H S Infra Limited

CIS Network Infrastructure

Design, supply and install CIS network infrastructure components. From Data equipment cabinets, passive fibre optic and data cabling to desktop or containment user outlets. Provide Full JSP 604 SCIDA services and CIS consultation.


  • Security cleared (DV) Coordinating Design Authority (SCIDA)
  • Security cleared (DV) Network Design
  • Security cleared (DV/SC) CIS Network Installation
  • CIS Network Equipment Supply
  • Security cleared (DV) CIS Network Consultancy


  • Full JSP 604 Compliance achievement throughout
  • Assurance of JSP 604 compliant designs for all CIS networks
  • Rapidly deployable Security cleared (DV/SC) Installation and consultancy services
  • MoD experienced consultancy for all current CIS systems


£1000 per instance

  • Education pricing available

Service documents

G-Cloud 9


H S Infra Limited

Steve Hutchinson

07833 465735


Service scope

Service scope
Service constraints Limited support to CIS active equipment configuration. No provision for the configuration of servers, switches and routers.
System requirements Buyers are to use generic email for communications with seller

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Response time usually within 1 hour. Mon - Fri 0800 - 1700
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Level 3 - Online or phone support to CIS network infrastructure. Mon - Fri 0900 - 1700. Price dependant on technical support required. Normally billed at £30 per hour
Level 2 - On site support for technical assistance, SCIDA compliance, CIS network infrastructure consultancy. Price dependant on technical support required. Normally billed at £56 per hour
Level 1 - On site technical assistance and support, including repairs to CIS network infrastructure. Price dependant on technical support required. Normally billed at £70 per hour
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Onsite and offsite meetings with technical experts to ascertain user requirements. Development of User equipment requirement documentation and solutions for delivery.
On site training of delivered CIS network operation.
Service documentation Yes
Documentation formats
  • PDF
  • Other
Other documentation formats
  • DWG
  • Visio
End-of-contract data extraction Project completion packages which will contain all information set out. Full Operations and Maintenance packages handed over.
End-of-contract process Full design, equipment used, installation costs, SCIDA services, Operation and maintenance package, warranties.

Additional costs would be services such as ground investigations,surveys and any planning permission or building regulations requirements.

Using the service

Using the service
Web browser interface No
Command line interface No


Scaling available No
Independence of resources Assignment of a security cleared dedicated delivery manager per customer or site ensures focus on specific user requirements. Board of directors who allocate priority managers to areas/clients that require additional support.
Usage notifications Yes
Usage reporting Email


Infrastructure or application metrics Yes
Metrics types Network
Reporting types Reports on request


Supplier type Reseller (no extras)
Organisation whose services are being resold Numerous CIS network infrastructure suppliers

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Managed by a third party
Penetration testing frequency Never
Protecting data at rest Other
Other data at rest protection approach Restricted access to data
Levels of access only allow those who need the data to access it
Data sanitisation process No
Equipment disposal approach In-house destruction process

Backup and recovery

Backup and recovery
Backup and recovery No

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • IPsec or TLS VPN gateway
Data protection within supplier network Other
Other protection within supplier network In house data protection policies in accordance with cyber essentials certification

Availability and resilience

Availability and resilience
Guaranteed availability All CIS network equipment and installations are warrantied for 12 months (as long as end user hasn't caused the damage by neglect or mis-use)
All manufacturer warranties for equipment are passed onto the customer
SLA can be engaged with the customer for continued support if required
Approach to resilience Available on request
Outage reporting Email alerts
On site meetings

Identity and authentication

Identity and authentication
User authentication
  • Limited access network (for example PSN)
  • Username or password
Access restrictions in management interfaces and support channels Access is restricted to only key delivery managers. Access controls have to be requested and discussed by directors prior to access permissions being granted
Access restriction testing frequency At least every 6 months
Management access authentication
  • Limited access network (for example PSN)
  • Username or password
Devices users manage the service through
  • Dedicated device on a government network (for example PSN)
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security accreditations Yes
Any other security accreditations Cyber Security Essentials

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation Yes
Security governance standards Other
Other security governance standards JSP 440, JSP 604 lf 4800. Cyber essentials
Information security policies and processes Cyber security essentials, SDIP 27.
Reporting structure is from the client to their dedicated delivery manager and then up to the board of directors.
Policies are developed and communicated to all members of the company via in house training.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach From order of equipment the items are tracked. On receipt all serial numbers are collected and onward tracked through to issue to the client. All serial numbers form part of the operation and maintenance package.
Vulnerability management type Undisclosed
Vulnerability management approach Threats to our services will be defined by clear directive from the client. We take on the clients need for security and assurance and design a product to give the client assurance through design and product.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Threats are identified as either 'future possibilities' or retrospectively.
As soon as a threat is identified the delivery manager call a directors emergency meeting. Directors then discuss the method of direction and threat resolution.
Threat response is actioned on immediate report of the issue.
Incident management type Undisclosed
Incident management approach The company has processes for regular occurrences. Throughout complete project lifecycle we operate a full policy and procedure process. This helps both the company and the client utilise the processes to the best ability.
Users can report incidents at any time throughout the working hours schedule.
We provide incident reports and ex-sums as required and set down in the initial requirements/scoping meetings.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart No

Energy efficiency

Energy efficiency
Energy-efficient datacentres Yes


Price £1000 per instance
Discount for educational organisations Yes
Free trial available No


Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Terms and conditions document View uploaded document
Return to top ↑