NVT Group

Concepta Security Services

Concepta Security Services are a suite of cyber-security solutions which, when applied synchronously, provides peace of mind regarding the IT infrastructure's security status. Concepta Security Services monitors key systems and provides real time actionable alerts. It is available in three variations; Essentials, Advanced or Complete dependant on the prevailing requirements.

Features

  • Secure Domain Name System
  • Authentication Logging
  • Server Vulnerability Scanning
  • Managed Firewall
  • Intruder Detection / Intruder Prevention
  • Geo-IP Blocking
  • Network Access Control
  • Posture Analysis
  • Security Zones
  • Consolidated Security Management Dashboard

Benefits

  • Protects assets, reputation and the business, avoid costs of remediation
  • Comprehensive security platform developed to cover broad requirements
  • Fully integrated solutions avoiding potential costly software conflicts
  • Single dashboard provides real time view of security threats
  • Easy to understand dashboard provides data to all stakeholders
  • Available as a full managed service
  • Full training available if self service is required
  • Three tiers ensuring solution tailored to current setup and requirements
  • Supports and integrates with existing applications to protect investments
  • Developed with open-source solutions removing costly vendor overheads

Pricing

£6.50 to £19 per user per month

  • Education pricing available
  • Free trial available

Service documents

G-Cloud 11

229094234770780

NVT Group

Dougie Weir

08453 893 300

public_sector@nvt.co.uk

Service scope

Service scope
Software add-on or extension No
Cloud deployment model
  • Public cloud
  • Private cloud
  • Hybrid cloud
Service constraints Service is supported on all common operating systems, hypervisors, hardware, public and private cloud. Service will be subject to regular maintenance which will be conmmunicated through our Service Desk with contingencies in place.
System requirements
  • Requires VMWare, Hyper-V or KVM hypervisor
  • Supplied as pre-confiured VM with an OS
  • Minimum 2 x VCPUs
  • Minimum 4GB RAM
  • Mirror or tap port required from switching

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Questions will be answered when an engineer or consultant is available, typically within 4 hours. Support calls are as follows. Priority 1: Critical, e,g, inactive firewall– 15min acknowledgement, 4 hours technician onsite or remote access. Priority 2: Non-critical e.g. non mission critical service inactive – 1 hour acknowledgement, 8 hours technician remote access. Priority 3: Change requests & administrative requests - 8 hour acknowledgement, 72 hours technician remote access Where appropriate, if a critical failure cannot be resolved within 8 hours of the call being logged the NVT will provide a detailed plan including any escalation procedures required.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.1 AA or EN 301 549
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Onsite support
Support levels Given the nature of the service there are no tiers of support available, NVT provide 24x7 support as standard with 3 priority levels for support calls. Given this there is a flat cost for support. Priority 1: Critical, e,g, inactive firewall– 15min acknowledgement, 4 hours technician onsite or remote access. Priority 2: Non-critical e.g. non mission critical service inactive – 1 hour acknowledgement, 8 hours technician remote access. Priority 3: Change requests & administrative requests - 8 hour acknowledgement, 72 hours technician remote access Where appropriate, if a critical failure cannot be resolved within 8 hours of the call being logged the NVT will provide a detailed plan including any escalation procedures appropriate. NVT will provide a dedicated service delivery function which will be responsible for co-ordinating all support services to the customer.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started NVT can and will engage with customers as required and permissable prior to and during the purchasing process to better understand the breadth of requires and complimentary technologies. NVT will engage to understand how the Concepta Security Services are to be deployed (public, private or hybrid cloud) and what paramaters, tolerances and policies are to be implemented. Users will be provided training (online or on-site) on how to create custom dashboards and collate/gather custom data feeds. Full documentation will also be made available as per our standard governance.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction Concepta Security Services in it's Cloud Hosting form will not be storing any end user/customer data but merely providing security services to protect customer infrastructure, network and data.

The only user/customer data that will be stored relates to data collected as part of the security process (logs and analysis) along with custom dashboards, configurations and policies.

Any customer specific data and or policies/configurations will be provided to the customer on their chosen media along with comprehensive documentation before going through the apporpriate and necessary deletion/destruction.
End-of-contract process The primary objective of the Exit Management Plan is to enable an orderly cessation and smooth migration from the Supplier to the customer and/or its Replacement Service Provider of responsibilities, services, assets and any other items or information necessary with a view to the customer and/or the Replacement Service Provider operating a replacement service for the Services with effect from the date of termination of this Agreement in a cost effective manner, which ensures business continuity and minimal disruption to the Council’s business operations.

In the event of the partial termination of this Agreement, or of the termination of a discrete Service Tower, the provisions of this Schedule shall be applied (with the necessary changes) in relation to the terminated Services in accordance with the provisions of our internal policies.

The Exit Management Plan will be prepared on the assumption that the Services will be transferred to the customer or a Replacement Service Provider on termination or expiry of this Agreement.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service There is no dedicated app for our service, however, the service will run in a mobile web browser with dashboards viewable with a high level of fidelity in comparison to a standard web browser.
Accessibility standards WCAG 2.1 AA or EN 301 549
Accessibility testing NVT engage with our human resource partner and local further education institutes to test both internally and externally on the suitability of our interface for assistive technology users.
API No
Customisation available Yes
Description of customisation All customisable content is accessed through the web based GUI. Users
are able to create custom dashboards and provide custom data feeds into the service (assuming data provided is security related). Configurations can only be done by approved users.

Scaling

Scaling
Independence of resources Concepta Security Services are deployed as a single instance with it's own dedicated resources eliminating the "noisy neighbour" effect and ensuring high QOS.

Concepta Security Services can also be

Analytics

Analytics
Service usage metrics Yes
Metrics types Numerous metrics available depending on the tier of solution procured and the data available
Reporting types
  • Real-time dashboards
  • Reports on request

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest Physical access control, complying with another standard
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach Concepta Security Services is not a data storage platform, it's primary function is to provide a suite of tools to provide a platform to protect network, data and infrastructure.However any data generated by the suite of tolls (DNS logs, vulnerability scan results) will be erased and historical data can be provided on the clients preferred media then subjected to destruction during decommissioning process.
Data export formats Other
Other data export formats JSON
Data import formats Other
Other data import formats JSON

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability Concepta Security Services run on a dedicated instance of NVT's Viia Private Hybrid Cloud Solution. NVT proatively monitor the Viia platform regardless of deployment type (pending any internal or contractual data access poliies) and have build the platform on best of breed hardware running in best of breed datacentres and powered by a suite of software backed by NVT's 30 years of experience. All this means we can guarantee 99.9% uptime.
Approach to resilience As Concepta Security Software & Services is a highly customisable security platform the resiliency involved will be highly dependant on whether it is deployed as a fully hosted solution or a hybrid solution.

If fully hosted, the solution will reside within iomart datacentres. Iomart carry out regular testing and maintenance of infrastructure with the N+1 policy applied to data centres providing the basis of continuity controls. This is enhanced by the provision of multiple communication routes and the replication of iomart’s network infrastructure. iomart data centres are also located outside flight paths, flood plains, have no seismic threat, and are a minimum of 3km outside sites who could pose a potential accident or hazardous threat (as governed by HSE). Therefore, in the event of any given location being lost, the primary impact to iomart would be on office facilities, but with 6 UK Offices and 10 UK Data Centres providing hosting services and support, this impact is limited and mitigated with standing arrangements to relocate staff to the nearest iomart site.

If hosted on-premise or in a hybrid manner then the solutions resiliency would be done in line with customer's existing policies, infrastructure and locations.
Outage reporting Any service outages are reported via our Information Technology Service Management (ITSM) system which automatically alerts clients via email and client web portal.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels Access is stringently restricted by way of federated active directory services and two factor authentication
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for Between 1 month and 6 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 Exova BM Trada
ISO/IEC 27001 accreditation date 06/08/15
What the ISO/IEC 27001 doesn’t cover N/A
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes NVT Group are certified for ISO27001 and as such have a set of policies and processes in place to ensure compliance. NVT Group have an appointed Compliance officer to interface with the management on security aspects and also is the conduit to the UKAS accredited audit partner.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Our certified standards ISO9001, & ISO27001 define our configuration and change management processes and procedures are fit for purpose. Each change request is logged and tracked through our call management application, subject to approval and manged to successful implementation or conclusion.
Vulnerability management type Supplier-defined controls
Vulnerability management approach The concepta service is based on our hosted platform ViiA. The ViiA platform using Network Access Control technology, posture assessments can be conducted before access to the corporate network is made available. ViiA is kept fully up to date by way of subscription to industry recognised malicious software services to ensure a comprehensive knowledgebase of prevailing threats. Patches are applied on an ad-hoc basis depending on the threat severity.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Concepta is based on our ViiA platform. ViiA is continuously monitored to identify potential issues. Each issue is viewed on its own merit and treated accordingly. NVT Group decided not to have a set of standard approaches as experience tells us that there are not a standard set of potential issues that may occur. Each compromise alerted will be addressed immediately on discovery by our technical team and a resolution devised and an implementation plan agreed. If a resolution is not readily available then a work-around will be put in place whilst a permanent resolution is sought and actioned.
Incident management type Supplier-defined controls
Incident management approach NVT Group operate an ITIL aligned customer Service desk. The service desk will be the focal point for the reporting, tracking and management of all incidents. Incidents can be reported either by phone, email , portal self service or can be automatically reported via our Monitoring and Management solution. Incident reporting and escalations are in line with ISO9001 standards with a clear and defined process in place and available upon request.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks Yes
Connected networks Public Services Network (PSN)

Pricing

Pricing
Price £6.50 to £19 per user per month
Discount for educational organisations Yes
Free trial available Yes
Description of free trial Concepte Security Essentials Bundle available a a limited trial with no custom configurations done.

Service documents

pdf document: Pricing document pdf document: Skills Framework for the Information Age rate card pdf document: Terms and conditions
Service documents
Return to top ↑