CSI Limited

Security Audit

The CSI CCP team includes qualified auditors with detailed experience of applying audit standards such as ISO27007 and ISACA guidance. Services include auditing G-Cloud supplier security arrangements, undertaking annual control reviews to support on-going cloud based accreditation objectives, or confirming compliance against a recognised standard such as ISO27001.

Features

• ISO27007 and ISACA guidance
• Practical knowledge of tools such as COBIT and VAL IT
• Assessing compliance with internal policies, standards and processes
• Assessing compliance with external requirements such as ISO27001
• Definition of Information Assurance control objectives
• Identification of security specific trends
• Documented recommendations to support audit findings
• Objective assessment designed to support rather than be critical
• Clear technical and non-technical reporting
• Inclusive, focussed, and business driven

Benefits

• Directly supports system accreditation objectives
• Objective, independent assessment using appropriately qualified personnel
• Provides confidence that security regime is aligned with best practice
• Supplier Assurance through targeted assessment of key control aspects
• Stakeholder confidence as a result of independent ‘expert’ review
• Contingency and continuity of service assured by Evolve team approach
• VFM services tailored to customer business imperatives and timescales
• Quality of Service assured by ISO9001 and ISO27001

£750.00 to £900 a person a day

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at jennifer.billett@csiltd.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

973718093231875

Contact

Jennifer Billett
08001088301
jennifer.billett@csiltd.co.uk

Planning

• Planning service: Yes
• How the planning service works: Stakeholder workshops supporting business consensus and buy-in; Cost Benefit Analysis; Technical planning, informed by analysis of utilization patterns; Workload analysis to define an optimized service operating model; Data analysis and management ensuring effective archiving, deletion and retention; Tailored Risk Assessment and Management methodologies and approaches; Business Continuity Planning; Disaster Recovery planning including Recovery Time and Recovery Point objectives
• Planning service works with specific services: No

Training

• Training service provided: No

Setup and migration

• Setup or migration service available: Yes
• How the setup or migration service works: Deployment of appropriately qualified staff – PRINCE2, ITIL, TOGAF; Detailed assessment of infrastructure and service readiness; Training Needs Analysis; Internal team training, support and mentoring; Architecture monitoring, management and maintenance; Tailoring of services to the specific customer requirement; Pro-active risk assessment and management; Continuous improvement through review and updates
• Setup or migration service is for specific cloud services: No

Quality assurance and performance testing

• Quality assurance and performance testing service: No

Security testing

• Security services: Yes
• Security services type:
  • Security strategy
  • Security risk management
  • Security design
  • Cyber security consultancy
  • Security testing
  • Security incident management
  • Security audit services
• Certified security testers: Yes
• Security testing certifications:
  • CHECK
  • CREST
  • Tigerscheme
  • Cyber Scheme

Ongoing support

• Ongoing support service: No

Service scope

• Service constraints: N/A

User support

• Email or online ticketing support: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Support levels: The established procedure for delivering these services is based upon CSI’s Quality Management System ISO9001 certificated processes. All proposals and Scope of Works are authorised by a CCP Lead SIRA Assignment Director and managed by a nominated Account Manager who is responsible for all elements of the delivery and customer care.

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Bureau Veritas
• ISO/IEC 27001 accreditation date: 14/01/2022
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: NCC Group Security Services Limited
• PCI DSS accreditation date: 27/02/2022
• What the PCI DSS doesn’t cover: N/A
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Along with our customers and carefully selected partners, environmental responsibility is extremely important to CSI when making our own decisions on platform choices and system purchases – IT sustainability is also being factored into our choice of sustainable infrastructure for our clients to deliver to their own ESG ambitions. ; ; Data centre consumption of energy, greenhouse gas emissions and managing e-waste are all considerations. The CSI Power10 environment shows considerable reductions in energy consumption to over 50% from our old IBM Power8 estate. The IBM Power10 system have been designed to deliver high performance with a reduced environmental impact. Over 97% of IBM Power server components are reused or recycled at the end of life. ; ; CSI are ISO 14001 accredited. CSI are committed to a programme of management, continuous improvement and reporting of our direct/ indirect impacts, which mark our contribution to improving the world in which we live. ; ; We recognise that our business activities have direct and indirect impacts on the societies in which we operate. We endeavor to manage these in a responsible manner, believing that sound and demonstrable performance in relation to corporate social responsibility policies and practices is a fundamental part of business success. ; ; Examples of our activity in this area are: ; • Webcasts to deliver All Employee meetings to avoid excess travel ; • Turn off all lights and PC monitors at night ; • Corporate functions at venues that support sustainable environments ; • Double sided printing set as default ; • New marketing material produced on material sourced from sustainable sources ; • Support of remote/flexible working – enabled reduction in office space

  Covid-19 recovery

  We are also committed to making a sustainable positive impact on the communities in which we operate. We aim to make a distinctive contribution to inequality and social development through the establishment of effective partnerships and programmes that make the best use of the energies and skills of our employees.; We support our employees in fundraising for charities and voluntary work, recognising both the benefit to the community and to the employees themselves

  Equal opportunity

  CSI aim to provide equal opportunities and avoid discrimination in all aspects of employment and to ensure that the talent and skills of all individuals are maximised. Our approach applies to recruitment, terms and conditions of employment (including pay), appraisals, promotion, disciplinary and grievance procedures and training.; ; The policy applies to employees, officers, agency workers, casual workers, consultants and self-employed contractors.; ; Part-time and fixed-term staff shall be treated the same as comparable full-time or permanent staff and enjoy no less favourable terms and conditions (pro rata where appropriate), unless different treatment is justified.

  Wellbeing

  The Company proactively supports Remote workers who are affected by time management and social isolation issues by:; a) regular one-to-one meetings between remote workers and their line managers; b) regular meetings between remote workers and their co-workers; networking, training, etc.; c) regular visits to their designated office; d) providing access to secure Company resources, e.g. CRM, SharePoint, Concur and BambooHR; e) providing access to Company communication tools such as Microsoft Teams, Microsoft Outlook and Yammer ; f) providing access to helplines for support with software problems and equipment failures; g) providing online meetings or virtual discussion forums; h) including remote workers in social activities, along with company newsletters and updates

Pricing

• Price: £750.00 to £900 a person a day
• Discount for educational organisations: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at jennifer.billett@csiltd.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.