Computacenter (UK) Ltd

Computacenter Security Operations Centre (SOC)

Enables automatic analysis of security events, generated by network hardware, servers, applications, endpoints and personnel.
Real-time monitoring, correlation of events and notification.
Security events and incidents categorised and escalated into the Security Incident Management process for appropriate containment, eradication and recovery is coordinated to resolution.

Features

  • Security Event Correlation, Aggregation, Categorisation & Prioritisation
  • Security Event Analysis and Response
  • Single point of collation for all security event logs
  • Real-time device monitoring through SIEM technology products
  • Data mining of normalised security data
  • Progressive threat modelling
  • Early identification and classification of security incidents
  • Standard agreed alerts and reports for customers and relevant parties
  • Assist customers to meet regulatory compliance and audits (PCI)
  • Standardised schedule reporting and trending

Benefits

  • 24x7 security monitoring of Customer Infrastructure utilising leading security vendor
  • 30 min escalation SLA for any validated severe security incident
  • Proactive identification of security incidents and abnormal behaviour
  • Provides information for Remediation and Root Cause Analysis
  • Improved communication and understanding of Security Information Event Management requirements
  • A mechanism to help improve the customer regulatory compliance posture
  • Reporting of security metrics
  • Adherence to Internationally recognised standards for Information Security Management
  • Utilising Computacenter’s service management layers to share common best practise
  • Helps customer focus on their core business

Pricing

£2000 per unit

Service documents

G-Cloud 9

840321894780520

Computacenter (UK) Ltd

Karen Baldock

+44 (0) 1707 631000

government@computacenter.com

Service scope

Service scope
Service constraints Data Quality
• Dependant on device logging policy
Device Configuration
• To be undertaken by the device owner
Network
• Route from Device to log collector (firewalls)
Device Owner
• Support by device owner during investigation
Remediation
• Identification and recommendation service – not Remediation service
Vulnerabilities
• To be patched in a timely manner to be effective
Collector Access
• Direct access to collector over VPN
Collectors
• To be located within the customer environment
System requirements
  • Log Collectors end device push logs to collector
  • F/W rules need to be open to support log delivery
  • Sizing based on Log events per second
  • Configuration Quick Start Guides provide
  • Direct access to collector over internet over VPN

User support

User support
Email or online ticketing support Email or online ticketing
Support response times As defined by SLAs
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Yes, at extra cost
Support levels As defined by SLAs
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Standard on boarding process. User provides details of device which are checked and passed to Symantec. The user is then provide with the appropriate device Quick Start Guide. If relevant a call will be hosted to walk the user through the configuration process.
Service documentation Yes
Documentation formats
  • PDF
  • Other
Other documentation formats Excel
End-of-contract data extraction Data is stored for 366 days and then deleted. The access method is via the MSS Portal. Once access to the portal is removed it will not be possible to access the data. It is anticipated that at the end of the contract there would be a period of 3 months of dual running (old system and new system). As such there would be no requirement to extract data and load into a new system. This is because of the potentially very large data volumes which could be in excess of 100+gb of data a day. As data loses its value over time it is anticipated that The 3 month transition would be a pragmatic period
End-of-contract process The log collectors will be decommissioned and the data deleted

Using the service

Using the service
Web browser interface Yes
Using the web interface The Users can view information on the portal, Ticket information, Device information, device log information.
Users have READ access to the information and can run standard and customised reports and view the MSS Dashboard. Data is protected and cannot be amended or deleted.
Web interface accessibility standard None or don’t know
How the web interface is accessible Via the Internet https://mss.symantec.com
Web interface accessibility testing This is a standard interface and we have been using this for several years with existing customers.
API Yes
What users can and can't do using the API N/A – for use with Ticketing interface only
API automation tools Other
Other API automation tools Unknown
API documentation Yes
API documentation formats PDF
Command line interface No

Scaling

Scaling
Scaling available Yes
Scaling type Automatic
Independence of resources The user interface is a web service and this element will scale without needing contact with the support team.
Usage notifications Yes
Usage reporting Other

Analytics

Analytics
Infrastructure or application metrics Yes
Metrics types Other
Other metrics Number and size of log collectors
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Resellers
Supplier type Reseller providing extra features and support
Organisation whose services are being resold Symantec Managed Security Services (MSS)

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations EU-US Privacy Shield agreement locations
User control over data storage and processing locations No
Datacentre security standards Managed by a third party
Penetration testing frequency Never
Protecting data at rest Other
Other data at rest protection approach Third party controlled
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Backup and recovery

Backup and recovery
Backup and recovery Yes
What’s backed up All log data received by Symantec
Backup controls No – this is controlled by Symantec
Datacentre setup Multiple datacentres with disaster recovery
Scheduling backups Users contact the support team to schedule backups
Backup recovery Users contact the support team

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability The service is provided 24*7. Access to the Symantec MSS portal is subject to internet connectivity and standard maintenance. The Standard level is 24*7
Approach to resilience The service is provided 24*7. Access to the Symantec MSS portal is subject to internet connectivity and standard maintenance. The Standard level is 24*7
Outage reporting Planned outages through email notification –unplanned direct all to the SOC.

Identity and authentication

Identity and authentication
User authentication 2-factor authentication
Access restrictions in management interfaces and support channels When a user is set up they are assigned a role. You can use system default roles or create bespoke roles. Each role then has a specific set of activities that they can perform. This is controlled by the MSS Administrator of which there are normally 2. A formal approved request is required prior to any changes being implemented.
Access restriction testing frequency At least every 6 months
Management access authentication 2-factor authentication
Devices users manage the service through Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 BSI
ISO/IEC 27001 accreditation date 28/05/2016
What the ISO/IEC 27001 doesn’t cover Our ISO/IEC 27001 certification covers all our managed service people, processes and IT systems. The areas of our business not covered are those that fall outside the following:
The scope of Certificate number IS 516767 is for the Group Information Security Management System in relation to the UK based Information Services Division encompassing data centre, telephony, system development, implementation, operations, administration and maintenance functions for Computacenter Group Systems, UK Corporate IT Systems and Customer Facing IT Systems including the Managed Services – Service Management Tool Suite (SMTS). This is in accordance with the Statement of Applicability v4.0 dated 10/02/2016.
The scope of Certificate number IS559935 is for the protection of Computacenter and customer information that is accessed, processed or stored by personnel of the Service Operations Division Operational Support and Data Centre Services teams. This is in accordance with the Statement of Applicability v6.5 dated 19/07/2016.
The scope of Certificate number IS 621751 is for protection of information that is accessed, processed or stored by personnel providing Computacenter contracted Desktop Infrastructure Services including Service Management, ITIL Service Lines, Supply Chain Services, Service Operations Engineering Support, Project Support and Operational Security. In accordance with the Statement of Applicability v3.4 dated 09/11/2015.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security accreditations Yes
Any other security accreditations Various which can be discussed

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation Yes
Security governance standards ISO/IEC 27001
Information security policies and processes ISO 9001
ISO 20000-1
HMG Security Policy Framework
GPG13
PCIDSS
The COBIT Framework

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Our Group Change Management service is based on ITIL best practice and has the primary objective of protecting the client production services from outage and disruption resulting from change. The Computacenter GIO Group Change Management team acts as the primary interface for the client Group Change Management team to control changes to IT Infrastructure.
The process is applied and governed to ensure that changes are recorded, evaluated, prioritised, planned, tested, authorised, implemented, documented and reviewed in a controlled manner with minimal or no disruption to the service.
Vulnerability management type Undisclosed
Vulnerability management approach We have in-house vulnerability management processes to cover scheduled and ad-hoc scanning, identification, notification, remediation and reporting.
Customer specific programs are also deployed.
Protective monitoring type Undisclosed
Protective monitoring approach Our protective monitoring processes are based and run in accordance with the service and customer requirements.
Incident management type Supplier-defined controls
Incident management approach Our incident management processes are based on the requirements of each service and interface with our customer, as required by the contract

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart Yes
Who implements virtualisation Third-party
Third-party virtualisation provider VMware Hyper-V Citrix XenServer
How shared infrastructure is kept separate Not applicable

Energy efficiency

Energy efficiency
Energy-efficient datacentres Yes

Pricing

Pricing
Price £2000 per unit
Discount for educational organisations No
Free trial available No

Documents

Documents
Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑