Digi2al Limited

Vulnerability Self-Assessment Tool

VSAT is a flexible online cyber and physical security risk self-assessment software solution. Enabling security audits at scale to UK Government and internationally recognised standards. Ideally suited to organisations that need to conduct multiple forms of security audit across multiple sites. It enables risk based decision making & security investment.

Features

  • Fully flexible micro service architecture and a generic, modular framework
  • Ability to include bespoke question sets and link to policies
  • Critical or sensitive data is encrypted and not held locally
  • Real-time processing and enhancement
  • Roles and permissions based approach to ensure data is protected
  • Includes a ‘Threat Level Multiplier’ assessment against risks

Benefits

  • It's accessible across a variety of platforms
  • It can be rapidly scaled to meet demand
  • Improves situational awareness enabling better decision making and action
  • Reduces capital expenditure whilst increasing operational resilience
  • Improves the consistency of data capture and quality of audits.
  • Enables greater speed of analysis and reduced operating cost

Pricing

£8 to £15 a user a month

  • Education pricing available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at marketplace@digi2al.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

6 3 7 8 4 7 3 3 0 0 3 3 4 4 2

Contact

Digi2al Limited Digi2al HQ
Telephone: 020 3282 7875
Email: marketplace@digi2al.co.uk

Service scope

Software add-on or extension
No
Cloud deployment model
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
Service constraints
N/A
System requirements
Web browser

User support

Email or online ticketing support
Email or online ticketing
Support response times
Response times vary depending on client requirements and agreed SLA. We can tailor our service to meet your requirements.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
The platform can be used with little support, as a self-service offering. Alternatively, we have consultants who can supply setup and deployment expertise at a standard day rate.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Documentation is provided with the platform, and our consultants can offer on site or remove webinars and tutorials.
Service documentation
Yes
Documentation formats
  • HTML
  • ODF
  • PDF
End-of-contract data extraction
Users can export their data to a CSV at any time
End-of-contract process
All data extraction is included in the cost. After the contract ends, all recorded data will be removed from the platform.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Functionality is the same
Service interface
No
API
No
Customisation available
Yes
Description of customisation
The platform can be whitelabeled by the buyer or admin.

Scaling

Independence of resources
The platform has multiple instances running and can be scaled according to the load, ensuring that all users have consistent access.

Analytics

Service usage metrics
Yes
Metrics types
We provide real time dashboards for all campaigns, and reports at the end of the campaign on request
Reporting types
  • Real-time dashboards
  • Reports on request

Resellers

Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
Digital Harmonic

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Physical access control, complying with CSA CCM v3.0
Data sanitisation process
No
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
Clicking a button on the manage campaign page will export all data to a CSV
Data export formats
CSV
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
The platform guarantees 99.9% uptime. We refund accounts which do not experience this level of service via credit.
Approach to resilience
Information available on request.
Outage reporting
Email alerts

Identity and authentication

User authentication needed
Yes
User authentication
Username or password
Access restrictions in management interfaces and support channels
Permissions are set up rigorously so that only the relevant parties have account access. Support staff have limited access to view accounts to troubleshoot.
Access restriction testing frequency
At least once a year
Management access authentication
2-factor authentication

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
Less than 1 month

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
Cyber Essentials Plus

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
No
Security governance approach
We use the latest security best practice and ethical hackers to ensure that our processes and proceedures are resiliant.
Information security policies and processes
A security expert is on the board of the company, and all deployments to the platform are checked by an ethical hacker.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
We have a strict deployment procedure and deployments are checked by an ethical hacker.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
We make extensive use of an ethical hacker who researches the latest threats and applies known vulnerabilities to the platform to ensure that it is resilient.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
We run automated scanners against our systems and use an ethical hacker. Whenever a vulnerability is discovered we patch it immediately and notify our users via email alerts. We respond to all suspected breaches within 24hrs.
Incident management type
Supplier-defined controls
Incident management approach
Users report incidents using an in-platform communication tool. Any incidents that are reported go straight to our incident response team, and users are notified by email if they have been affected in any way.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Pricing

Price
£8 to £15 a user a month
Discount for educational organisations
Yes
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at marketplace@digi2al.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.