Dionach Limited

Technical Information Security Auditing

Information Security Audits are an essential tool to ensure that you have the necessary security policies and infrastructure in place to protect your computer systems and the information that they contain, and that security policies and procedures are being adhered to.

Features

• Cloud Security Review
• Application Security Audit
• Application Code Review
• Firewall Rule Audit
• Network Infrastructure Review
• Build Review
• Audit against specific government and industry standards

Benefits

• Gain assurance of the secure configuration of your network infrastructure
• Ensure secure design
• Validate secure deployment requirements
• Identify design and implementation issues in advance

£1,200 a unit a day

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@dionach.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

983081259207119

Contact

Bid Team
01865 877830
tenders@dionach.com

Planning

• Planning service: No

Training

• Training service provided: No

Setup and migration

• Setup or migration service available: No

Quality assurance and performance testing

• Quality assurance and performance testing service: No

Security testing

• Security services: Yes
• Security services type:
  • Security strategy
  • Security risk management
  • Security design
  • Cyber security consultancy
  • Security testing
  • Security incident management
  • Security audit services
• Certified security testers: Yes
• Security testing certifications:
  • CHECK
  • CREST
  • Cyber Scheme

Ongoing support

• Ongoing support service: No

Service scope

• Service constraints: No constraints

User support

• Email or online ticketing support: No
• Phone support: No
• Web chat support: No
• Support levels: Not Applicable

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Certification Europe
• ISO/IEC 27001 accreditation date: 14/08/2021
• What the ISO/IEC 27001 doesn’t cover: All Dionach Services are covered
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Fundamental to Dionach’s values is a concern about the environment and a recognition that good environmental management must be an integral part of our business strategy. We aim to minimise the environmental impact of our activities, conducting all operations in compliance with all relevant health and environmental legislation as documented in Dionach's Information Security Management System (ISMS). A copy of our Environmental Management Policy is available on request. ; ; We have developed processes to allow most client work to be carried out remotely. Not only does this mean it is less intrusive for the client, but it reduces our carbon footprint due to consultants not having to travel to site. Where onsite attendance is required, Dionach offsets transport carbon emissions through our Carbon Offsetting partner, ClimateCare. ; ; We also allow remote working for staff in back-office functions, removing the need to travel whilst providing an option to work from one of Dionach's offices if preferred. Dionach's office locations are chosen to allow easy access via public transport, with our Glasgow office being completely car-free. Our aim for the next year is to ensure that we remain at least 1 tonne under our 2019 emissions.; ; Dionach operates an IT equipment recycling program, donating redundant equipment to schools and community groups. This provides these groups with useful technology whilst reducing our environmental impact by saving equipment from landfill. We monitor assets and track items’ age and efficiency so that we are aware when they reach the end of their useful life with us. The equipment is approved for donation once tested and refurbished; any items not suitable for donation are disposed of in line with Dionach’s Environmental Management Policy. Dionach staff are encouraged to bring any suggestions for potential donation beneficiaries in their local areas to the attention of Dionach management.

  Covid-19 recovery

  Creating opportunities and encouraging people with diverse backgrounds to engage with the cyber industry has been a key part of Dionach’s corporate activity since inception. Our commitment to creating employment, raising awareness of cyber opportunities and closing the skills gap has proven especially beneficial given the high unemployment levels that arose due to the Covid-19 pandemic. ; ; Covid-19 prompted new ways of working to accommodate an increase in home working and new technologies, and Dionach’s culture of forward-thinking, innovative practices meant that we could quickly adapt to this unprecedented situation. Internally, Dionach adopted hybrid/remote working to most employees. This model of working further opens opportunities to people at risk of unemployment, by increasing flexible work-life balance options and accommodating personal circumstances. Remote roles also expand our geographical reach so we can recruit talent and create employment opportunities across the whole UK. ; ; Dionach was instrumental in assisting clients by sharing solutions for mitigating the impacts of the pandemic. Since 2017, Dionach have worked with NHS England on their Data Security Onsite Assessments (DSAs), assisting NHS Organisations understand and remediate security risks. The pandemic meant that it was no longer appropriate to deliver assessments onsite, so Dionach developed a remote delivery model to engage in a Covid-safe manner. Given the critical importance of the security and availability of NHS networks, and the pandemic’s rapid onset, Dionach designed and implemented this solution within just three weeks. Since the start of the pandemic, we have remotely delivered over 100 DSAs. ; ; We also developed a range of remote solutions including custom-built Virtual Machines to meet individual clients’ requirements, including government organisations such as the Local Government Authority. These methods provide increased scheduling flexibility and a low-cost alternative to traditional onsite testing to ensure that our client’s security is suitable for the changing cyber landscape post-Covid.

  Tackling economic inequality

  As a SME in the cyber security industry, Dionach understands the importance of supporting opportunities for entrepreneurship to sustain economic growth within the sector. We support other businesses within our industry and beyond, strengthening our own offering as well as helping other organisations to grow. We contribute to collaborative initiatives which support the whole cyber security sector, sharing our knowledge and experience to raise awareness of technological developments, security threats and areas of growth. This creates a wider potential for new employment and entrepreneurship, the development of which can help to close the skills gap and tackle economic inequality at both an organisational and individual level across our communities. ; ; Dionach actively collaborates across different industries and with the public by sharing knowledge and research to assist organisations and individuals improve their cyber security stance. For example, we share expertise and latest research in our public-facing technical blog and publish our custom tools as open-source on Dionach’s GitHub page. We also have active roles in the Industrial Control System Community of Interest and The Cyber Scheme. ; ; At an individual level, Dionach strives to tackle economic inequality through various initiatives which raise awareness and promote employment in this industry to a wide cross-section of the public. We deliver a dedicated graduate employment programme to support new graduates to launch their careers, and utilise recruitment practices which ensure the employment of people without formal qualifications and from a range of different industry experiences and backgrounds.

  Equal opportunity

  Dionach are committed to providing a working environment in which all employees have equal opportunities to succeed. Our executive team champions inclusion, diversity and development for every colleague. Dionach:; ; • Is Living Wage-accredited.; • Does not use zero-hour contracts. ; • Offers remote and flexible working; • Has 50% females in senior roles.; • Has no gender pay gap across any roles.; • Maintains an open-door policy to encourage staff voice to be heard.; • Has a formal EDI Policy dictating that recruitment and progression is based solely on objective capabilities and achievements; • Is involved in initiatives to promote and develop employment opportunities in the cyber industry.; ; Dionach recently formalised our graduate strategy with the launch of the “Graduate Hackademi” offering a minimum 24-month Living Wage contract to graduates, supporting them to launch their career and attain CREST certifications. Our equality commitments stipulate that our university partners encourage students from different demographics; for example, we regularly partner with Glasgow Caledonian University to support its Widening Access initiative, which provides opportunities to people from disadvantaged backgrounds. ; ; Our workforce reflects skill diversity from within and outside the cyber industry, thanks to Dionach’s commitment to investing in people with transferable skills regardless of previous experience or qualifications. We encourage career changers, having recruited five employees from non-cyber industries in the last 2 years. We are open-minded in finding and supporting talent, giving us a diverse skill base and inspiring those who may not have considered a cyber career.; ; All employees have equal opportunity to develop through our ISO9001:2015 continuous professional development program. Each consultant has a Personal Development Plan (PDP) and is allocated ten self-development days annually to attend workshops, conferences or courses, encouraging them to go beyond their required qualifications and supporting them in learning additional skills that interest them.

  Wellbeing

  Dionach’s employment policies, such as flexible and remote working, have numerous benefits, including assisting with childcare and providing accommodations for disabilities. This opens employment to a wider cross-section of society and fulfils Dionach’s equal opportunity responsibilities, and also helps to deliver work-life balance by providing the freedom to work around day-to-day commitments. ; ; Our responsibility for ensuring the health and wellbeing of our colleagues is also demonstrated in the various benefit schemes available. Dionach employees can take advantage of a non-contributory health insurance which includes a virtual GP service, cancer treatment and support, and mental health counselling. Staff can access independent counselling from Care First, who offer information and advice on workplace and personal issues. In case of long-term illness or injury, we offer income protection, and in the unfortunate event of death, a life insurance policy and bereavement service is provided to our colleagues’ families. Other benefits include discounts and vouchers through Dionach’s partnership with LifeWorks, and a Cycle2Work scheme which promotes a healthy choice and an environmental benefit.

Pricing

• Price: £1,200 a unit a day
• Discount for educational organisations: Yes

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@dionach.com. Tell them what format you need. It will help if you say what assistive technology you use.