Identity E2E

Security - Governance, Risk and Compliance (GRC)

Our Security Architecture and Cyber Security Services build on IdentityE2E’s experience in delivering enterprise scale UK Critical National Infrastructure. Our services, based on Security Architecture standards and secure DevSecOps principles, address end-to-end security requirements to securely develop/migrate services to cloud while automating compliance and assurance functions of cloud workloads.

Features

• Security Strategy and Planning
• Cloud Security Strategy
• Security Architecture and Programme Design
• Supply Chain Risk Management
• Automated IT Cloud Security Compliance Management
• Information Security Assessment and Assurance
• Security Framework and Risk Assessments
• Security policy, compliance & audit management
• Information Governance
• GDPR compliance

Benefits

• A defined and documented security strategy
• Improved visibility into security posture of organisation
• Improved security culture and awareness
• Tailored to meet the needs and priorities of your organisation

£350 a unit a day

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at framework.contracts@identitye2e.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

998535674294004

Contact

Peter Wales
02036420195
framework.contracts@identitye2e.com

Planning

• Planning service: Yes
• How the planning service works: Our standard approach is to first plan and document a transition strategy describing the ‘as is’ and ‘to be’ in a Roadmap and supporting vision statement, which is then communicated and shared within the Programme Delivery Team, key users and stakeholders. It also enables work to support transition to be effectively scoped and estimated within teams’ requirements tools or backlogs. IdentityE2E can provide specialist expertise to provide Transition Strategy, Transition Plan and Training Needs Requirements deliverables that can consider the following areas of change:; • People (training/role based access etc.); • Process; • Governance; • Systems and infrastructure; • Hosting platforms; • Licensing; • Data migration ; • Data quality; • Database platform; • Extract or transform requirements; • Security architecture / Cyber Security considerations; • Rollout strategy ; • Live pilots and trials; The Transition Planning Service will recommend which commodity cloud services should be considered or identify bespoke services that need to be developed to enable successful transition (note that bespoke development services are outside the scope this G-Cloud service).
• Planning service works with specific services: No

Training

• Training service provided: Yes
• How the training service works: We can provide training tailored to the requirements of the client. This might range from knowledge transfer activities, through to full training programmes.
• Training is tied to specific services: No

Setup and migration

• Setup or migration service available: Yes
• How the setup or migration service works: One of the key advantages of using cloud platforms is the ability to fully rehearse Data Migrations and Transitions as environments can easily be provisioned and torn down at a fraction of the cost of physical compute. The ability to fully rehearse complex migrations, transformations and performance timings can provide enormous risk mitigation and avoids expensive roll back scenarios when attempting live transitions. IdentityE2E can work with you to advise on a high quality cost effective test service tailored to your needs.; Preparing for transition implementation is essential for moving legacy IT systems onto the cloud. Our team can help with a range of activities in support of the implementation including:; • Readiness reviews and governance; • Business change readiness; • Data Migration Rehearsals; • Data Migration Live; • Production Infrastructure Validation (networks/certificates/routing/ports/firewall etc.); • Role Based User Access Validation (LDAP etc.); • Defining and managing Live Proving / Trials; • Advising on phased roll outs (Beta) wherever possible; • Feedback monitoring ; • Service monitorin
• Setup or migration service is for specific cloud services: No

Quality assurance and performance testing

• Quality assurance and performance testing service: Yes
• How the quality assurance and performance testing works: IdentityE2E can provide a comprehensive transition testing service to ensure your transition to the cloud is delivered with high quality and low risk. We have built up a reputation for test excellence with over 25 years experience in public and private sector industry and in recent years specialising in cloud based transitions. ; ; We work with our clients to recommend an approach tailored to their requirements, risk appetite, technology and cloud choices. Our approach is centered around the core of test automation for both functional and non-functional testing so that teams are able to get feedback and iterate fast. Our QA test service includes Unit / CIT / System / SIT / CBT / Exploratory / Security / Accessibility / Performance and SRE testing as well as cloud infrastructure testing using: Checkov Infracost Terraform Test Pre-commit Inspec In addition we are able to offer mature non-functional resilience testing using chaos and synthetic observability testing using SRE techniques.; ; We can provide QA and Test assurance consultancy services to document test strategies and plans for the client and to review and assure test documents from third party client suppliers.

Security testing

• Security services: Yes
• Security services type:
  • Security strategy
  • Security risk management
  • Security design
  • Cyber security consultancy

Ongoing support

• Ongoing support service: No

Service scope

• Service constraints: Service constraints are covered in our Terms and Conditions document included as part of our submission.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: 48 hours during Monday to Friday
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Support levels: L1 to L4 support is provided directly to end clients as required, with a documented escalation point to a senior account manager if required. Support is included within SFIA rate card day rates.

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: ISO 27001 certification in progress - awaiting audit process

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  We are committed to playing our part to fight climate change and protect the environment. We have a carbon reduction plan aligned to the government objective to achieve Net Zero emissions.; Our fighting climate change / pro-environment measures include:; • Reduce carbon emissions by replacing our company car fleet with fully electric vehicles; • Avoid unnecessary travel by encouraging remote working / online meetings when possible and supporting principle of localisation; • Avoid wasted heating and lighting impacts by continuing with managed office strategy ; • Produce little to no waste in our business activities by continuing our commitment to a paperless office; • Build awareness amongst our workforce of the impact of their decisions on our journey to Net Zero; • Conduction emissions monitoring and reporting in the yearly update to our Carbon reduction plan; • Influencing employees to set their own carbon reductions targets in line with our commitment to achieving Net Zero

  Tackling economic inequality

  In order to create employment and training opportunities particularly for those who face barriers to employment and/or who are located in areas of economic inequality, IdentityE2E focusses on and supports the following:; • AWS re/Start workshops for those retraining, including those who face barriers to employment, such as prison leavers; • Remote working, enabling those located in deprived areas to more readily access employment opportunities; • Measures to ensure equality and accessibility; • Educational attainment, including training schemes that address skills gaps and result in recognised qualifications; • Promotion of awareness of recruitment opportunities, relating to known skills shortages or in high growth sectors; • Mentoring, CV advice, interview practice, careers guidance and volunteering opportunities to support in-work career progression and development, including into areas of known skills shortages and high growth; • Apprenticeships, work placements; • Recruitment practices and employment conditions to attract candidates from all backgrounds, minimise turnover of staff and improve productivity

  Equal opportunity

  IdentityE2E is fully committed to supporting and promoting diversity and equal opportunity for all, and compliance with equality legislation including safeguarding of protected characteristics. ; IdentityE2E recognises that discrimination and victimisation is unacceptable and that it is in the interests of the Company and its employees to utilise the skills of the total workforce. It is the aim of the Company to ensure that no employee or job applicant receives less favourable facilities or treatment (either directly or indirectly) in recruitment or employment on grounds of age, disability, gender / gender reassignment, marriage / civil partnership, pregnancy / maternity, race, religion or belief, sex, or sexual orientation (the protected characteristics).; Our company policies cover Diversity and Inclusion and how important it is that everyone working for IdentityE2E understands about equality and diversity and how to operate in a non-discriminatory and inclusive way.; As an experienced Government supplier, IdentityE2E has been complying with central Government policy and behaviours in relation to Equality, Diversity and Inclusion, supported by the necessary legislation, since the formation of the company.; Our company policy documentation and considerations cover the relevant themes and aspects of Diversity and Equal Opportunities, including:; • Objective of policy; • Designated officer, communication and reporting; • Definition of discrimination; • Types of discrimination ; • Unlawful reasons for discrimination ; • Positive action in recruitment ; • Reasonable adjustments; • Responsibly for the implementation of our company policy ; • Action taken when discriminatory behaviour is suspected or reported; • Advice and support available on discrimination

  Wellbeing

  IdentityE2E has a foundation of strong social and moral values, with a focus on looking after our teams and their families and to improve their health and wellbeing during their employment/engagement with us. ; To demonstrate action to support digital wellbeing and physical and mental health, IdentityE2E undertakes we encourage our teams to:; • Take screen breaks at regular intervals; • Use tools provided by Google/Apple to place limits on device usage and allow quiet times; • Take suitable meal breaks ; • Ensure appropriate exercise and fresh air; • Use conversations rather than relying on email/text; • Attend company team-bonding/celebrating success social events; • Insist on suitable breaks during the Christmas, Easter and summer periods. (As a company, we embrace the “furlough” periods.) ; The company ethos described in the opening paragraph derives directly from the personal convictions of the Executive Directors and, therefore, flows “top down” throughout the company and our team. It is this cornerstone from which the ability to influence staff, suppliers, customers and communities to support health and wellbeing, including physical and mental health is derived. An example is the company’s outward-looking focus and significant involvement in charitable activities. At a personal level, members of our teams are assigned a buddy or mentor during their initial period of induction. This helps to alleviate stress and pressure that accompanies starting a new role. The relationship established continues thereafter and provides another mechanism for influencing and monitoring wellbeing.

Pricing

• Price: £350 a unit a day
• Discount for educational organisations: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at framework.contracts@identitye2e.com. Tell them what format you need. It will help if you say what assistive technology you use.