Computacenter (UK) Ltd

Computacenter - Security Operations Centre

Computacenter's Security Operations Centre enables automatic analysis of security events, generated by network hardware, servers, applications, endpoints and personnel. With real-time monitoring, correlation of events and notifications, Security events/incidents are categorised and escalated into the Security Incident Management process for appropriate containment, eradication and recovery is coordinated to resolution.


  • Security Event Correlation, Aggregation, Categorisation & Prioritisation
  • Security Event Analysis and Response
  • Single point of collation for all security event logs
  • Real-time device monitoring through SIEM technology products
  • Data mining of normalised security data
  • Progressive threat modelling
  • Early identification and classification of security incidents
  • Standard agreed alerts and reports for customers and relevant parties
  • Assist customers to meet regulatory compliance and audits (PCI)
  • Standardised schedule reporting and trending


  • 24x7 security monitoring of Customer Infrastructure utilising leading security vendor
  • 30 min escalation SLA for any validated severe security incident
  • Proactive identification of security incidents and abnormal behaviour
  • Provides information for Remediation and Root Cause Analysis
  • Improved Security Information Event Management communication/understanding
  • A mechanism to help improve the customer regulatory compliance posture
  • Reporting of security metrics
  • Adherence to Internationally recognised standards for Information Security Management
  • Utilising Computacenter’s service management layers to share common best practise
  • Helps customer focus on their core business


£450 per unit

Service documents

G-Cloud 10


Computacenter (UK) Ltd

Frameworks Team

+44 (0) 1707 631000

Service scope

Service scope
Service constraints Data Quality
• Dependant on device logging policy
Device Configuration
• To be undertaken by the device owner
• Route from Device to log collector (firewalls)
Device Owner
• Support by device owner during investigation
• Identification and recommendation service – not Remediation service
• To be patched in a timely manner to be effective
Collector Access
• Direct access to collector over VPN
• To be located within the customer environment
System requirements
  • Log Collectors – end device push logs to collector
  • F/W rules – must be open to support log delivery
  • Sizing – based on Log events per second
  • Configuration – Quick Start Guides provide
  • Direct access to collector over internet over VPN

User support

User support
Email or online ticketing support Email or online ticketing
Support response times As defined by SLAs
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Yes, at extra cost
Support levels As defined by SLAs
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Standard on boarding process. User provides details of device which are checked and passed to Vendor. The user is then provide with the appropriate device Quick Start Guide. If relevant a call will be hosted to walk the user through the configuration process.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction Data is stored for 366 days and then deleted. The access method is via the Portal. Once access to the portal is removed it will not be possible to access the data. It is anticipated that at the end of the contract there would be a period of 3 months of dual running (old system and new system). As such there would be no requirement to extract data and load into a new system. This is because of the potentially very large data volumes which could be in excess of 100+gb of data a day. As data loses its value over time it is anticipated that The 3 month transition would be a pragmatic period.
End-of-contract process The log collectors will be decommissioned and the data deleted

Using the service

Using the service
Web browser interface Yes
Using the web interface The Users can view information on the portal, Ticket information, Device information, device log information.
Users have READ access to the information and can run standard and customised reports and view the MSS Dashboard. Data is protected and cannot be amended or deleted.
Web interface accessibility standard None or don’t know
How the web interface is accessible Via the Internet
Web interface accessibility testing This is a standard interface and we have been using this for several years with existing customers.
What users can and can't do using the API N/A – for use with Ticketing interface only
API automation tools Other
API documentation Yes
API documentation formats PDF
Command line interface No


Scaling available Yes
Scaling type Manual
Independence of resources The user interface is a web service and this element will scale without needing contact with the support team.
Usage notifications Yes
Usage reporting Other


Infrastructure or application metrics Yes
Metrics types Other
Other metrics Number and size of log collectors
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Reseller providing extra features and support
Organisation whose services are being resold Tenable

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations Yes
Datacentre security standards Supplier-defined controls
Penetration testing frequency At least every 6 months
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
  • Hardware containing data is completely destroyed
Equipment disposal approach A third-party destruction service

Backup and recovery

Backup and recovery
Backup and recovery Yes
Backup controls No – this is controlled by the Vendor
Datacentre setup Multiple datacentres with disaster recovery
Scheduling backups Supplier controls the whole backup schedule
Backup recovery Users contact the support team

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability The service is provided 24*7
Approach to resilience The service is provided 24*7
Outage reporting Service management function as part of contract.

Identity and authentication

Identity and authentication
User authentication 2-factor authentication
Access restrictions in management interfaces and support channels When a user is set up, they are assigned a role. You can use system default roles or create bespoke roles. Each role then has a specific set of activities that they can perform. This is controlled by our Administrator of which there are normally 2. A formal approved request is required prior to any changes being implemented.
Access restriction testing frequency At least every 6 months
Management access authentication 2-factor authentication
Devices users manage the service through Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 BSI
ISO/IEC 27001 accreditation date 28/05/2016
What the ISO/IEC 27001 doesn’t cover Our ISO/IEC 27001 certification covers all our managed service people, processes and IT systems. The areas of our business not covered are those that fall outside the following:
The scope of Certificate number IS 516767 is for the Group Information Security Management System in relation to the UK based Information Services Division encompassing data centre, telephony, system development, implementation, operations, administration and maintenance functions for Computacenter Group Systems, UK Corporate IT Systems and Customer Facing IT Systems including the Managed Services – Service Management Tool Suite (SMTS). This is in accordance with the Statement of Applicability v4.0 dated 10/02/2016.
The scope of Certificate number IS559935 is for the protection of Computacenter and customer information that is accessed, processed or stored by personnel of the Service Operations Division Operational Support and Data Centre Services teams. This is in accordance with the Statement of Applicability v6.5 dated 19/07/2016.
The scope of Certificate number IS 621751 is for protection of information that is accessed, processed or stored by personnel providing Computacenter contracted Desktop Infrastructure Services including Service Management, ITIL Service Lines, Supply Chain Services, Service Operations Engineering Support, Project Support and Operational Security. In accordance with the Statement of Applicability v3.4 dated 09/11/2015.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification Yes
Who accredited the PCI DSS certification GemServ
PCI DSS accreditation date January 2017
What the PCI DSS doesn’t cover Only the data centres for the specific controls of Requirements 9 – Restrict physical access to cardholder data and 12 - Maintain a policy that addresses information security for all personnel of PCI DSS v3.1, which is not relevant for this service.
Other security certifications Yes
Any other security certifications Various which can be discussed

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes ISO 9001
ISO 20000-1
HMG Security Policy Framework
The COBIT Framework
Cyber Essentials
Information Security Forum Standard of Good Practice

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Our Group Change Management service is based on ITIL best practice and has the primary objective of protecting the client production services from outage and disruption resulting from change. Our Group Change Management team acts as the primary interface for the client to control changes to IT Infrastructure.
The process is applied and governed to ensure that changes are recorded, evaluated, prioritised, planned, tested, authorised, implemented, documented and reviewed in a controlled manner with minimal or no disruption to the service.
Vulnerability management type Supplier-defined controls
Vulnerability management approach We have in-house vulnerability management processes to cover scheduled and ad-hoc scanning, identification, notification, remediation and reporting.
Customer specific programs are also deployed.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Our protective monitoring processes are based and run in accordance with the service and customer requirements.
Incident management type Supplier-defined controls
Incident management approach Our incident management processes are based on the requirements of each service and interface with our customer, as required by the contract.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart Yes
Who implements virtualisation Third-party
Third-party virtualisation provider VMware Hyper-V Citrix XenServer
How shared infrastructure is kept separate Not applicable

Energy efficiency

Energy efficiency
Energy-efficient datacentres Yes


Price £450 per unit
Discount for educational organisations No
Free trial available No


Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑