INTEGRITY360 LIMITED

Threat and Vulnerability Management

Continuous vulnerability management plays a key role in a well-functioning cyber security strategy by covering a variety of compliance requirements and protecting the business from the risks associated with security incidents.
Integrity360’s Managed Vulnerability Assessment Service helps to meet three of the six basic controls in the CIS Top 20

Features

• Continuous Scanning
• Vulnerability Assessment
• Asset Tracking
• Monthly vulnerability reports
• Asset Mapping Scans to provide ticketing/ KPI tracking towards owners
• Identify and evaluate threats

Benefits

• Protects the business from legal and reputational risks
• Continuous identification and mitigation of vulnerabilities
• On demand or scheduled scanning
• Actionable vulnerability insights
• Proactive reporting on exposure to major threats as become known

£0.61 a unit a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidreviewboard@integrity360.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

927467611225666

Contact

Paul Momirovski
+44 20 3397 3414
bidreviewboard@integrity360.com

Planning

• Planning service: Yes
• How the planning service works: In order to ensure all devices within the buyer's environment are captured within the asset discovery phase, Integrity360 utilises skilled professionals to conduct a full environmental assessment of network topologies, data centre information, and firewall rules in place to allow for the strategic placement of scanning appliances within the buyer’s environment.
• Planning service works with specific services: Yes
• Hosting or software services the planning service works with:
  • Qualys
  • Tenable
  • Rapid7
  • Microsoft

Training

• Training service provided: No

Setup and migration

• Setup or migration service available: Yes
• How the setup or migration service works: The Integrity360 TVM includes setup and configuration of the Vulnerability Scanning platform to ensure optimal performance of the solution to identify assets and vulnerabilities, scanning cadence, reporting and dashboarding and remediation prioritisation.
• Setup or migration service is for specific cloud services: Yes
• List of supported services:
  • Qualys VMDR
  • Tenable.io
  • Rapid7 IVM
  • Microsoft Defender Vulnerability Management

Quality assurance and performance testing

• Quality assurance and performance testing service: Yes
• How the quality assurance and performance testing works: N/A for this service

Security testing

• Security services: Yes
• Security services type:
  • Security strategy
  • Security risk management
  • Security design
  • Cyber security consultancy
  • Security testing
  • Security incident management
  • Security audit services
• Certified security testers: Yes
• Security testing certifications:
  • CREST
  • Cyber Scheme

Ongoing support

• Ongoing support service: Yes
• Types of service supported:
  • Buyer hosting or software
  • Hosting or software provided by your organisation
  • Hosting or software provided by a third-party organisation
• How the support service works: Available ongoing support options for Managed Services and Technical support services.; Variety of implementation options including hosted platform as a service or support for public cloud IaaS and PaaS Implementation across Splunk and Azure Sentinel. Other SIEM platforms may be accommodated on request.; ; Supported Deployment Types:; • Physical On-Prem/ Datacentre; • Virtual On-Prem/ DataCentre; • Public Cloud; o Microsoft Azure; o AWS; o Google Cloud

Service scope

• Service constraints: • Security incident response, forensic analysis and remediation of security incidents are not included with this service (IR Services Available); • All support services are provided remotely via the Integrity 360 SOC; • License must be sized adequately for the assets in scope.; • Service does not include management of remediation activities

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: The Service Window is 8x5 (8 hours a day, 5 days a week, 365 days a year). 9am-5pm, M-F; The service window means operation of the SOC and Service Desk to monitor the customers estate, respond to alerts, and respond to tickets logged.; ; Priority 1 Response < 15 minutes -- Priority 2 Response < 1 hour
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Support levels: There are two tiers of Threat and Vulnerability Management Service available; • Managed Vulnerability Scanning; • Managed Vulnerability Assessment; ; The Vulnerability Scanning service provides the following:---; - Asset Modeling and Integration; - Platform Management; - Continuous Scanning; - Realtime Dashboards; - Weekly Reporting; - Quarterly Service Review; ; The Vulnerability Assessment service provides the following:---; - Everything in Vulnerability Scanning Service plus:; - Vulnerability Scanning and Risk Analysis; - Actionable Insights; - Near-real-time Alerting; - Periodic Review with Principal Analyst

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Qualys, Tenable, Rapid7 or Microsoft

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Certification Europe
• ISO/IEC 27001 accreditation date: 25/10/2022
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Social Value

• Social Value:

  Social Value

  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Covid-19 recovery

  Integrity360 has initiated several activities in support of the Covid-19 recovery. These include:; • The establishment of the organisation’s own committee to develop and review short-, medium- and long-term strategies,; • Employment, retraining and opportunities to return to work for those left unemployed by COVID-19; • Supporting people and community recovery from the impacts of COVID-19; o Being responsive and adaptable to the results of any community consultation or engagement,; o Activities taken to raise awareness of or take action to deliver the outcome based on the understanding of the identified community’s needs, for example raising awareness (staff, suppliers, or community) of how to operate or use services safely,; • Supporting organisations and businesses to recover from the impacts of COVID-19, including new ways of working to deliver services; • Supporting the physical and mental health of people affected by COVID-19, including reducing the demand on health and care services; o Measuring staff’s physical and mental health and wellbeing engagement and adapting to any changes in the results; • Improving workplace conditions, including effective social distancing, remote working, and sustainable travel solutions; o The phased return to work, new signage, new equipment, and cleaning stations; o The review of the organisation’s business continuity and disaster recovery

  Tackling economic inequality

  Integrity360 has initiated several activities in support of tackling economic inequality. These include:; • Entrepreneurship, growth, and business creation,; o Identifying opportunities to grow diversity in the supply chain and in the community where contracts are performed, including SME and VCSE participation and new business creation,; • Employment,; • Education and training,; • Creating a diverse supply chain to deliver contracts,; o Structuring of the supply chain selection process in a way that ensures fairness and encourages participation by a diverse range of businesses,; • Supporting innovation and disruptive technologies throughout the supply,; o An understanding of opportunities to drive innovation and greater use of disruptive technologies, green technologies, efficiency, and quality to deliver lower cost and/or higher quality goods and services,; • Support the development of scalable and future-proofed new methods to modernise delivery and increase productivity,; • Demonstrating collaboration throughout the supply chain, and a fair and responsible approach to working with supply chain partners in the delivery of contracts,; • Demonstrating action to identify and manage cyber security risks in the delivery of contract,; o A commitment to adopting technical standards and best practice, such as the ‘10 Steps to Cyber Security,’ NIST, Cyber Essentials and Cyber Essentials Plus certification, and further frameworks.

  Equal opportunity

  Integrity360 complies with all the equal opportunities laws in the jurisdictions in which it operates. The organisation’s social value measures include:; • Supporting in-work progression to help people, including those from disadvantaged or minority groups, to move into higher paid work by developing new skills relevant to the organisation,; o Measures using skill-based assessment tasks in recruitment, and having jobs at all levels open to flexible working from day one,; • Actions to identify and tackle inequality in employment, including skills and pay in the workforce,; o Inclusive and accessible recruitment practices, and offering a range of opportunities with routes of progression if appropriate such as industry placements and students supported into apprenticeships,; • Actions to identify and manage the risks of modern slavery in contracts, including in the supply chain,; o Policies and practices applied for contracts, such as pre-employment checks, to mitigate and manage modern slavery risks,; • Actions to increase the representation of disabled people in the workforce,; o Measures to reduce barriers to securing more jobs for disabled people, for example, inclusive and accessible recruitment practices, and retention-focussed activities,; • Supporting disabled people in developing new skills relevant to contracts, including through training schemes that result in recognised qualifications.

  Wellbeing

  Integrity360 has initiated several activities in support of wellbeing. These include:; • Supporting health and wellbeing in the workforce,; o Inclusive and accessible recruitment practices, development practices, and retention focussed activities,; o Investing in the physical and mental health and wellbeing of the workforce, for example, by implementing ‘Mental Health at Work commitments,’ and outlining plans to engage the workforce in deciding the most important issues to address,; o Methods to measure staff engagement over time and adapt to any changes in the results,; • Influencing support for health and wellbeing,; o Measures to raise awareness or increase the influence of staff, suppliers, customers, communities and/or any other appropriate stakeholders to promote health and wellbeing, including physical and mental health; for example, through engagement, co-design/creation, training, and education, partnering/collaborating, and volunteering,; • Collaborate in codesign and delivery,; o Support to community-led initiatives, such as reducing loneliness, helping with English language proficiency, and helping meaningful social mixing among people with different backgrounds,; o Applicable employee volunteering schemes,; • Influence to support strong, integrated communities,; o Measures to raise awareness or increase the influence of staff, suppliers, customers, communities, and stakeholders to promote strong, integrated communities, for example, through engagement, training, partnering/collaborating, and volunteering.

Pricing

• Price: £0.61 a unit a year
• Discount for educational organisations: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidreviewboard@integrity360.com. Tell them what format you need. It will help if you say what assistive technology you use.