Naimuri

DevSecOps/Secure Cloud Software Development

We are data exploitation, national security and law enforcement experts who leverage public cloud through DevSecOps services. We operate from a List X facility. We help clients move from legacy ways of working, to secure, automated and DevSecOps enabled capabilities for cloud access and development. We create accredited DevSecOps environments.

Features

• Assessment & implementation of public cloud features and benefits
• Cloud migration, legacy applications to cloud. Product and Technology Selection
• DevSecOps (GDS Alpha, Beta to Live) and DevOps Service Definition
• Security Consultancy - Software Development - Open Source Intelligence OSINT
• Data engineering, rapid innovation sprints and PoCs
• Agile delivery methods. Deploy services rapidly, providing value at pace.
• Data intelligence search capability utilising DevSecOps Elasticsearch expertise (Elastic partner).
• Secure by design - RBAC/IAM deployment and integration across services.
• Data intelligence services development including Search and Analytics.
• Service Support integrated with ITL systems ensuring reliability and resilience.

Benefits

• Improved operational efficiency through use of public cloud
• Increased automation of development reducing errors
• Expert knowledge and experience of cloud offering and workings
• Accelerated discovery, pilots and innovation
• Improved collaboration and data insights through cloud based solutions
• Agile adoption and best-practice through coaching and client support.
• Integrated applications across operational, policy and technology landscape
• Secure by default utilising DevSecOps and Cloud Architecture best practices.
• Improved client ability & resilience post engagement through Knowledge Transfer.
• Operational benefits and reduced risk through user-led feedback & engagement.

£285 to £1,317.00 a user a day

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at business@naimuri.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

979947242210457

Contact

Simon Wilcox
07799228430
business@naimuri.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Hybrid cloud
• Service constraints: N/A
• System requirements: N/A

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: This will be contract dependent.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Contract dependent
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Collaboration and agile delivery methods
• Service documentation: No
• End-of-contract data extraction: Contract dependent
• End-of-contract process: Time and Materials contract

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: No
• Customisation available: Yes
• Description of customisation: We provide an agile delivery capability that can be developed in line with our customer's ways of working. Our approach to providing support is based on the needs of the customer. We use the SRE (Site Reliability Engineering) Approach to maximise our support and development activities. Beyond this, we will aim to deliver a support service that fits the needs of the customer - This can include in person, telephone, email or web support.

Scaling

• Independence of resources: This is a software delivery service - the users will have a Time and Materials contract guaranteeing access to our service 'the people'

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Other
• Other data at rest protection approach: Bespoke services for our customers can be developed that will address customer's key challenges
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Contract dependent - we can develop bespoke services to suit the customer
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • JSON
  • XML
• Data import formats: Other
• Other data import formats:
  • CSV
  • XML
  • JSON

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Contract dependent
• Approach to resilience: Contract dependent
• Outage reporting: Contract dependent

Identity and authentication

• User authentication needed: No
• Access restrictions in management interfaces and support channels: Contract dependent
• Access restriction testing frequency: At least once a year
• Management access authentication: Other
• Description of management access authentication: Contract dependent

Audit information for users

• Access to user activity audit information: You control when users can access audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: You control when users can access audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: QMS
• ISO/IEC 27001 accreditation date: Working towards 27001, will be in place prior to G Cloud13 going live
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: HMG Accreditation for specific system(s)

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: Contract dependent
• Information security policies and processes: Contract dependent and; ; SPF (Security Protective Framework),; HMG Information Assurance Standards (IS1, etc.); ,OWASP; ,10 Steps to Cybersecurity; ,EUD Security Principles; ,Cloud Security Principles; , Different types of accreditation/certification, i.e. ISO27001, Cyber Essentials, etc

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Contract dependent to meet customer requirements
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Contract dependent to meet customer requirements, including Cyber Essentials & ISO27001, IT Health Checks supported by various threat intelligence reports.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Contract dependent - platform specific requirements and tools for the management approach.
• Incident management type: Supplier-defined controls
• Incident management approach: Contract dependent, both customer defined and Naimuri incident management processes followed

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  Naimuri has a Environmental Impact Power Group responsible for coordinating the firm wide approach to sustainability and environmental impact. ; Key approaches include:; Set up recording and monitoring of our Scope 1, 2 and 3 carbon emissions.; Created a carbon reduction plan - committed to achieving Net Zero emissions by 2050 or sooner.; We are establishing carbon literacy workshops for colleagues and partners to improve understanding and encourage more sustainable operations and behaviours.; Engaging with other customers and suppliers to look into more sustainable upstream and downstream results.
• Equal opportunity:

  Equal opportunity

  At Naimuri we actively promote a diverse and inclusive environment. We have partnerships with Manchester Digital (promoting women in IT), Coding Black Females, NorthCoders (An IT Bootcamp for people who are cross training or reskilling), and other initiatives. ; ; We actively seek to recruit people from various backgrounds to build diversity in our teams, making sure we don’t just recruit degree qualified individuals. Each year we take on Apprenticeships, Graduates and early careers (people swapping careers or returning to work), and invest in their growth and progression thorough our early careers progression framework. ; ; Our approach to recruitment is centred on our values and culture. We provide benefits to promote flexible working patterns including part time working, which allows many people who have found this a barrier to entering tech roles, the opportunity to join us and pursue their career. Our culture promotes a flat delivery structure on projects, giving everyone an equal voice in how the team operates and delivers.
• Wellbeing:

  Wellbeing

  We encourage, invest and enable our people to develop what’s important to them, resulting in company initiatives (we call them Power Groups). These promote people's wellbeing and improve our environmental impact. This in turn has led to people becoming training mental health first aiders or skilled to perform environment audits. ; The Naimuri Mental Health Wellbeing Group has established multiple measures, including investment in time and funding, to support MH & Wellbeing. Regular wellbeing support and activities are established as BAU. There are regular monthly updates to firm wide briefings to maintain a strong leadership approach for values and messaging relating to MH & Wellbeing and the enablers required to support this (e.g., appropriate resourcing of projects).

Pricing

• Price: £285 to £1,317.00 a user a day
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at business@naimuri.com. Tell them what format you need. It will help if you say what assistive technology you use.