C3IA Solutions Ltd

Cloud Security Services Penetration Testing

C3IA’s CHECK and CREST Penetration Testing and Vulnerability Analysis deliver authorised simulated network attacks and technical investigation of systems to evaluate the secure configuration and general security of the target system. C3IA helps your security teams uncover and resolve critical security vulnerabilities and improve your overall security posture.

Features

• Web Application Testing
• Cloud Penetration Testing
• Infrastructure Testing
• Remote and Internal Testing
• Software Development Testing
• Vulnerability Assessment
• Application of industry recognised testing tools and methods
• Consultants provided with Security Check and/or Developed Vetting
• Experience, qualifications and certifications in testing to HMG standards
• Eco-system of CREST and CHECK testing teams

Benefits

• Reduced vulnerabilities in your networks, applications, processes, and people
• Reduced technical misconfigurations
• Confidence that security controls are configured to good practice
• No common or publicly known vulnerabilities in tested components
• Better discovery of the scope and depth of any compromise
• Improved understanding of potential attack vectors
• Improved decision making on risk-management and remediation
• Reduced risk of financial, operational, and reputational damage
• Improved understanding and reporting of issues and risks

£497 to £1,720 a unit a day

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at s.roff@c3ia.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

958603161021246

Contact

C3IA Solutions Ltd - Sian Roff
01202721123
s.roff@c3ia.co.uk

Planning

• Planning service: No

Training

• Training service provided: No

Setup and migration

• Setup or migration service available: No

Quality assurance and performance testing

• Quality assurance and performance testing service: Yes
• How the quality assurance and performance testing works: C3IA's penetration testing service is a core tool for analysing the security of IT systems of all types and for the buyer to gain assurance in the security of its systems by trying to breach some, or all, of that system's security, using the same tools and techniques as an adversary might. ; Typically, penetration tests are used to identify the level of technical risk emanating from software and hardware vulnerabilities. Exactly what techniques are used, what targets are allowed, how much knowledge of the system is given to the testers beforehand and how much knowledge of the test is given to system administrators can vary within the same test regime. ; A well-scoped penetration test can give confidence that the products and security controls tested have been configured in accordance with good practice and that there are no common or publicly known vulnerabilities in the tested components, at the time of the test.

Security testing

• Security services: Yes
• Security services type:
  • Security strategy
  • Security risk management
  • Security design
  • Cyber security consultancy
  • Security testing
  • Security audit services
  • Other
• Other security services:
  • Data Protection compliance assessment
  • Cyber Essentials Plus support & certification
  • Secure by Design assessments and review
  • Technical Security Countermeasures assessments
  • Penetration Testing
  • Acoustic Management assessment
  • Physical Security Assessments (FSC)
• Certified security testers: Yes
• Security testing certifications:
  • CHECK
  • CREST
  • Tigerscheme
  • Cyber Scheme

Ongoing support

• Ongoing support service: Yes
• Types of service supported: Buyer hosting or software
• How the support service works: C3IA provides TSCM assessments to provide physical assurance to existing cloud hosting environments. As physical hosting environments change or undergo work services, a TSCM assessment provides the assurance that the existing environment remains secure. A TSCM assessment strengthens and reinforces the physical and technical security of your data hosting environment. It may also be used to provide assurance that your hosting infrastructure, such as power and cabling services, is not introducing additional threat vectors into your cloud services. Our TSCM team are members of the TSCM Institute and have undergone training from UK NACE, the National Technical Authority for TSCM.

Service scope

• Service constraints: There are no service constraints applied to this service

User support

• Email or online ticketing support: No
• Phone support: No
• Web chat support: No
• Support levels: Support is usually agreed as a Security Management Partnership (SMP) with services matched according to client requirements. The client will have a nominated Lead Consultant responsible for delivery oversight and making adjustments to the SMP as the client needs evolve. ; ; Mapped to the HMG Minimum Cyber Security Standard and the NIST information security framework of Identify-Protect-Detect-Respond-Recover, an SMP provides a structured, repeatable and assured structure in which ongoing support services are provided. Routinely an SMP will include information security governance advice, cyber and data protection periodic audit, testing and vulnerability assessments, education and awareness, red teaming and exercises.

Resellers

• Supplier type: Reseller (no extras)
• Organisation whose services are being resold: CCL Forensics; Secquest; CODA

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: URS - United Registrar of Systems
• ISO/IEC 27001 accreditation date: 22/09/2023
• What the ISO/IEC 27001 doesn’t cover: The ISO/IEC 27001 Certification encompasses the scope of the service.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • NCSC Assured Cyber Security Consultancy
  • IASME Cyber Essentials Certification Body

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  C3IA is fully committed to delivering social value in our day-to-day business operations and in our commercial activities. ; ; We care about the environment and are committed to decreasing our already small environmental footprint. Our dedication to achieving Net Zero no later than 2050 is demonstrated through our annual Carbon Reduction plan where we outline our reduction targets and initiatives; we transparently share this on our website. We are also working to achieve ISO 14001, Environmental Management, to further demonstrate our enthusiasm towards the environment and reducing our impacts. ; ; Where Fighting Climate Change is a buyer-specified SV requirement for a contract we will commit to delivering appropriate value under the Policy Outcome ‘Effective stewardship of the environment’, and the associated Model Award Criteria benefits. ; ; We will provide information in our proposal about how we will add value during the contract period and post contract award we will work with clients and the supply chain to deliver the agreed outcomes. We will report social value information as agreed with the client and respond to all reasonable requests in an open, honest and transparent manner, subject to commercial or confidentiality constraints within the supply chain. ; ; C3IA will monitor contracted SV activity at Board level to ensure our commitments are met.

  Covid-19 recovery

  C3IA is fully committed to delivering social value in our day-to-day business operations and in our commercial activities. ; ; We care about COVID-19 recovery and throughout the pandemic and beyond have supported all employees across the business. We heavily invest in the continual professional development of our staff, which we consider is of the upmost importance. The physical and mental health and wellbeing of all our staff is vital, therefore we provide numerous internal and external support and helplines for all employees and all our line managers have undertaken specialist line manager mental health training. Furthermore, we have supported and continue to support local schools and sports teams as we understand the importance they have to individuals and their future. Finally, we have embraced hybrid working, utilising technology to effectively collaborate and communicate with individuals and teams across the business. ; ; Where COVID-19 recovery is a buyer-specified SV requirement for a contract we will commit to delivering appropriate value under the Policy Outcome ‘Help local communities to manage and recover from the impact of COVID-19’, and the associated Model Award Criteria benefits. ; ; We will provide information in our proposal about how we will add value during the contract period and post contract award we will work with clients and the supply chain to deliver the agreed outcomes. We will report social value information as agreed with the client and respond to all reasonable requests in an open, honest and transparent manner, subject to commercial or confidentiality constraints within the supply chain. ; ; C3IA will monitor contracted SV activity at Board level to ensure our commitments are met.

  Tackling economic inequality

  C3IA is fully committed to delivering social value in our day-to-day business operations and in our commercial activities. ; ; We care about tackling economic inequality and are committed to being socially responsible. We support new businesses, entrepreneurs, start up’s, Small and Medium Enterprises, Voluntary, Community and Social Enterprises and Mutuals which all have much to offer both the community and economy. We proactively engage with local schools, colleges and universities to encourage STEM participation and interest, especially in those from disadvantaged backgrounds and socially deprived areas, offering presentations and demonstrations from our team to inspire the next generation into the ICT & Cyber Security industry. Alongside this, we host work experience for higher and further education so individuals can learn more about the industry and how to successfully enter it. ; ; Where tackling economic inequality is a buyer-specified SV requirement for a contract we will commit to delivering appropriate value under the Policy Outcomes ‘Create new businesses, new jobs and new skills’ and ‘Increase supply chain resilience and capacity’ and the associated Model Award Criteria. ; ; We will provide information in our proposal about how we will add value during the contract period and post contract award we will work with clients and the supply chain to deliver the agreed outcomes. We will report social value information as agreed with the client and respond to all reasonable requests in an open, honest and transparent manner, subject to commercial or confidentiality constraints within the supply chain. ; ; C3IA will monitor contracted SV activity at Board level to ensure our commitments are met.

  Equal opportunity

  C3IA is fully committed to delivering social value in our day-to-day business operations and in our commercial activities. ; ; We care about equal opportunities and this forms apart of everything that we do, as demonstrated throughout our company policies. Our commitment is also demonstrated by our inclusion of bullying & harassment and equality, diversity and inclusion training as part of our e-learning service that all employees have access to. ; ; We employ a wide-ranging workforce which include many ex-service men and women, irrespective of age, gender or socioeconomic background. Every employee is enrolled in our CPD programme where they are encouraged to maintain momentum by completing industry and role specific courses and qualifications to aid their personal progression. Finally, we require our people and supply chain at all levels to uphold the same values where we actively prevent discrimination, harassment & bullying. ; ; Where equal opportunity is a buyer-specified SV requirement for a contract we will commit to delivering appropriate value under the Policy Outcome ‘Reduce the disability employment gap’, ‘Tackle workforce inequality’ and the associated Model Award Criteria benefits. ; ; We will provide information in our proposal about how we will add value during the contract period and post contract award we will work with clients and the supply chain to deliver the agreed outcomes. We will report social value information as agreed with the client and respond to all reasonable requests in an open, honest and transparent manner, subject to commercial or confidentiality constraints within the supply chain. ; ; C3IA will monitor contracted SV activity at Board level to ensure our commitments are met.

  Wellbeing

  C3IA is fully committed to delivering social value in our day-to-day business operations and in our commercial activities. ; ; As a people-centric company we care about the wellbeing of our team and those we work with. We are committed to creating a positive and psychologically safe working environment for all and provide a variety of training, support and help resources to our team which can be tailored to the individual and looks at the wellbeing of the whole person. ; ; We have implemented an e-learning management system which includes focus on mental health and wellbeing and have weekly communication explaining both the internal and external support that is available. We also have a team of mental health first aiders who work across the business. Where agreed with clients, they could also support clients when working on client sites. ; ; Where wellbeing is a buyer-specified SV requirement for a contract we will commit to delivering appropriate value under the Policy Outcomes ‘Improve health and wellbeing’ and ‘Improve community integration’ and the associated Model Award Criteria benefits. ; ; We will provide information in our proposal about how we will add value during the contract period and post contract award we will work with clients and the supply chain to deliver the agreed outcomes. We will report social value information as agreed with the client and respond to all reasonable requests in an open, honest and transparent manner, subject to commercial or confidentiality constraints within the supply chain. ; ; C3IA will monitor contracted SV activity at Board level to ensure our commitments are met.

Pricing

• Price: £497 to £1,720 a unit a day
• Discount for educational organisations: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at s.roff@c3ia.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.