TIMBREL Information Governance Ltd

Risk Management as a Service

Providing real-time management of enterprise (including security) risks. Information collection, configurable dashboards and reporting, automated monitoring, reminders, acceptance and escalations, RMaaS uses best-of-breed capabilities to enable organisations to manage and report on key risks more efficiently, creating unique opportunities to outpace competitors, increase market share, establish trust and attract investment.

Features

• Integrated with business objectives
• Automated prompts and updates
• Monitors risk progression and timescales
• Configurable dashboards and reporting
• Real-time view of risk and exposure
• Vendor management module
• Audit Management module
• Security Management module
• Governance module
• Risk-owner alerting

Benefits

• Provides assurance to key stakeholders, investors and customers
• Supports corporate governance and leadership
• Eliminates human error and Manual Tasks
• Improves efficiency
• Cost effective
• Promotes positive security culture
• Increases business resilience
• Enhances risk reporting and analysis
• Creates new business opportunities
• Improves management decision-making

£450 to £1,650 a unit a day

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at phaylett@timbrelig.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

944192462262155

Contact

Philip Haylett
07789 522237
phaylett@timbrelig.com

Planning

• Planning service: Yes
• How the planning service works: We will appoint a lead consultant to coordinate and undertake a thorough analysis, identifying potential data privacy, security or compliance risks. The lead consultant will collaborate closely with the Customer lead, key stakeholders and relevant teams to identify and implement proportionate security and privacy controls throughout development, migration, and into live services. The lead consultant will liaise throughout with key stakeholders, following using best practice risk assessment and risk management techniques, enabling informed decision making at all times. Director oversight is provided for all contracts and to act as an escalation point if needed.
• Planning service works with specific services: No

Training

• Training service provided: Yes
• How the training service works: The interface is intuitive and easy to use. We provide online documentation and remote training at no cost. Onsite training is an option but may be chargeable.
• Training is tied to specific services: No

Setup and migration

• Setup or migration service available: Yes
• How the setup or migration service works: As with the planning service, we will appoint a lead consultant to coordinate and undertake a thorough analysis, identifying potential data privacy, security or compliance risks. The lead consultant will collaborate closely with the Customer lead, key stakeholders and relevant teams to identify and implement proportionate security and privacy controls throughout development, migration, and into live services. The lead consultant will liaise throughout with key stakeholders, following using best practice risk assessment and risk management techniques, enabling informed decision making at all times. Director oversight is provided for all contracts and to act as an escalation point if needed.
• Setup or migration service is for specific cloud services: No

Quality assurance and performance testing

• Quality assurance and performance testing service: Yes
• How the quality assurance and performance testing works: We thoroughly assess organisations against their legal, regulatory and contractual obligations, as well as industry standards ISO27001, ISO27017 and NIST Cyber Security Framework. We will carry out a gap-analysis based on security good practices and articulate the risks to enable informed management decisions around the implementation and maintenance of secure Cloud services. Our quality assurance processes are designed to enable organisations to manage risks effectively, implement proportionate security and privacy controls in line with good security practices, and meet their legal, regulatory and contractual security requirements.; Additionally, we can provide assistance by managing or delivering assurance and testing activities, covering both functional capabilities and non-functional areas such as security audits and penetration testing.

Security testing

• Security services: Yes
• Security services type:
  • Security strategy
  • Security risk management
  • Security design
  • Cyber security consultancy
  • Security testing
  • Security incident management
  • Security audit services
  • Other
• Other security services:
  • Managed Security Operations Centre (SOC)
  • Virtual CISO
  • Virtual DPO
  • Cyber Security Strategy
  • Risk Management Strategy
• Certified security testers: Yes
• Security testing certifications:
  • CHECK
  • CREST

Ongoing support

• Ongoing support service: Yes
• Types of service supported:
  • Buyer hosting or software
  • Hosting or software provided by your organisation
  • Hosting or software provided by a third-party organisation
• How the support service works: We offer ongoing support tailored to an organisation's specific requirements. Our flexibility allows us to adjust support levels to accommodate fluctuations in demand. For instance, enhanced support during transition or roll-out phases, ongoing support relating to compliance with standards or regulations, monitoring, reviewing, reporting and promoting continuous improvement. We will map benefits realisation with ongoing security support. Where needed, our highly skilled consultants will collaborate with client teams to facilitate effective skills and knowledge transfer in pursuit of organisational objectives.

Service scope

• Service constraints: Our service model is flexible with no specific constraints. We will tailor a service package as needed to support the business requirements.

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: Events are categorised and responded to within timescales agreed before commencement of service delivery, e.g. Critical - four hours; High; one working day; Medium; three working days; Minor; five working days. Different response times can be arranged are by negotiation.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Support levels: We operate a flexible service model which can be tailored packages to suit Customer requirements. We will appoint a lead consultant to act as a primary contact, participating in regular reviews. Specific resources and costs for support are determined during the requirements process and agreed with the Customer before entering into an agreement. All contracts are managed by an account manager with oversight by a director, who is also an escalation point. Support is available by phone, email or on-site during normal working hours and we aim to respond to all enquiries within one working day. Extended support hours can be arranged where required.

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • Certified Information Systems Security Professional (CISSP)
  • Certified Cloud Security Professional (CCSP)
  • Certified Information Security Manager (CISM)

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  We operate flexible working to reduce travel and increase well-being of our staff. We operate as a fully digital, paperless organisation. We encourage and support staff, partners and third party suppliers to adopt environmentally friendly working practices.

  Tackling economic inequality

  We provide employment and training opportunities throughout the United Kingdom.

  Equal opportunity

  We are fully committed to promoting equality, diversity and inclusion through our practices and policies as a business and through delivery of our contracts, for all staff, Customers and third parties, irrespective of age, disability, gender, gender reassignment, marital or civil partnership status, pregnancy or maternity, race including colour, ethnic or national origins and nationality, religion or belief or sexual orientation. We respect an individual’s right to choose whether to belong to a trade union and this will have no bearing on an applicant’s suitability for employment or result in any detrimental treatment when working for us.

  Wellbeing

  We operate a number of initiatives intended to protect the wellbeing of our employees whilst providing them with the support to grow their careers. We encourage all staff to prioritise their health and well-being above anything else and will provide whatever support we can to help individual circumstances as they arise. We discourage long working hours and provide flexibility for staff to work at a location, in a way and at a time that suits individual commitments or interests, such as childcare, caring for others, hobbies, volunteering and charitable work.

Pricing

• Price: £450 to £1,650 a unit a day
• Discount for educational organisations: Yes

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at phaylett@timbrelig.com. Tell them what format you need. It will help if you say what assistive technology you use.