SureCloud Limited

Event Management

SureCloud Event Management

SureCloud’s SIEM solution collects and normalises event data from network devices, computers and applications, at which point a sophisticated rules engine identifies key events such as threats, unusual user activity or system and network problems.


  • Simply to use interface
  • Cloud based Software-as-a-Service offering
  • Proactive Alerting
  • Events Dashboards
  • Automated Action Assignment
  • Quick & Easy Reporting
  • Continually Updated Rulesets
  • Full workflow, task assignment and management tools
  • Meet Good Practice Guidance (GPG) 13 Obligations
  • Helps to Meet aspects of PCI Requirement 10


  • Ease of Administration
  • Low Total Cost of Ownership
  • Identify threats
  • Compliance Reporting
  • Backed by SureCloud's NCSC CHECK and CREST Accredited Team


£4000 to £40000 per licence per year

  • Education pricing available

Service documents


G-Cloud 11

Service ID

7 3 5 6 9 2 0 3 3 4 7 2 9 6 6


SureCloud Limited


0208 012 8544

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints No
System requirements A web browser and internet connectivity.

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Tickets are replied to within 4 hours (UK business hours, 9am - 5pm Mon-Fri excluding public holidays)
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.1 AA or EN 301 549
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels All support is part of SureCloud's standard licensing and pricing model.

For the delivery of implementation services, a dedicated single point of contact is provided who can also act as an escalation point if required.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Full onsite and/or remote training (via Webex) is provided depending on what is preferred and also procured from a consultancy perspective.

Full documentation is also provided around platform use.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction Users can extract all data from the platform to CSV/Excel format when the contract ends if required.
End-of-contract process Full access to the licensed features of the SureCloud platform are provided. These are split into the separate 'applications' and the buyer purchases as needed.

There are no additional costs outside of the licensed bracket and implementation costs.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Full functionality is available from mobile devices.
Service interface No
Customisation available Yes
Description of customisation A customised instance of the SureCloud can be provided with corporate branding, logos and colour schemes. An organisation specific URL is also provided.


Independence of resources The environment is scaled, as needed, to meet demand. Each individual platform is also monitored to ensure that the service remains optimal for all users.


Service usage metrics No


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least every 6 months
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Users can download all data to Excel and/of PDF format as required.
Data export formats
  • CSV
  • Other
Other data export formats PDF
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability Monthly Uptime Percentage|Service Credit
Approach to resilience SureCloud has designed and built its own private cloud infrastructure with data at two physical geographically separate locations. The environment has been setup to ensure there are no single points of failure.

Further information is available upon request.
Outage reporting Email Alerts

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels Management access to the underlying infrastructure is only permitted to 3 trusted individuals. These individuals have go through multiple layers of authentication and authorisation before access is possible.

Support staff only have access to accounts within SureCloud they are actively involved in supporting. This is tightly controlled by permissions within the SureCloud application itself.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 British Standards Institution (IS 664769)
ISO/IEC 27001 accreditation date 29/08/17
What the ISO/IEC 27001 doesn’t cover Certificate applies to all products and services delivered both internally and externally by SureCloud globally.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications
  • Cyber Essentials PLUS
  • CREST Member Company
  • NCSC CHECK 'Green Light'
  • PCI Approved Scanning Vendor

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes All policies and processes are accredited to ISO 27001.

Copies of reporting structure and policies themselves are available upon request.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach SureCloud utilises its own technology and platform for management of change requests, which track the whole lifecycle of a change.

A high-level over of the form is as follows:

- Date
- Date change due to be implemented
- Details of change
- Security Impact of change
- Affected systems
- Change reserve plan
- Change success measure
- Change to be authorised by?
- Change Approved?
- Change Completed?
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach SureCloud utilises its own Vulnerability Management platform and technology for scanning and management of its network.

Scans are run on a weekly basis, with automated tasks set to immediately alert the Security Team of any high or critical vulnerabilities.

Patches are deployed to all critical and high vulnerabilities immediately. Medium/low severity vulnerabilities are patched within 1 month.

The security team obtain threat intelligence data from a partner and are subscribed to all relevant social media channels for new vulnerability alerting.
Protective monitoring type Supplier-defined controls
Protective monitoring approach SureCloud uses its own technology and solution Event Manager for this purpose.

The solution has been designed around GPG13 and the PCI Standard Event Management requirements.

Each event is severity weighted and anything high or critical is immediately alerted to the Security Team.

Any potential compromise follows SureClouds incident response processes and, due to the nature of the activity, are actioned immediately.
Incident management type Supplier-defined controls
Incident management approach SureCloud has fully documented incident response policies and procedures, which all staff are extensively trained on.

Users report incidents via the SureCloud platform using the 'Incident Manager' Application, which triggers workflow and escalation to their line manager and incident panel.

Any incidents relating to client data are reported to them within 1 business day, as per SureClouds procedure.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No


Price £4000 to £40000 per licence per year
Discount for educational organisations Yes
Free trial available No

Service documents

Return to top ↑