G-Cloud Service Definition. Atos infrastructure Vulnerability Scanning (Outpost24) SaaS

Size: px
Start display at page:

Download "G-Cloud Service Definition. Atos infrastructure Vulnerability Scanning (Outpost24) SaaS"

Transcription

1 G-Cloud Service Definition Atos infrastructure Vulnerability Scanning (Outpost24) SaaS

2 Atos Infrastructure Vulnerability Scanning (Outpost24) SaaS Atos Infrastructure Vulnerability Scanning SaaS powered by the leading scan engine from Outpost24. This cloud based SaaS service ensures the latest scanning technology is deployed to defend the organisation from the ever evolving cyber threat. The fully managed service helps protect an organisations external perimeter by finding the vulnerabilities before the cyber criminals do. Remediation workshops ensure that the actions necessary to fix the vulnerabilities are tracked, monitored and driven through to completion. The service provides comprehensive testing of the external perimeter through infrastructure scanning, web application scanning and PCI ASV Compliance Reporting to identify the organisation vulnerability to cyber-attack. Atos Infrastructure Vulnerability Scanning (Outpost24) SaaS Fast implementation The service can be setup, configured and deliver scan results without the need to install hardware or software in the target organisation. Effective remediation The managed service monitors and tracks the remediation of vulnerabilities to ensure full benefit of scan detection is realised through a reduction in vulnerability profile. There is an option for monthly remediation workshop with stakeholders and IT support providers. PCI DSS ASV SaaS Quick and easy setup of PCI DSS compliance scanning as a cloud service from Outpost24. A quick and efficient solution to verify the infrastructure against the industry standard for PCI-DSS. Four compliance reports per year are sent direct to the authorising bank. There is an option for more frequent scans between quarterly compliance report scans. Globally recognized scan engine In February 2014 Frost & Sullivan s Analysis of Global Vulnerability Management market report named Outpost24 as Notable Global Competitor - Recognition that the Outpost24 solution is successfully challenging the existing scanning vendors. Advanced scan technology February 2014 Frost & Sullivan s Analysis of Global Vulnerability Management market report rated Outpost24 as having the best scan accuracy rate with a low initial scan failure rate of just 0.28%. Low scan failures means fewer false positives and better targeting of effort on the real vulnerabilities. Simple coverage based pricing Simple pricing bands based on number of IPs or web applications covered. Large discounts on 2 nd year of scanning service. Internal network scan options Atos Security Professional Services offers Outpost24 technology for internal infrastructure scanning solutions to complement this external infrastructure scanning service. ii

3 The Atos Infrastructure Vulnerability Scanning (Outpost24) service diagnoses external IT infrastructure network vulnerabilities that threaten the security of sensitive data and systems. The solution uses award winning Outpost24 scanning engine with certified Atos security specialists to deliver a managed security service for protecting the external infrastructure perimeter from cyber threats. What is it? The service examines the external network perimeter from outside the organisation and identifies vulnerabilities that are exposed to cyber criminals wanting to penetrate the infrastructure network. The output provides the business with a list of the vulnerabilities and prioritises the actionable remedies for mitigating the vulnerability risks. Regular frequent scans of the infrastructure means that new vulnerabilities caused by configuration changes, new services and new cyber-attack methods are discovered and remedied before cyber criminals can take advantage and threaten the security of the customers infrastructure. The service options are: External Network Scan of the infrastructure at the external perimeter PCI DSS Approved Scanner Vendor (ASV) Scan External Web Application Scan of web apps at the external perimeter. What makes us unique? This solution allows organisations to benefit from an advanced scanning solution for mitigating the cyber security threat to external network infrastructure in a managed security SaaS. Atos provide the leading infrastructure scanning SaaS solution from Outpost24, together with a managed security service from certified security professionals at Atos UK Security Centre. Infrastructure vulnerabilities found from scan engines are often ignored either through lack of understanding or failure to drive through to remediation. The Atos managed service ensures that the results are communicated regularly and effectively through to organisation stakeholders and IT support teams responsible for closing vulnerabilities in the infrastructure. The result is that vulnerabilities are actively tracked and managed through to removal. The managed service ensures that vulnerabilities are diagnosed, understood and mitigated to progressively improve the overall security of the infrastructure over the life of the service. Atos Infrastructure Vulnerability Scanning (Outpost24) is a managed SaaS and includes: Proof of Concept Service configuration Service Delivery Agreement Reporting and remediation monitoring Alerts via SMS and Notice of threat alerts between scans. iii

4 The service comes in 3 service variants: External network scan A monthly scan and reporting service using Outpost24 OUTSCAN SaaS to diagnose external network vulnerabilities. PCI ASV scan A quarterly PCI ASV scan and compliance report using Outpost24 OUTSCAN PCI SaaS to diagnose external network vulnerabilities for compliance with PCI DSS requirements. Delivered from Outpost24, an Approved Scanning Vendor (ASV) certified by the PCI Security Standards Council. External Web Application scan A monthly scan and reporting service using Outpost24 WAS a web application scanning service All 3 service variants can add options for: Increased scan frequency Remediation workshops Additional reporting Annual executive report. The service benefits organisation CxOs who are responsible for verifying an organisations IT infrastructure is not unwittingly exposed to known cyber threats. The service provides scan results and clear prioritised list of remediation actions to reduce the organisations exposure to cyber threats. The prioritised action list and remediation workshops allow the CxO to push remediation through to a successful conclusion and see the results in subsequent scans. The PCI DSS scan option is a cost effective solution to verifying PCI DSS compliance and output of compliance report to the authorising bank. The service benefits the organisation s security team by releasing them from routine scanning and reporting and allows them to focus on addressing critical security issues and risks. The service benefits organisations with responsibility for implementing appropriate cyber security controls on the IT infrastructure but with no in-house security team. This service can communicate directly with infrastructure stakeholders and IT support teams to ensure that the infrastructure vulnerabilities are understood and acted upon. The service can perform as an independent third party to diagnose and advise management teams on mitigating cyber threats at the infrastructure perimeter. The remediation workshop option delivers guidance and prioritisation direct to the responsible infrastructure teams. iv

5 v

6 Contents 1. Introduction Service summary How this product can be used Service overview Service features External Network Scan PCI DSS Approved Scanner Vendor (ASV) Scan External Web Application Scan Further Deployment Options Service Roadmap Information assurance Backup/restore and disaster recovery On-boarding and off-boarding Pricing External Network Scan PCI DSS Approved Scanner Vendor (ASV) Scan External Web Application Scan Service management Service constraints Service levels Financial recompense Training Ordering and invoicing process Termination terms By consumers (i.e. consumption) By the Supplier (removal of the G-Cloud Service) Data restoration / service migration Customer responsibilities Technical requirements Trial service Glossary vi

7 1. Introduction Atos provides a wide range of security solutions that help customers increasing their level of IT security in a cost effective way. Atos Infrastructure Vulnerability Scanning (Outpost24) SaaS is one such service. The service is delivered by certified security specialists using the market leading product from Outpost24 for mitigating infrastructure vulnerabilities at the external perimeter. Outpost24 is PCI Approved Scanning Vendor (ASV). There are three scan services: External Network Scan of the infrastructure at the external perimeter PCI DSS Approved Scanner Vendor (ASV) Scan External Web Application Scan of web apps at the external perimeter. 1.1 Service summary The service is a subset of Atos and Outpost24 infrastructure scanning capabilities designed specifically as a managed SaaS service for G-Cloud to ensure that the identified vulnerabilities do not get ignored by the parties responsible for resolution. Successful protection requires that the vulnerabilities are not only identified but then managed through to successful remediation. Outpost24 scan technology and Atos service management ensure the results are communicated effectively to support teams and stakeholders. Regular reports of vulnerability discovery and remediation allow the organisation to track vulnerability elimination and mitigation by their IT support partners. Organisations requiring PCI DSS compliance for their authorising bank can contract the PCI ASV service. Outpost24 is an Approved Scanning Vendor (ASV) for PCI DSS compliance. The ASV service generates quarterly compliance reports which can be sent direct to the authorising bank. Key features: Proof of Concept available Fully managed scanning service requires no security expertise from contracting organisation Award winning scanning technology from Outpost24 Independent third party assessment of infrastructure and web applications exposed to external cyber threats Additional options for: Increased scan frequency Remediation workshops Ad-hoc scans Atos Security Professional Services can deliver solutions for internal infrastructure scanning for private cloud and on-premise solutions. 1

8 1.2 How this product can be used The three service options are used to: Provide regular detection of external infrastructure vulnerabilities at risk of cyber-attack Inform management of the vulnerabilities and provide prioritised remediation advice to improve the protection of the infrastructure to cyber threats Prioritise the remediation actions and interface with the organisations IT infrastructure support teams to ensure that vulnerabilities are identified, tracked and managed through to closure Give independent third party assessment of infrastructure vulnerability Provide a managed security service for diagnosing infrastructure and web application vulnerabilities for organisations that cannot spare valuable internal security resources for this routine but essential task Generate quarterly PCI ASV compliance report demanded by authorising bank for PCI DSS compliance (PCI ASV scan only) Diagnose vulnerabilities specific to externally facing web applications (web application scan only). 2

9 2. Service overview 2.1 Service features As organisations increase their dependency on timely, correct and confidential digital information, their exposure to cyber threats increase. Coupled with increased connectivity and interoperability of IT delivery eco-systems, the surface area of potential attack is further increased. Historically, online and network security technologies such as anti-malware, IDS systems and log monitoring detected infections and attack signatures, only requiring action after an incident occurred. This reactive approach is no longer sufficient given that the damage is done as soon as the vulnerability is exploited. Furthermore, security specialists are in short supply and difficult to retain. Just buying a scanning tool means that the steps for mitigating the discovered security vulnerabilities are not always understood or acted upon. The Atos Infrastructure Vulnerability Scanning (Outpost24) SaaS solves this challenge by combining the award winning Outpost24 scan engine with a managed security service to discover vulnerabilities and then help manage remediation through to completion. The result is that vulnerabilities are systematically discovered and then managed out of the infrastructure. Thus leading to a long term and sustained improvement in the organisations resistance to cyber-attack. The Atos Infrastructure Vulnerability Scanning (Outpost24) SaaS has three scan services: External Network Scan of the infrastructure at the external perimeter PCI DSS Approved Scanner Vendor (ASV) Scan External Web Application Scan of web apps at the external perimeter. 2.2 External Network Scan The External Network Scan utilises Outpost24 OUTSCAN SaaS. OUTSCAN diagnoses external network vulnerabilities; the service analyses the vulnerabilities and prioritises the remediation actions. Atos certified security professionals report on and track the remediation of the vulnerabilities discovered. The discovery, diagnosis, reporting of vulnerabilities combined with tracking the remediation actions, helps secure sensitive data against external cyber threats. The standard service provides monthly scans of the infrastructure. Outpost24 Scanless Scanning technology provides additional protection between scans by alerting immediately upon detection of new threats that can potentially exploit vulnerabilities in the organisations infrastructure. The Atos solution provides: Commissioning of OUTSCAN service against a defined list of network addresses Scan template setup, automated reporting setup and service initiation Service Delivery Agreement 3

10 Monthly scan reporting, analysis, and interpretation by Atos Security Centre. Including: Trends, risks, solutions and vulnerabilities CVSS (Common Vulnerability Scoring System) risk rating allows quick identification of critical risks, using a scale Remediation action tracking Flexible data selection in reports Alerts from new threats between scheduled scans detected by OUTSCAN scanless scanning Additional options for: More scans e.g. higher frequency or remediation scans Remediation workshops, one day workshop from security specialist to stakeholders and IT infrastructure owners to advise and consult upon remediation activities. End of year executive report. Proof of concept. 2.3 PCI DSS Approved Scanner Vendor (ASV) Scan The PCI ASV Scan uses the Outpost24 OUTSCAN PCI cloud SaaS. Outpost24 is an Approved Scanning Vendor (ASV) certified by the PCI Security Standards Council. OUTSCAN PCI is an extension of OUTSCAN designed specifically to verify and prove PCI DSS compliance. OUTSCAN PCI examines network perimeters for vulnerabilities that cause non-compliance with PCI DSS requirements. The standard service provides quarterly compliance report scans with compliance reports sent directly to the authorising bank. The service is delivered from the Outpost24 cloud SaaS, is quick to initiate and is a very cost effective means of verifying PCI DSS compliance. The Atos solution provides: Commissioning of OUTSCAN PCI service against a defined list of network addresses Scan template setup, automated reporting setup and service initiation Service Delivery Agreement Quarterly compliance scan and report Additional options for: Increased scan frequency scheduled either as monthly scans or verification scans prior to scan for PCI ASV compliance report Remediation workshops, one day workshop from security specialist to stakeholders and IT infrastructure owners to advise and consult upon remediation activities. Ad-hoc scans Failed compliance findings enquiry resolution Proof of concept. 4

11 2.4 External Web Application Scan The External Web Application Scan utilises Outpost24 WAS SaaS. Outpost24 WAS inspects web applications and detects vulnerabilities and deviations from security best practices. The majority of external cyber-attacks are against web application weaknesses. Consequently this service is invaluable for organisations with web applications delivering important information, content and services on the internet. The standard service provides monthly scans of the external facing web applications including the auditing of features like: Cross-Site Scripting SQL injection Blind SQL injection Insecure cryptographic solutions Insecure session management Incorrect server configurations Information disclosure detection (Credit Cards) Incorrect header information CRLF injections Command execution Format string exceptions Un-validated redirects AJAX support. The Atos solution provides: Commissioning of OUTSCAN WAS service against defined list of web application addresses. Scan template setup, automated reporting setup and service initiation. Service Delivery Agreement Monthly scan reporting, analysis, and interpretation by Atos Security Centre. Including: Trends, risks, solutions and vulnerabilities CVSS (Common Vulnerability Scoring System) risk rating allows quick identification of critical risks, using a scale Remediation action tracking Flexible data selection in reports Additional options for: Proof of concept More scans e.g. higher frequency or remediation scans Remediation workshops, one day workshop from security specialists to stakeholders and IT infrastructure owners to advise and consult upon remediation activities End of year executive report. 5

12 2.5 Further Deployment Options The services described above protect the external perimeter but many security breaches are caused by those with access to internal networks, including staff, former employees, consultants, vendors and customers. Data and asset protection must be managed proactively to effectively protect sensitive information, intellectual property, service continuity and personal data. Atos Security Professional Services can provide internal network vulnerability solutions using the Outpost24 technology. 2.6 Service Roadmap The Outpost24 product range is under continual improvement. By adopting the SaaS solutions described in this service, the organisation is assured of remaining up to date with the latest developments in scanning technology without the need for managing software updates and new product installations in the organisations infrastructure. 6

13 3. Information assurance The standard product is available at Impact Level 0 (IL0). The service can be run at higher Impact Levels up to IL5 if required subject to a formal accreditation. 7

14 4. Backup/restore and disaster recovery Where Atos has agreement to store data from the scan it is downloaded from the scanning platform and stored securely at an Impact Level agreed with the organisation. In the event of the scanning platform failing a new platform is built from a master build image. Collected scan data is stored in Outpost24 SaaS, Atos UK data centres or organisation network depending on the service configuration. 8

15 5. On-boarding and off-boarding On-boarding On-boarding the service is simple. Prior to conducting the scan the Atos security specialists will discuss the customer s needs of the scan to determine the coverage, frequency and depth of the scan activity and the type of reporting required. A Service Delivery Agreement defines the service, communication channels and escalation points to be used for the duration of the service. Off-boarding Should the customer decide to de-commission the scanning service, all future scans are cancelled and the customer will receive a copy of the data collected in the scanning activities conducted to that date, all data held by Atos will then be destroyed. 9

16 6. Pricing 6.1 External Network Scan The table below is for between 1-10 IP addresses Service Year1 Year2 Notes External Network Scan Up to 10 IP addresses Additional Monthly Written Report Remediation Workshop End of Year Executive Report Additional adhoc scans 8,195 4,295 Outpost24 OUTSCAN SaaS up to 10 IP addresses. Year1 includes Service commissioning, scan template setup, report setup, service initiation, SDA, 12 monthly scans and delivery of automatically generated scan reports. Includes automatic threat alerts between scans. Year 2 price conditional on no break in service from Year 1. 11,495 11,495 Analysis of trends, threats, issues identified in the OUTSCAN generated scan report. 17,195 17,195 Monthly one day time boxed workshop on prioritised remediation actions. Held at UK customer site. 2,595 2,595 Analysis of trends, threats, issues, and risks over the preceding 12 months. Includes recommended action plan for next 12 months. 3,595 3, ad-hoc scans of all or part of the scheduled scan IP addresses. The scans can be requested over the contract period in place at time of purchase. The table below is for between IP addresses Service Year1 Year2 Notes External Network Scan Up to 50 IP addresses Additional Monthly Written Report Remediation Workshop 16,995 12,995 Outpost24 OUTSCAN SaaS up to 50 IP addresses. Year1 includes Service commissioning, scan template setup, report setup, service initiation, SDA, 12 monthly scans and delivery of automatically generated scan reports. Includes automatic threat alerts between scans. Year 2 price conditional on no break in service from Year 1. 45,995 45,995 Analysis of trends, threats, issues identified in the OUTSCAN generated scan report. 17,195 17,195 Monthly one day time boxed workshop on prioritised remediation actions. Held at UK customer site. 10

17 Service Year1 Year2 Notes End of Year Executive Report Additional adhoc scans 5,195 5,195 Analysis of trends, threats, issues, and risks over the preceding 12 months. Includes recommended action plan for next 12 months. 13,995 13, ad-hoc scans of all or part of the scheduled scan IP addresses. The scans can be requested over the contract period in place at time of purchase. 6.2 PCI DSS Approved Scanner Vendor (ASV) Scan The table below is for between 1-10 IP addresses Service Year1 Year2 Notes PCI ASV Scan Up to 10 IP addresses Additional Quarterly Written Report Remediation Workshop Additional monthly verification scans End of Year Executive Report 5,195 1,395 Outpost24 OUTSCAN PCI ASV up to 10 IP addresses. Year1 includes Service commissioning, scan template setup, report setup, service initiation, SDA, 4 quarterly compliance scans and delivery of automatically generated scan reports. Year 2 price conditional on no break in service from Year 1. 3,995 3,995 Analysis of trends, threats, issues identified in the OUTSCAN quarterly generated scan report. 5,995 5,995 Quarterly, one day time boxed workshop on prioritised remediation actions. Held at UK customer site. 1,795 1, additional compliance scans and scan results. No compliance report produced. 2,595 2,595 Analysis of trends, threats, issues, and risks over the preceding 12 months. Includes recommended action plan for next 12 months. Failed compliance findings enquiry resolution Time & materials Time & materials Security specialist to investigate PCI ASV scan non-compliance events. Rates as per SFIA rate card - Atos 11

18 The table below is for between IP addresses Service Year1 Year2 Notes PCI ASV Scan Up to 50 IP addresses Additional Quarterly Written Report Remediation Workshop Additional monthly verification scans End of Year Executive Report 8,195 4,395 Outpost24 OUTSCAN PCI ASV up to 50 IP addresses. Year1 includes Service commissioning, scan template setup, report setup, service initiation, SDA, 4 quarterly compliance scans and delivery of automatically generated scan reports. Year 2 price conditional on no break in service from Year 1. 15,495 15,495 Analysis of trends, threats, issues identified in the OUTSCAN generated scan report. 5,995 5,995 Quarterly one day time boxed workshop on prioritised remediation actions. Held at UK customer site. 6,995 6, additional compliance scans and scan results. No compliance report produced. 5,195 5,195 Analyses trends over the year including, threats, vulnerability sources, and remediation progress. Failed compliance findings enquiry resolution Time & materials Time & materials Security specialist to investigate PCI ASV scan non-compliance events. Rates as per SFIA rate card - Atos 6.3 External Web Application Scan The table below is for between 1-10 IP addresses Service Year1 Year2 Notes External Web Application Scan Up to 10 web app addresses Additional Monthly Written Report 8,995 5,195 Outpost24 OUTSCAN WAS SaaS up to 10 web app addresses. Year1 includes Service commissioning, scan template setup, report setup, service initiation, SDA, 12 monthly scans and delivery of automatically generated scan reports. Includes automatic threat alerts between scans. Year 2 price conditional on no break in service from Year 1. 11,495 11,495 Analysis of trends, threats, issues identified in the OUTSCAN WAS generated scan report. 12

19 Service Year1 Year2 Notes Remediation Workshop End of Year Executive Report Additional adhoc scans 17,195 17,195 Monthly one day time boxed workshop on prioritised remediation actions. Held at UK customer site. 2,595 2,595 Analyses trends over the year including, threats, vulnerability sources, and remediation progress. 3,595 3, ad-hoc scans of all or part of the scheduled scan web app addresses. The scans can be requested over the contract period in place at time of purchase. The table below is for between IP addresses Service Year1 Year2 Notes External Web Application Scan Up to 50 web app addresses Additional Monthly Written Report Remediation Workshop End of Year Executive Report Additional adhoc scans 18,995 14,995 Outpost24 OUTSCAN WAS SaaS up to 50 web app addresses. Year1 includes Service commissioning, scan template setup, report setup, service initiation, SDA, 12 monthly scans and delivery of automatically generated scan reports. Includes automatic threat alerts between scans. Year 2 price conditional on no break in service from Year 1. 45,995 45,995 Analysis of trends, threats, issues identified in the OUTSCAN WAS generated scan report. 17,195 17,195 Monthly one day time boxed workshop on prioritised remediation actions. Held at UK customer site. 5,195 5,195 Analyses trends over the year including, threats, vulnerability sources, and remediation progress. 13,995 13, ad-hoc scans of all or part of the scheduled scan web app addresses. The scans can be requested over the contract period in place at time of purchase. 13

20 7. Service management The service is typically available during standard Working Hours/Days Monday to Friday 09:00 to 17:30 excluding public holidays. Scans can be scheduled out of hours or in predefined service windows and IP ranges by arrangement. Automated reports output directly from the Outpost24 product can be communicated to an agreed recipient/location on scan completion. Alerts from Outpost24 scanless scanning capability can be automatically communicated to the agreed escalation point when they are received from Outpost24. Where detailed reports are a service deliverable the detailed reports from the scans are communicated within 5 days of the scan completion. 14

21 8. Service constraints In order for the scan to be conducted the Customer will need to: Give authorisation for the scan to proceed Provide details of the IP addresses to be scanned Give access to the perimeter of infrastructure estate containing the IPs and web applications to be scanned. The service only provides information of the vulnerabilities discovered, remediation action remains a customer responsibility or that of the customer s service providers. Additional remediation advice can be arranged via Professional Security Service options to assist the organisation s IT support functions in the remediation of vulnerabilities discovered. 15

22 9. Service levels The standard service level is: Service measure Typical service level Service Availability 95% Service Availability Window Support Availability Window (second line) Support Language Report generation 09:00-17:00 Mon-Fri Business Days 5*9 hours: Business Days, 08:00-17:00 h English Inform stakeholders that a report is readily available within 5 days after scan has been conducted 16

23 10. Financial recompense To minimise the cost to users, Atos does not provide service credits for use of the service. All Atos services are provided on a reasonable endeavours basis. Please refer to G Cloud terms and conditions. In accordance with the guidance within the GPS G-Cloud Framework Terms and Conditions, the Customer may terminate the contract at any time, without cause, by giving at least thirty (30) Working Days prior notice in writing. The Call Off Contract terms and conditions and the Atos terms will define the circumstances where a refund of any pre-paid service charges may be available. 17

24 11. Training No training is required to benefit from this service although the scan report should be communicated to security and infrastructure specialists in the customer s organisation or that of the service providers in order to remedy the vulnerabilities discovered. Atos security specialists will discuss the coverage and benefit from the various scan options prior to scanning the estate. Options are available for remediation workshops and advice. If training and guidance to customer staff and providers is required it can be provided at the rates defined in our Atos Information Security Professional Services SFIA Rate Card - Atos that was submitted as part of our G-Cloud submission. Please get in touch for details 18

25 12. Ordering and invoicing process Ordering this product is a straightforward process. Please forward your requirements to the address Atos will prepare a quotation and agree that quotation with you, including any volume discounts that may be applicable. Once the quotation is agreed, Atos will issue the customer with the necessary documentation (as required by the G-Cloud Framework) and ask for the customer to provide Atos with a purchase order. Once received, the customer services will be configured to the requirements as per the original quotation. For new customers, additional new supplier forms may need to be completed. Invoices will be issued to the customer and Shared Services (quoting the purchase order number) for the services procured. On a monthly basis, Atos will also complete the mandated management information reports to Government Procurement Services detailing the spend that the customer has placed with us. Cabinet Office publish a summary of this monthly management information at: 19

26 13. Termination terms 13.1 By consumers (i.e. consumption) Termination shall be in accordance with: The G-Cloud Framework terms and conditions Any terms agreed within the Call Off Contract under section 10.2 of the Order Form (termination without cause) where the Government Procurement Service (GPS) guidance states At least thirty (30) Working Days in accordance with Clause CO-9.2 of the Call-Off Contract Atos Supplier Terms for this Service as listed on the G-Cloud CloudStore. For this specific service, by default Atos ask for at least thirty (30) Working Days prior written notice of termination as per the guidance within the GPS G-Cloud Framework Terms and Conditions By the Supplier (removal of the G-Cloud Service) Atos commits to continue to provide the service for the duration of the Call Off Contract subject to the terms and conditions of the G-Cloud Framework and Atos Supplier Terms. 20

27 14. Data restoration / service migration Not applicable as there is no data to restore and no service to migrate. 21

28 15. Customer responsibilities The principal customer responsibilities are: Provide all required authorisation for scanning the Customer infrastructure. Where access disputes arise, the consumer will mediate the dispute and inform Atos of the outcome Ensure that the Security Specialists conducting the scan have access to all areas of the customer infrastructure needed to fulfil the service Provide all possible assistance to allow the Atos security specialists to operate at the specified infrastructure sites Escalate and manage the actions required to deal with any security remediation or mitigation recommended from the scan service. 22

29 16. Technical requirements Technical requirements will be discussed and agreed with customer and their representatives prior to the first scan. 23

30 17. Trial service Trial services are available for all 3 service variants: External Network Scan 2 week proof of concept against a single IP on the external perimeter and output of a sample report PCI ASV Scan 2 week proof of concept against a single IP scan and output of a sample report Web Application Scan - 2 week proof of against a single web application on the external perimeter and output of a sample report. 24

31 18. Glossary Term 2FA APT ASAC-S ASV CEH CISM CISSP GPS IL IP LDAP OATH RADIUS RSA SAML Security+ SMS SSCP SSL SSO TCO VPN Explanation Two Factor Authentication Advanced Persistent Threat Atos Secure Authentication for Cloud SafeNet Approved Scanning Vendor for PCI DSS Certified Ethical Hacking Certified Information Security Manager Certified Information Security Professional Government Procurement Service Impact Level Internet Protocol address, a numerical label assigned to each device on the network. Lightweight Directory Access Protocol Open AuTHentication an open source standard Remote Authentication Dial-In User Service Product Vendor Security Assertion Markup Language CompTIA Security+ certification Short Message Service Systems Security Certified Practitioner Secure Socket Layer Single Sign On Total Cost of Ownership Virtual Private Network 25

32 26

G-Cloud Service Definition. Atos infrastructure Vulnerability Scanning (Outpost24) SaaS

G-Cloud Service Definition. Atos infrastructure Vulnerability Scanning (Outpost24) SaaS G-Cloud Service Definition Atos infrastructure Vulnerability Scanning (Outpost24) SaaS Atos Infrastructure Vulnerability Scanning (Outpost24) SaaS Atos Infrastructure Vulnerability Scanning SaaS is powered

More information

G-Cloud Service Definition. Atos Information Security Wireless Scanning Service

G-Cloud Service Definition. Atos Information Security Wireless Scanning Service G-Cloud Service Definition Atos Information Security Wireless Scanning Service Keeping your wireless networks secure Atos Information Security Wireless Scanning Service The Atos Wireless Scanning Service

More information

G-Cloud Pricing. Atos infrastructure Vulnerability Scanning (Outpost24) SaaS

G-Cloud Pricing. Atos infrastructure Vulnerability Scanning (Outpost24) SaaS G-Cloud Pricing Atos infrastructure Vulnerability Scanning (Outpost24) SaaS Contents 1. Introduction... 1 2. Pricing... 2 2.1 External Network Scan... 2 2.2 PCI DSS Approved Scanner Vendor (ASV) Scan...

More information

G-Cloud Service Definition. Atos Security Professional Services SCS

G-Cloud Service Definition. Atos Security Professional Services SCS G-Cloud Service Definition Atos Security Professional Services SCS Atos Security Professional Services SCS Security Professional Services delivered by experienced certified professionals empowered by market

More information

G-Cloud Service Definition. Atos Data Quality Audit SCS

G-Cloud Service Definition. Atos Data Quality Audit SCS G-Cloud Service Definition Atos Data Quality Audit SCS Atos Data Quality Audit SCS As organisations increasingly utilise a hybrid of Legacy and Cloud based technology platforms, it becomes increasingly

More information

G-Cloud 7 Service Definition. Atos Oracle Cloud ERP Implementation Services

G-Cloud 7 Service Definition. Atos Oracle Cloud ERP Implementation Services G-Cloud 7 Service Definition Atos Oracle Cloud ERP Implementation Services Atos Oracle Cloud ERP Implementation Services Customers need adaptive and agile Enterprise Resource Planning (ERP) systems to

More information

G-Cloud Service Definition Canopy Big Data proof of concept Service SCS

G-Cloud Service Definition Canopy Big Data proof of concept Service SCS G-Cloud Service Definition Canopy Big Data proof of concept Service SCS Canopy Big Data proof of concept Service SCS Canopy Big Data Proof of Concept (PoC) Service is a consulting service that helps the

More information

G-Cloud Service Definition. Atos Rapid Pilot Mobile Application Development Service SCS

G-Cloud Service Definition. Atos Rapid Pilot Mobile Application Development Service SCS G-Cloud Service Definition Atos Rapid Pilot Mobile Application Development Service SCS Atos Rapid Pilot Mobile Applications Development Service SCS Designed to provide rapid development and deployment

More information

G-Cloud Service Definition. Atos Business Intelligence Dashboards and Analytics SCS

G-Cloud Service Definition. Atos Business Intelligence Dashboards and Analytics SCS G-Cloud Service Definition Atos Business Intelligence Dashboards and Analytics SCS Atos Business Intelligence Dashboards and Analytics SCS The Atos approach to Business Intelligence (BI) Dashboards and

More information

G-Cloud Service Definition. Atos SI Oracle CRM and CX Services

G-Cloud Service Definition. Atos SI Oracle CRM and CX Services G-Cloud Service Definition Atos SI Oracle CRM and CX Services Atos SI Oracle CRM and CX Services SCS Atos provides a range of expert Customer Relationship Management (CRM) and Customer Experience (CX)

More information

GPG13 Protective Monitoring. Service Definition

GPG13 Protective Monitoring. Service Definition GPG13 Protective Monitoring Service Definition Issue Number V1.3 Document Date 27 November 2014 Author: D.M.Woodcock Classification UNCLASSIFIED Version G-Cloud 6 2014 Copyright Assuria Limited. All rights

More information

G-Cloud Service Definition. Canopy Unmanaged Enterprise Private Cloud (IL3 Capable) IaaS

G-Cloud Service Definition. Canopy Unmanaged Enterprise Private Cloud (IL3 Capable) IaaS G-Cloud Service Definition Canopy Unmanaged Enterprise Private Cloud (IL3 Capable) IaaS Canopy Unmanaged Enterprise Private Cloud IaaS Canopy Unmanaged Enterprise Private Cloud delivers the efficiencies,

More information

G-Cloud Service Definition Lotus Notes to Microsoft SharePoint Migration Discovery Service

G-Cloud Service Definition Lotus Notes to Microsoft SharePoint Migration Discovery Service G-Cloud Service Definition Lotus Notes to Microsoft SharePoint Migration Discovery Service Lotus Notes to Microsoft SharePoint Migration Discovery Service This service provides an opportunity to review

More information

G-Cloud Service Definition. Atos SharePoint Development Service

G-Cloud Service Definition. Atos SharePoint Development Service G-Cloud Service Definition Atos SharePoint Development Service SharePoint Development Services SCS A comprehensive electronic document and records management, collaboration or web content management solution

More information

G-Cloud Service Definition. Atos Oracle Cloud ERP Implementation Services

G-Cloud Service Definition. Atos Oracle Cloud ERP Implementation Services G-Cloud Service Definition Atos Oracle Cloud ERP Implementation Services Atos Oracle Cloud ERP Implementation Services Customers need adaptive and agile Enterprise Resource Planning (ERP) systems to support

More information

External Supplier Control Requirements

External Supplier Control Requirements External Supplier Control s Cyber Security For Suppliers Categorised as Low Cyber Risk 1. Asset Protection and System Configuration Barclays Data and the assets or systems storing or processing it must

More information

G-Cloud Service Definition Canopy Big Data proof of concept Service SCS

G-Cloud Service Definition Canopy Big Data proof of concept Service SCS G-Cloud Service Definition Canopy Big Data proof of concept Service SCS Canopy Big Data proof of concept Service SCS Canopy Big Data Proof of Concept (PoC) Service is a consulting service that helps the

More information

G-Cloud Service Definition. Atos Business Intelligence Dashboards and Analytics SCS

G-Cloud Service Definition. Atos Business Intelligence Dashboards and Analytics SCS G-Cloud Service Definition Atos Business Intelligence Dashboards and Analytics SCS Atos Business Intelligence Dashboards and Analytics SCS The Atos approach to Business Intelligence (BI) Dashboards and

More information

G-Cloud Service Definition. Atos Digital Marketing Specialist Cloud Services

G-Cloud Service Definition. Atos Digital Marketing Specialist Cloud Services G-Cloud Service Definition Atos Digital Marketing Specialist Cloud Services Atos Digital Marketing SCS Atos Digital Marketing is a range of services to help customers develop and promote their digital

More information

PSN Protective Monitoring. Service Definition

PSN Protective Monitoring. Service Definition PSN Protective Monitoring Service Definition Issue Number V3.0 Document Date 29 September 2015 Author: R.N. Connor Classification UNCLASSIFIED Version G-Cloud 7 2015 Copyright Tenian Limited. All rights

More information

Keeping your data yours

Keeping your data yours CORPORATE BROCHURE Keeping your data yours Outpost24 provides state of the art vulnerability management technology and services that simplify the complex security needs of modern businesses. Since 2001,

More information

G-Cloud Service Definition. Atos Software Development Services

G-Cloud Service Definition. Atos Software Development Services G-Cloud Service Definition Atos Software Development Services Atos Software Solution Development Services A flexible and robust software development service focussed on delivering maximum business value

More information

Software as a Service (SaaS) Online HR

Software as a Service (SaaS) Online HR Software as a Service (SaaS) Online HR Contents Service Definition... 3 An overview of the G-Cloud Service... 3 Key Service Attributes... 4 Information assurance... 4 Details of the level of backup/restore

More information

Keeping your data yours

Keeping your data yours CORPORATE BROCHURE Keeping your data yours Outpost24 provides state of the art vulnerability management technology and services that simplify the complex security needs of modern businesses. Since 2001,

More information

G-Cloud Service Definition. Canopy Remote Backup for Cloud SaaS

G-Cloud Service Definition. Canopy Remote Backup for Cloud SaaS G-Cloud Service Definition Canopy Remote Backup for Cloud SaaS Canopy Remote Backup for Cloud SaaS Canopy, an Atos company provides a highly secure, cloud backup and file management service for Internet-connected

More information

G-CLOUD FRAMEWORK SERVICE DEFINITION. Kofax Model Office Bundle Proposal ISSUE 1

G-CLOUD FRAMEWORK SERVICE DEFINITION. Kofax Model Office Bundle Proposal ISSUE 1 G-CLOUD FRAMEWORK SERVICE DEFINITION Kofax Model Office Bundle Proposal ISSUE 1 Sept 2013 Table of Contents 1 SERVICE OVERVIEW & SOLUTION... 2 2 INFORMATION ASSURANCE... 3 3 BACKUP/RESTORE AND DISASTER

More information

G-Cloud Service Definition. Atos Total Application Performance Management for Cloud SaaS

G-Cloud Service Definition. Atos Total Application Performance Management for Cloud SaaS G-Cloud Service Definition Atos Total Application Performance Management for Cloud SaaS Atos Total Application Performance Management Cloud SaaS Total Application Performance Management helps your organisation

More information

PAAS Public Sector Managed Services

PAAS Public Sector Managed Services Meritec Limited Meritec House, Acorn Business Park, Skipton, North Yorkshire, BD23 2UE 0845 3451155 servicepoint@meritec.co.uk www.meritec.co.uk Registered In England & Wales No. 3224622 Table of Contents

More information

Lot 1 Service Specification MANAGED SECURITY SERVICES

Lot 1 Service Specification MANAGED SECURITY SERVICES Lot 1 Service Specification MANAGED SECURITY SERVICES Fujitsu Services Limited, 2013 OVERVIEW OF FUJITSU MANAGED SECURITY SERVICES Fujitsu delivers a comprehensive range of information security services

More information

A Decision Maker s Guide to Securing an IT Infrastructure

A Decision Maker s Guide to Securing an IT Infrastructure A Decision Maker s Guide to Securing an IT Infrastructure A Rackspace White Paper Spring 2010 Summary With so many malicious attacks taking place now, securing an IT infrastructure is vital. The purpose

More information

G-Cloud Service Definition. Atos Oracle Database Upgrade

G-Cloud Service Definition. Atos Oracle Database Upgrade G-Cloud Service Definition Atos Oracle Database Upgrade Database Upgrade for SCS While providing a technical database upgrade facility, Atos also assist organisations in maximising the benefits from the

More information

Managed Service Solutions Catalogue. MANAGED SERVICES SOLUTIONS CATALOGUE MS Offering Overview June 2014

Managed Service Solutions Catalogue. MANAGED SERVICES SOLUTIONS CATALOGUE MS Offering Overview June 2014 Managed Service Solutions Catalogue MANAGED SERVICES SOLUTIONS CATALOGUE MS Offering Overview June 2014 1 MANAGED SERVICES SOLUTIONS CATALOGUE Managed Services Solutions Catalogue Managed Service Solutions

More information

Service Definition Nine23 MDM

Service Definition Nine23 MDM Service Definition Nine23 MDM G-Cloud iv Contents 1 Service Nine23 Mobile Device Management System.....4 1.1 Overview Nine23 MDM...... 4 1.2 Open Standards. 5 1.3 User requirements.....5 1.3.1 Client Browser....5

More information

Service Definition Document

Service Definition Document Service Definition Document QinetiQ Secure Cloud Protective Monitoring Service (AWARE) QinetiQ Secure Cloud Protective Monitoring Service (DETER) Secure Multi-Tenant Protective Monitoring Service (AWARE)

More information

Vulnerability Management

Vulnerability Management Vulnerability Management Buyer s Guide Buyer s Guide 01 Introduction 02 Key Components 03 Other Considerations About Rapid7 01 INTRODUCTION Exploiting weaknesses in browsers, operating systems and other

More information

IPL Service Definition - Data Recovery, Conversion and Migration

IPL Service Definition - Data Recovery, Conversion and Migration IPL Proposal IPL Service Definition - Data Recovery, Conversion and Migration Project: Date: 10 April 2014 Issue Number: V1 Customer: Crown Commercial Service Page 1 of 10 IPL Information Processing Limited

More information

G-Cloud Service Definition. Atos Call Centre Services SCS

G-Cloud Service Definition. Atos Call Centre Services SCS G-Cloud Service Definition Atos Call Centre Services SCS Atos Call Centre Services SCS Summary Atos SIAM Service Desk is designed to provide a core part of the SIAM Tower model for ICT delivery. This service

More information

G-Cloud Service Definition. Canopy Enterprise Content Management for Cloud SaaS

G-Cloud Service Definition. Canopy Enterprise Content Management for Cloud SaaS G-Cloud Service Definition Canopy Enterprise Content Management for Cloud SaaS Canopy Enterprise Content Management (ECM) Canopy ECM is a central, on-demand hub providing the entire Customer document and

More information

G-CLOUD 7 - VIRTUAL ASSET MANAGER (VAM) SPECIALIST CLOUD SERVICES (SCS)

G-CLOUD 7 - VIRTUAL ASSET MANAGER (VAM) SPECIALIST CLOUD SERVICES (SCS) G-CLOUD 7 - VIRTUAL ASSET MANAGER (VAM) SPECIALIST CLOUD SERVICES (SCS) Service Definition 6th October 2015 TABLE OF CONTENTS VIRTUAL ASSET MANAGER (VAM) SPECIALIST CLOUD SERVICES (SCS) 3 SERVICE SUMMARY

More information

Security Consultants / Security Managed Services

Security Consultants / Security Managed Services Security Consultants / Security Managed Services Service Definition Document for G-Cloudv7 Services October 2015 Table of Contents Service Overview...3 Our Approach... 3 Features... 3 Benefits... 4 ON-BOARDING

More information

Keeping your data yours.

Keeping your data yours. CORPORATE BROCHURE Keeping your data yours. Since 2001, Outpost24 has been a leader in vulnerability management solutions, developing state of the art vulnerability management technology from the core

More information

Specialist Cloud Services Lot 4 Cloud EDRM Consultancy Services

Specialist Cloud Services Lot 4 Cloud EDRM Consultancy Services Specialist Cloud Services Lot 4 Cloud EDRM Consultancy Services Page 1 1 Contents 1 Contents... 2 2 Transcend360 Introduction... 3 3 Service overview... 4 3.1 Service introduction... 4 3.2 Service description...

More information

1. Perimeter Security Dealing with firewall, gateways and VPNs and technical entry points. Physical Access to your premises can also be reviewed.

1. Perimeter Security Dealing with firewall, gateways and VPNs and technical entry points. Physical Access to your premises can also be reviewed. Service Definition Technical Security Review Overview of Service Considering the increasing importance of security, the number of organisations that allow for contingency in their Information Security

More information

G-Cloud Service Description. Atos Microsoft Dynamics CRM on Demand

G-Cloud Service Description. Atos Microsoft Dynamics CRM on Demand G-Cloud Service Description Atos Microsoft Dynamics CRM on Demand February 2013 Atos, the Atos logo, Atos Consulting, Atos Worldline, Atos Sphere, Atos Cloud, Atos Healthcare (in the UK) and Atos WorldGrid

More information

GPS G-Cloud Lot 4: Oracle Business Intelligence Cloud Consultancy Service Definition

GPS G-Cloud Lot 4: Oracle Business Intelligence Cloud Consultancy Service Definition GPS G-Cloud Lot 4: Contents 1 Introduction... 3 2 Service... 4 2.1 Cloud Consultancy Overview... 4 2.2 Information assurance... 5 2.3 Backup/Restore and Disaster Recovery... 6 2.4 On-boarding and Off-boarding...

More information

DETECT AND RESPOND TO THREATS FROM THE DATA CENTER TO THE CLOUD

DETECT AND RESPOND TO THREATS FROM THE DATA CENTER TO THE CLOUD SOLUTION OVERVIEW: ALERT LOGIC THREAT MANAGER WITH ACTIVEWATCH DETECT AND RESPOND TO THREATS FROM THE DATA CENTER TO THE CLOUD Protecting your infrastructure requires you to detect threats, identify suspicious

More information

Service Management and ICT Monitoring and Reporting Advisory and Implementation Services

Service Management and ICT Monitoring and Reporting Advisory and Implementation Services Service Management and ICT Monitoring and Reporting Advisory and Implementation Services G-Cloud Service 1 1. An overview of the G-Cloud Service Arcus can assist you with a review and advice on the effectiveness

More information

PATCH MANAGEMENT. February 2008. The Government of the Hong Kong Special Administrative Region

PATCH MANAGEMENT. February 2008. The Government of the Hong Kong Special Administrative Region PATCH MANAGEMENT February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without

More information

2015 Vulnerability Statistics Report

2015 Vulnerability Statistics Report 2015 Vulnerability Statistics Report Introduction or bugs in software may enable cyber criminals to exploit both Internet facing and internal systems. Fraud, theft (financial, identity or data) and denial-of-service

More information

SWAT PRODUCT BROCHURE

SWAT PRODUCT BROCHURE SWAT PRODUCT BROCHURE WEB APPLICATION SECURITY Web application security has been a huge challenge for companies during the last couple of years since there are very few competent solutions available in

More information

CORE Security and the Payment Card Industry Data Security Standard (PCI DSS)

CORE Security and the Payment Card Industry Data Security Standard (PCI DSS) CORE Security and the Payment Card Industry Data Security Standard (PCI DSS) Addressing the PCI DSS with Predictive Security Intelligence Solutions from CORE Security CORE Security +1 617.399-6980 info@coresecurity.com

More information

Integrated windows authentication for customers based on Probation GSI network

Integrated windows authentication for customers based on Probation GSI network Product Overview Victims Tracker (VT) is a software application, which was developed by London Probation Trust (LPT) to effectively manage the engagement / contact with victims of crime and the management

More information

Cloud-based Infrastructure and Application Support Service Definition

Cloud-based Infrastructure and Application Support Service Definition +44 (0) 20 3603 7830 hello@equalexperts.com www.equalexperts.com 30 Brock Street London, NW1 3FG Cloud-based Infrastructure and Application Support Service Definition Overview We provide 24/7 support to

More information

Specialist Cloud Services Lot 4 Cloud Printing and Imaging Consultancy Services

Specialist Cloud Services Lot 4 Cloud Printing and Imaging Consultancy Services Specialist Cloud Services Lot 4 Cloud Printing and Imaging Consultancy Services Page 1 1 Contents 1 Contents... 2 2 Transcend360 Introduction... 3 3 Service overview... 4 3.1 Service introduction... 4

More information

HOSTING. Managed Security Solutions. Managed Security. ECSC Solutions

HOSTING. Managed Security Solutions. Managed Security. ECSC Solutions Managed Security Managed Security MANAGED SECURITY SOLUTIONS I would highly recommend for your company s network review... were by far the best company IT Manager, Credit Management Agency Presenting IT

More information

Cloud Brokerage. G-Cloud Service. Arcus Global 2014 1

Cloud Brokerage. G-Cloud Service. Arcus Global 2014 1 Cloud Brokerage G-Cloud Service 1 An overview of the G-Cloud Service Information assurance Backup/restore and disaster recovery On-boarding and Off-boarding processes/scope etc. Pricing Service management

More information

G-Cloud Service Definition. Atos Accredited Oracle Business Intelligence Solutions SCS

G-Cloud Service Definition. Atos Accredited Oracle Business Intelligence Solutions SCS G-Cloud Service Definition Atos Accredited Oracle Business Intelligence Solutions SCS Atos Accredited Oracle Business Intelligence Solutions SCS Robust, scalable Cloud computing and consumption-based reporting

More information

GCloud Application Development Service Definition. Application Development

GCloud Application Development Service Definition. Application Development GCloud Service Definition GCloud Service Definition Contents 1.... 3 1.1. Overview... 3 1.2. Information Assurance... 6 1.3. Backup / Restore / Disaster Recovery... 6 1.4. On-boarding and Off-boarding

More information

How To Protect A Web Application From Attack From A Trusted Environment

How To Protect A Web Application From Attack From A Trusted Environment Standard: Version: Date: Requirement: Author: PCI Data Security Standard (PCI DSS) 1.2 October 2008 6.6 PCI Security Standards Council Information Supplement: Application Reviews and Web Application Firewalls

More information

Cloud Infrastructure Security Management

Cloud Infrastructure Security Management www.netconsulting.co.uk Cloud Infrastructure Security Management Visualise your cloud network, identify security gaps and reduce the risks of cyber attacks. Being able to see, understand and control your

More information

Aberdeen City Council IT Security (Network and perimeter)

Aberdeen City Council IT Security (Network and perimeter) Aberdeen City Council IT Security (Network and perimeter) Internal Audit Report 2014/2015 for Aberdeen City Council August 2014 Internal Audit KPIs Target Dates Actual Dates Red/Amber/Green Commentary

More information

Protective Monitoring as a Service. Lot 4 - Specialist Cloud Services. Version: 2.1, Issue Date: 05/02/201405/02/2014. Classification: Open

Protective Monitoring as a Service. Lot 4 - Specialist Cloud Services. Version: 2.1, Issue Date: 05/02/201405/02/2014. Classification: Open Protective Monitoring as a Service Version: 2.1, Issue Date: 05/02/201405/02/2014 Classification: Open Classification: Open ii MDS Technologies Ltd 201416/12/2014. Other than for the sole purpose of evaluating

More information

Open Source Sales Force Automation (SFA) in the Cloud SaaS

Open Source Sales Force Automation (SFA) in the Cloud SaaS Open Source Sales Force Automation (SFA) in the Cloud SaaS Service Overview Our open source Sales Force Automation (SFA) in the cloud service allows customers to perform marketing automation through multi

More information

Agilisys G-Cloud Service V

Agilisys G-Cloud Service V Agilisys G-Cloud Service V Service Definition Endpoint Management Lot 1 Infrastructure as a Service (IaaS) April 2014 At Agilisys we deliver success through innovation working with our clients to transform

More information

G-Cloud Framework. Page 1. Document for Service Definition Audit management System. In response to G Cloud 6 Requirements

G-Cloud Framework. Page 1. Document for Service Definition Audit management System. In response to G Cloud 6 Requirements 1 G-Cloud Framework Document for Service Definition Audit management System In response to G Cloud 6 Requirements 1 2 Table of Content Audit Management System Minimize the Risk 1.The Audit management System.........

More information

Ubertas Cloud Services: Service Definition

Ubertas Cloud Services: Service Definition Ubertas Cloud Services: Service Definition February 2013 Innovation. Power. Trust. Contents 1. About Ubertas... 2 Our Company... 2 Our Approach to Service Delivery... 2 Our Partner Network & the UK Cloud

More information

ETHICAL HACKING 010101010101APPLICATIO 00100101010WIRELESS110 00NETWORK1100011000 101001010101011APPLICATION0 1100011010MOBILE0001010 10101MOBILE0001

ETHICAL HACKING 010101010101APPLICATIO 00100101010WIRELESS110 00NETWORK1100011000 101001010101011APPLICATION0 1100011010MOBILE0001010 10101MOBILE0001 001011 1100010110 0010110001 010110001 0110001011000 011000101100 010101010101APPLICATIO 0 010WIRELESS110001 10100MOBILE00010100111010 0010NETW110001100001 10101APPLICATION00010 00100101010WIRELESS110

More information

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES www.kaspersky.com EXPERT SERVICES Expert Services from Kaspersky Lab are exactly that the services of our in-house experts, many of them global

More information

G-Cloud Service Definition. Canopy Remote Backup for Cloud SaaS

G-Cloud Service Definition. Canopy Remote Backup for Cloud SaaS G-Cloud Service Definition Canopy Remote Backup for Cloud SaaS Canopy Remote Backup for Cloud SaaS Canopy, an Atos company provides a highly secure, cloud backup and file management service for Internet-connected

More information

How to complete the Secure Internet Site Declaration (SISD) form

How to complete the Secure Internet Site Declaration (SISD) form 1 How to complete the Secure Internet Site Declaration (SISD) form The following instructions are designed to assist you in completing the SISD form that forms part of your Merchant application. Once completed,

More information

REGULATIONS FOR THE SECURITY OF INTERNET BANKING

REGULATIONS FOR THE SECURITY OF INTERNET BANKING REGULATIONS FOR THE SECURITY OF INTERNET BANKING PAYMENT SYSTEMS DEPARTMENT STATE BANK OF PAKISTAN Table of Contents PREFACE... 3 DEFINITIONS... 4 1. SCOPE OF THE REGULATIONS... 6 2. INTERNET BANKING SECURITY

More information

Information Supplement: Requirement 6.6 Code Reviews and Application Firewalls Clarified

Information Supplement: Requirement 6.6 Code Reviews and Application Firewalls Clarified Standard: Data Security Standard (DSS) Requirement: 6.6 Date: February 2008 Information Supplement: Requirement 6.6 Code Reviews and Application Firewalls Clarified Release date: 2008-04-15 General PCI

More information

IT Security & Compliance. On Time. On Budget. On Demand.

IT Security & Compliance. On Time. On Budget. On Demand. IT Security & Compliance On Time. On Budget. On Demand. IT Security & Compliance Delivered as a Service For businesses today, managing IT security risk and meeting compliance requirements is paramount

More information

Continuous Network Monitoring

Continuous Network Monitoring Continuous Network Monitoring Eliminate periodic assessment processes that expose security and compliance programs to failure Continuous Network Monitoring Continuous network monitoring and assessment

More information

e2e Secure Cloud Connect Service - Service Definition Document

e2e Secure Cloud Connect Service - Service Definition Document e2e Secure Cloud Connect Service - Service Definition Document Overview A cloud connectivity service that connects users, devices, offices and clouds together over the Internet. Organisations can choose

More information

G-Cloud Service Description. Atos: Cloud Professional Services: Requirements Specification

G-Cloud Service Description. Atos: Cloud Professional Services: Requirements Specification G-Cloud Service Description Atos: Cloud Professional Services: Requirements Specification Atos, the Atos logo, Atos Consulting, Atos Worldline, Atos Sphere, Atos Cloud, Atos Healthcare (in the UK) and

More information

Lot 4 Specialist Cloud Service Questmark Ltd. Video Conferencing Small Meeting Room Service

Lot 4 Specialist Cloud Service Questmark Ltd. Video Conferencing Small Meeting Room Service Lot 4 Specialist Cloud Services Lot 4 Specialist Cloud Service Questmark Ltd Video Conferencing Small Meeting Room Service QUESTMARK LIMITED Park House, 104 Derby Road, Long Eaton, NG10 4LS Telephone:

More information

MICROSOFT DYNAMICS CRM

MICROSOFT DYNAMICS CRM MICROSOFT DYNAMICS CRM SERVICE DEFINITION G-CLOUD Commercial-in-Confidence civil.lockheedmartin.co.uk SECTION 1 LOCKHEED MARTIN S MICROSOFT DYNAMICS CRM CAPABILITY INTRODUCTION Lockheed Martin offers a

More information

G-Cloud Service Definition. Web Self Service for Cloud SaaS

G-Cloud Service Definition. Web Self Service for Cloud SaaS G-Cloud Service Definition Web Self Service for Cloud SaaS Atos Web Self Service for Cloud SaaS Rapidly deployable cloud knowledge management system that understands language context and delivers automated

More information

SHAREPOINT SERVICE DEFINITION. G-CLOUD Commercial-in-Confidence. civil.lockheedmartin.co.uk

SHAREPOINT SERVICE DEFINITION. G-CLOUD Commercial-in-Confidence. civil.lockheedmartin.co.uk SHAREPOINT SERVICE DEFINITION G-CLOUD Commercial-in-Confidence civil.lockheedmartin.co.uk SECTION 1 LOCKHEED MARTIN S SHAREPOINT CAPABILITY Lockheed Martin offers a full end to end service, delivering

More information

Specialist Cloud Services. Acumin Cloud Security Resourcing

Specialist Cloud Services. Acumin Cloud Security Resourcing Specialist Cloud Services Acumin Cloud Security Resourcing DOCUMENT: FRAMEWORK: STATUS Cloud Security Resourcing Service Definition G-Cloud Released VERSION: 1.0 CLASSIFICATION: CloudStore Acumin Consulting

More information

G-Cloud 6 SERVICE DEFINITION

G-Cloud 6 SERVICE DEFINITION ORACLE CORPORATION UK LTD ( Oracle ) G-Cloud 6 SERVICE DEFINITION Date: [ 29 / 11] 2014 v. 1 This is Oracle s G-Cloud 6 Service Definition for the following service(s): Oracle Business Intelligence Cloud

More information

Audit Management. service definition document

Audit Management. service definition document Audit Management service definition document Contents Introduction... 3 Service Description... 3 Features and Benefits... 4 Architecture... 5 Service Delivery... 6 Service Provisioning Time... 7 Service

More information

ARCHITECTURE SERVICES. G-CLOUD SERVICE DEFINITION.

ARCHITECTURE SERVICES. G-CLOUD SERVICE DEFINITION. ARCHITECTURE SERVICES. G-CLOUD SERVICE DEFINITION. Table of contents 1 Introduction...3 2 Architecture Services...4 2.1 Enterprise Architecture Services...5 2.2 Solution Architecture Services...6 2.3 Service

More information

Securely Yours LLC IT Hot Topics. Sajay Rai, CPA, CISSP, CISM sajayrai@securelyyoursllc.com

Securely Yours LLC IT Hot Topics. Sajay Rai, CPA, CISSP, CISM sajayrai@securelyyoursllc.com Securely Yours LLC IT Hot Topics Sajay Rai, CPA, CISSP, CISM sajayrai@securelyyoursllc.com Contents Background Top Security Topics What auditors must know? What auditors must do? Next Steps [Image Info]

More information

Protective Monitoring as a Service. Lot 4 - Specialist Cloud Services. Version: 1.0, Issue Date: 05/02/201405/02/2014. Classification: Open

Protective Monitoring as a Service. Lot 4 - Specialist Cloud Services. Version: 1.0, Issue Date: 05/02/201405/02/2014. Classification: Open Protective Monitoring as a Service Version: 1.0, Issue Date: 05/02/201405/02/2014 Classification: Open Classification: Open ii MDS Technologies Ltd 2014. Other than for the sole purpose of evaluating this

More information

CWSI Service Definition for Server Monitoring

CWSI Service Definition for Server Monitoring CWSI Service Definition for Server Monitoring October 2015 Contents I. Document Control... 3 a). History... 3 b). Reference Documents... 3 II. Company and Contact information... 3 1. About CWSI... 4 2.

More information

CONTENTS. PCI DSS Compliance Guide

CONTENTS. PCI DSS Compliance Guide CONTENTS PCI DSS COMPLIANCE FOR YOUR WEBSITE BUILD AND MAINTAIN A SECURE NETWORK AND SYSTEMS Requirement 1: Install and maintain a firewall configuration to protect cardholder data Requirement 2: Do not

More information

Business Intelligence

Business Intelligence 1 3 Business Intelligence Support Services Service Definition BUSINESS INTELLIGENCE SUPPORT SERVICES Service Description The Business Intelligence Support Services are part of the Cognizant Information

More information

Deloitte Service Code: D-G6-L4-543 December 2014

Deloitte Service Code: D-G6-L4-543 December 2014 Managed Cyber Security Cyber Intelligence Centre Deloitte LLP Service Deloitte Service Code: D-G6-L4-543 December 2014 Contents 1 Service Overview 1 2 Detailed Service Definition 2 3 Pricing 6 4 Ordering

More information

G - Cloud Service Definition IT Infrastructure Monitoring And Helpdesk

G - Cloud Service Definition IT Infrastructure Monitoring And Helpdesk IT Professional Services G - Cloud Service Definition IT Infrastructure Monitoring And Helpdesk Registered Office: Technium Springboard Centre, Llantarnam Park Cwmbran Newport, South Wales. NP44 3AW Registered

More information

1 ForestSafe SaaS Service details Service Description Functional Non Functional

1 ForestSafe SaaS Service details Service Description Functional Non Functional 1 ForestSafe SaaS Service details 1.1 Service Description ForestSafe is a privileged identity management system used today to manage the Administrator passwords of 65,000 computers by the UK largest bank.

More information

G-Cloud Service Definition. Performance Testing as a Service (PTaaS) SCS

G-Cloud Service Definition. Performance Testing as a Service (PTaaS) SCS G-Cloud Service Definition Performance Testing as a Service (PTaaS) SCS Atos Performance Testing as a Service (PTaaS) SCS PTaaS is performance testing from the cloud, on demand with minimal capital investment

More information

HP Application Security Center

HP Application Security Center HP Application Security Center Web application security across the application lifecycle Solution brief HP Application Security Center helps security professionals, quality assurance (QA) specialists and

More information

Service: Contract Management (Software as a Service)

Service: Contract Management (Software as a Service) Service: Contract Management (Software as a Service) 1. Description: An overview of the G-Cloud Service (functional, non-functional) econtract Management allows for the management of a contract after award,

More information

Marval Software Limited. G Cloud iii Framework Service Definition

Marval Software Limited. G Cloud iii Framework Service Definition 1 Marval Software Limited G Cloud iii Framework Service Definition Page 1 of 9 2 Contents An overview of the Marval Service Management (MSM) Software Solution... 3 Information assurance Impact Level (IL)

More information

Network Security and Vulnerability Assessment Solutions

Network Security and Vulnerability Assessment Solutions Network Security and Vulnerability Assessment Solutions Unified Vulnerability Management It s a known fact that the exponential growth and successful exploitation of vulnerabilities create increasingly

More information

Procuring Penetration Testing Services

Procuring Penetration Testing Services Procuring Penetration Testing Services Introduction Organisations like yours have the evolving task of securing complex IT environments whilst delivering their business and brand objectives. The threat

More information

SERVICE DEFINITION G-CLOUD 7 SECURE FILE TRANSFER DIODE. Classification: Open

SERVICE DEFINITION G-CLOUD 7 SECURE FILE TRANSFER DIODE. Classification: Open SERVICE DEFINITION G-CLOUD 7 SECURE FILE TRANSFER DIODE Classification: Open Classification: Open ii MDS Technologies Ltd 2015. Other than for the sole purpose of evaluating this Response, no part of this

More information