ebitConsultancy Ltd.

Regulatory Compliance

To help the organisation achieve and maintain compliance with GDPR/DPA, PECR/ePrivacy and other regulations. We provide consultancy and solutions to improve information governance, cyber security and staff education


  • constantly up-to-date documentation
  • virtual Data Protection Officer
  • Compliance with GDPR/DPA, PECR/ePrivacy, and other relevant privacy/data protection regulations
  • Staff training is usually included


  • Everything is produced for normal people
  • Comprehensive, common sense approach
  • We produce only what is needed
  • Flexible, adaptable solutions


£3000 per unit per year

  • Education pricing available

Service documents

G-Cloud 10


ebitConsultancy Ltd.

Scott Taylor



Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints As with all computer systems, there will be periodic downtime to update software and improve the service. This will be scheduled for outside the core hours and typically during the weekend or public holidays
System requirements
  • Internet Access
  • Modern Web Browsers

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Depending on the problem, it could be instantaneous or usually within 24-hours during the week. Weekends will usually be best endeavour unless prior arrangements have been made
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Onsite support
Support levels Our standard support is determined by the client requirements and we offer great flexibility around them. All support is included in the costs so that there are no additional costs to factor in. If necessary we can provide a dedicated account manager.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started Once the users sign-up, we provide online and onsite training as required
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction They will be able to download all documentation and certificates
End-of-contract process We provide everything required as part of the agreed contract price. There are no additional cost extras. At the end of the contract, core access is revoked but they are still able to download their data and documents for 1 calendar month afterwards.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The displays auto adjust
Accessibility standards None or don’t know
Description of accessibility Our utility works through a standard web browser providing limited accessibility features through there
Accessibility testing None
Customisation available Yes
Description of customisation It can be branded with fonts, logos and layout as required


Independence of resources Each organisation has its own independent virtual machine on over specified hardware


Service usage metrics No


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance None

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least every 6 months
Penetration testing approach ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach They are free to download any documentation and certificates
Data export formats
  • ODF
  • Other
Other data export formats Pdf
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability Our SLA guarantees service availability between 8am and 8pm on normal business days
Approach to resilience Multiple distributed data centres
Outage reporting Email alerts and a public dashboard

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels Support staff need to be logged on to the servers
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information You control when users can access audit information
How long user audit data is stored for Between 1 month and 6 months
Access to supplier activity audit information You control when users can access audit information
How long supplier audit data is stored for Between 1 month and 6 months
How long system logs are stored for Between 6 months and 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications
  • IASME Gold Standard
  • Cyber Essentials

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards Other
Other security governance standards IASME Gold Standard, Cyber Essentials
Information security policies and processes We are a small business with a very simple reporting structure. As a security company we have adherence to the policies as part of our contracts

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach All equipment is logged and any changes are independently approved by the owner
Vulnerability management type Supplier-defined controls
Vulnerability management approach We test out all new attack vectors based on a variety of threat information sources. Any patches or protective measures which are available are deployed immediately.
Protective monitoring type Supplier-defined controls
Protective monitoring approach We have a variety of tools which monitor external and internal access to our systems and any activity which falls outside normal behaviour is immediately alerted, logged, ring fenced and investigated.
Incident management type Supplier-defined controls
Incident management approach Our approach is based on the ISO27035:2011 approach. Most common events are picked up by our tools and reported on accordingly. Incident reports are generated by our systems and are available on request

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No


Price £3000 per unit per year
Discount for educational organisations Yes
Free trial available No


Pricing document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑