway to offer staff a variety of discounts from retail outlets and access to health and fitness discounts including gym memberships, saving employees over £38k in 2021. Gamma offers enhanced adoption, maternity and paternity pay and shared parental leave.

Pricing

• Price: £7,500 a unit
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Please contact Gamma - we have various free options available dependent on requirements.
• Link to free trial: N/A

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@gamma.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.