Digi2al Limited

Vulnerability Self-Assessment Tool

VSAT is a flexible online cyber and physical security risk self-assessment software solution. Enabling security audits at scale to UK Government and internationally recognised standards. Ideally suited to organisations that need to conduct multiple forms of security audit across multiple sites. It enables risk based decision making & security investment.


  • Fully flexible micro service architecture and a generic, modular framework
  • Ability to include bespoke question sets and link to policies
  • Critical or sensitive data is encrypted and not held locally
  • Real-time processing and enhancement
  • Roles and permissions based approach to ensure data is protected
  • Includes a ‘Threat Level Multiplier’ assessment against risks


  • It's accessible across a variety of platforms
  • It can be rapidly scaled to meet demand
  • Improves situational awareness enabling better decision making and action
  • Reduces capital expenditure whilst increasing operational resilience
  • Improves the consistency of data capture and quality of audits.
  • Enables greater speed of analysis and reduced operating cost


£8 to £15 a user a month

  • Education pricing available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at marketplace@digi2al.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 12

Service ID

6 3 7 8 4 7 3 3 0 0 3 3 4 4 2


Digi2al Limited Digi2al HQ
Telephone: 020 3282 7875
Email: marketplace@digi2al.co.uk

Service scope

Software add-on or extension
Cloud deployment model
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
Service constraints
System requirements
Web browser

User support

Email or online ticketing support
Email or online ticketing
Support response times
Response times vary depending on client requirements and agreed SLA. We can tailor our service to meet your requirements.
User can manage status and priority of support tickets
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Phone support availability
24 hours, 7 days a week
Web chat support
Onsite support
Yes, at extra cost
Support levels
The platform can be used with little support, as a self-service offering. Alternatively, we have consultants who can supply setup and deployment expertise at a standard day rate.
Support available to third parties

Onboarding and offboarding

Getting started
Documentation is provided with the platform, and our consultants can offer on site or remove webinars and tutorials.
Service documentation
Documentation formats
  • HTML
  • ODF
  • PDF
End-of-contract data extraction
Users can export their data to a CSV at any time
End-of-contract process
All data extraction is included in the cost. After the contract ends, all recorded data will be removed from the platform.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
Functionality is the same
Service interface
Customisation available
Description of customisation
The platform can be whitelabeled by the buyer or admin.


Independence of resources
The platform has multiple instances running and can be scaled according to the load, ensuring that all users have consistent access.


Service usage metrics
Metrics types
We provide real time dashboards for all campaigns, and reports at the end of the campaign on request
Reporting types
  • Real-time dashboards
  • Reports on request


Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
Digital Harmonic

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Physical access control, complying with CSA CCM v3.0
Data sanitisation process
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
Clicking a button on the manage campaign page will export all data to a CSV
Data export formats
Data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
The platform guarantees 99.9% uptime. We refund accounts which do not experience this level of service via credit.
Approach to resilience
Information available on request.
Outage reporting
Email alerts

Identity and authentication

User authentication needed
User authentication
Username or password
Access restrictions in management interfaces and support channels
Permissions are set up rigorously so that only the relevant parties have account access. Support staff have limited access to view accounts to troubleshoot.
Access restriction testing frequency
At least once a year
Management access authentication
2-factor authentication

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
How long system logs are stored for
Less than 1 month

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications
Any other security certifications
Cyber Essentials Plus

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance approach
We use the latest security best practice and ethical hackers to ensure that our processes and proceedures are resiliant.
Information security policies and processes
A security expert is on the board of the company, and all deployments to the platform are checked by an ethical hacker.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
We have a strict deployment procedure and deployments are checked by an ethical hacker.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
We make extensive use of an ethical hacker who researches the latest threats and applies known vulnerabilities to the platform to ensure that it is resilient.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
We run automated scanners against our systems and use an ethical hacker. Whenever a vulnerability is discovered we patch it immediately and notify our users via email alerts. We respond to all suspected breaches within 24hrs.
Incident management type
Supplier-defined controls
Incident management approach
Users report incidents using an in-platform communication tool. Any incidents that are reported go straight to our incident response team, and users are notified by email if they have been affected in any way.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks


£8 to £15 a user a month
Discount for educational organisations
Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at marketplace@digi2al.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.