Sopra Steria Ltd

Sopra Steria Governance, Risk and Compliance Service

Expertise and structured approach to support the Chief Information Security Officer in developing and operating a thorough and effective security strategy aligned to the business. The core service includes assessment of information, assurance strategy, risks, and periodic audit of controls. Our team support governance to shape, communicate and prioritise remediation.


  • Structured method and approach to address breadth of risk
  • Assessments are compliant with HMG Security Policy Framework (IS1&2).
  • Governance support includes executive briefings and facilitation of working groups
  • Scope includes technical design and operational security review
  • Scope includes Personnel Security, Physical, Environment and Operational Security
  • Scope includes Privileged User Management, Protective Monitoring Controls
  • Scope includes Incident Management, Backup and Archiving Policy
  • Scope includes Protective Monitoring Services, applying CESG GPG 13 controls
  • Access to additional specialist skills if required


  • Expertise to accelerate review and refresh of risk and security
  • Insight to identify business risks relevant to current threat landscape
  • Expertise to articulate cyber risks and obtain business sponsorship
  • Insight to help prioritise risks and drive remediation effort
  • Tried and tested methodologies for effective governance and controls
  • Assistance with Public Sector Network (PSN) Code of Connection compliance
  • Experience advisory support across all domains of cyber security
  • Flexible: 1 months’ notice after initial three month minimum commitment
  • Access to additional skills to address peaks in requirement
  • Service available in England, Scotland, Northern Ireland or Wales


£320 to £1850 per person per day

Service documents


G-Cloud 11

Service ID

9 7 9 4 5 4 9 9 8 3 0 3 7 4 2


Sopra Steria Ltd

Chris Horne

07954 834 818


Planning service
How the planning service works
Sopra Steria will help customers in gathering information to support the management and governance of the new service. Some examples of our support are given below:
• Recommend the governance and supporting mechanisms that are most adequate for this service
• Guidance on classified data being handled and processed, whilst taking in account any certification and accreditations the customer may have or intends to hold
• Assist in achieving a compliant predictable operational environment
• Manage the expectation of the user administering the environment and processing the data
• Guidance on how the connectivity to the cloud service is to be protected, monitored
• Support on how security incidents are to be handled
• Recommend on how partners and supply chains are to be managed
• Improve awareness of the extra risks from cloud services and any other risks related to the underlying technology being used
• Address backup, resilience, redundancy and legal requirements.
Planning service works with specific services


Training service provided
How the training service works
Sopra Steria training is focussed on the needs of the customer and addresses the gaps in the customer experience base. We can provide training on a wide range of information security domain/topics that can be both generic and specific to certain applications or administrative tasks. We include a level of one to one training within the scope of our service. Depending on our customer’s requirements we can provide additional training outside the scope of our service onsite/ offsite both for group and one to one, for additional charge.
Training is tied to specific services

Setup and migration

Setup or migration service available
How the setup or migration service works
Sopra Steria will assist our client by establishing a plan that is specific to their requirements to make sure the migration is as seamless as possible. This can involve a number of items including:
• Ensure there is a Governance structure in place and verify that this is adequate to control the migration
• Understand which of the customer’s critical data will be migrated, where this data will be kept and what measures will be in place to ensure adequate protection
Setup or migration service is for specific cloud services

Quality assurance and performance testing

Quality assurance and performance testing service
How the quality assurance and performance testing works
Sopra Steria will provide adequate level support for quality assurance and performance testing. This is will be dependent on the type of engagement with our client. We provide experienced and qualified staff who will adopt the approach that most suited to our client’s requirements. Our experts will help structure the scope and shape of testing in light of known or likely security risks.
As part our service, all the risks identified, and risk related activities, client concerns, dependencies and constraints will be addressed. This will be achieved considering both the quality assurance and performance testing aspects. Our measures include peer reviews, effective project governance, ongoing consultation with key client stakeholders, client approval at each milestones and verification of deliverable against agreed requirements.

Security testing

Security services
Security services type
  • Security strategy
  • Security risk management
  • Security design
  • Cyber security consultancy
  • Security testing
  • Security incident management
  • Security audit services
  • Other
Other security services
  • Security accreditation and compliance support
  • ISO27001 certification audits and compliance support
  • GDPR assessment and compliance support
  • Security architecture support
  • Vulnerability management and scanning
  • Protective monitoring and threat intelligence
Certified security testers
Security testing certifications
  • Other
Other security testing certifications
  • CCP (SIRA/Cyber Architect)
  • MSc Information Security

Ongoing support

Ongoing support service
Types of service supported
  • Buyer hosting or software
  • Hosting or software provided by your organisation
  • Hosting or software provided by a third-party organisation
How the support service works
We can provide several levels of support and these include:
• architecture support (including security) for design and implementation of cloud-based solutions
• co-administration of the environment
• cloud security services, including assessing the security maturity of cloud implementations
• through risk assessment and addressing the specific risks to the environment
• implementing and operating a protective monitoring service
• training service on the environment
• Sopra Steria also has a Cloud Centre of Excellence.

Service scope

Service constraints
• Potentially the existing customer operational environment may impact the effectiveness of controls and level of business risk including the capability in areas of backup, audit, access control and security certificates.
• We currently do not have PCIDSS QDA experts currently, although we have established and reputable security partners who can support us when required.

User support

Email or online ticketing support
Yes, at extra cost
Support response times
This is dependent on the SLA and conditions of the contract
Incident handling is agreed at the start, the level and type of response.
User can manage status and priority of support tickets
Phone support
Web chat support
Support levels
User Support is not applicable to this service. Depending on the size of our client engagement, we typically allocate a security consultant as the single point of contact for our customer to discuss any ongoing issues or concern within the project.
Our consultants are knowledgeable and very conversant with Sopra Steria cyber security capabilities. If our client requires any support outside the scope of our engagement, our consultant can call upon the relevant subject matter experts to discuss with the customer on how Sopra Steria can help solve their problem.


Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
No immediate need for 3rd party anticipated

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)


£320 to £1850 per person per day
Discount for educational organisations

Service documents

Return to top ↑