Paws Studio

Paws Studio software audits on-premises and cloud-based servers, workstations, laptops, Microsoft Azure and Amazon AWS. Quickly find security and compliance vulnerabilities, know your risks and harden defenses. Policies include Cyber Essentials, DCPP-CSM and CIS benchmarks or create your own custom policies. Paws Studio is built “secure by design” and agentless.


  • Audit against Cyber Essentials, DCPP-CSM and CIS
  • Customizable policies and reports
  • Audit bespoke systems and custom applications
  • OS Configuration review and reporting
  • Vulnerability review and reporting
  • Agentless with offline or online auditing
  • Fully scriptable
  • Easy to use, wizard based GUI
  • XML, Blueprint, CSV and other export options
  • Runs on Windows, Linux and Apple Mac


  • Find and mitigate system vulnerabilities
  • Understand your current compliance status
  • Discover zero day vulnerabilities using customer policies
  • Reduce risks of auditing critical and sensitive devices
  • Audit to your own customized security standards
  • Integrate into your existing systems
  • No dependent software required
  • No dedicated hardware required
  • Quick uncomplicated implementation
  • Low cost with technical support included


£2.06 to £12.40 per device per year

Service documents

G-Cloud 9



Ben Page

01905 888785


Service scope

Service scope
Service constraints No
System requirements Windows, Linux or Apple Mac based-system

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Bronze support level has no cost or SLA. Silver has a response time of 24 working hours. Gold has a response time of 8 working hours.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support Yes, at an extra cost
Web chat support availability 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard None or don’t know
How the web chat support is accessible We use a variety of different technologies. You must be on gold support level for remote assistance.
Web chat accessibility testing We use industry standard technology, such as webex.
Onsite support Yes, at extra cost
Support levels We have three levels of support. Bronze support has no cost, SLA, phone support or remote assistance. Silver has a response time of 24 working hours and includes phone support, but no remote assistance. Gold has a response time of 8 working hours includes phone support and remote assistance.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Training and documentation is provided both on our website and inside the client software. However, it is designed to be easy to use and intuitive without the use of documentation.
Service documentation Yes
Documentation formats HTML
End-of-contract data extraction The data never leaves the users systems, so the user is always in control of what happens to their data.
End-of-contract process The software stops working once it expires.

Using the service

Using the service
Web browser interface Yes
Using the web interface Using our website you can create an account, access an evaluation of the product and purchase a full product. The software can be downloaded through the account web page.
Web interface accessibility standard None or don’t know
How the web interface is accessible Go to www.titania.com to create a user account, create an evaluation, purchase and download software. Once software client is downloaded and installed, the interface can be used to create a new audit.
Web interface accessibility testing The user interface is 508 compliant and will adapt to the accessibility options set in the clients base operating system.
Command line interface Yes
Command line interface compatibility
  • Linux or Unix
  • Windows
  • MacOS
Using the command line interface Users can do everything that they can do using the standard user interface. Online help is also available using the --help command line option.


Scaling available Yes
Scaling type
  • Automatic
  • Manual
Independence of resources The configuration analysis workload is performed by the users system, there is no effect from other systems users.
Usage notifications Yes
Usage reporting Other


Infrastructure or application metrics No


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach In-house
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach In-house destruction process

Backup and recovery

Backup and recovery
Backup and recovery No

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks Other
Other protection between networks The data never leaves the users network unless they want it to.
Data protection within supplier network Other
Other protection within supplier network The users data never leaves the users system.

Availability and resilience

Availability and resilience
Guaranteed availability If your system is running, your license is valid and you have not consumed your usage, then you can use the audit.
Approach to resilience The users experience is not effected by any unavailability issues with our own systems.
Outage reporting No. Access to our online services is not required for the client software.

Identity and authentication

Identity and authentication
User authentication Username or password
Access restrictions in management interfaces and support channels Management interfaces are not accessible from outside Titania.
Access restriction testing frequency At least once a year
Management access authentication Username or password
Devices users manage the service through Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security accreditations Yes
Any other security accreditations Cyber Essentials

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation No
Security governance approach We work against industry standard best practice, we are Cyber Essentials certified and we follow the ISO 27000 family of information security policies and processes without being formally certified.
Information security policies and processes We are Cyber Essentials certified, and follow the ISO 27000 family of information security policies and processes without being formally certified.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Planned changes are proposed, analysed, reviewed, agreed and prioritised by management before being added to a roadmap used to track the progress of the changes. Where possible, changes are thoroughly tested and piloted, checking for security impact using gap analysis, and functionality issues before being applied to live systems. Changes are implemented with the ability to rollback during deployment and appropriate documentation. When immediate changes are necessary, the process is shortcut, but with follow up actions to ensure auditability etc.
Vulnerability management type Undisclosed
Vulnerability management approach All hardware, firmware and software is routinely checked to ensure it is up to date. The support team keep up-to-date with techniques, practices and IT news about current threats, proposing changes or taking immediate action as necessary. Updates and patches are deployed as soon as practical and required.
Protective monitoring type Undisclosed
Protective monitoring approach Modern exploit protection software is in place to avoid, reduce or remove threats. This software automatically report incidents to the support team. The support team are trained to proactively avoid or manage incidents using a risk based approach , as per our vulnerability management process and our incident management process.
Incident management type Undisclosed
Incident management approach The support team are trained to deal with incidents, proposing immediate action if required. This is backed up with ISO 9001 documentation, regularly reviewed and updated. Users are trained to be vigilant, reporting by email or phone any suspicions or incidents. Management are kept up-to-date throughout the lifetime of any incident, from triage through to resolution and future mitigation.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart No

Energy efficiency

Energy efficiency
Energy-efficient datacentres Yes


Price £2.06 to £12.40 per device per year
Discount for educational organisations No
Free trial available Yes
Description of free trial The free trial is limited to 1 month and for auditing 2 devices.
Link to free trial https://www.titania.com/products/paws-studio


Pricing document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑