Growth Through Excellence



Similar documents
ICT and Information Security Resources

Specialist Cloud Services. Acumin Cloud Security Resourcing

Supplier / Vendor Management Alchemmy Service for G-Cloud 7

Cloud Platform Development Services

GSA Techsource. Big Data Cloud Support and Analytics

G-Cloud Service Definition. Atos Business Intelligence Dashboards and Analytics SCS

Salesforce ExactTarget Marketing Cloud Consultancy and Implementation Services

G-Cloud Service Definition. Atos Data Quality Audit SCS

ARCHITECTURE SERVICES. G-CLOUD SERVICE DEFINITION.

BYOD / Mobile Strategy Alchemmy Service for G-Cloud 7

Box.com Enterprise Content Management Services

DIGITAL FORENSICS AND CYBER INCIDENT RESPONSE SERVICES

G Cloud III Framework Lot 4 (SCS) Project Management

G-Cloud 7 Service Definition. Atos Oracle Cloud ERP Implementation Services

Specialist Cloud Services Lot 4 Cloud EDRM Consultancy Services

STL Microsoft SharePoint Consulting and Support Services

G-Cloud Service Definition. Atos SI Oracle CRM and CX Services

Service Definition Document

G-Cloud Service Definition. Atos Business Intelligence Dashboards and Analytics SCS

G-Cloud Service Definition. Atos Oracle Cloud ERP Implementation Services

G-Cloud Service Definition Canopy Big Data proof of concept Service SCS

Specialist Cloud Services Lot 4 Cloud Printing and Imaging Consultancy Services

GPG13 Protective Monitoring. Service Definition

CenturyLink Disaster Recovery Service. G-Cloud V Lot 4 (Specialist Cloud Services)

ediscovery Services from Quadrant - to enable more or better use of Cloud Services (Service Definition, G-Cloud CloudStore Services)

PTS Service Definition Document. G-Cloud 7. IT Service Continuity Management

AWS IaaS Services. Methods Digital GCloud Service Definition

G-CLOUD SPECIALIST CLOUD SERVICES

Business Analysis from Quadrant - to enable more or better use of Cloud Services (Service Definition, G-Cloud CloudStore Services)

STL Microsoft Dynamics CRM Consulting and Support Services

G-Cloud Service Definition Canopy Big Data proof of concept Service SCS

Protective Monitoring as a Service. Lot 4 - Specialist Cloud Services. Version: 1.0, Issue Date: 05/02/201405/02/2014. Classification: Open

G-CLOUD 7 - VIRTUAL ASSET MANAGER (VAM) SPECIALIST CLOUD SERVICES (SCS)

Protective Monitoring as a Service. Lot 4 - Specialist Cloud Services. Version: 2.1, Issue Date: 05/02/201405/02/2014. Classification: Open

GPS G-Cloud Lot 4: Oracle Business Intelligence Cloud Consultancy Service Definition

Security Consultants / Security Managed Services

Infrastructure Services

Overview. Service Description: BCP & DR Strategy (L6)

G-Cloud Service Definition. Atos SharePoint Development Service

MDM & ENTERPRISE MOBILITY SERVICE DESCRIPTION G-CLOUD 7 OCTOBER 3, 2015

G-Cloud Service Definition. Atos Information Security Wireless Scanning Service

Cloud Brokerage. G-Cloud Service. Arcus Global

Cloud Enablement. Lot 4 - Specialist Cloud Services. Version: 2.0, Issue Date: 05/02/2014. Classification: Open

Application Development Services for Cloud

CACI Cloud Consulting Services

PAAS Public Sector Managed Services

Roles & Grades Rate Cards and Applicable SFIA Skills

Digital Forensics G-Cloud Service Definition

Tactical Cost Reduction

Blue Fire Thames Court 1 Victoria Street Windsor SL4 1YB enquiries@bluefire-uk.com

G-Cloud Service Description. Atos: Cloud Professional Services: Requirements Specification

PSN Protective Monitoring. Service Definition

Lot 1 Service Specification MANAGED SECURITY SERVICES

SERVICE DEFINITION CYBER SECURITY SERVICES CONTENTS

DATA ANALYTICS SERVICES. G-CLOUD SERVICE DEFINITION.

Service Management and ICT Monitoring and Reporting Advisory and Implementation Services

How To Help Your Business Succeed

SERVICE DEFINITION G-CLOUD 7 SECURE FILE TRANSFER DIODE. Classification: Open

Cloud Enablement. Lot 4 - Specialist Cloud Services. Version: 3.0, Issue Date: 05/02/2014. Classification: Open

February 2015 Issue No: 5.2. CESG Certification for IA Professionals

MICROSOFT DYNAMICS CRM

Service description RFL Virtual Data Centre

THOMSON REUTERS C-TRACK E-FILING SOFTWARE AS A SERVICE SERVICE DEFINITION FOR G-CLOUD 6

Open Source Sales Force Automation (SFA) in the Cloud SaaS

Overview... Backup & Disaster Recovery... Quality Management...

G-Cloud Service Definition. Atos infrastructure Vulnerability Scanning (Outpost24) SaaS

FLEXIBLE COMPUTING LTD. Service Description & Pricing. Cloud RockStars. G-Cloud

CESG Certification of Cyber Security Training Courses

G-Cloud Service Definition. Atos Software Development Services

G-Cloud III Services Service Definition Accenture Cloud Security Services

ediscovery G-Cloud V Service Definition Lot 4 SCS Contact us: Danielle Pratt Tel: G-Cloud@esynergy-solutions.co.

SHAREPOINT SERVICE DEFINITION. G-CLOUD Commercial-in-Confidence. civil.lockheedmartin.co.uk

DIGITAL MARKETPLACE (G-CLOUD 7) OFFERING. Sopra Steria OneMobile SaaS Service. Introduction. Service Definition. Sopra Steria in the public sector

G-Cloud Service Definition. Atos Security Professional Services SCS

Response to the Crown Commercial Service from HP Enterprise Services UK Ltd

Validating Enterprise Systems: A Practical Guide

Moodle & Totara Learning Management Systems Service Description G-Cloud 7

Cyber Security Consultancy Standard. Version 0.2 Crown Copyright 2015 All Rights Reserved. Page 1 of 13

D-G4-L4-126 Police contact management and demand reduction review Deloitte LLP Service for G-Cloud IV

D-G4-L4-025 Mobile Working Technology Feasibility Study for a Healthcare Body Deloitte LLP Service for G-Cloud IV

GCloud Application Development Service Definition. Application Development

Integrated windows authentication for customers based on Probation GSI network

Big Data Analytics Service Definition G-Cloud 7

Online Backup Service Definition

IBM Hosted Application Scanning

Virtual Desktop Infrastructure Platform as a Service

Practitioner Certificate in Information Assurance Architecture (PCiIAA)

Mahler Consulting Problem Solved, Smart Solutions for your Business

Software as a Service (SaaS) Online HR

G-Cloud Service Definition Lotus Notes to Microsoft SharePoint Migration Discovery Service

Documentum Document Management in the Cloud Service Definition

Choosing Ascentor as your cyber security partner. Secure your information Strengthen your business

Application Management. Lot 4 - Specialist Cloud Services. Version: 3.0, Issue Date: 05/02/2014. Classification: Open

Our consultancy team will provide guidance throughout the process helping you to produce the necessary documentation and raise staff awareness.

This image cannot currently be displayed. D-G4-L4-241 Predictive analytics (software as service) Deloitte LLP Service for G-Cloud IV

GOVERNMENT HOSTING. Cloud Service Security Principles Memset Statement.

Smart Security. Smart Compliance.

Backup as a Service. Service Definition. G-Cloud VI. Information Security Management System

The Cadence Partnership Service Definition

Thales Service Definition for PSN Secure Gateway Service for Cloud Services

Transcription:

Growth Through Excellence

Public/Private Cloud Services Service Definition Document G- Cloud 5 REFERENCE NUMBER RM1557v

Table of Contents Table of Contents... 3 Executive Summary... 4 About the Company... 4 Strategic Fit... 5 Benefits:... 5 Enterprise Service capability... 5 GPS Capability Model... 6 G-Cloud Information and Cyber Security Services Definition... 6 Practice Areas... 6 Information Security Services Resource Call off... 6 Specialist Call off Services... 7 Security Services Management and Integration... 7 Service Outline... 8 Service Lifecycle Support... 8 Security functions... 8 Service Operation... 9 Alignment of G-cloud 5 Specialist Services to G-Cloud Service Management Framework... 9 Security service solutions... 12 Service Terms and Pricing... 13 Information Assurance... 13 Service Management... 13 Customer Responsibilities... 13 Skills for the Information Age (SFIA) Definitions & Rate Card... 14 Great Oak Professional Services standard rate card... 14 Discount Structure... 14 Value Proposition... 14 Unit Pricing... 15 Standards for Consultancy Day Rate cards... 15

Executive Summary With the introduction of public and Private Cloud Computing and increased interdepartmental shared services, traditional defence in depth security approach has been left behind in favour of risk based security management and increased emphasis on Policy, control frameworks, standards and services, which means that a more holistic approach to security is required to provide assurance to those with responsibility for Information assets. With Big Data and information mining becoming more prevalent maintaining good Information governance and assurance will be a challenge as we move forward towards more diverse information sharing and Pan Government and Citizen web based services. The coherence of Information security risk and control management is paramount to a proportionate and risk based implementation of Security and Cyber security controls and technology, without a comprehensive assurance security can become arbitrary and compartmentalised or stove-piped, which in turn leads to reduction in value to the business and public. The complexity of supply chain or programme environments may present barriers to effective governance and assurance and our consultancy service aims to provide a comprehensive and holistic security assurance which aligns with risk management and governance practices, HM government security policy and CESG standards and provides appropriate and robust evidence and assurance to Security and risk stakeholders. Information security is often seen as a bolt-on or assure when operational activity, our information and security governance risk and compliance services are aimed at providing business process or application owners a portfolio of services designed to integrate with existing enterprise architecture frameworks such as TOGAF to provide effective assurance to risk owners and achieve the principals and goals of information security from inception to de-commissioning as part of a secure by design and growth through excellence philosophy. About the Company As an independent consultancy with corporate governance and cyber security experience and access to global networks of knowledge and highly qualified and skilled professionals, we make it our priority to meet customer needs and deliver a quality of service found in traditional professions like medical, legal and engineering. The broad and diverse sector and industry experience of our professional services staff and maturity of our practices means we are able to adapt quickly to most environments bringing instant capability and process maturity. Professional opinions borne of knowledge, qualification and experience without the pressure to leverage solutions our consultants have the freedom to serve customers with pragmatic, technology and solution agnostic options and opinions. We provide qualified and professional IA consultants, audit professionals and analysts which are pragmatic, balanced and independent, free of the drive to develop the account and leverage solutions, an easy-going consultancy with the aim of Growth Through Excellence rather than growth though market dominance.

Strategic Fit Although a smaller consultancy our ability to work with large corporates is through the employment of experts and professionals and the adoption and expertise in management frameworks, corporate governance and international standards including the IEC/ISO series, Treadway/COSO, UK corporate governance, MSP, Prince 2 and business architecture such as TOGAF and SABSA. Adoption of recognised industry frameworks and open standards means improved on-boarding, tighter integration with our customer s process and reduced tie in to proprietary methods and tools and the legalities of Intellectual property rights. When it comes to dealing with government information strategies HMG and Defence IA Strategy and Digital by Default and industry patterns and trends for Big Data, Cloud, Globalisation, Mobilisation, BYOD it is important to ensure these strategies are aligned with customer threats and risks and business objectives with supporting expert opinions and robust evidence to support investment. Benefits: Industry expert opinions and robust analysis to support investment cases Simpler and cost effective on-boarding Easily transferable cost effective off-boarding Reusable industry standard products, artefacts and tools Compliance with standards rather than alignment Improved skills and knowledge transfer with opportunities for mentoring and assistance with professional development. Most of our professionals are cross qualified, have broad and often end to end lifecycle experience; meaning that knowledge is retained across stages and functional boundaries, stovepipes and governance groups often leading to improved delivery. An indication of the range and breadth of capabilities we are able to offer can be found in the following Capability model. Enterprise Service capability Based on a typical enterprise architecture model we are able to work across the organisation and from top to bottom with a range of services aimed at improving effectiveness and reducing stove pipes. The following capability model demonstrates the areas of expertise in a consulting practice.

GPS Capability Model G-Cloud Information and Cyber Security Services Definition Our information and security practice are able to offer a tailored IA and security experience, call of services or resources to support our customer requirements. Practice Areas IA governance risk and compliance Information security consultancy Compliance and assurance Information architecture Security service management Cyber security awareness and education Information Security Services Resource Call off Lead Information Consultant CLAS Consultancy Accreditor

Auditor Information/Business Architect Cyber Security Manager Specialist Call off Services These Services are available on the G-Cloud as a call of service under separate service definitions. 4Sure! Risk Assessment Compliance and Assurance Audit RMADS/RMARDS Simple PAAS Accreditation Simple SAAS Accreditation Simple IAAS Accreditation Our service are available as specialist call of service or can be blended into a single call off agreement under IA Services Service Definition and can be integrated with the Specialist Call off Services. Security Services Management and Integration Diverse service and solution architecture is something that can introduce a degree of complexity that may detract for the defined benefits or savings being made as part of the business case and may introduce hidden or unforeseen cost or benefit detractors in areas of security service management including; security governance; reporting; incident management; change management; access control; user provisioning, forensic investigation and vulnerability management. Unless there is a dedicated and integrated solution many security processes will require multiple suppliers to provide a partial solution, or will require manual operation, integration and a degree of customer service management to ensure correct operation and reporting against Service agreements. In the absence of a technical solution or a single service provider and with an initial low degree of process maturity after transition to the G-Cloud, effective service, incident and reporting process requires skills and expertise and professionalism to balance the risk of process failure or gaps in security capability until such a time as services and process have become embedded and well managed to a point they can be managed by the department or managed by the supply chain. Our Security practice can improve on the usual offering of security aware processes and resources by providing dedicated Security professionals with service and process management expertise.

We are able to provide a pragmatic and solution agnostic integrated service designs and solutions, these can either be managed for the customer internally or centrally or locally at the customer site and then integrated into the supply chain. We are also able to provide accreditation support for your IA and security slice by taking the end to end supply chain and defining it as a security services and accrediting it as a single service slice for Security management and alleviating the complexity and improving the coherence of security management in the G- Cloud. Service Outline Security service assurance and accreditation Security Service management transition and embedding Security operations centre Security incident and event management Security change management Cryptographic services and handling Service Lifecycle Support Security service strategy, design Security service and solution implementation Security service operation Security Service change management Security service transition Security service termination Security functions The services provided our services are tailored to meet the requirements of the Customers user and business demands. As an indication of the sport of security functions we are able to offer a list is provided below. Asset management and reporting Business continuity plan management Service management Threat and management Incident management and reporting Helpdesk Change and configuration management User provisioning Secure Information exchange agreement Application management Access control Disaster recovery and data backup and restoration Password management Data loss prevention Vulnerability management Network connectivity and code compliance Network access control and monitoring Cryptographic management Protective monitoring/warp and reporting

Service Operation Supporting the G-Cloud through life management lifecycle and tiers of the G- Cloud operating model, we propose to provide Specialist security service across the end to end cloud solution and supply chain from design, integration and management to retirement and decommission to help reduce complexity and improve security management process effeteness and efficiency and coherence of security enforcing functions. Alignment of G-cloud 5 Specialist Services to G-Cloud Service Management Framework User Group Lot 4 Service area 1 End User civil Servant or Citizen Define Requirements Find Services Use Services Manage Services Specialist Services: On-boarding service for Cloud related services; Design Authority; Business Analysis for Cloud; User Management; SIAM: Enterprise Architecture; Project Management. Programme Management and Governance; Helpdesk Information Management and Digital Continuity: E-Discovery Data Quality Digital Archiving Data Storage Consultancy G-Cloud Security Services Management

2 Government IT Department Manage Requirements Find Services Evaluate Services Procure Services Use Services Request Change Stop Services Migrate Services Manage Services Specialist Services: Design Authority; Business Analysis for Cloud; Project Specification and Selection; Deployment; Transition Management; SIAM: Enterprise Architecture; Project Management. Programme Management and Governance. Information Management and Digital Continuity: E-Discovery Data Quality Digital Archiving Data Storage Consultancy G-Cloud Security Services Management 3 Service Provider Specialist Services: Build Services Project Specification and Selection; Obtain Certification Deployment; Transition Management; Market Services SIAM: Operate Services Enterprise Architecture; Service Management; Operate Services Change Services Stop Service Migrate Service Manage Services G-Cloud Security Services Management

4 System Integrator Specialist Services: Develop Requirements Design Authority; Project Specification and Selection; Aggregate Service User Management. 5 Integrated Services Manager Test Service Service Strategy Service Design Service Transition Service Operation Service Improvement Supplier Management Performance Management App Store Manage Support Certification SIAM: Enterprise Architecture; Service and Systems integration Project Management. Programme Management and Governance. Information Management and Digital Continuity: E-Discovery; Data Quality; Digital Archiving; Data Storage Consultancy. Specialist Services: On-boarding service for Cloud related services; Design and Development; User Management; SIAM: Service and Systems integration Project Management. Programme Management and Governance; Service Management; Software Support; Helpdesk; 6 G-Cloud Authority Specialist Services: Specify Standards and policlated services On-boarding service for Cloud re- Design Authority Define Commercials Business Analysis for Cloud Project Specification and Selection Assurance Activities Certification of Suppliers Certification of Supplier Services Performance rating of Services De Certification of Supplier Services Information Management and Digital Continuity: E-Discovery Data recovery, conversion and migration; Data Storage Consultancy. G-Cloud Security Services Man- G-Cloud Security Services Manage- G-Cloud Security Services Management

Our approach to the development and management of the service is based on Cobit and ITIL best practices and management lifecycles and is provided by a professional Security Manager and qualified ITIL and Security staff. Security service solutions This services is a service management services and the provision of software solutions is expected to be defined by us and integrated into the end to end solution and delivered by a third party or the supply or chain implemented by the customer as part of retained services in the customers data centre which we are able to define, implement and manage. Throughout the lifecycle our skilled an talented I and security professionals will ensure that security service requirements and service levels are translated into a well-managed service slice. The service management processes will be integrated tightly with third party suppliers and the operating procedures for security will meet the requirements of HM government Security policy framework requirements, CESG good practice guides and standards. With experience in the operation of security processes and practices and ISO27001 certification we are able to assist departments achieve certification and accreditation for the Security and IA management services Slice.

Service Terms and Pricing Information Assurance This service is tailored to the customer requirements and will require accreditation as a bespoke service slice as part of the customers overall accreditation. Service Management Not applicable to this service Customer Responsibilities The customer is responsible for providing accommodation and access to computing services and network access. The customer is responsible for the purchasing of materials, software, networks and equipment to support this service which we may be able to provide under a separate purchase order. The customer shall ensure that where required security clearances are transferred to their security office, the Company will provide details of security clearances and provide completed security clearance applications as required. The customer will retain responsibility for its information assets and will ensure that any information provided is appropriate, fit for purpose and at the appropriate classification and is provided with handling instructions as required. The customer shall ensure that information, decisions, advice, guidance or responses to questions are provided within a reasonable time, the company reserves the right to make additional charges or add consulting days to the invoice resulting from unreasonable delays or material deficiencies. The customer shall be responsible the achievement of certification or accreditation decisions and is responsible for accepting assuring the completeness and quality of deliverables prior to submission, the customer will pay company invoices for work performed to achieve such approvals or accreditation regardless of whether they achieve they are achieved or not. The customer will ensure that information or third party deliverables required by the company are fit for purpose and that any changes or new releases are made available as soon as possible to give the company the opportunity to request a variance or make appropriate changes.

Skills for the Information Age (SFIA) Definitions & Rate Card Great Oak Professional Services standard rate card Strategy & architecture Business change Solution development & implementation Service management Procurement & management support Client interface 1.Follow 475 475 475 475 475 475 2.Assist 525 525 525 525 525 525 3.Apply 575 575 575 575 575 575 4.Enable 635 635 635 635 635 635 5.Ensure/Advise 675 675 675 675 675 675 6.Initiate/Influence 725 725 725 725 725 725 7.Set Strategy/Inspire 850 850 850 850 850 850 Discount Structure As part of providing value to customers we are able to offer a discount for continuous service on the following basis, discounts are based on individual contract or service call offs at the time of contract issue. Discounts across multiple contracts can be discussed with the account manager. 20 to 100 days 0% 120 to 220 Days 2.5% 260 to 440 Days 8% 500 + days 10% Value Proposition In order to provide a fair and proportionate service we endeavour to provide customers with a service which is flexible to their needs, as part of the on-

boarding process we will assist customers in defining and breaking down the work packages and deliverables and resources requirements and where possible blend the skills and rate card into a flat rate or per package contract. Unit Pricing In order to determine the level of service required, the time scales of the customer it is important to consider the level of resources required to provide the service, i.e. one consultant may be able to deliver 20% of the entire service over the lifecycle of a programme or project, however compression of timescales or increase in the normal levels of activity may require multiple resources, customer should discuss their requirement so that we can find the optimal blend of SIFA levels and day rates. Standards for Consultancy Day Rate cards Consultant s Working Day at the specified Per diem rate 7.5 hours exclusive of travel and lunch. Working Week Monday to Friday excluding national holidays Office Hours - 07:00 19:00 Monday to Friday Travel and Subsistence Included in day rate within M25. Payable at department s standard T&S rates outside M25. Mileage As above Professional Indemnity Insurance included in day rate. VAT - All prices are subject to VAT

Great Oak Professional Services (2014)

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information