Capgemini UK plc

Cybersecurity - Managed Security Service (MSS) SOC Security Information and Event Management (SIEM)

This service offers insight and response to security threats against enterprise and cloud environments by providing professional management of security information. It uses IT and business related use cases to discover, analyse, triage and respond to suspect behaviours from systems and their users, continuously improving and tuning use cases.


  • Global and experienced SOC capability supporting many languages
  • Onshore, Nearshore and Offshore delivery centres
  • Fast deployable Multi-Tenant SIEM platform (or on premise implementation)
  • Pay per use model on SOC and Multi-Tenant SIEM
  • High availability & Disaster Recovery options
  • Capgemini or client technologies
  • Use cases prioritised to business needs
  • 24*7 monitoring and response
  • Golden hour response processes deployed to use cases
  • Fully managed service


  • Can overcome the security skills gap
  • Offers no/low CapEx investment on technology and SOC
  • Deploy a basic SOC capability in weeks rather than months/years
  • Can provide transparent and actionable information on threats
  • Can provide 360 degree insight on security landscape
  • Offers SOC capability in location of choice
  • Offers multi-tenant SIEM platform or client technology
  • Can provide fast response to security incidents


£5828.20 per unit per month

Service documents


G-Cloud 11

Service ID

9 4 9 5 8 6 8 2 2 2 9 4 9 6 0


Capgemini UK plc

Giovanna Borgia

+44(0)370 904 4858

Service scope

Service constraints
Any constraints will be identified through discussion with the buyer.
System requirements
Capgemini’s policy is leveraging clients existing investments wherever possible.

User support

Email or online ticketing support
Email or online ticketing
Support response times
We aim to acknowledge receipt of questions within one day. Resolution times will be according to the SLA for the service.
User can manage status and priority of support tickets
Online ticketing support accessibility
None or don’t know
Phone support
Phone support availability
24 hours, 7 days a week
Web chat support
Onsite support
Yes, at extra cost
Support levels
A technical account manager or equivalent is available to act as a point of contact in respect of the service 9 to 5 (UK time), Monday to Friday.
Longer hours are optionally supported unless already provided for in the offer.
Support available to third parties

Onboarding and offboarding

Getting started
We help users make use of our services through training and documentation as appropriate on a case by case basis.
Service documentation
Documentation formats
  • PDF
  • Other
Other documentation formats
Contact Capgemini directly, if documentation is required in other formats
End-of-contract data extraction
Arrangements for Buyer data to be extracted can be agreed at the start of each contract, and the execution of such arrangements can be completed as part of the contract close down procedures.
End-of-contract process
At the end of the contract, Capgemini can review with the Buyer:
that contractual obligations have been met,
that invoices have been raised and paid,
that no outstanding, documented issues remain (unless agreed otherwise),
that access rights have been terminated and user IDs deleted and
that data had been backed up and recovered as appropriate.

Using the service

Web browser interface
Command line interface


Scaling available
Independence of resources
The BAU part of the service is scaled for agreed activities. During exceptional demand, e.g. security incidents, BAU activities may take longer to execute, however additional resources can be deployed to address shortfalls.
Usage notifications
Usage reporting
  • Email
  • Other


Infrastructure or application metrics
Metrics types
Other metrics
Contact Capgemini directly for details of any other metrics required
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
Less than once a year
Penetration testing approach
Protecting data at rest
  • Physical access control, complying with another standard
  • Other
Other data at rest protection approach
Please contact Capgemini directly, if other data protection arrangements are required.
Data sanitisation process
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Hardware containing data is completely destroyed
Equipment disposal approach
A third-party destruction service

Backup and recovery

Backup and recovery

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection between networks
Please contact Capgemini directly, if other data protection arrangements are required.
Data protection within supplier network
Other protection within supplier network
Please contact Capgemini directly, if other data protection arrangements are required.

Availability and resilience

Guaranteed availability
The service levels, availability levels and any associated service credits will be detailed in the Supplier Terms and the Service Definition.
Approach to resilience
Please contact Capgemini directly for this information.
Outage reporting
We will use the means defined in the service definition, or as agreed during project initiation or the next earliest opportunity.

Identity and authentication

User authentication
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
Remote support access by Capgemini personnel to the buyer’s network, systems and applications is provided via a secure, standard, two tiered Citrix implementation with Transport Layer Security. Tier One is located in the Capgemini Data Centres.
Because the Client Access Point is located on the buyer’s network, the buyer must provide Capgemini personnel credentials and user accounts, in order to access systems or applications on their network. The buyer’s existing security systems, policies and procedures inherently apply. The buyer must provide a file share for Capgemini so that none of their data leaves their network.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Username or password
Devices users manage the service through
Dedicated device over multiple services or networks

Audit information for users

Access to user activity audit information
No audit information available
Access to supplier activity audit information
You control when users can access audit information
How long supplier audit data is stored for
Between 1 month and 6 months
How long system logs are stored for
Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
Please contact Capgemini directly for information regarding ISO/IEC27001 certification.
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes
Capgemini follows its own information security policy, which is referenced against ISO27001:2013 - Information Technology - Security Techniques - Information Security Management Systems - Requirements, ISO 27002:2013 - Information Technology - Security Techniques - Code of Practice for Information Security Controls, and the Information Security Forum - Standard of Good Practice (2014).

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Capgemini 's configuration and change management processes are set out in its ‘Unified Project Method’ (UPM), but can be adapted to comply with specific requirements by agreement with individual Buyers (tailored services may attract additional charges).
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Scanning subscriptions and schedules are created to meet buyer’s requirements for vulnerability discovery.
Assets are prioritized based on their business criticality.
Vulnerability Analysis is completed against the vulnerability scanning raw output and used to produce detailed and targeted reporting at a low level for technical delivery teams and a high level for management view of risk surfaces.
Technical reports help technology support teams to calibrate patching cycles to allow vulnerabilities found to be remediated effectively by potential risk priority. Capgemini manages the information ingestion and assists in remediation activity planning across parties.
Rescans are subsequently undertaken to verify closed vulnerabilities.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
(1) We can identify potential compromises through a variety of means including SIEM, user reports and vulnerability scanning.
(2) Potential compromises and events of interest are triaged by our Security Operations Centre and investigated to eliminate false positives. Confirmed events are then treated as security incidents according to their assessed severity.
(3) Timescales depend on the detection route and complexity following triage analysis.
If further information required please contact Capgemini directly.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Capgemini 's incident management processes are set out in its ‘Unified Service Method’ (USM), but can be adapted to comply with specific requirements by agreement with individual Buyers (tailored services may attract additional charges).

Secure development

Approach to secure software development best practice
Supplier-defined process

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart

Energy efficiency

Energy-efficient datacentres
Description of energy efficient datacentres
Capgemnini is a registered participant to the European Code of Conduct on Data Centres and all datacentres are operated under the certified ISO14001 Environmental Management System which includes the target to improve data centre energy efficiency and reduce the average PUE ratio to 1.5 by 2020.


£5828.20 per unit per month
Discount for educational organisations
Free trial available

Service documents

Return to top ↑