Henderson Scott

Cloud Cyber Security

Our Cloud Cyber Security Service covers: Information Security, DDoS Migration, WAF, Security
Architecture & Design, Risk Assessment and Management, IDS / IPS, Endpoint Security, Penetration Testing, Application Security, Identity & Access Management, IT Governance & Compliance, SIEM,
Vulnerability Management, SOC Functional Analysts

Features

  • Effective defence against complex security challenges and threats
  • In depth understanding of the product marketplace
  • Security service management transition and process embedding
  • Identity and Access Management technical implementation
  • Security enabled architecture
  • Design and implementation of highly secure cloud solutions
  • Advanced DDoS protection
  • IT Health checks / Penetration Testing
  • Security specialists including CESG, CISSP & CISA Consultants
  • Best practice driven approach

Benefits

  • Understand the security implications of moving into Cloud services
  • Help you to invest appropriately in cyber defence capability
  • Fast & efficient delivery of resources into critical Cloud Projects
  • Manage any Cyber Attacks that your organisation may experience
  • Reduction of data loss from Cloud Services
  • All services delivered by specialist security professionals
  • SC / DV level security cleared professionals
  • Protect the reputation and perception of UK PS
  • Ensure UK PS is fully compliant with upcoming GDPR requirements

Pricing

£325 to £1000 per person per day

Service documents

G-Cloud 10

231639624530166

Henderson Scott

Mark Smith

01494 618759

Mark.Smith@hendersonscott.com

Service scope

Service scope
Service constraints No service constraints
System requirements No specific system requirements

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Respond to emails usually within 3 hours, including weekends.

Support hours are 8.30am to 6.00pm Monday to Friday (24/7 support also available on request)
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), 7 days a week
Web chat support No
Onsite support Onsite support
Support levels Response to requests within 3 hours, including weekends.

Standard support hours are 8.30am to 6.00pm Monday to Friday (24/7 and extended support also available on request)

We provide a dedicated account manager on all G-Cloud accounts to manage and support the recruitment process.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started We provide a User Documentation pack for users of our Services.
All staff performing services have received extensive onsite training.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
  • Other
Other documentation formats .doc
End-of-contract data extraction Users may take advantage of our online data tool or make a request and data will be provided to them.
End-of-contract process All services are included in the price of the contract, there is no additional cost.

Using the service

Using the service
Web browser interface No
API No
Command line interface No

Scaling

Scaling
Scaling available Yes
Scaling type Automatic
Independence of resources We have dedicated Account Teams, headed up by Senior Managers to ensure that the volume of requests from users is managed efficiently and the service provided is at the exceptional level that we have become known for in the industry.

The Account Leads have regular contact and communication with both Users and internal managers so demand can be communicated and managed efficiently.
Usage notifications Yes
Usage reporting Email

Analytics

Analytics
Infrastructure or application metrics Yes
Metrics types
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
Reporting types Reports on request

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations Yes
Datacentre security standards Managed by a third party
Penetration testing frequency At least every 6 months
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
  • Hardware containing data is completely destroyed
Equipment disposal approach In-house destruction process

Backup and recovery

Backup and recovery
Backup and recovery Yes
What’s backed up
  • Files
  • Databases
  • Directories
Backup controls Users may make requests regarding backups, which will be reviewed and responded to in line with our usual support response processes.
Datacentre setup Single datacentre with multiple copies
Scheduling backups Users contact the support team to schedule backups
Backup recovery Users contact the support team

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability We agree to work with any level of SLA that the user may require, and can arrange these on request.
Approach to resilience Available on request.
Outage reporting Email Alerts

Identity and authentication

Identity and authentication
User authentication Username or password
Access restrictions in management interfaces and support channels IP restrictions, two factor authentication of approved users and protective monitoring/logging.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Username or password
Devices users manage the service through Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications
  • CEH
  • CISSP
  • CESG (CLAS)
  • TOGAF
  • CISM
  • CCNP
  • CCSK
  • GIAC
  • CompTIA Security +

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach Work to GDPR standards, and are in the process of implementing.
Information security policies and processes We work to GDPR levels of security, and all Information Security Policies and Processes are well documented. Authorised users have thorough training on these policies, and we conduct regular security checks to ensure that these are being followed completely.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach Work to recognised standards. Details available on request.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach Sensitive information, details available on request.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Sensitive information, details available on request.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Work to recognised standards, details available on request.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart No

Energy efficiency

Energy efficiency
Energy-efficient datacentres Yes

Pricing

Pricing
Price £325 to £1000 per person per day
Discount for educational organisations No
Free trial available No

Documents

Documents
Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑