ICT and Information Security Resources

Similar documents
Salesforce ExactTarget Marketing Cloud Consultancy and Implementation Services

Cloud Platform Development Services

Box.com Enterprise Content Management Services

AWS IaaS Services. Methods Digital GCloud Service Definition

Specialist Cloud Services. Acumin Cloud Security Resourcing

Growth Through Excellence

GSA Techsource. Big Data Cloud Support and Analytics

DIGITAL FORENSICS AND CYBER INCIDENT RESPONSE SERVICES

STL Microsoft SharePoint Consulting and Support Services

G Cloud III Framework Lot 4 (SCS) Project Management

G-Cloud Service Definition. Atos Security Professional Services SCS

STL Microsoft Dynamics CRM Consulting and Support Services

G-Cloud 7 Service Definition. Atos Oracle Cloud ERP Implementation Services

G-Cloud 5 Service Definition Lot 4 Specialist Cloud Services Datacentre Architecture Design and Deployment

ediscovery G-Cloud V Service Definition Lot 4 SCS Contact us: Danielle Pratt Tel: G-Cloud@esynergy-solutions.co.

G-Cloud Service Definition. Atos Oracle Cloud ERP Implementation Services

Applications and Solutions Architecture Cloud Services

How To Help Your Business Succeed

UK Permanent Salary Index

G-Cloud Service Definition. Atos Business Intelligence Dashboards and Analytics SCS

Choosing Ascentor as your cyber security partner. Secure your information Strengthen your business

G-Cloud Service Definition. Atos Data Quality Audit SCS

GPG13 Protective Monitoring. Service Definition

IBM Hosted Application Scanning

G-Cloud Service Definition. Atos Information Security Wireless Scanning Service

Cloud Brokerage. G-Cloud Service. Arcus Global

Overview. Service Description: BCP & DR Strategy (L6)

G-CLOUD SPECIALIST CLOUD SERVICES

G-CLOUD 7 - VIRTUAL ASSET MANAGER (VAM) SPECIALIST CLOUD SERVICES (SCS)

Supplier / Vendor Management Alchemmy Service for G-Cloud 7

Our consultancy team will provide guidance throughout the process helping you to produce the necessary documentation and raise staff awareness.

CACI Cloud Consulting Services

D-G4-L4-126 Police contact management and demand reduction review Deloitte LLP Service for G-Cloud IV

G-Cloud Service Definition Canopy Big Data proof of concept Service SCS

Security Consultants / Security Managed Services

Career Analysis into Cyber Security: New & Evolving Occupations

ARCHITECTURE SERVICES. G-CLOUD SERVICE DEFINITION.

Application Guidance CCP Penetration Tester Role, Practitioner Level

SCC Information Assurance Practice, CLAS Consulting, Check Testing and Accreditation Services

SERVICE DEFINITION CYBER SECURITY SERVICES CONTENTS

PSN Protective Monitoring. Service Definition

PTS Service Definition Document. G-Cloud 7. IT Service Continuity Management

Service Management and ICT Monitoring and Reporting Advisory and Implementation Services

Tactical Cost Reduction

Embrace the G-Cloud. Ultra Secure Colocation Services for the Public Sector. thebunker.net Phone: Fax:

BYOD / Mobile Strategy Alchemmy Service for G-Cloud 7

G-Cloud Service Definition Canopy Big Data proof of concept Service SCS

D-G4-L4-025 Mobile Working Technology Feasibility Study for a Healthcare Body Deloitte LLP Service for G-Cloud IV

Career Survey. 1. In which country are you based? 2. What is your job title? 3. Travel budget. 1 of 28. Response Count. answered question 88

D-G4-L4-235 Supply Chain Analytics Deloitte LLP Service for G- Cloud IV

Cyber Security Consultancy Standard. Version 0.2 Crown Copyright 2015 All Rights Reserved. Page 1 of 13

MICROSOFT DYNAMICS CRM

Overview... Backup & Disaster Recovery... Quality Management...

Infrastructure Services

Big Data Cloud Services

G-Cloud Service Definition. Atos Business Intelligence Dashboards and Analytics SCS

PTS Resourcing Service Definition Document. G-Cloud 6. Microsoft Dynamics Developer and Software Development Services

Protective Monitoring as a Service. Lot 4 - Specialist Cloud Services. Version: 1.0, Issue Date: 05/02/201405/02/2014. Classification: Open

Response to the Crown Commercial Service from HP Enterprise Services UK Ltd

DATA ANALYTICS SERVICES. G-CLOUD SERVICE DEFINITION.

Business Analysis from Quadrant - to enable more or better use of Cloud Services (Service Definition, G-Cloud CloudStore Services)

HP Cyber Security Control Cyber Insight & Defence

Practitioner Certificate in Information Assurance Architecture (PCiIAA)

Moodle & Totara Learning Management Systems Service Description G-Cloud 7

D-G4-L4-231 Data Governance Assessment Design and Implementation Deloitte LLP Service for G- Cloud IV

ediscovery Services from Quadrant - to enable more or better use of Cloud Services (Service Definition, G-Cloud CloudStore Services)

G-Cloud Service Definition. Atos SharePoint Development Service

UK Government IA Recent Changes and Update

February 2015 Issue No: 5.2. CESG Certification for IA Professionals

April 2015 Issue No:1.0. Application Guidance - CCP Security and Information Risk Advisor Role, Practitioner Level

Cloud Enablement. Lot 4 - Specialist Cloud Services. Version: 2.0, Issue Date: 05/02/2014. Classification: Open

IRAP Policy and Procedures up to date as of 16 September 2014.

D-G5-L4-285 IT Disputes and Forensic Technology Support Deloitte LLP Service for G-Cloud V

This image cannot currently be displayed. D-G4-L4-242 Strategic and policy data analytics (software as service) Deloitte LLP Service for G-Cloud IV

G-Cloud Service Definition. Atos infrastructure Vulnerability Scanning (Outpost24) SaaS

This image cannot currently be displayed. D-G4-L4-241 Predictive analytics (software as service) Deloitte LLP Service for G-Cloud IV

Cyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft

AUSTRALIAN GOVERNMENT INFORMATION MANAGEMENT OFFICE CYBER SECURITY CAPABILITY FRAMEWORK & MAPPING OF ISM ROLES

Cybercrime & Cybersecurity: the Ongoing Battle International Hellenic University

Let s talk information security.

Cloud Sourcing G-Cloud 5 Framework

GCloud Application Development Service Definition. Application Development

SCOTTISH CENSUS INDEPENDENT SECURITY REVIEW REPORT

Information security policy

Roles & Grades Rate Cards and Applicable SFIA Skills

CenturyLink Disaster Recovery Service. G-Cloud V Lot 4 (Specialist Cloud Services)

Firewall Administration and Management

Protective Monitoring as a Service. Lot 4 - Specialist Cloud Services. Version: 2.1, Issue Date: 05/02/201405/02/2014. Classification: Open

FLEXIBLE COMPUTING LTD. Service Description & Pricing. Cloud RockStars. G-Cloud

D-G4-L4-094 Asset Management Systems Strategy and Roadmap Deloitte LLP Service for G-Cloud IV

Application Development Services for Cloud

G-Cloud Service Definition. Atos SI Oracle CRM and CX Services

MDM & ENTERPRISE MOBILITY SERVICE DESCRIPTION G-CLOUD 7 OCTOBER 3, 2015

Procurement Policy Note Use of Cyber Essentials Scheme certification

SBL Integration, Capabilities, and Enablement in Defence

Business Operations. Module Db. Capita s Combined Offer for Business & Enforcement Operations delivers many overarching benefits for TfL:

DCA metrics for the approval of Auditing Firms for Certifications Scheme VERSION 1.0

Protecting Malaysia in the Connected world

Digital Forensics G-Cloud Service Definition

G-Cloud Framework. Page 1. Document for Service Definition Audit management System. In response to G Cloud 6 Requirements

Transcription:

Methods GCloud Service Definition ICT and Information Security Resources HEAD OFFICE: 125 Shaftesbury Avenue, London WC2H 8AD Scottish Office: Exchange Place 2, 5 Semple Street, Edinburgh, EH3 8BL t: +44 (0)20 7240 1121 e: info@methods.co.uk w: www.methods.co.uk

The main point of contact for Methods GCloud Services is: Bid Team Methods Consulting Limited 125 Shaftesbury Avenue Phone: 020 7240 1121 London Fax: 020 7379 8561 WC2H 8AD Email: GCloud@methods.co.uk Document control Issue No Issue Date Summary of Issue 1.0 17/09/2013 Authorised for publication Copyright 2013 Methods Consulting Limited This document is the property of Methods Consulting Limited. It shall not be reproduced in whole or in part, nor disclosed to a third party, without prior written permission. No responsibility or liability is accepted for any errors or omissions in this document or related documents. Freedom of Information Act Methods Consulting Ltd wishes to comply with the requirements of the Freedom of Information Act 2000 (FOIA). We therefore provide this document on the basis that it is not released without informing Methods Consulting Ltd of its release and to whom. If the need arises to release this document, we would wish to inform you of areas within this document which are covered by Section 43 of the FOIA which we consider to be a Trade Secret and therefore may not be divulged to any third party under the Act. Methods is a leading professional services company, specialising in business, technology and resourcing. Delivering innovative services and unrivalled expertise for over 20 years. Contact us: Methods 125 Shaftesbury Avenue, London WC2H 8AD +44 (0)20 7240 1121 www.methods.co.uk

Contents 1. ICT and Information Security... 2 1.1 ICT and Information Security Job Roles... 2 1.2 Qualifications/Accreditations:... 2 1.3 ICT and Information Security Services... 3 1.3.1 Security Consultancy... 3 1.3.2 Security Compliance and Auditing... 3 1.3.3 Security Governance... 3 1.3.4 Technology Security (including CHECK Penetration Testing)... 3 1.3.5 Business Continuity (BC)/Disaster Recovery (DR)... 4 1.4 Delivery Mechanism... 4 2. Why Methods?... 5 3. Pricing... 7 4. Additional Information... 8 i

1 ICT and Information Security As Public Sector organisations use Cloud services to collaborate and share information, they will increasingly seek to enhance their security capabilities and strategy in this field will develop to integrate the changing protection required by new technologies. Methods Resourcing has a long- standing Information Security and Assurance practice, providing a full range of interims to support clients, from consultancy and reviews through to business continuity and disaster recovery. Methods is ISO 27001 accredited and has List- X facilities, enabling us to hold UK Government protectively marked information and expedite and maintain security clearances up to DV level. As a result, we work extensively within secure environments and we are a leading supplier of resources to the Defence, Security and Criminal Justice Sectors that require high- level clearance and security expertise. 1.1 ICT and Information Security Job Roles CLAS Consultant (CESG) Information Security Specialist Information Security Project Manager Information Security Analyst Information Security Risk Manager Information Security Auditor Security Architect Cloud Security Specialist ICT Security Auditor ICT Security Specialist ICT Security Manager Network Security Specialist Network Security Engineer Disaster Recovery Specialist Disaster Recovery Manager Business Continuity Manager Firewall Specialist Security Consultant Senior/Penetration Penetration Tester Test Consultant GIAC Web Application Penetration Tester GIAC Penetration Tester Information Assurance Consultant Information Assurance Manager Information Assurance Analyst Technical Security Investigator 1.2 Qualifications/Accreditations: PKI Manager PKI Consultant Methods Security Specialists hold a range of recognised Industry qualifications and accreditations including: CLAS CISA CISM CISMP PCI DSS PCI QSA CISSP MPISS CCSE CCSP CCSA ISSAP 2

1.3 ICT and Information Security Services Methods Resourcing delivers the following sector- specific services via our associate base: 1.3.1 Security Consultancy ICT risk analysis (e.g. in accordance with CRAMM principles) Development and analysis of ICT security policies Business risk analysis and business impact analysis Security health- checks, compliant policies, procedures and implementation CLAS Consultancy to CESG standards Implementation of Government security standards Risk Management and Accreditation Documentation Set (RMADS) consultancy and support Information Security Reviews Development of policies and procedures 1.3.2 Security Compliance and Auditing Ensuring compliance with Information Assurance, Security Frameworks and Standards, including ISO22301 (BS25999), ISO27001 and Security Policy Framework (SPF) standards via: Interviews with stakeholders and review of existing documentation, business processes and procedures. Production of a gap analysis identifying shortcomings against standards and an action plan Implementing an action plan (re- engineering/documenting processes as required) and confirming compliance to the relevant standards. 1.3.3 Security Governance Reviewing existing policies/procedures/governance within the context of the client s business and security strategy, objectives, regulations and best- practice; Identifying shortcomings and proposing areas for change; Drafting new policies/procedures; Providing security training; 1.3.4 Technology Security (including CHECK Penetration Testing) Developing secure architectures and infrastructures to agreed IL standards. Reviewing technology solutions and providing security reports; Providing security input to development work (in- house/outsourced); 3

Providing green- light CHECK penetration testing (to CHECK scheme standards) or liaising with the client s preferred supplier; Physical security analysis and advice on countermeasures, security processes and procedures; Business design considerations including technical design and implementation of PKI service; Firewall design and implementation; Secure remote operation. 1.3.5 Business Continuity (BC)/Disaster Recovery (DR) Reviewing existing BC & DR plans as part of the regular risk/technical assessment; Building and updating plans through interaction and communication with senior stakeholders to achieve buy- in; Ensuring processes are in place to identify emerging threats and that the BC & DR plans are updated accordingly and regular testing of the BC & DR plans is conducted. 1.4 Delivery Mechanism Methods Resourcing has over 20 years experience of providing resourcing services of this nature primarily to the Public Sector. We use a combination of our own internal staff and a network of associate consultants, who have typically delivered a number of successful assignments to Methods customers. Our resourcing and consultancy capability enables Methods to offer Public Sector organisations a number of delivery options including: Time and Materials/Day rate Fixed Price Work packages Deliverable/Outcome based Services The day rates for any engagement with Methods Resourcing are detailed in the associated G- Cloud SFIA Definitions & Rate Card document within Section 3 of this document. 4

2 Methods is a leading business and IT services company operating across the UK. Founded in 1990, we have built a strong reputation for delivering client- side consultancy and resourcing services. We deliver intelligent customer services, effective stakeholder engagement and ensure that best practice management controls and techniques are deployed across a variety of technical implementations and complex projects. Methods core focus is on the provision of information and technology enabled change services to the Public Sector and have extensive experience of delivering complex projects across all sectors including: Central Government, Local Government, Healthcare, Education and the Defence sector. We are different from the competition because: Methods has been a leading provider of skills and resources to the Public Sector for 20 years: as a key supplier on a number of pan- Government Resourcing frameworks, Methods has a proven track record in supplying qualified security resources across Central Government, Executive Agencies and NDPBs at competitive market rates. We have a specialist interim resourcing division and a dedicated Security Practice with access to a large pool of highly skilled and qualified ICT and Information Security Specialists enabling Methods to supply a range of associates to secure environments and projects. We re- use over 50% of associates who have previously worked on Methods assignments, which gives us further assurance of quality and successful delivery and we continually refresh our talent pool in line with client demand and emerging technologies. Our mixed sourcing model allows us to bring in leading- edge thinking and competencies at short notice. With a large and diverse interim resource pool and in- house capability, we offer clients a bespoke resource solution at competitive rates. We can provide services on a time and materials, fixed price or outcome based delivery basis, with the flexibility to scale and mobilise resources quickly. We apply rigorous role- specific checks and security vetting to ensure we propose appropriately qualified and experienced interim resource; this includes competency based interviewing using our in- house security experts. Methods has ISO 9001:2008 Quality Certification, ISO 27001 Security accreditation and List- X Facilities, providing assurance of the quality of our approach and enabling us to hold UK Government protectively marked information and expedite the security clearance process for our associates. 5

We are thought leaders in Cloud based computing. One of our Directors, Dr. Mark Thompson, is a main Board member of Intellect, the UK s leading trade association for the technology sector, and an advisor to the Cabinet Office s IT Futures Director. Mark has written extensively on Cloud Computing and future Government IT strategy. 6

3 All of our services are priced by a common set of rates tables, based on the Skills for the Information Age (SFIA) Definitions & Rate Card, as shown below. This gives day rates for consultants of different levels of experience undertaking different types of roles in different types of projects. Further details can be provided if required, but we would normally expect to agree what level of supporting resource(s) were required for a given project with a client, which will enable us to determine what rate(s) are appropriate. Strategy & architecture Business change Solution development & implementation Service management Procurement & management support Client interface 1. Follow 325 325 300 300 300 275 2. Assist 500 400 350 375 375 350 3. Apply 575 480 400 425 425 400 4. Enable 650 550 450 475 530 450 5. Ensure/Advise 770 650 550 550 650 500 6. Initiate/Influence 900 825 620 620 825 550 7. Set Strategy/Inspire 1200 1000 800 800 1000 650 Standards for Consultancy Day Rate cards Consultant s Working Day 8 hours exclusive of travel and lunch. Working Week Monday to Friday excluding national holidays Office Hours - 09:00 17:00 Monday to Friday Travel and Subsistence Included in day rate within M25. Payable at department s standard T&S rates outside M25. Mileage As above Professional Indemnity Insurance included in day rate. 7

4 Service Management Methods consultancy services are accredited to ISO9001 quality standards and delivered according to a proven PRINCE2 based project management methodology. We are accustomed to working in close collaboration with clients, often on- site, against agreed work and deliverable schedules. Training Training is not a requirement of consultancy services, however, Methods always aims to provide skills transfer to client staff throughout assignments. We are also offering to provide training services to client staff on the new products, systems and processes that may be associated with a Cloud solution implementation. Ordering and Invoicing Methods is an experienced framework contractor and orders through the G- Cloud framework would be treated in the same way as orders through our other many frameworks across Government. This would involve discussion of requirements, agreement and completion of a Call Off contract, and submission of a Purchase Order. We would then set up a mutually acceptable start date and commence work. Invoicing would be based on the submission of monthly timesheets and any expenses for the consultants providing the service, along with our invoice. Payment terms are 30 days. Termination Terms Since there is no licencing agreement for the consultancy services we are offering, there are no additional termination terms, which would be in accordance with the Framework Agreement and the Call Off contract. Customer Responsibility For any give call off requirement, the dependencies on the customer associated with the work (which would differ in each case) would be discussed and agreed before commencement, and form part of the Call Off contract. 8

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information