NCC Group Managed Security Services Pricing

Transcription

1 NCC Group Managed Security Services Pricing G-Cloud Version 1.0 Contact Name: Shakeel Hassan Telephone: +44 (0) NCC Group Manchester Technology Centre Oxford Road Manchester M1 7EF Page 1 of 7

2 NCC Group Managed Security Services Pricing The table below provides pricing for each of our managed security services. NCC Group Services NCC Group Pricing & Notes NCC Group s standard price for DDoS Assured is 1,500. DDoS Assured The service is delivered as a Managed Service ( 1,500 based on 10 Bots with Approximately 200 Requests per second/per bot over a 4 hour duration targeting a web application). Minimum 1 URL is required. There is additional 2,000 price for 1U appliance. Volume discounts available for larger numbers of URLs and/or larger bot net. NCC Group s standard price for DDoS Fire Drill is 1,500. DDoS Fire Drill The service is delivered as a Managed Service ( 1,500 based on 10 Bots with Approximately 200 Requests per second/per bot over a 4 hour duration targeting a web application). Minimum 1 URL is required. There is additional 2,000 price for 1U appliance. Volume discounts available for larger numbers of URLs and/or larger bot net. NCC Group s standard unit price for Managed Security Services Minerva Infrastructure Monitoring Services is 7 UKP. Minerva Services The service is delivered as a Managed Service ( 7/Week/IP Assuming 100 IPs to be scanned and monitored annually). Minimum 1 IP is required. There is additional 1,500 price for 1U appliance. Volume discounts available for larger numbers of URLs. Page 2 of 7

3 NCC Group s standard unit price for Managed Security Services PCI ASV Scanning is 200. PCI ASV Scanning There is a minimum of 10 IPs plus Associated URLs - Scans Conducted Quarterly with Free Retest after each scan if required. Additional 1,500 costs for 1U appliance if internal PCI scanning is required Volume discounts available for larger numbers of IPs/URLs NCC Group s standard unit price for Managed Security Services Web Application Scanning is 90 UKP. Web Application Scanning The service is delivered as a Managed Service ( 90/Month/Web application assuming 20 Web Applications to be scanned on an annual basis). All web application scanning is un-authenticated. Minimum 1 URL is required. There is additional 1,500 price for 1U appliance. Volume discounts available for larger numbers of URLs. Pricing Notes: NCC Group offers a range of volume discounts for our Managed Security Services. This can be shared with the customer upon request. There is sufficient saving available for large number of units purchased NCC Group Managed Security Services price is based on product price, setup (if required) and annual support price Prices are in UK Pounds Sterling and exclusive of VAT, which will be added at the prevailing rate at the time of invoice Payment terms can be mutually agreed between the customer and NCC Group. Page 3 of 7

4 Appendix A - Quality Statement NCC Group is a leading independent provider of IT Assurance, Security and Consultancy services. We are committed to the profitable provision of Consultancy, Escrow and Testing Solutions that exceed our clients' requirements and deliver excellent returns to our shareholders. A minimum client satisfaction rating of 70% (where 50% equates to satisfactory) is the target for all work. Profitability is set for each area of our business each month in an annual plan. Our effectiveness is measured by how well we perform against this plan. This policy is supported by detailed measurable objectives in the form of KPIs (Key Performance Indicators) at all levels in the organisation structure. Performance targets are reviewed on a regular basis by management to ensure quality standards are constantly met and improved. NCC operates a quality system of standards and procedures, which manages and controls all our projects, products and service activities. The quality management system is based on the pertinent parts of the ISO9000 series of standards and is independently assessed for compliance. The implementation of this policy is mandatory and is to be observed by all those who contribute to NCC Group's products and services. Rob Cotton Chief Executive Officer NCC Group Page 4 of 7

5 Appendix B Certificates and Accreditations ISO 27001:2005 NCC Group is certified to ISO 27001:2005 and have been certified since 2005 (LRQ /A) ISO 9001:2008 NCC Group services is accredited to ISO 9001:2008 and have held ISO 9001 status since 1994 (LRQ /A). ISTQB Certified Tester accredited training provider NCC Group is accredited by the International Software Testing Qualifications Board to provide training for the Certified Tester scheme. The ISTQB has issued over 240,000 certifications in more than 70 countries world-wide (March 2012). ISO 17025:2005 NCC Group is accredited to ISO 17025:2005 Testing and Calibration Laboratories under the United Kingdom Accreditation Service. CESG CHECK NCC Group is accredited under the Government s CESG Check scheme for network penetration and testing services. We have been classed as a Green service provider, the highest attainable standard, continuously since Unless specifically stated this assignment will not be performed under CHECK terms and conditions. CESG Tailored Assurance Scheme Provider NCC Group was selected as one of the first companies to provide the CESG Tailored Assurance Service (CTAS), a brand new service from CESG which is intended for a wide range of IT products and systems ranging from simple software components to national infrastructure networks. CESG Listed Adviser Scheme We have a team of CESG CLAS consultants. The CESG CLAS scheme is the accreditation for recognition of skills and experience in information security within the public sector. Page 5 of 7

6 PCI Approved Scan Vendors/PCI Qualified Security Assessor NCC Group is a Qualified Security Assessor (QSA) and an Approved Scan Vendor (ASV) regulated by the PCI Standards Council. CREST Council of Registered Ethical Security Testers NCC Group is an active member of CREST, the standards-based organisation for security assurance testing suppliers aimed at ensuring the very highest standards of leading-edge security testing. London Stock Exchange Premium Accreditation NCC Group is listed as part of the FTSE TECHMARK on the London Stock Exchange. NSW Government Approved Supplier NCC Group is an approved supplier by the NSW Procurement (NSWP), Department of Finance and Services, on behalf of the NSW Government. Page 6 of 7

7 Appendix C Client Testimonials "Our teamwork has resulted in more secure products reaching our customers and NCC Group has proven to be an outstanding, reliable, capable and professional security consulting team." "When McAfee has a need for application security consulting, we turn to the experts at NCC Group. They bring a diverse background in security assessment and research that is unparalleled in the industry today." I am happy to recommend NCC Group because it has consistently been providing Royal Mail with a service which is highly critical to the assurance of our IT applications & infrastructures and which is delivered with expert, high quality and on time reporting and advice. I particularly like their engagement model, being highly responsive, reliable, dependable and professional NCC Group have performed a number of IT Security Health Checks over the last 3 years. On all occasions they have provided a very high level of testing, I have been particularly impressed by the professional and flexible attitude of all consultants that have worked on our network. They have the ability to communicate technical information in a manner which is understood by our senior managers via daily wash up sessions and have always been on hand to answer any additional questions from our service provider NCC Group s communication throughout the project was the strongest point and the results were very professional. "The knowledge and professional skills of this team are probably unique in this very specialized area of security. They lead the world in security vulnerability research and apply that knowledge to their consultancy. In our experience we highly recommend their services." "NCC Group s interpreted complex operations and communicated progress and results in formats understandable by all levels of technical ability within our organisation significantly aiding key stakeholder buy in to improvement actions." "SSE has worked with NCC Group for the past few years. NCC Group is flexible, responsive and accommodating to every request. The team are professional to work with and understanding to our needs. I would gladly recommend NCC Group to anyone." NCC Group understood the brief completely and provided superb support to the project, exemplified by a tireless commitment from the CHECK team in meeting tight deadlines, working with disparate organisations, knowledge and skills transfer outstanding. All involved in delivering security testing services for this project were consummate professionals whose behaviour and commitment was exemplary. A credit at a personal level and to NCC Group The quality and expediency of report writing and submission is without equal in my experience. Well done and thank you "I hope we can continue to grow the relationship with NCC Group and work with your extremely bright and cunning team. Thanks for keeping the door shut to inquisitive kids the world over." "'We have always found NCC Group to be approachable and helpful in all aspects of our network security, nothing is too much trouble for them. The quality of reporting and responses to questions & queries means I would actively recommend them to others. "NCC Group is providing CPNI with advance notification of software vulnerabilities in order to provide mitigation measures to Critical National Infrastructure (CNI) organisations. CPNI is looking forward to continuing this strong partnership with NCC Group." Page 7 of 7