Fordway

Cloud Security Assessment

Fordway’s Cloud Security Assessment analyses cloud/hybrid environments, reviews current risks and threats, providing recommendations on improving security posture. Aligned to CIS Controls, Cyber Essentials, ISO27001 and GDPR. Assists IT health check/penetration test requirements. This will ensure that an organisation is up-to-date with their security, issues risks and posture

Features

• Detailed security assessment against all components (Cloud/Hybrid/On-premise)
• Evaluates against NCSC Cyber Essentials Plus audits
• Assists with ISO27001 information security adherence
• Tests for GDPR personal data regulation and compliance
• Simplifies IT Health check and penetration testing
• Provide detailed gap analysis to improve security posture
• MS Secure Score assessment, analysis and remediation
• Use latest threat/risk detection and remediation techniques
• Current practices reviewed against CIS controls
• Services aligned to NCSC Blueprint

Benefits

• Increased understanding of security requirements
• Assists in gaining key UK security certifications
• Independent review with no predetermined outcomes
• Experienced personnel with real-world knowledge deliver service
• Comprehensive Security assessment covering main UK standards
• Improves the security skills and expertise of in-house staff
• Extensive management tool knowledge (Monitor, Lighthouse, Arc, Sentinel)
• Can also provide 24/7/365 security management following review
• Clear and concise recommendations and options
• Reduced security risks to business

£300.00 to £975.00 a person a day

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@fordway.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

953643283227444

Contact

Richard Blanford
01483 528200
tenders@fordway.com

Planning

• Planning service: Yes
• How the planning service works: 1) Review services to be included; 2) Understand capabilities/tools required; 3) Work with business and IT personnel to acquire relevant information ; 4) Perform analysis of required systems; 5) Produce and deliver report/recommendations with options at appropriate level
• Planning service works with specific services: Yes
• Hosting or software services the planning service works with:
  • Azure
  • On-Premise
  • Hybrid Cloud

Training

• Training service provided: Yes
• How the training service works: Training defined as part of service migration planning. Ad-hoc, online and classroom training provided in line with client requirements
• Training is tied to specific services: No

Setup and migration

• Setup or migration service available: Yes
• How the setup or migration service works: 1) Review services to be migrated; 2) Service implementation and migration planning ; 3) Managed migration from existing service where needed; 4) High level and Low level design process as appropriate; 5) Transition of services; 6) Fully managed and operated by Fordway staff
• Setup or migration service is for specific cloud services: Yes
• List of supported services:
  • Azure
  • On-premise
  • Hybrid Cloud

Quality assurance and performance testing

• Quality assurance and performance testing service: Yes
• How the quality assurance and performance testing works: QA and testing agreed as part of service review, migration planning and delivery

Security testing

• Security services: Yes
• Security services type:
  • Security strategy
  • Security risk management
  • Security design
  • Cyber security consultancy
  • Security testing
  • Security incident management
  • Security audit services
  • Other
• Other security services:
  • 24 x 7 Security Monitoring and Event Analysis
  • PSNA approved security hosting and design
  • List N (Nuclear) Certified organisation and facilities
  • Security incident remediation
  • Microsoft 365 Security and Compliance
  • Microsoft Azure Security and Compliance
  • AWS Security Centre management
• Certified security testers: Yes
• Security testing certifications:
  • CHECK
  • CREST
  • Tigerscheme
  • Cyber Scheme

Ongoing support

• Ongoing support service: Yes
• Types of service supported:
  • Buyer hosting or software
  • Hosting or software provided by your organisation
  • Hosting or software provided by a third-party organisation
• How the support service works: All Fordway G-Cloud services; MS Office 365; Microsoft 365; Windows 365; MS Azure; Amazon Web Services; Google G-Suite; Google Cloud Platform

Service scope

• Service constraints: UK service

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Priority 1 incident 24 x 7, 15 minute response. ; Priority 2 incident 24 x 7, 1 hour response Priority 3 incident 12 x 5, 4 hour response.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Web chat
• Web chat support availability: 24 hours, 7 days a week
• Web chat support accessibility standard: WCAG 2.1 A
• Web chat accessibility testing: Assistive technologies supported by MS Teams
• Support levels: Defined according to SLA required.; P1 - major service impact; P2 - significant service impact; P3 - individual users impacted; P4 - no user impact/information ; Technical Account management available, service cost dependent on scope of requirements

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: ISOQAR
• ISO/IEC 27001 accreditation date: 14/03/2022 (recertification) original certification March 2008
• What the ISO/IEC 27001 doesn’t cover: ISO27001/27017/27018 Scope of certification available on request
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • List N (Nuclear Industry)
  • PSN Code of Connection and Compliance
  • PAS555
  • NHS IGSoC
  • ISO27017
  • ISO27018
  • GCloud Assured

Social Value

• Social Value:

  Social Value

  Fighting climate change

  Fighting climate change

  Using Cloud offers considerable efficiency and consumption savings compared to running in house, on premises and hosted environments

Pricing

• Price: £300.00 to £975.00 a person a day
• Discount for educational organisations: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@fordway.com. Tell them what format you need. It will help if you say what assistive technology you use.