Sopra Steria Governance, Risk and Compliance Service
Expertise and structured approach to support the Chief Information Security Officer in developing and operating a thorough and effective security strategy aligned to the business. The core service includes assessment of information, assurance strategy, risks, and periodic audit of controls. Our team support governance to shape, communicate and prioritise remediation.
- Structured method and approach to address breadth of risk
- Assessments are compliant with HMG Security Policy Framework (IS1&2).
- Governance support includes executive briefings and facilitation of working groups
- Scope includes technical design and operational security review
- Scope includes Personnel Security, Physical, Environment and Operational Security
- Scope includes Privileged User Management, Protective Monitoring Controls
- Scope includes Incident Management, Backup and Archiving Policy
- Scope includes Protective Monitoring Services, applying CESG GPG 13 controls
- Access to additional specialist skills if required
- Expertise to accelerate review and refresh of risk and security
- Insight to identify business risks relevant to current threat landscape
- Expertise to articulate cyber risks and obtain business sponsorship
- Insight to help prioritise risks and drive remediation effort
- Tried and tested methodologies for effective governance and controls
- Assistance with Public Sector Network (PSN) Code of Connection compliance
- Experience advisory support across all domains of cyber security
- Flexible: 1 months’ notice after initial three month minimum commitment
- Access to additional skills to address peaks in requirement
- Service available in England, Scotland, Northern Ireland or Wales
£320 to £1850 per person per day
- Pricing document
- Skills Framework for the Information Age rate card
- Terms and conditions
- Modern Slavery statement
Sopra Steria Ltd
07954 834 818
|How the planning service works||
Sopra Steria will help customers in gathering information to support the management and governance of the new service. Some examples of our support are given below:
• Recommend the governance and supporting mechanisms that are most adequate for this service
• Guidance on classified data being handled and processed, whilst taking in account any certification and accreditations the customer may have or intends to hold
• Assist in achieving a compliant predictable operational environment
• Manage the expectation of the user administering the environment and processing the data
• Guidance on how the connectivity to the cloud service is to be protected, monitored
• Support on how security incidents are to be handled
• Recommend on how partners and supply chains are to be managed
• Improve awareness of the extra risks from cloud services and any other risks related to the underlying technology being used
• Address backup, resilience, redundancy and legal requirements.
|Planning service works with specific services||No|
|Training service provided||Yes|
|How the training service works||Sopra Steria training is focussed on the needs of the customer and addresses the gaps in the customer experience base. We can provide training on a wide range of information security domain/topics that can be both generic and specific to certain applications or administrative tasks. We include a level of one to one training within the scope of our service. Depending on our customer’s requirements we can provide additional training outside the scope of our service onsite/ offsite both for group and one to one, for additional charge.|
|Training is tied to specific services||No|
Setup and migration
|Setup or migration service available||Yes|
|How the setup or migration service works||
Sopra Steria will assist our client by establishing a plan that is specific to their requirements to make sure the migration is as seamless as possible. This can involve a number of items including:
• Ensure there is a Governance structure in place and verify that this is adequate to control the migration
• Understand which of the customer’s critical data will be migrated, where this data will be kept and what measures will be in place to ensure adequate protection
|Setup or migration service is for specific cloud services||No|
Quality assurance and performance testing
|Quality assurance and performance testing service||Yes|
|How the quality assurance and performance testing works||
Sopra Steria will provide adequate level support for quality assurance and performance testing. This is will be dependent on the type of engagement with our client. We provide experienced and qualified staff who will adopt the approach that most suited to our client’s requirements. Our experts will help structure the scope and shape of testing in light of known or likely security risks.
As part our service, all the risks identified, and risk related activities, client concerns, dependencies and constraints will be addressed. This will be achieved considering both the quality assurance and performance testing aspects. Our measures include peer reviews, effective project governance, ongoing consultation with key client stakeholders, client approval at each milestones and verification of deliverable against agreed requirements.
|Security services type||
|Other security services||
|Certified security testers||Yes|
|Security testing certifications||
|Other security testing certifications||
|Ongoing support service||Yes|
|Types of service supported||
|How the support service works||
We can provide several levels of support and these include:
• architecture support (including security) for design and implementation of cloud-based solutions
• co-administration of the environment
• cloud security services, including assessing the security maturity of cloud implementations
• through risk assessment and addressing the specific risks to the environment
• implementing and operating a protective monitoring service
• training service on the environment
• Sopra Steria also has a Cloud Centre of Excellence.
• Potentially the existing customer operational environment may impact the effectiveness of controls and level of business risk including the capability in areas of backup, audit, access control and security certificates.
• We currently do not have PCIDSS QDA experts currently, although we have established and reputable security partners who can support us when required.
|Email or online ticketing support||Yes, at extra cost|
|Support response times||
This is dependent on the SLA and conditions of the contract
Incident handling is agreed at the start, the level and type of response.
|User can manage status and priority of support tickets||No|
|Web chat support||No|
User Support is not applicable to this service. Depending on the size of our client engagement, we typically allocate a security consultant as the single point of contact for our customer to discuss any ongoing issues or concern within the project.
Our consultants are knowledgeable and very conversant with Sopra Steria cyber security capabilities. If our client requires any support outside the scope of our engagement, our consultant can call upon the relevant subject matter experts to discuss with the customer on how Sopra Steria can help solve their problem.
|Supplier type||Reseller providing extra features and support|
|Organisation whose services are being resold||No immediate need for 3rd party anticipated|
|Staff security clearance||Other security clearance|
|Government security clearance||Up to Developed Vetting (DV)|
|Price||£320 to £1850 per person per day|
|Discount for educational organisations||No|