Sopra Steria Ltd

Sopra Steria Managed Information Assurance

We support the evolution and completion of HMG-aligned information assurance security artefacts to meet Accreditation needs. We provide continuity over time and all staff have SC or DV clearance and bring working experience on HMG information assurance matters.


  • Experience to accelerate agreement of Accreditation scopes
  • Breadth of skills addressing a variety of risk remediation requirements
  • Alignment to current HMG standards and NCSC guidance
  • Consistent methodology for risk assessments and remediation plans
  • Coordinating Accreditation activities: vulnerability scanning; ITHC/Pen tests; risks; remediation


  • Accelerates completion of accreditation for current and changed systems
  • Expertise to support a risk assessed and managed operational environment
  • Supports our client’s overall Information Assurance strategy
  • Aligned to our client’s Governance, Risk and Compliance obligations
  • Enables a continuous risk management and assurance regime
  • Informs Operational Security about risk profile changes across the estate
  • Minimises exploits / attacks and improves client’s overall security posture
  • Assistance with Public Sector Network (PSN) Code of Connection compliance
  • Flexible: 1 months’ notice after initial 3 month minimum commitment
  • Access to additional skills to address peaks in requirement


£320 to £1850 per person per day

Service documents


G-Cloud 11

Service ID

8 4 4 2 1 5 9 2 8 7 9 5 3 1 2


Sopra Steria Ltd

Chris Horne

07954 834 818


Planning service Yes
How the planning service works Sopra Steria will help customers in gathering information to support the management and governance of the new service. Some examples of our support are given below:
• Recommend the governance and supporting mechanisms that are most adequate for this service
• Guidance on classified data being handled and processed, whilst taking in account any certification and accreditations the customer may have or intends to hold
• Assist in achieving a compliant predictable operational environment
• Manage the expectation of the user administering the environment and processing the data
• Guidance on how the connectivity to the cloud service is to be protected, monitored
• Support on how security incidents are to be handled
• Recommend on how partners and supply chains are to be managed
• Improve awareness of the extra risks from cloud services and any other risks related to the underlying technology being used
• Address backup, resilience, redundancy and legal requirements.
Planning service works with specific services No


Training service provided Yes
How the training service works Sopra Steria training is focussed on the needs of the customer and addresses the gaps in the customer experience base. We can provide training on a wide range of information security domain/topics that can be both generic and specific to certain applications or administrative tasks. We include a level of one to one training within the scope of our service. Depending on our customer’s requirements we can provide additional training outside the scope of our service onsite/ offsite both for group and one to one, for additional charge.
Training is tied to specific services No

Setup and migration

Setup and migration
Setup or migration service available Yes
How the setup or migration service works Sopra Steria will assist our client by establishing a plan that is specific to their requirements to make sure the migration is as seamless as possible. This can involve a number of items including:
• Ensure there is a Governance structure in place and verify that this is adequate to control the migration
• Understand which of the customer’s critical data will be migrated, where this data will be kept and what measures will be in place to ensure adequate protection
Setup or migration service is for specific cloud services No

Quality assurance and performance testing

Quality assurance and performance testing
Quality assurance and performance testing service Yes
How the quality assurance and performance testing works Sopra Steria will provide adequate level support for quality assurance and performance testing. This is will be dependent on the type of engagement with our client. We provide experienced and qualified staff who will adopt the approach that most suited to our client’s requirements. Our experts will help structure the scope and shape of testing in light of known or likely security risks.
As part our service, all the risks identified, and risk related activities, client concerns, dependencies and constraints will be addressed. This will be achieved considering both the quality assurance and performance testing aspects. Our measures include peer reviews, effective project governance, ongoing consultation with key client stakeholders, client approval at each milestones and verification of deliverable against agreed requirements.

Security testing

Security testing
Security services Yes
Security services type
  • Security strategy
  • Security risk management
  • Security design
  • Cyber security consultancy
  • Security testing
  • Security incident management
  • Security audit services
  • Other
Other security services
  • Security accreditation and compliance support
  • ISO27001 certification audits and compliance support
  • GDPR assessment and compliance support
  • Security architecture support
  • Vulnerability management and scanning
  • Protective monitoring and threat intelligence
Certified security testers Yes
Security testing certifications
  • Other
Other security testing certifications
  • CCP (SIRA/Cyber Architect)
  • MSc Information Security

Ongoing support

Ongoing support
Ongoing support service Yes
Types of service supported
  • Buyer hosting or software
  • Hosting or software provided by your organisation
  • Hosting or software provided by a third-party organisation
How the support service works We can provide several levels of support and these include:
• architecture support (including security) for design and implementation of cloud-based solutions
• co-administration of the environment
• cloud security services, including assessing the security maturity of cloud implementations
• through risk assessment and addressing the specific risks to the environment
• implementing and operating a protective monitoring service
• training service on the environment
• Sopra Steria also has a Cloud Centre of Excellence.

Service scope

Service scope
Service constraints This service is influenced by our customer’s business and regulatory environment, the assets and operations within the scope of our proposed service. The key constraints that can impact our service are:
• Scope of the information assurance service
• Customer operational environment
• Customer risk appetite and compliance requirements
• Existing certifications and accreditations required
• Any third parties dependencies that may impact our service.

User support

User support
Email or online ticketing support Yes, at extra cost
Support response times This is dependent on the SLA and conditions of the contract
Incident handling is agreed at the start, the level and type of response.
User can manage status and priority of support tickets No
Phone support No
Web chat support No
Support levels User Support is not applicable to this service. Depending on the size of our client engagement, we typically allocate a security consultant as the single point of contact for our customer to discuss any ongoing issues or concern within the project.
Our consultants are knowledgeable and very conversant with Sopra Steria cyber security capabilities. If our client requires any support outside the scope of our engagement, our consultant can call upon the relevant subject matter experts to discuss with the customer on how Sopra Steria can help solve their problem.


Supplier type Reseller providing extra features and support
Organisation whose services are being resold No immediate need for 3rd party anticipated

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)


Price £320 to £1850 per person per day
Discount for educational organisations No

Service documents

Return to top ↑