Equal Experts UK Limited

DevSecOps Audit

Security maturity assessment of DevSecOps capability, delivering strategies and implementation plans to improve agile security practices. Our security experts provide proven methods for incorporating security into agile working practices. We use lightweight, pragmatic approaches, including automation techniques and measurement, which improve security in continuous integration and continuous delivery pipelines.

Features

  • Recommendations based on industry best practice
  • Delivers agile security strategy to enhance continuous integration and delivery
  • Provides guidance on effective vulnerability management
  • Identifies individuals within your organisation to lead a security community
  • Provides an action plan for implementing security in agile delivery
  • Provides guidance on adopting and conducting threat modelling
  • Assesses ability to detect and respond to security incidents
  • Identifies skills gaps and recommends resourcing plans
  • Effective for all cloud platforms, AWS, GCP, Azure

Benefits

  • DevSecOps explained by experts using plain English
  • Delivered by experienced security consultants
  • Proven track record adopting DevSecOps within government
  • Explains how to meaningfully measure security success
  • Tailored guidance specific to the delivery programme
  • Consultants experienced with GDS and NCSC guidance
  • Recommends pragmatic approaches to security
  • Improves quality of external penetration testing exercises
  • Drives better decision making on security budgets
  • Identify security practices that work well with Continuous Delivery

Pricing

£250 to £1,500 a person a day

  • Education pricing available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at solutions@equalexperts.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

3 3 5 5 0 0 8 9 2 1 0 9 3 1 2

Contact

Equal Experts UK Limited Louis Abel
Telephone: +44 7968 157766
Email: solutions@equalexperts.com

Planning

Planning service
Yes
How the planning service works
To build detailed knowledge of the context and domain for any project, an initial phase of planning, definition and knowledge transfer will generally take place at the start of an engagement.

We have found that this takes place most effectively through a short time-bound inception to develop a shared understanding and agreement on vision and objectives across a broad stakeholder group. This covers the business, technical and user aspects of the project and the outputs may include user personas and scenarios, key user journeys, as-is and desired business processes, a prioritised backlog of user stories, technical constraints and vision, and a release roadmap and plan. The techniques and principles applied are also used on an ongoing basis throughout the course of delivery, to ensure the solutions developed are fit for purpose and meet real and changing user needs.

This initial inception phase can be contracted separately if required.
Planning service works with specific services
No

Training

Training service provided
Yes
How the training service works
For every client, we aim to transfer and embed knowledge of technology and process innovation. Our consultants help improve our clients’ internal competencies and build long-term sustainable capability, as they migrate to modern cloud-based products and services. We tailor particular practices to address specific organisational constraints – we recognise that every organisation is different and there is no “one size to fit all”.

The depth of experience of our consultants means they are mature, pragmatic, and have an approach grounded in hands-on digital experience. This is key to our ability to help with training, upskilling and building knowledge of new ways of working within client team members. All our consultants are selected based on their demonstrated understanding of how intelligent and innovative uses of technology are being put to work to provide competitive advantage across industries. Passing this expertise and understanding to our client team members is a key, and unique, advantage and value provided throughout our engagements.

We tend not to offer classroom-based training as our consultants are happy to share their knowledge throughout a project. They take responsibility for helping individual client team members adopt new practices and ways of working.
Training is tied to specific services
No

Setup and migration

Setup or migration service available
Yes
How the setup or migration service works
In addition to ongoing development and operation of live cloud-based services, we can help with the initial set up and migration as part of a transition to cloud. We look for opportunities to automate processes (for example, test, deploy) that will yield real benefit and high ROI. Our approach helps to address integration, dependencies and risk early. We capture actionable metrics to measure and manage progress towards meeting the agreed success criteria and KPIs identified for building and operating the service. The highly collaborative, interactive processes we follow foster continual learning and improvement of services. They help to establish and evolve the overarching service design, management processes and the team capabilities.

We can ensure projects hit the ground running through our experience in designing, configuring and setup of many continuous delivery and automated cloud deployment environments. These techniques allow software to be repeatably and reliably deployed and tested through each stage into production on the cloud. We have substantial experience when it comes to the tooling required for continuous delivery and automated software deployment, greatly facilitating the software set up, build and migration process, which increases programme productivity and reduces project risk and cost.
Setup or migration service is for specific cloud services
No

Quality assurance and performance testing

Quality assurance and performance testing service
Yes
How the quality assurance and performance testing works
Our security consultants are experienced in designing and implementing security quality assurance using the latest automated testing methods. We help you define benchmarks and policies for security quality in the cloud infrastructure and software you deliver, and put measures in place to ensure these standards are satisfied.

Our consultants recommend additional products - both open source and commercial - to ensure suitable security test coverage over all your applications and improve vulnerability management through a centralised system. We integrate this into your existing continuous integration / continuous delivery pipelines to minimise the cost of adoption and increase the effectiveness across all delivery teams. We recommend and implement automated policy enforcement to ensure teams are following the secure development practices we establish and to reduce the risk to production systems.

Numerous testing techniques are used to establish the security quality of your services, such as static analysis, third party dependency vulnerability checking, dynamic analysis, code reviews, architectural reviews and threat modelling. We also close the feedback loop by bringing insight from production monitoring systems into the design of future improvements.

We are happy to work with a clients existing quality management system (QMS) where appropriate.

Security testing

Security services
Yes
Security services type
  • Security strategy
  • Security risk management
  • Security design
  • Security incident management
  • Security audit services

Ongoing support

Ongoing support service
Yes
Types of service supported
  • Hosting or software provided by your organisation
  • Hosting or software provided by a third-party organisation
How the support service works
Our operational philosophy is “you build it, you run it’”. The delivery team responsible for the development of a live service usually also takes responsibility for its operation. We have found that development teams which support their own products are motivated to deliver higher quality, more robust and maintainable code.

When a service is live with real users we expect the delivery team to provide 2nd line (infrastructure, in conjunction with hosting support agreements) and 3rd line (applications) support during business hours. We can agree an appropriate model for 24/7 on-call coverage if required - see our G-Cloud On-Call Support offering for details. We typically establish an on-call rota with delivery team members assigned on a weekly basis.

Our experience is that digital services are never really finished and that it is important to retain some level of investment to allow the addition of new features as the needs of customers (both internal and external) change. Our design of the end-to-end service can include establishing Service Level Agreements for ongoing service evolution and operational support (ensuring agreed levels of service availability).

Service scope

Service constraints
N/A

User support

Email or online ticketing support
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Support levels
We provide an engagement manager on all G-Cloud engagements with responsibility for ensuring customer objectives are met, and for addressing any issues with service delivery. Our engagement managers act as an escalation point, and can be reached via phone or email, to respond to issues beyond the control of the team providing the service. Engagement management is included within our service pricing.

When a service is live with real users we expect the delivery team to provide 2nd line (infrastructure, in conjunction with hosting support agreements) and 3rd line (applications) support during business hours. We can agree an appropriate model for 24/7 on-call coverage if required - see our G-Cloud On-Call Support offering for details. We typically establish an on-call rota with delivery team members assigned on a weekly basis.

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Pricing

Price
£250 to £1,500 a person a day
Discount for educational organisations
Yes

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at solutions@equalexperts.com. Tell them what format you need. It will help if you say what assistive technology you use.