Service Definition Document

Size: px
Start display at page:

Download "Service Definition Document"

Transcription

1 Service Definition Document QinetiQ Secure Cloud Protective Monitoring Service (AWARE) QinetiQ Secure Cloud Protective Monitoring Service (DETER) Secure Multi-Tenant Protective Monitoring Service (AWARE) Secure Multi-Tenant Protective Monitoring Service (DETER) Specialist Cloud Services version 5.0

2 Content 1. Introduction QinetiQ Secure Cloud Protective Monitoring Service (AWARE) QinetiQ Secure Cloud Protective Monitoring Service (DETER) Secure Multi-Tenant Protective Monitoring Service (AWARE) Secure Multi-Tenant Protective Monitoring Service (DETER) QinetiQ Limited, 2014 Page 2 of 21

3 1. Introduction With the advent of Cloud technologies, it has never been more important for Government and Private companies to comply with regulatory standards and, more importantly, have a mechanism by which they are able to effectively manage and mitigate risks. To assist in meeting this challenge QinetiQ developed the UK s first GPG13 AWARE and DETER Protective Monitoring Managed Services. QinetiQ draws on a unique heritage of providing security expertise to UK and other Governments to achieve high levels of security. Through this knowledge and expertise, QinetiQ has developed the following service offerings, that can be easily adopted and tailored to meet customers specific risk management requirements: Secure Cloud Protective Monitoring Service at AWARE; a Cloud based Protective Monitoring Service for customers with deployed services within the Skyscape Cloud virtual environment, providing centralised storage of Security event data following guidance at the IS1 AWARE segment. Secure Cloud Protective Monitoring Service at DETER; a Cloud based Protective Monitoring Service for customers with deployed services within the Skyscape Cloud virtual environment, providing a fully Managed Service operating against IS1 and IS2 DETER, providing 24x7 monitoring and alerting of Security events and alerts. Secure Multi-tenanted Protective Monitoring Service at AWARE; A centralised multitenanted architecture delivering centralised storage of Security event data following guidance at the IS1 AWARE segment. Secure Multi-tenanted Protective Monitoring Service at DETER; A centralised multitenanted architecture delivering a fully Managed Service operating against IS1 and IS2 DETER, providing 24x7 monitoring and alerting of Security events and alerts. QinetiQ Limited, 2014 Page 3 of 21

4 2. QinetiQ Secure Cloud Protective Monitoring Service (AWARE) Service Overview The QinetiQ Secure Cloud Protective Monitoring Service enables customer organisations to effectively manage and mitigate risks posed to their Information Technology environments deployed upon the Skyscape Cloud Services virtual architecture. The Secure Cloud Protective Monitoring Service consists of a set of robust business processes, underpinned by technology, delivered by people and operated in line with the guidelines defined within HMG Good Practice Guide Protective Monitoring for HMG ICT Systems, Issue 1.7 (GPG13). The Secure Cloud Protective Monitoring Service provides collection and compilation of appropriate security audit event logs. This provides a solution to challenges faced by organisations where oversight of how their IT is used (or abused) is essential. This service acts as a central point within G-Cloud services for the consistent storage of Accounting or Event logs and operates in compliance with the requirements identified within the AWARE segment of GPG13. The Secure Cloud Protective Monitoring solution provides a centralised Protective Monitoring capability that can be employed to provide monitoring across a customer s cloud based virtual environments. The solution has been specifically designed to be secure, have the agility to dynamically scale, provide logically separate monitoring and reporting views and provide customers with a high value, effective monitoring capability that has a low total cost of ownership and an easy adoption process. The QinetiQ solution integrates with a customer s virtual network deployed at Skyscape. QinetiQ provides each client with a seamless and simple on-boarding process ensuring that the protective monitoring of a customer s virtual network can be initiated swiftly allowing the Customer to receive value from the Protective Monitoring Service promptly. In embracing the G-Cloud offerings and realising the benefits of efficient IT services, there can be a significant challenge to organisations in considering a risk treatment method. Protective Monitoring by QinetiQ is delivered to the customer alongside the HMG Risk Management standard, IA Standard No. 1 and 2 (IS1 & 2) process and provides a method of risk mitigation to assist with the overall security assurance process. QinetiQ is aware of the recent transition from the Government Protective Marking Scheme (GPMS) to the Government Security Classification (GSC) policy for the classification of all system security. Whether deploying Protective monitoring onto a GPMS or GSC classified system, QinetiQ ensures that compliance with the system requirements is met. The QinetiQ service operates within ISO27001 certified security policies and processes and is delivered from a List X site. Service Features Protective Monitoring is delivered alongside the HMG Risk Management standard, IA Standard No. 1 and 2 (IS1 & 2) process and provides and method of both risk mitigation and monitoring to provide assistance and risk reduction and treatment activities in support of the overall security assurance process. This service provides a centralised event storage service in support of the Customer s requirement to Protectively Monitor its ICT Systems following the guidance provided in CESG Good Practice Guide No.13 (GPG13) at the IS1 AWARE segment. QinetiQ Limited, 2014 Page 4 of 21

5 The service is designed to receive event logs from pre identified customer devices which the customer has configured to send via a secure channel to QinetiQ for processing. The output of the Aware Protective Monitoring service consists of: Security event data stored in a consistent format Secure access to security event log data. Example Use Cases The service can be used to receive and collate accounting logs from various and disparate customer owned assets (such as differing virtual machines, applications and security enforcing appliances). This will allow for the safe, centralised storage of accounting logs in a structured manner The Protective Monitoring solution provides an independent storage of normalised accounting data to provide enduring storage of security audit data for post incident and retrospective audit The Protective Monitoring Service provides an intuitive method by which management information relating to the event data can be accessed through a secure web browser based interface. Technical Features A methodical approach based on a well-established architecture Automated event normalisation and processing Standards based security architecture Out of the box list of supported COTS devices Storage and event treatment in line with the advice and guidance of GPG13. An overview of the G-Cloud Service (functional, non-functional) Customer s access to the solution, for the retrieval and review of collated accounting data will be via the secure online portal. Two factor authentication together with role based access control will ensure that data access is permitted only to authorised users. Information assurance Impact Level (IL) at which the G-Cloud Service is accredited to hold and process information Business Impact Level 2 as standard, though capable of operating at differing impact levels. The service will, as standard, cover the Protective Monitoring Controls within GPG13 associated with the InfoSec Standard No.1 Part 2 AWARE Segment. Connectivity Available Secure Connectivity between QinetiQ and the Skyscape Cloud platform is provided within the scope of this Service. Details of the level of backup/restore and disaster recovery that will be provided Storage of accounting data will be provided on resilient storage infrastructure supported by an archive to offline storage and data daily data replication activity to create a separate backup. Accounting data will be deleted from the archive once the retention period expires. QinetiQ Limited, 2014 Page 5 of 21

6 On-boarding and Off-boarding processes/scope etc. The on-boarding process requires an understanding of the type of data to be presented to QinetiQ and the method by which it will be received. A Protective Monitoring Controls and Compliancy Matrix (PMCCM) shall be used as the mechanism to agree with the customer the data streams that shall be configured within the QinetiQ service. Once agreed, the data streams will be integrated into the Event Storage system. Off-boarding will primarily consist of the cessation of the data stream, the handover of any data sets currently processed or stored by QinetiQ to the Customer, followed by sanitisation of the Customer event data. Service Options QinetiQ is able to provide consultancy services to Customers to assist with the identification of the appropriate log data and define the level of accounting information required on the monitored systems. QinetiQ is also able to provide support to Information Assurance and Accreditation activities. Service Management Details Access to a 24x7 Service Desk is available to enable interaction and advice on security incidents. Service Management is delivered in alignment with the ISO20000 standard. Ordering and Invoicing On receipt of a request, QinetiQ will provide a proposal for the required resources to deliver the service. Services must be purchased for a minimum term of one year. Billing for the service will be monthly in advance against the contracted consumption rate. Deviation from the contracted consumption will be retrospectively annotated and charged within the following invoice. Termination terms By consumers (i.e. consumption) By the Supplier (removal of the G-Cloud Service) Costs are payable by the consumer for termination during the annual term. These will be calculated based upon remaining committed costs. Data Restoration / Service Migration QinetiQ will provide appropriate access to Customer data for the purposes of data migration, including any Customer documentation as appropriate. Bandwidth charges for the transfer of data held by QinetiQ are provided. Consumer Responsibilities The consumer will be required to provide details of systems to be integrated into the service and access to associated subject matter experts for the purposes of supporting the initial on-boarding and baseline process. The Consumer is required to provide evidence retrospectively on a monthly basis, in support of identifying the total VM per hour usage across the monitored solution. The consumer is also responsible for ensuring they apply suitable controls to this sensitive data/application. The Consumer is responsible for any privacy impact assessment. QinetiQ Limited, 2014 Page 6 of 21

7 Technical requirements (service dependencies and detailed technical interfaces, e.g. client side requirements, bandwidth/latency requirements etc.) Data streams will need to be presented to the Protective Monitoring system via an appropriate format, ideally TCP (Transmission Control Protocol) or UDP (User Datagram Protocol) based. QinetiQ will support a customer during the on boarding process to ensure that the forwarding of device accounting data is configured correctly. It is recommended that where available, encrypted transports should be used such as SSL/TLS (Secure Sockets Layer / Transport Layer Security). QinetiQ Limited, 2014 Page 7 of 21

8 3. QinetiQ Secure Cloud Protective Monitoring Service (DETER) Service Overview The QinetiQ Secure Cloud Protective Monitoring Service enables customer organisations to effectively manage and mitigate risks posed to their Information Technology environments deployed upon the Skyscape Cloud Services virtual architecture. The Secure Cloud Protective Monitoring Service consists of a set of robust business processes, underpinned by technology, delivered by people and operated in line with the guidelines defined within HMG Good Practice Guide Protective Monitoring for HMG ICT Systems, Issue 1.7 (GPG13). The Secure Cloud Protective Monitoring Service provides aggregation, compilation, analysis, behavioural trending, correlation, and interpretation of security audit event logs. Applying to this the specialist vulnerability and comprehensive threat knowledge at QinetiQ then provides the customer with actionable intelligence of active incidents as well as recommendations for management and remediation. The service acts in full support of the Security Management of an estate providing a solution to challenges faced by organisations where oversight of how their IT is used (or abused) is essential. This service acts as a central point within G-Cloud services for receiving, processing, analysis, correlation, alerting and reporting (24x7) of security matters and the delivery of advice in support of all remediation and resolution activities. The Secure Cloud Protective Monitoring solution provides a centralised Protective Monitoring capability that can be employed to provide monitoring across a customer s cloud based virtual environments. The solution has been specifically designed to be secure, have the agility to dynamically scale, provide logically separate monitoring and reporting views and provide each customer with a high value, effective monitoring, alerting and reporting capability that has a low total cost of ownership and an easy adoption process. The QinetiQ solution integrates with a customer s Virtual network deployed at Skyscape. QinetiQ provides each client with a seamless and simple on boarding process ensuring that the protective monitoring of a customer s virtual network can be initiated swiftly allowing the Customer to receive value from the Protective Monitoring Service promptly. In embracing the G-Cloud offerings and realising the benefits of efficient IT services, there can be a significant challenge to organisations in considering a risk treatment method. Protective Monitoring by QinetiQ is delivered to the customer alongside the HMG Risk Management standard, IA Standard No. 1 and 2 (IS1 & 2) process and provides a method of risk mitigation to assist with the overall security assurance process. QinetiQ is aware of the recent transition from the Government Protective Marking Scheme (GPMS) to the Government Security Classifications (GSC) policy for the classification of all system security. Whether deploying Protective monitoring onto a GPMS or GSC classified system, QinetiQ ensures that compliance with the system requirements is met. The QinetiQ service operates within ISO27001 certified security policies and processes and is delivered from a List X site. QinetiQ Limited, 2014 Page 8 of 21

9 Service Features Protective Monitoring is delivered alongside the HMG Risk Management standard, IA Standard No. 1 and 2 (IS1 & 2) process and provides and method of both risk mitigation and monitoring to provide assistance and risk reduction and treatment activities in support of the overall security assurance process. This service provides a centralised event aggregation and analysis service in support of the Customer s requirement to Protectively Monitor its ICT Systems following the guidance provided in CESG Good Practice Guide No.13 (GPG13) at the IS1 DETER segment. The service operates 24x7 at Business Impact Level 3, baseline GPG13 DETER. QinetiQ analysts and Engineers operate under an ITIL aligned ISO20000 framework with ISO27001 certified policies and processes. The service delivers a 24 x 7 analysis function, supported by an underlying Security Incident & Event Management (SIEM) technology that receives accounting data from customer owned assets, over appropriately secured connectivity, providing real time analysis and correlation. Correlation autonomously looks for common attributes, and links events together through association, integrating data from different sources in order to turn separate accounting data feeds into an essential view of network activity. Analysis of the output of correlation and behavioural anomaly provides an assessment of internal and external behaviour within the monitored estate; triggering security alerts and recommendations for improvements in security. QinetiQ Security Analysts analyse each security alert and supporting event data, apply specialist vulnerability and threat knowledge, and then raise prioritised Incidents with the customer where appropriate. Advice for management and remediation is provided to the customer, using our knowledge of the architecture and the customer s critical business processes. Service levels and response times are managed within strict Service Level Agreements (SLAs). The output of the event monitoring correlation and analysis function consists of: Information Security Incidents notifications raised with the Customer on a 24x7 basis. These notifications will have a priority classification relating to criticality and impact Automated Weekly Reports. These will include an analysis of the Week s Events, classified according to the GPG13 Protective Monitoring Controls (PMCs) Monthly Management Reporting summarising Events classified according to the GPG13 PMCs. It will include an analysis of the month s Events by QinetiQ Analysts Aggregated accounting data stored in a consistent format Secure access, by the customer to review accounting data. Example Use Cases Identification of potential external threats to G-Cloud host applications and customers critical business processes through proactive Protective Monitoring Identification of potential insider threat from within a Customer's organisation Analysis, alerting, advice and recommendations to aid and enable mitigation of risk, management of incidents and remediation activities to improve the security of a network QinetiQ Limited, 2014 Page 9 of 21

10 A service to provide Protective Monitoring of elements within a customer's IaaS Virtual Data Centre container and of their applications The service can be used to collate the accounting logs from various and disparate sources. This will allow for the safe, centralised storage of the accounting logs Through the centralisation of Accounting Logs in a common structure, analysis of adherence to GPG13 can be derived, along with contextual based reporting and alerting to agreed service levels Provides for the independent storage of event data from Cloud service providers, to provide enduring storage of security audit data for post incident and retrospective audit Provides an intuitive method by which management information relating to the event data can be accessed through a secure web browser based interface. Technical Features Established architecture patterns providing scale and flexibility driving a methodical approach Automated event normalisation and processing Validation of outputs by expert Protective Monitoring analysts Accredited, standards based security architecture Out of the Box list of supported COTS devices Storage and event treatment in line with the advice and guidance of GPG13. An Overview of the G-Cloud Service (functional, non-functional) Customer s access to the solution, for a display of the level of adherence to GPG13, and to the weekly and monthly reports, including details on any incidents alerted to the Customer, and the retrieval and review of collated accounting data will be via the secure online portal. Two factor authentications together with role based access will ensure that data access is permitted only to authorised users. Information Assurance Impact Level (IL) at which the G-Cloud Service is accredited to hold and process information Business Impact Level 3 as standard, though capable of operating at differing impact levels to meet the requirements of the monitored system. The service will as standard cover the InfoSec Standard No.1 Part 2 DETER Segment. Connectivity Available Secure Connectivity between QinetiQ and the Skyscape Cloud platform is provided within the scope of this Service. Details of the level of backup/restore and disaster recovery that will be provided Storage of accounting data will be provided on resilient storage infrastructure supported by an archive to offline storage and data daily data replication activity to create a separate backup. Accounting data will be deleted from the archive once the retention period expires. On-boarding and Off-boarding processes/scope etc The on-boarding process requires an understanding of the type of data to be presented to QinetiQ and the method by which it will be received. The Protective Monitoring Controls and Compliancy Matrix (PMCCM) shall be used as the mechanism to agree with the QinetiQ Limited, 2014 Page 10 of 21

11 customer the data streams that shall be configured within the QinetiQ service. Once agreed, the data streams will be baseline tuned to remove normal and accepted activity or other background processes, leaving the events which require analysis to demonstrate adherence to GPG13 and to be able to detect anomalous behaviour within the data stream. Off-boarding will primarily consist of the cessation of the data stream and the handover of any data sets currently processed or stored by QinetiQ to the Customer, followed by sanitisation of the Customer event data. Service Options QinetiQ is able to provide consultancy services to Customers to assist with the identification of the appropriate log data and define the level of accounting information required on the monitored systems. Through assessment of the risk and threat profile a more tailored and cost effective solution can be delivered. QinetiQ is also able to provide support to Information Assurance and Accreditation activities. Service Management Details Access to a 24x7 Service Desk is available to enable interaction and advice on security incidents. Service Management is delivered in alignment with the ISO20000 standard. Ordering and Invoicing On receipt of a request, QinetiQ will provide a proposal for the required resources to deliver the service. Services must be purchased for a minimum term of one year on an annual basis. Billing for the service will be monthly in advance against the contracted consumption rate. Deviation from the contracted consumption will be retrospectively annotated and charged within the following invoice. Termination terms By consumers (i.e. consumption) By the Supplier (removal of the G-Cloud Service) Costs are payable by the consumer for termination during the annual term. These will be calculated based upon remaining committed costs. Data Restoration / Service Migration QinetiQ will provide appropriate access to Customer data for the purposes of data migration, including any Customer documentation as appropriate. Bandwidth charges for the transfer of data held by QinetiQ are provided. Consumer Responsibilities The consumer will be required to provide details of systems to be integrated into the service and access to associated subject matter experts for the purposes of supporting the initial baseline process. The Consumer is required to provide evidence retrospectively on a monthly basis, in support of identifying the total VM per hour usage across the monitored solution. The consumer is also responsible for ensuring they apply suitable controls to this sensitive data/application. The Consumer is responsible for any privacy impact assessment. QinetiQ Limited, 2014 Page 11 of 21

12 Technical requirements (service dependencies and detailed technical interfaces, e.g. client side requirements, bandwidth/latency requirements etc.) Data streams will need to be presented to the Protective Monitoring system via an appropriate format, ideally TCP (Transmission Control Protocol) or UDP (User Datagram Protocol) based. QinetiQ will support a customer during the on boarding process to ensure that the forwarding of device accounting data is configured correctly. It is recommended that where available, encrypted transports should be used such as SSL/TLS (Secure Sockets Layer / Transport Layer Security). QinetiQ Limited, 2014 Page 12 of 21

13 4. Secure Multi-Tenant Protective Monitoring Service (AWARE) Service Overview The QinetiQ Secure Multi-tenant Protective Monitoring Service enables customer organisations to effectively manage and mitigate risks posed to their Information Technology environments. The Protective Monitoring Service, provided by QinetiQ, consists of a set of robust business processes, underpinned by technology, delivered by people and operated in line with the guidelines defined within HMG Good Practice Guide Protective Monitoring for HMG ICT Systems, Issue 1.7 (GPG13). The Secure Multi-tenant Protective Monitoring Service provides collection and compilation of appropriate security audit event logs. This provides a solution to challenges faced by organisations where oversight of how their IT is used (or abused) is essential. This service acts as a central point within G-Cloud services for the consistent storage of Accounting or Event logs and operates in compliance with the requirements identified within the AWARE segment of GPG13. The Secure Multi-tenant Protective Monitoring Service provides a centralised Protective Monitoring capability that can be employed to provide monitoring across a customer s network(/s). The solution is purpose- designed to be secure, have the agility to dynamically scale, provide logically separate monitoring and reporting views and provide customers with a high value, effective monitoring capability that has a low total cost of ownership and an easy adoption process. The QinetiQ solution integrates with a customer s network, be it a Virtual container within a multi- tenanted virtual environment or a distinct installation within one or many data centres. QinetiQ Support, implement and manage a number of secure connectivity options, subject to application, from IPSEC VPN through CPA foundation encryption to dedicated least line. Should a customer wish to extend their secure communications to provide connectivity, this can be accommodated also. No matter which option is selected, the monitoring of a system can be initiated swiftly allowing the Customer to receive value from the Protective Monitoring Service promptly. In embracing the G-Cloud offerings and realising the benefits of efficient IT services, there can be a significant challenge to organisations in considering a risk treatment method. Protective Monitoring by QinetiQ is delivered to the customer alongside the HMG Risk Management standard, IA Standard No. 1 and 2 (IS1 & 2) process and provides a method of risk mitigation to assist with the overall security assurance process. QinetiQ is aware of the recent transition from the Government Protective Marking Scheme (GPMS) to the Government Security Classification (GSC) policy for the classification of all system security. Whether deploying Protective monitoring onto a GPMS or GSC classified system, QinetiQ ensures that compliance with the system requirements is met. The QinetiQ service operates within ISO27001 certified security policies and processes and is delivered from a List X site. Service Features Protective Monitoring is delivered alongside the HMG Risk Management standard, IA Standard No. 1 and 2 (IS1 & 2) process and provides and method of both risk mitigation and monitoring to provide assistance and risk reduction and treatment activities in support of the overall security assurance process. QinetiQ Limited, 2014 Page 13 of 21

14 This service provides a centralised event storage service in support of the Customer s requirement to Protectively Monitor its ICT Systems following the guidance provided in CESG Good Practice Guide No.13 (GPG13) at the IS1 AWARE segment. The service is designed to receive event logs from pre identified customer devices which the customer has configured to send via a secure channel to QinetiQ for processing. The output of the Aware Protective Monitoring service consists of: Security event data stored in a consistent format Access to security event log data. Example Use Cases The service can be used to receive and collate accounting logs from various and disparate customer owned assets (such as differing virtual machines, applications and security enforcing appliances). This will allow for the safe, centralised storage of accounting logs in a structured manner. The Protective Monitoring solution provides an independent storage of normalised accounting data to provide enduring storage of security audit data for post incident and retrospective audit. The Protective Monitoring Service provides an intuitive method by which management information relating to the event data can be accessed through a secure web browser based interface. Technical Features A methodical approach based on a well-established architecture Automated event normalisation and processing Standards based security architecture Out of the box list of supported COTS devices Storage and event treatment in line with the advice and guidance of GPG13. An overview of the G-Cloud Service (functional, non-functional) Customer s access to the solution, for the retrieval and review of collated accounting data will be via the secure online portal. Two factor authentication together with role based access control will ensure that data access is permitted only to authorised users. Information assurance Impact Level (IL) at which the G-Cloud Service is accredited to hold and process information Business Impact Level 2 as standard, though capable of operating at differing impact levels. The service will, as standard, cover the Protective Monitoring Controls within GPG13 associated with the InfoSec Standard No.1 Part 2 AWARE Segment. Connectivity Available Accessible over either Internet following establishment of secure communications or UK Government community networks. Utilising appropriately secure communication capabilities such as IPSEC or CPA Foundation cryptographic encryption techniques. QinetiQ Limited, 2014 Page 14 of 21

15 Details of the level of backup/restore and disaster recovery that will be provided Storage of accounting data will be provided on resilient storage infrastructure supported by an archive to offline storage and data daily data replication activity to create a separate backup. Accounting data will be deleted from the archive once the retention period expires. On-boarding and Off-boarding processes/scope etc. The on-boarding process requires an understanding of the type of data to be presented to QinetiQ and the method by which it will be received. A Protective Monitoring Controls and Compliancy Matrix (PMCCM) shall be used as the mechanism to agree with the customer the data streams that shall be configured within the QinetiQ service. Once agreed, the data streams will be integrated into the Event Storage system. Off-boarding will primarily consist of the cessation of the data stream, the handover of any data sets currently processed or stored by QinetiQ to the Customer, followed by sanitisation of the Customer event data. Service Options QinetiQ is able to provide consultancy services to Customers to assist with the identification of the appropriate log data and define the level of accounting information required on the monitored systems. QinetiQ is also able to provide support to Information Assurance and Accreditation activities. Service Management Details Access to a 24x7 Service Desk is available to enable interaction and advice on security incidents. Service Management is delivered in alignment with the ISO20000 standard. Ordering and Invoicing On receipt of a request, QinetiQ will provide a proposal for the required resources to deliver the service. Services must be purchased for a minimum of one year. Billing for the service will be monthly in advance against the contracted consumption rate. Deviation from the contracted consumption will be retrospectively annotated and charged within the following invoice. Termination terms By consumers (i.e. consumption) By the Supplier (removal of the G-Cloud Service) Costs are payable by the consumer for termination during the annual term. These will be calculated based upon remaining committed costs. Data Restoration / Service Migration QinetiQ will provide appropriate access to Customer data for the purposes of data migration, including any Customer documentation as appropriate. Bandwidth charges for the transfer of data held by QinetiQ are provided. Consumer Responsibilities The consumer will be required to provide details of systems to be integrated into the service and access to associated subject matter experts for the purposes of supporting QinetiQ Limited, 2014 Page 15 of 21

16 the initial on-boarding and baseline process. The consumer is also responsible for ensuring they apply suitable controls to this sensitive data/application. The Consumer is responsible for any privacy impact assessment. Technical requirements (service dependencies and detailed technical interfaces, e.g. client side requirements, bandwidth/latency requirements etc.) Data streams will need to be presented to QinetiQ in an appropriate format, ideally TCP (Transmission Control Protocol) or UDP (User Datagram Protocol) based. It is recommended that where available, encrypted transports should be used such as SSL/TLS (Secure Sockets Layer / Transport Layer Security) QinetiQ Limited, 2014 Page 16 of 21

17 5. Secure Multi-Tenant Protective Monitoring Service (DETER) Service Overview The QinetiQ Secure Multi-tenant Protective Monitoring Service enables customer organisations to effectively manage and mitigate risks posed to their Information Technology environments. The Protective Monitoring Service, provided by QinetiQ, consists of a set of robust business processes, underpinned by technology, delivered by people and operated in line with the guidelines defined within HMG Good Practice Guide Protective Monitoring for HMG ICT Systems, Issue 1.7 (GPG13). The Secure Multi-tenant Protective Monitoring Service provides aggregation, compilation, analysis, behavioural trending, correlation, and interpretation of security audit event logs. Applying to this the specialist vulnerability and comprehensive threat knowledge at QinetiQ provides the customer with actionable intelligence of active incidents as well as recommendations for management and remediation. The service acts in full support of the Security Management of an estate providing a solution to challenges faced by organisations where oversight of how their IT is used (or abused) is essential. This Service acts as a central point within G-Cloud services for the processing, analysis, correlation, alerting and reporting (24x7) on security matters and the delivery of advice in support of all remediation and resolution activities. The Secure Multi-tenant Protective Monitoring Service provides a centralised capability that can be employed to provide monitoring across a customer s network(s). The solution is purpose-designed to be secure, have the agility to dynamically scale, provide logically separate monitoring and reporting views and provide customers with a high value, effective monitoring capability that has a low total cost of ownership and an easy adoption process. The QinetiQ solution integrates with a customer s network, be it a Virtual container within a multi-tenanted virtual environment or a distinct installation within one or many data centres. QinetiQ support, implement and manage a number of secure connectivity options, subject to application, from IPSEC VPN through CPA foundation encryption. Should a customer wish to extend their secure communications to provide connectivity, this can be accommodated also. No matter which connectivity option is requested, the monitoring of a system can be initiated swiftly allowing the Customer to receive value from the Protective Monitoring Service promptly. In embracing the G-Cloud offerings and realising the benefits of efficient IT services, there can be a significant challenge to organisations in considering a risk treatment method. Protective Monitoring by QinetiQ is delivered to the customer alongside the HMG Risk Management standard, IA Standard No. 1 and 2 (IS1 & 2) process and provides a method of risk mitigation to assist with the overall security assurance process. QinetiQ is aware of the recent transition from the Government protective Marking Scheme (GPMS) to the Government Security Classification (GSC) Policy for the classification of all system security. Whether deploying Protective Monitoring onto a GPMS or GSC classified system, QinetiQ ensures that compliance with the system requirements is met. The service operates within ISO27001 certified security policies and processes and is delivered from a List X site. QinetiQ Limited, 2014 Page 17 of 21

18 Service Features Protective Monitoring is delivered alongside the HMG Risk Management standard, IA Standard No. 1 and 2 (IS1 & 2) process and provides and method of both risk mitigation and monitoring to provide assistance and risk reduction and treatment activities in support of the overall security assurance process. This service provides a centralised event aggregation and analysis service in support of the Customer s requirement to Protectively Monitor its ICT Systems following the guidance provided in CESG Good Practice Guide No.13 (GPG13) at the IS1 DETER segment. The service operates 24x7 at Business Impact Level 3, baseline GPG13 DETER. QinetiQ analysts and Engineers operate under an ITIL aligned ISO20000 framework with ISO27001 certified policies and processes. The service delivers a 24 x 7 analysis function, supported by an underlying Security Incident & Event Management (SIEM) technology that receives accounting data from customer owned assets, over appropriately secured connectivity, providing real time analysis and correlation. Correlation autonomously looks for common attributes, and links events together into meaningful bundles, integrating data from different sources in order to turn separate accounting data feeds into an essential view of network activity. Analysis of the output of correlation and behavioural anomaly provides an assessment of internal and external behaviour within the monitored estate; triggering security alerts and recommendations for improvements in security. QinetiQ Security Analysts analyse each security alert and supporting event data, apply specialist vulnerability and threat knowledge, then raise prioritised Incidents with the customer where appropriate. Advice for management and remediation is provided to the customer, using our knowledge of the architecture and the customer s critical business processes. Service levels and response times are managed within strict Service Level Agreements (SLAs) The output of the event monitoring correlation and analysis function consists of: Information Security Incidents notifications raised with the Customer on a 24x7 basis. These notifications will have a priority classification relating to criticality and impact Automated Weekly Reports. These will include an analysis of the Week s Events, classified according to the GPG13 Protective Monitoring Controls (PMCs) Monthly Management Reporting summarising Events classified according to the GPG13 PMCs. It will include an analysis of the month s Events by QinetiQ Analysts Aggregated accounting data stored in a consistent format Secure access, by the customer to review accounting data. Example Use Cases Identification of potential external threats to G-Cloud host applications and customers critical business processes through proactive Protective Monitoring Identification of potential insider threat from within a Customer s organisation Analysis, alerting, advice and recommendations to aid and enable mitigation of risk, management of incidents and remediation activities to improve the security of their network A service to provide Protective Monitoring of elements within a customer s IaaS Virtual Data Centre container and of their applications QinetiQ Limited, 2014 Page 18 of 21

19 The service can be used to collate the accounting logs from various and disparate sources (such as differing virtual machines or applications potentially provided at differing G-Cloud providers). This will allow for the safe, centralised storage of the accounting logs Through the centralisation of Accounting Logs in a common structure, analysis of adherence to GPG13 can be derived, along with contextual based reporting and alerting to agreed service levels Provides for the independent storage of event data from Cloud service providers, to provide enduring storage of security audit data for post incident and retrospective audit Provides an intuitive method by which management information relating to the event data can be accessed through a secure web browser based interface. Technical Features Established architecture patterns providing scale and flexibility driving a methodical approach Automated event normalisation and processing Validation of outputs by expert Protective Monitoring analysts Accredited, standards based security architecture Out of the Box list of supported COTS devices Storage and event treatment in line with the advice and guidance of GPG13. An overview of the G-Cloud Service (functional, non-functional) Customer s access to the solution, for a display of the level of adherence to GPG13, and to the weekly and monthly reports including details on any incidents alerted to the Customer, and the retrieval and review of collated accounting data will be via the secure online portal. Two factor authentications together with role based access will ensure that data access is permitted only to authorised users. Information assurance Impact Level (IL) at which the G-Cloud Service is accredited to hold and process information Business Impact Level 3 as standard, though capable of operating at differing impact levels to meet the requirements of the monitored system. The service will as standard cover the InfoSec Standard No.1 Part 2 DETER Segment. Connectivity Available Accessible over either Internet following establishment of secure communications or UK Government community networks. Utilising appropriately secure communication capabilities such as IPSEC or CPA Foundation cryptographic encryption techniques. Details of the level of backup/restore and disaster recovery that will be provided Storage of accounting data will be provided on resilient storage infrastructure supported by an archive to offline storage and daily data replication activity to create a separate backup. Accounting data will be deleted from the archive once the retention period expires. On-boarding and Off-boarding processes/scope etc. The on-boarding process requires an understanding of the type of data to be presented to QinetiQ and the method by which it will be received. The Protective Monitoring Controls and Compliancy Matrix (PMCCM) shall be used as the mechanism to agree with the QinetiQ Limited, 2014 Page 19 of 21

20 customer the data streams that shall be configured within the QinetiQ service. Once agreed, the data streams will be baseline tuned to remove normal and accepted activity or other background processes, leaving the events which require analysis to demonstrate adherence to GPG13 and to be able to detect anomalous behaviour within the data stream. Off-boarding will primarily consist of the cessation of the data stream and the handover of any data sets currently processed or stored by QinetiQ to the Customer, followed by sanitisation of the Customer event data. Service Options QinetiQ is able to provide consultancy services to Customers to assist with the identification of the appropriate log data and define the level of accounting information required on the monitored systems. Through assessment of the risk and threat profile a more tailored and cost effective solution can be delivered. QinetiQ is also able to provide support to Information Assurance and Accreditation activities. Service Management Details Access to a 24x7 Service Desk is available to enable interaction and advice on security incidents. Service Management is delivered in alignment with the ISO20000 standard. Ordering and Invoicing On receipt of a request, QinetiQ will provide a proposal for the required resources to deliver the service. Services must be purchased for a minimum term of one year. Billing for the service will be monthly in advance against the contracted consumption rate. Deviation from the contracted consumption will be retrospectively annotated and charged within the following invoice. Termination terms By consumers (i.e. consumption)by the Supplier (removal of the G-Cloud Service) Costs are payable by the consumer for termination during the annual term. These will be calculated based upon remaining committed costs. Data restoration / service migration QinetiQ will provide appropriate access to Customer data for the purposes of data migration, including any Customer documentation as appropriate. Bandwidth charges for the transfer of data held by QinetiQ are provided. Consumer Responsibilities The consumer will be required to provide details of systems to be integrated into the service and access to associated subject matter experts for the purposes of supporting the initial baseline process. The consumer is also responsible for ensuring they apply suitable controls to this sensitive data/application. The Consumer is responsible for any privacy impact assessment. QinetiQ Limited, 2014 Page 20 of 21

21 Technical requirements (service dependencies and detailed technical interfaces, e.g. client side requirements, bandwidth/latency requirements etc.) Data streams will need to be presented to QinetiQ in an appropriate format, ideally TCP (Transmission Control Protocol) or UDP (User Datagram Protocol) based. It is recommended that where available, encrypted transports should be used such as SSL/TLS (Secure Sockets Layer / Transport Layer Security). QinetiQ Limited, 2014 Page 21 of 21

GPG13 Protective Monitoring. Service Definition

GPG13 Protective Monitoring. Service Definition GPG13 Protective Monitoring Service Definition Issue Number V1.3 Document Date 27 November 2014 Author: D.M.Woodcock Classification UNCLASSIFIED Version G-Cloud 6 2014 Copyright Assuria Limited. All rights

More information

Protective Monitoring as a Service. Lot 4 - Specialist Cloud Services. Version: 2.1, Issue Date: 05/02/201405/02/2014. Classification: Open

Protective Monitoring as a Service. Lot 4 - Specialist Cloud Services. Version: 2.1, Issue Date: 05/02/201405/02/2014. Classification: Open Protective Monitoring as a Service Version: 2.1, Issue Date: 05/02/201405/02/2014 Classification: Open Classification: Open ii MDS Technologies Ltd 201416/12/2014. Other than for the sole purpose of evaluating

More information

Protective Monitoring as a Service. Lot 4 - Specialist Cloud Services. Version: 1.0, Issue Date: 05/02/201405/02/2014. Classification: Open

Protective Monitoring as a Service. Lot 4 - Specialist Cloud Services. Version: 1.0, Issue Date: 05/02/201405/02/2014. Classification: Open Protective Monitoring as a Service Version: 1.0, Issue Date: 05/02/201405/02/2014 Classification: Open Classification: Open ii MDS Technologies Ltd 2014. Other than for the sole purpose of evaluating this

More information

Open Source Sales Force Automation (SFA) in the Cloud SaaS

Open Source Sales Force Automation (SFA) in the Cloud SaaS Open Source Sales Force Automation (SFA) in the Cloud SaaS Service Overview Our open source Sales Force Automation (SFA) in the cloud service allows customers to perform marketing automation through multi

More information

PSN Protective Monitoring. Service Definition

PSN Protective Monitoring. Service Definition PSN Protective Monitoring Service Definition Issue Number V3.0 Document Date 29 September 2015 Author: R.N. Connor Classification UNCLASSIFIED Version G-Cloud 7 2015 Copyright Tenian Limited. All rights

More information

Lot 1 Service Specification MANAGED SECURITY SERVICES

Lot 1 Service Specification MANAGED SECURITY SERVICES Lot 1 Service Specification MANAGED SECURITY SERVICES Fujitsu Services Limited, 2013 OVERVIEW OF FUJITSU MANAGED SECURITY SERVICES Fujitsu delivers a comprehensive range of information security services

More information

Documentum Document Management in the Cloud Service Definition

Documentum Document Management in the Cloud Service Definition Documentum Document Management in the Cloud Service Definition Service Overview Working together with its Cloud Services Partner, Skyscape, SynApps Solutions (SynApps) has developed its Documentum Document

More information

Service Description Archive Storage in the Cloud

Service Description Archive Storage in the Cloud Service Description Archive Storage in the Cloud Product Overview Archive Storage in the Cloud enables an organisation to migrate their valuable but seldom used data to a cost efficient, reliable and secure

More information

Integrated windows authentication for customers based on Probation GSI network

Integrated windows authentication for customers based on Probation GSI network Product Overview Victims Tracker (VT) is a software application, which was developed by London Probation Trust (LPT) to effectively manage the engagement / contact with victims of crime and the management

More information

Backup to the Cloud Service Definition

Backup to the Cloud Service Definition Backup to the Cloud Service Definition Service Overview Working together with its Cloud Services Partner, Skyscape, SynApps Solutions (SynApps) has developed its Backup to the Cloud service to enable organisations

More information

Service Description Document Management in the Cloud

Service Description Document Management in the Cloud Service Description Document Management in the Cloud Product Overview Document Management in the Cloud enables an organisation to acquire a subscription based Document management application in a rapid

More information

Managed Backup. Lot 4 - Specialist Cloud Services. Version: 3.0, Issue Date: 05/02/2014. Classification: Open

Managed Backup. Lot 4 - Specialist Cloud Services. Version: 3.0, Issue Date: 05/02/2014. Classification: Open Managed Backup Version: 3.0, Issue Date: 05/02/2014 Classification: Open Classification: Open ii MDS Technologies Ltd 201415/12/2014. Other than for the sole purpose of evaluating this Response, no part

More information

Application Management. Lot 4 - Specialist Cloud Services. Version: 3.0, Issue Date: 05/02/2014. Classification: Open

Application Management. Lot 4 - Specialist Cloud Services. Version: 3.0, Issue Date: 05/02/2014. Classification: Open Application Management Version: 3.0, Issue Date: 05/02/2014 Classification: Open Classification: Open ii MDS Technologies Ltd 2014. Other than for the sole purpose of evaluating this Response, no part

More information

Service description RFL Virtual Data Centre

Service description RFL Virtual Data Centre Service description RFL Virtual Data Centre IaaS G-Cloud 6 1 Contents Overview... 3 Highlights... 3 Description... 3 Use cases... 3 Use cases... 5 Use cases... 5 Pricing... 5 Information assurance... 5

More information

Connecting to the Cloud. Lot 4 - Specialist Cloud Services. Version: 3.0, Issue Date: 01/12/2014. Classification: Open

Connecting to the Cloud. Lot 4 - Specialist Cloud Services. Version: 3.0, Issue Date: 01/12/2014. Classification: Open Connecting to the Cloud Version: 3.0, Issue Date: 01/12/2014 Classification: Open Classification: Open ii MDS Technologies Ltd 201415/12/2014. Other than for the sole purpose of evaluating this Response,

More information

SERVICE DEFINITION G-CLOUD 7 SECURE FILE TRANSFER DIODE. Classification: Open

SERVICE DEFINITION G-CLOUD 7 SECURE FILE TRANSFER DIODE. Classification: Open SERVICE DEFINITION G-CLOUD 7 SECURE FILE TRANSFER DIODE Classification: Open Classification: Open ii MDS Technologies Ltd 2015. Other than for the sole purpose of evaluating this Response, no part of this

More information

DIGITAL MARKETPLACE (G-CLOUD 7) OFFERING. Sopra Steria OneMobile SaaS Service. Introduction. Service Definition. Sopra Steria in the public sector

DIGITAL MARKETPLACE (G-CLOUD 7) OFFERING. Sopra Steria OneMobile SaaS Service. Introduction. Service Definition. Sopra Steria in the public sector DIGITAL MARKETPLACE (G-CLOUD 7) OFFERING Sopra Steria OneMobile SaaS Service Sopra Steria in the public sector Organisations across the public sector choose Sopra Steria to deliver transformation programmes

More information

Secure Remote Backup (IL3) G-Cloud Lot3 IaaS

Secure Remote Backup (IL3) G-Cloud Lot3 IaaS Secure Remote Backup (IL3) G-Cloud Lot3 IaaS Contents Service Definition... 3 An overview of the Remote Backup as a Service... 3 Key Service Attributes... 4 Information assurance... 5 Details of the level

More information

Cloud-based Infrastructure and Application Support Service Definition

Cloud-based Infrastructure and Application Support Service Definition +44 (0) 20 3603 7830 hello@equalexperts.com www.equalexperts.com 30 Brock Street London, NW1 3FG Cloud-based Infrastructure and Application Support Service Definition Overview We provide 24/7 support to

More information

Caretower s SIEM Managed Security Services

Caretower s SIEM Managed Security Services Caretower s SIEM Managed Security Services Enterprise Security Manager MSS -TRUE 24/7 Service I.T. Security Specialists Caretower s SIEM Managed Security Services 1 Challenges & Solution Challenges During

More information

Implementing the CESG Cloud Security Principles

Implementing the CESG Cloud Security Principles Implementing the CESG Cloud Security Principles February 2015 Eduserv Public www.eduserv.org.uk Contents Introduction... 4 The principles... 4 About our claims... 5 1 Data in transit protection... 6 2

More information

Remote Access Service (RAS)

Remote Access Service (RAS) Remote Access Service (RAS) Contents 1 Introduction to Remote Access Service...2 2 Service Definition...3 2.1 Functionality & Features... 3 2.2 Access Methods... 3 3 Differentiators...4 4 Commercials...5

More information

Security Consultants / Security Managed Services

Security Consultants / Security Managed Services Security Consultants / Security Managed Services Service Definition Document for G-Cloudv7 Services October 2015 Table of Contents Service Overview...3 Our Approach... 3 Features... 3 Benefits... 4 ON-BOARDING

More information

Software as a Service (SaaS) Online HR

Software as a Service (SaaS) Online HR Software as a Service (SaaS) Online HR Contents Service Definition... 3 An overview of the G-Cloud Service... 3 Key Service Attributes... 4 Information assurance... 4 Details of the level of backup/restore

More information

Service Description. Communications Data WorkFlow Management Software from Cyclops Cloud. Product Overview

Service Description. Communications Data WorkFlow Management Software from Cyclops Cloud. Product Overview Service Description Communications Data WorkFlow Management Software from Cyclops Cloud Product Overview Cyclops Cloud Communications Data WorkFlow Management Software provides a comprehensive Cloud based

More information

Ubertas Cloud Services: Service Definition

Ubertas Cloud Services: Service Definition Ubertas Cloud Services: Service Definition February 2013 Innovation. Power. Trust. Contents 1. About Ubertas... 2 Our Company... 2 Our Approach to Service Delivery... 2 Our Partner Network & the UK Cloud

More information

PROTECTIVE MONITORING SERVICE G-CLOUD SERVICE DEFINITION

PROTECTIVE MONITORING SERVICE G-CLOUD SERVICE DEFINITION PROTECTIVE MONITORING SERVICE G-CLOUD SERVICE DEFINITION 15 Table of contents 1 Introduction...2 2 Service Overview...3 2.1 Protective Monitoring...3 2.2 Service Description...4 2.3 Scenario: Basis for

More information

Service Management and ICT Monitoring and Reporting Advisory and Implementation Services

Service Management and ICT Monitoring and Reporting Advisory and Implementation Services Service Management and ICT Monitoring and Reporting Advisory and Implementation Services G-Cloud Service 1 1. An overview of the G-Cloud Service Arcus can assist you with a review and advice on the effectiveness

More information

CASSIDIAN CYBERSECURITY SECURITY OPERATIONS CENTRE SERVICES

CASSIDIAN CYBERSECURITY SECURITY OPERATIONS CENTRE SERVICES CASSIDIAN CYBERSECURITY SECURITY OPERATIONS CENTRE SERVICES PROTECTIVE MONITORING SERVICE In a world where cyber threats are emerging daily, often from unknown sources, information security is something

More information

Hosted Desktop as a Service

Hosted Desktop as a Service Hosted Desktop as a Service Contents 1 Introduction to Hosted Desktop Service...2 2 Service Definition...3 2.1 Functionality & Features... 3 2.2 Administration... 4 2.3 Access Methods... 4 2.4 Service

More information

Virtual Desktop Infrastructure Platform as a Service

Virtual Desktop Infrastructure Platform as a Service www.steria.com/uk Virtual Desktop Infrastructure Platform as a Service creativity simplicity independence respect openness contents 1 Overview... 4 1.1 Benefits of Virtual Desktop Infrastructure... 5 2

More information

Thales Service Definition for PSN Secure Email Gateway Service for Cloud Services

Thales Service Definition for PSN Secure Email Gateway Service for Cloud Services Thales Definition for PSN Secure Email Gateway Thales Definition for PSN Secure Email Gateway for Cloud s April 2014 Page 1 of 12 Thales Definition for PSN Secure Email Gateway CONTENT Page No. Introduction...

More information

SERVICE DEFINITION. G-Cloud 7 MANAGED SERVER. Classification: Open

SERVICE DEFINITION. G-Cloud 7 MANAGED SERVER. Classification: Open SERVICE DEFINITION G-Cloud 7 MANAGED SERVER Classification: Open Classification: Open ii MDS Technologies Ltd 2015. Other than for the sole purpose of evaluating this Response, no part of this material

More information

Dedicated Compute Cloud. Lot 1 - Infrastructure as a Service. Version: 1.0, Issue Date: 09/12/2014. Classification: Open

Dedicated Compute Cloud. Lot 1 - Infrastructure as a Service. Version: 1.0, Issue Date: 09/12/2014. Classification: Open Dedicated Compute Cloud Version: 1.0, Issue Date: 09/12/2014 Classification: Open Classification: Open ii MDS Technologies Ltd 201416/12/2014. Other than for the sole purpose of evaluating this Response,

More information

SERVICE DEFINITION DOCUMENT MANAGEMENT IN THE CLOUD

SERVICE DEFINITION DOCUMENT MANAGEMENT IN THE CLOUD Commercial in Confidence 1 G-CLOUD III FRAMEWORK SERVICE DEFINITION DOCUMENT MANAGEMENT IN THE CLOUD Capita Division / Supplier: Capita Business Services Ltd powered by SkyScape Service Name: Document

More information

IBM QRadar as a Service

IBM QRadar as a Service Government Efficiency through Innovative Reform IBM QRadar as a Service Service Definition Copyright IBM Corporation 2014 Table of Contents IBM Cloud Overview... 2 IBM/Sentinel PaaS... 2 QRadar... 2 Major

More information

IBM G-Cloud Microsoft Windows Active Directory as a Service

IBM G-Cloud Microsoft Windows Active Directory as a Service IBM G-Cloud Microsoft Windows Active Directory as a Service Service Definition IBM G-Cloud Windows AD as a Service 1 1. Summary 1.1 Service Description This offering is provided by IBM Global Business

More information

Solution Overview. Our Solution employs two tiers of storage aligning costs of storage with the changing value of data over time.

Solution Overview. Our Solution employs two tiers of storage aligning costs of storage with the changing value of data over time. Service Solution Overview Online Backup per TB model Databarracks fully managed online backup solution uses the Asigra software to back up and protect both physical and virtual environments. Housed in

More information

CareFirst: Service Definition

CareFirst: Service Definition CareFirst: Service Definition Page 1 of 11 Contents 1. Service Overview... 3 2. Information Assurance... 4 3. Details of the level of backup/restore and disaster recovery that will be provided... 4 4.

More information

service description Document Management in the Cloud Software as a Service

service description Document Management in the Cloud Software as a Service easy to adopt, easy to use, easy to leave service description Document Management in the Cloud Software as a Service version 4.0 Contents Overview... 3 Example use cases... 3 Pricing... 4 Trial service...

More information

PAAS Public Sector Managed Services

PAAS Public Sector Managed Services Meritec Limited Meritec House, Acorn Business Park, Skipton, North Yorkshire, BD23 2UE 0845 3451155 servicepoint@meritec.co.uk www.meritec.co.uk Registered In England & Wales No. 3224622 Table of Contents

More information

Platform as a Service

Platform as a Service Platform as a Service Service Definition Version: 1.0 Version date: October 2015 Classification: Public Backup-as-a-Service Systems Monitoring DR-as-a-Service Storage-as-a-Service Hosted Exchange Colocation

More information

Backup as a Service. Service Definition. G-Cloud VI. Information Security Management System

Backup as a Service. Service Definition. G-Cloud VI. Information Security Management System Backup as a Service Service Definition Version: 1.0 Version date: October 2015 Classification: Public Backup-as-a-Service Systems Monitoring DR-as-a-Service Storage-as-a-Service Hosted Exchange Colocation

More information

Specialist Cloud Services. Acumin Cloud Security Resourcing

Specialist Cloud Services. Acumin Cloud Security Resourcing Specialist Cloud Services Acumin Cloud Security Resourcing DOCUMENT: FRAMEWORK: STATUS Cloud Security Resourcing Service Definition G-Cloud Released VERSION: 1.0 CLASSIFICATION: CloudStore Acumin Consulting

More information

Service Description for Hosted Server

Service Description for Hosted Server Service Overview tolomy has created its Hosted Server environment using VMware ESXi which provides the foundation for building and managing a virtualised IT infrastructure. These market leading, production-proven

More information

SERVICE DEFINITION. TLS i-sat Remote/Secure Cloud Printing (SaaS)

SERVICE DEFINITION. TLS i-sat Remote/Secure Cloud Printing (SaaS) SERVICE DEFINITION TLS i-sat Remote/Secure Cloud Printing (SaaS) Contents Introduction..3 Highlights.3 Overview. 4 Example Use Cases...5 Trial Service.6 Information Assurance 6 Product Features...7 Technical

More information

easy to adopt, easy to use, easy to leave service description API accessible Cloud Storage IaaS version 5.1

easy to adopt, easy to use, easy to leave service description API accessible Cloud Storage IaaS version 5.1 easy to adopt, easy to use, easy to leave service description API accessible Cloud Storage IaaS version 5.1 Contents Highlights... 3 Overview... 3 Example use cases... 4 Trial service... 4 Information

More information

Graphical Applications in the Cloud. Lot 2 - Platform as a Service. Version: 4.0, Issue Date: 05/02/2014. Classification: Open

Graphical Applications in the Cloud. Lot 2 - Platform as a Service. Version: 4.0, Issue Date: 05/02/2014. Classification: Open Graphical Applications in the Cloud Version: 4.0, Issue Date: 05/02/2014 Classification: Open Classification: Open ii MDS Technologies Ltd 201415/12/2014. Other than for the sole purpose of evaluating

More information

Introduction to Centerprise International Limited

Introduction to Centerprise International Limited RM1557vi Introduction to Centerprise International Limited Centerprise International Limited was established in 1983 as an engineering and manufacturing company, specialising in designing and building

More information

Growth Through Excellence

Growth Through Excellence Growth Through Excellence Public/Private Cloud Services Service Definition Document G- Cloud 5 REFERENCE NUMBER RM1557v Table of Contents Table of Contents... 3 Executive Summary... 4 About the Company...

More information

IBM Smartcloud Managed Backup

IBM Smartcloud Managed Backup IBM Smartcloud Managed Backup Service Definition 1 1. Summary 1.1 Service Description The IBM SmartCloud Managed Backup service provides public, private and hybrid cloudbased data protection solutions

More information

Managed Desktop Services Windows and OS X

Managed Desktop Services Windows and OS X Managed Desktop Services Windows and OS X Contents 1 Introduction to Managed Desktop Services...2 2 Service Definition...3 2.1 Functionality & Features - Windows... 3 2.2 Functionality & Features OS X...

More information

Vodafone Private Cloud

Vodafone Private Cloud Vodafone Private Cloud Overview Vodafone Private Cloud is our dedicated public sector cloud service that connects you to your own private IL2/IL3 network and / or core government networks, including the

More information

Desktop Services (Production) Lot 2 - Platform as a Service. Version: 2.0, Issue Date: 05/02/2014. Classification: Open

Desktop Services (Production) Lot 2 - Platform as a Service. Version: 2.0, Issue Date: 05/02/2014. Classification: Open Desktop Services (Production) Lot 2 - Platform as a Service Version: 2.0, Issue Date: 05/02/2014 Classification: Open Classification: Open ii MDS Technologies Ltd 2014. Other than for the sole purpose

More information

Managed Server. Lot 2 - Platform as a Service. Version: 3.0, Issue Date: 05/02/2014. Classification: Open

Managed Server. Lot 2 - Platform as a Service. Version: 3.0, Issue Date: 05/02/2014. Classification: Open Managed Server Version: 3.0, Issue Date: 05/02/2014 Classification: Open Classification: Open ii MDS Technologies Ltd 201415/12/2014. Other than for the sole purpose of evaluating this Response, no part

More information

Thales Service Definition for IL3 Encrypted Overlay for Cloud Services

Thales Service Definition for IL3 Encrypted Overlay for Cloud Services Thales Service Definition for UK IL3 Encrypted Overlay Thales Service Definition for IL3 Encrypted Overlay for Cloud Services April 2014 Page 1 of 11 Thales Service Definition for UK IL3 Encrypted Overlay

More information

G-Cloud Service Definition. Atos Infrastructure as a Service (IL3) for Cloud IaaS

G-Cloud Service Definition. Atos Infrastructure as a Service (IL3) for Cloud IaaS G-Cloud Service Definition Atos Infrastructure as a Service (IL3) for Cloud IaaS Atos Accredited Secure Cloud Infrastructure as a Service (IL3) Robust, secure, scalable Cloud computing and consumption-based

More information

G Cloud 6. Service Definition: Platform as a Service (PaaS)

G Cloud 6. Service Definition: Platform as a Service (PaaS) G Cloud 6 Service Definition: Platform as a Service (PaaS) Introduction to Centerprise International Limited Centerprise International Limited was established in 1983 as an engineering and manufacturing

More information

SERVICE DEFINITION G-CLOUD 7 CLOUD BACKUP. Classification: Open

SERVICE DEFINITION G-CLOUD 7 CLOUD BACKUP. Classification: Open SERVICE DEFINITION G-CLOUD 7 CLOUD BACKUP Classification: Open Classification: Open ii MDS Technologies Ltd 2015. Other than for the sole purpose of evaluating this Response, no part of this material may

More information

Tactical Cost Reduction

Tactical Cost Reduction Tactical Cost Reduction G-Cloud Service 1 An overview of the G-Cloud Service Information assurance Backup/restore and disaster recovery On-boarding and Off-boarding processes/scope etc. Pricing Service

More information

Primary Storage in the Cloud. Lot 1 - Infrastructure as a Service. Version: 5.0, Issue Date: 07/12/2014. Classification: Open

Primary Storage in the Cloud. Lot 1 - Infrastructure as a Service. Version: 5.0, Issue Date: 07/12/2014. Classification: Open Primary Storage in the Cloud Version: 5.0, Issue Date: 07/12/2014 Classification: Open Classification: Open ii MDS Technologies Ltd 2014. Other than for the sole purpose of evaluating this Response, no

More information

Big Data Analytics Service Definition G-Cloud 7

Big Data Analytics Service Definition G-Cloud 7 Big Data Analytics Service Definition G-Cloud 7 Big Data Analytics Service Service Overview ThinkingSafe s Big Data Analytics Service allows information to be collected from multiple locations, consolidated

More information

GCloud Application Development Service Definition. Application Development

GCloud Application Development Service Definition. Application Development GCloud Service Definition GCloud Service Definition Contents 1.... 3 1.1. Overview... 3 1.2. Information Assurance... 6 1.3. Backup / Restore / Disaster Recovery... 6 1.4. On-boarding and Off-boarding

More information

Cloud Enablement. Lot 4 - Specialist Cloud Services. Version: 2.0, Issue Date: 05/02/2014. Classification: Open

Cloud Enablement. Lot 4 - Specialist Cloud Services. Version: 2.0, Issue Date: 05/02/2014. Classification: Open Cloud Enablement Version: 2.0, Issue Date: 05/02/2014 Classification: Open Classification: Open ii MDS Technologies Ltd 2014. Other than for the sole purpose of evaluating this Response, no part of this

More information

Get Better Protected... Secure data sharing made possible with Updata s Encryption Overlay Service.

Get Better Protected... Secure data sharing made possible with Updata s Encryption Overlay Service. i Compliant Fully managed Encryption Overlay service enabling data sharing across secure networks. Provides operational efficiencies and cost savings through simplified procurement Get Better Protected...

More information

DIGITAL MARKETPLACE (G CLOUD 7) OFFERING. Sopra Steria Integration Platform Support as a Service. Service Overview. Sopra Steria in the public sector

DIGITAL MARKETPLACE (G CLOUD 7) OFFERING. Sopra Steria Integration Platform Support as a Service. Service Overview. Sopra Steria in the public sector DIGITAL MARKETPLACE (G CLOUD 7) OFFERING Sopra Steria Integration Platform Support as a Service Sopra Steria in the public sector Organisations across the public sector choose Sopra Steria to deliver transformation

More information

Cloud Enablement. Lot 4 - Specialist Cloud Services. Version: 3.0, Issue Date: 05/02/2014. Classification: Open

Cloud Enablement. Lot 4 - Specialist Cloud Services. Version: 3.0, Issue Date: 05/02/2014. Classification: Open Cloud Enablement Version: 3.0, Issue Date: 05/02/2014 Classification: Open Classification: Open ii MDS Technologies Ltd 201415/12/2014. Other than for the sole purpose of evaluating this Response, no part

More information

A. Reference information. A0. G-Cloud Programme unique ID number for the service and version number of this scoping template

A. Reference information. A0. G-Cloud Programme unique ID number for the service and version number of this scoping template G-Cloud Service Pan Government Security Accreditation Scope This form is intended for Suppliers of services on the G-Cloud to complete. Upon receipt, the G-Cloud Programme will check Section A, Reference

More information

Cloud Infrastructure Security Management

Cloud Infrastructure Security Management www.netconsulting.co.uk Cloud Infrastructure Security Management Visualise your cloud network, identify security gaps and reduce the risks of cyber attacks. Being able to see, understand and control your

More information

service description Email, SharePoint and File Archive in the Cloud Software as a Service

service description Email, SharePoint and File Archive in the Cloud Software as a Service easy to adopt, easy to use, easy to leave service description Email, SharePoint and File Archive in the Cloud Software as a Service version 4.0 Contents Overview... 3 Example use cases... 3 Pricing...

More information

SECURE CLOUD SOLUTIONS FOR YOUR BUSINESS.

SECURE CLOUD SOLUTIONS FOR YOUR BUSINESS. SECURE CLOUD SOLUTIONS FOR YOUR BUSINESS. 2015 Learning Possibilities Ltd, 506 Centennial Park, Centennial Avenue, Elstree, Herts, WD6 3FG Email: info@cloudpossibilities.com Telephone: +44 (0) 20 8236

More information

HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT

HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT A Review List This paper was put together with Security in mind, ISO, and HIPAA, for guidance as you move into a cloud deployment Dr.

More information

Neocol E-Discovery Consulting Services

Neocol E-Discovery Consulting Services Neocol E-Discovery Consulting Services Service Definition Neocol Reference: 1.0 Version: 1.0 Date: 1 March 2013 1. Service Definition 1.1. Service Overview The E-Discovery Consulting Services address needs

More information

Bramble.cc Konetic - Applicant Tracking/eRecruitment

Bramble.cc Konetic - Applicant Tracking/eRecruitment www.bramble.cc www.konetic.com Service 9 Bramble.cc Konetic - Applicant Tracking/eRecruitment Delivery partner name Konetic Limited An overview of the G-Cloud Service (functional, non functional) Konetic

More information

Involve Cloud Video Conferencing Service. VC:me (Video Conferencing: made easy) Service Definition

Involve Cloud Video Conferencing Service. VC:me (Video Conferencing: made easy) Service Definition Involve Cloud Video Conferencing Service VC:me (Video Conferencing: made easy) Service Definition Contents 1. Service Overview... 3 Reservations Service... 4 Endpoint Management... 4 Reporting... 4 Testing...

More information

G-Cloud Service Definition. Atos Data Quality Audit SCS

G-Cloud Service Definition. Atos Data Quality Audit SCS G-Cloud Service Definition Atos Data Quality Audit SCS Atos Data Quality Audit SCS As organisations increasingly utilise a hybrid of Legacy and Cloud based technology platforms, it becomes increasingly

More information

Keyfort Cloud Services (KCS)

Keyfort Cloud Services (KCS) Keyfort Cloud Services (KCS) Data Location, Security & Privacy 1. Executive Summary The purposes of this document is to provide a common understanding of the data location, security, privacy, resiliency

More information

G-CLOUD IIII FRAMEWORK SERVICE DEFINITION: SCHOOLS HOSTED SERVICE FOR SIMS

G-CLOUD IIII FRAMEWORK SERVICE DEFINITION: SCHOOLS HOSTED SERVICE FOR SIMS G-CLOUD IIII FRAMEWORK SERVICE DEFINITION: SCHOOLS HOSTED SERVICE FOR SIMS Capita Division / Supplier: Service Name: Capita Business Services Ltd SIMS OVERVIEW OF THE SERVICE The hosted service for SIMS

More information

SCC Information Assurance Practice, CLAS Consulting, Check Testing and Accreditation Services

SCC Information Assurance Practice, CLAS Consulting, Check Testing and Accreditation Services SCC Information Assurance Practice, CLAS Consulting, Check Testing and Accreditation Services Contents 1 Introduction...2 2 IA, CLAS Consulting and CHECK Testing...3 3 Information Assurance...4 4 Accreditation...5

More information

GOVERNMENT HOSTING. Cloud Service Security Principles Memset Statement. www.memset.com

GOVERNMENT HOSTING. Cloud Service Security Principles Memset Statement. www.memset.com GOVERNMENT HOSTING Cloud Service Security Principles Memset Statement Summary - March 2014 The Cabinet Office has produced a set of fourteen Cloud Service Security Principles to be considered when purchasers

More information

dxw s WordPress Platform

dxw s WordPress Platform dxw s WordPress Platform G-Cloud lot 2 (PaaS) service definition Version 2 4th July 2012 Page 1 of 12 Overview dxw s WordPress Platform is a highly managed Platform as a Service for hosting WordPress websites.

More information

G-Cloud Service Description. Atos Microsoft Dynamics CRM on Demand

G-Cloud Service Description. Atos Microsoft Dynamics CRM on Demand G-Cloud Service Description Atos Microsoft Dynamics CRM on Demand February 2013 Atos, the Atos logo, Atos Consulting, Atos Worldline, Atos Sphere, Atos Cloud, Atos Healthcare (in the UK) and Atos WorldGrid

More information

ARCHITECTURE SERVICES. G-CLOUD SERVICE DEFINITION.

ARCHITECTURE SERVICES. G-CLOUD SERVICE DEFINITION. ARCHITECTURE SERVICES. G-CLOUD SERVICE DEFINITION. Table of contents 1 Introduction...3 2 Architecture Services...4 2.1 Enterprise Architecture Services...5 2.2 Solution Architecture Services...6 2.3 Service

More information

Amazon Relational Database Service (RDS)

Amazon Relational Database Service (RDS) Amazon Relational Database Service (RDS) G-Cloud Service 1 1.An overview of the G-Cloud Service Arcus Global are approved to sell to the UK Public Sector as official Amazon Web Services resellers. Amazon

More information

G-Cloud Framework Service Definition. Information Distribution Service

G-Cloud Framework Service Definition. Information Distribution Service G-Cloud Framework Service Definition Version: 1.2 Copyright: Acuma Solutions Ltd Acuma Solutions Ltd Waterside Court 1 Crewe Road Manchester M23 9BE Tel: 0870 789 4321 Fax: 0870 789 4250 E-mail: information@acuma.co.uk

More information

G-CLOUD 7 - VIRTUAL ASSET MANAGER (VAM) SPECIALIST CLOUD SERVICES (SCS)

G-CLOUD 7 - VIRTUAL ASSET MANAGER (VAM) SPECIALIST CLOUD SERVICES (SCS) G-CLOUD 7 - VIRTUAL ASSET MANAGER (VAM) SPECIALIST CLOUD SERVICES (SCS) Service Definition 6th October 2015 TABLE OF CONTENTS VIRTUAL ASSET MANAGER (VAM) SPECIALIST CLOUD SERVICES (SCS) 3 SERVICE SUMMARY

More information

G Cloud III Framework Lot 4 (SCS) Project Management

G Cloud III Framework Lot 4 (SCS) Project Management G Cloud III Framework Lot 4 (SCS) Project Management Contents Executive Summary 3 Project Management 4 Why Deloitte? 6 SFIA Rate Card 7 Contact 8 Service Definition (a) to (p) 9 Executive Summary PROJECT

More information

G-Cloud Service Description. Atos: Cloud Professional Services: Requirements Specification

G-Cloud Service Description. Atos: Cloud Professional Services: Requirements Specification G-Cloud Service Description Atos: Cloud Professional Services: Requirements Specification Atos, the Atos logo, Atos Consulting, Atos Worldline, Atos Sphere, Atos Cloud, Atos Healthcare (in the UK) and

More information

Mapping and Geographic Information Systems Professional Services

Mapping and Geographic Information Systems Professional Services Mapping and Geographic Information Systems Professional Services G-Cloud Services RM 1557 Service Definition Esri UK GCloud 5 Lot 4 Specialist Services Government Procurement Service Acknowledgement Esri

More information

Marval Software Limited. G Cloud iii Framework Service Definition

Marval Software Limited. G Cloud iii Framework Service Definition 1 Marval Software Limited G Cloud iii Framework Service Definition Page 1 of 9 2 Contents An overview of the Marval Service Management (MSM) Software Solution... 3 Information assurance Impact Level (IL)

More information

VividApps Limited Service Definition Document

VividApps Limited Service Definition Document VividApps Limited Service Definition Document Page 1 of 10 Overview Reap the Benefits of multiple services from a single application, keeping you proactively connected with your clients. Assurity is a

More information

Secure LAMP Application Server Service

Secure LAMP Application Server Service Service Definition Document GCloud 7 : Product : G7 3.LAMP.008 Summary Secure LAMP Application Server Service Secure managed Web Software service, deliverying a LAMP application Service. Supports a wide

More information

e2e Managed Customer Private Cloud Infrastructure Service Definition Document

e2e Managed Customer Private Cloud Infrastructure Service Definition Document e2e Managed Customer Private Cloud Infrastructure Service Definition Document Overview A range of Private Cloud infrastructure managed services where the customer buys or already owns the physical equipment

More information

Email Router and Vetting G-Cloud Service Definition

Email Router and Vetting G-Cloud Service Definition Email Router and Vetting G-Cloud Service Definition 2013 General Dynamics Information Technology. All rights reserved 1 In partnership with Government and industry-leading technology partners, General

More information

THOMSON REUTERS C-TRACK E-FILING SOFTWARE AS A SERVICE SERVICE DEFINITION FOR G-CLOUD 6

THOMSON REUTERS C-TRACK E-FILING SOFTWARE AS A SERVICE SERVICE DEFINITION FOR G-CLOUD 6 THOMSON REUTERS C-TRACK E-FILING SOFTWARE AS A SERVICE SERVICE DEFINITION FOR G-CLOUD 6 C-Track E-Filing is a stand-alone component of the C-Track product suite which can easily integrate with the C-Track

More information

Thales Service Definition for NOC Services for Cloud

Thales Service Definition for NOC Services for Cloud Thales Service Definition for UK NOC Services Thales Service Definition for NOC Services for Cloud April 2014 Page 1 of 13 Thales Service Definition for UK NOC Services CONTENT Page No. Introduction...

More information

G Cloud 4 Service Definition Document: CDG Common Digital Platform

G Cloud 4 Service Definition Document: CDG Common Digital Platform G Cloud 4 Service Definition Document: CDG Common Digital Platform Table of Contents 1.0 Document Introduction... 3 2.0 Service Definition: CDG Common Digital Platform... 3 2.1 Benefits of the Common Digital

More information

Enterprise IT is complex. Today, IT infrastructure spans the physical, the virtual and applications, and crosses public, private and hybrid clouds.

Enterprise IT is complex. Today, IT infrastructure spans the physical, the virtual and applications, and crosses public, private and hybrid clouds. ENTERPRISE MONITORING & LIFECYCLE MANAGEMENT Unify IT Operations Enterprise IT is complex. Today, IT infrastructure spans the physical, the virtual and applications, and crosses public, private and hybrid

More information

Securing business data. CNS White Paper. Cloud for Enterprise. Effective Management of Data Security

Securing business data. CNS White Paper. Cloud for Enterprise. Effective Management of Data Security Securing business data CNS White Paper Cloud for Enterprise Effective Management of Data Security Jeff Finch, Head of Business Development, CNS Mosaic 2nd July 2015 Contents 1 Non-Disclosure Statement...

More information

Lot 4 Service Specification BUSINESS PROCESS MANAGEMENT (BPM) PROFESSIONAL SERVICES

Lot 4 Service Specification BUSINESS PROCESS MANAGEMENT (BPM) PROFESSIONAL SERVICES Lot 4 Service Specification BUSINESS PROCESS MANAGEMENT (BPM) PROFESSIONAL SERVICES Fujitsu Services Limited, 2013 OVERVIEW OF BUSINESS PROCESS MANAGEMENT (BPM) PROFESSIONAL SERVICES Business Process Management

More information