Leonardo MW Ltd

Protective Monitoring

Provides IL3 monitoring services in real-time to detect potential violations or suspicious activity, as per the CESG GPG13. We notify customers of cyber security events and manage the incident handling process. We operate from a List X site and provide a scalable capability (see below), to best meet customers’ needs.


  • Scalable capability from 9-5 Monday to Friday, through to 24/7/365
  • Fully Managed Service and “Virtual SOC” operating models
  • Built and operated to CESG Good Practice Guide 13
  • Delivered from UK based ISO 27001:2013 accredited Security Operations Centre
  • Delivered in accordance with ITIL V3 processes
  • Monitoring platform fed with rich threat intelligence data
  • Includes proactive analysis to improve detection of advanced threats
  • Rapid on-boarding
  • Authentication, authorisation and accounting information captured, stored from every device
  • Events are retained securely for investigations and post incident review


  • Reduced impact of cyber-attacks through improved monitoring and response
  • Reduced dependency on in-demand security staff freeing up resource elsewhere
  • Compliance with legislation, government guidelines, regulations and policy
  • Rapid delivery of protective monitoring utilizing existing facility and toolset
  • Multi-source threat intelligence feed aids attack detection
  • Data analysed by highly trained and experienced analysts
  • Supports the mitigation of specific security risks
  • Tailored service levels to meet your risk appetite and budget
  • Customer-accessible dashboards provide situational awareness
  • Turn-key solution enables rapid service transition


£24.00 to £50.00 per device per month

Service documents

G-Cloud 9


Leonardo MW Ltd

Richard Quinlan

+44 (0) 117 900 8975


Service scope

Service scope
Service constraints Not applicable
System requirements The PMS Service Definition Document includes all relevant requirements

User support

User support
Email or online ticketing support Email or online ticketing
Support response times In line with agreed SLAs
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.0 AAA
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Onsite support
Support levels The Protective Monitoring Service provides for three levels of service; Bronze, Silver and Gold.
Refer to the Service Definition document for full details
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Refer to service definition document
Service documentation Yes
Documentation formats Other
Other documentation formats MS Word
End-of-contract data extraction Leonardo securly supplies customers with all relevent data as part of the offboarding process
End-of-contract process To suit the customer, via agreement between the parties

Using the service

Using the service
Web browser interface Yes
Using the web interface Currently users are able to access incident tickets and reports through the Leonardo service management portal
Web interface accessibility standard WCAG 2.0 AAA
Web interface accessibility testing Web chat is not available as part of this service
What users can and can't do using the API Leonardo will assist the users to set up (and thereafter make changes through) the API
API automation tools Ansible
API documentation Yes
API documentation formats Open API (also known as Swagger)
Command line interface No


Scaling available Yes
Scaling type Automatic
Independence of resources Leonardo monitors service utilisation and can deploy a number of countermeasures to ensure users’ demands on the service do not interfere with each other
Usage notifications Yes
Usage reporting API


Infrastructure or application metrics Yes
Metrics types CPU
Reporting types API access


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least every 6 months
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest Physical access control, complying with CSA CCM v3.0
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery
Backup and recovery Yes
What’s backed up
  • The service backs up customers log data
  • The service backs up any customer specific content
Backup controls By agreement
Datacentre setup Multiple datacentres with disaster recovery
Scheduling backups Users schedule backups through a web interface
Backup recovery Users can recover backups themselves, for example through a web interface

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks Private network or public sector network
Data protection within supplier network Other
Other protection within supplier network Private WAN Service

Availability and resilience

Availability and resilience
Guaranteed availability This would depend on the service level - see service definition
Approach to resilience The service includes elements of resilience.
Outage reporting The customer service manager contacts each customer with the details.

Identity and authentication

Identity and authentication
User authentication 2-factor authentication
Access restrictions in management interfaces and support channels Users access the service management portal using username/password over a private VPN link
Access restriction testing frequency At least every 6 months
Management access authentication 2-factor authentication
Devices users manage the service through Dedicated device on a segregated network (providers own provision)

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 LRQA
ISO/IEC 27001 accreditation date 13/11/2014
What the ISO/IEC 27001 doesn’t cover The corporate infrastructure used by Leonardo employees is not covered within the scope of the accreditation
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security accreditations No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation Yes
Security governance standards
  • CSA CCM version 3.0
  • ISO/IEC 27001
Information security policies and processes Leonardo operates a fully accredited Information Security Management System in accordance with ISO27001, augmented with industry good practice

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach Leonardo operates configuration and change management aligned with ITILv3 concepts
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach Leonardo operate a robust vulnerability management process, tracking CVEs and applying proprietary risk assessment inline with good practice
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Leonardo protects its services with protective monitoring inline with CESG published GPG13
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Leonardo operates incident management processes aligned with ITILv3 concepts

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart Yes
Who implements virtualisation Supplier
Virtualisation technologies used VMware
How shared infrastructure is kept separate The SIEM and other technologies used by Leonardo include application level mechanisms to segment customer data

Energy efficiency

Energy efficiency
Energy-efficient datacentres Yes


Price £24.00 to £50.00 per device per month
Discount for educational organisations No
Free trial available No


Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑