10 likes | 134 Views
Service Definition. SaaS Accreditation Support Service. SaaS Accreditation Support Service is aimed at departments & suppliers seeking accreditation of G-Cloud software.
E N D
Service Definition SaaS Accreditation Support Service SaaS Accreditation Support Service is aimed at departments & suppliers seeking accreditation of G-Cloud software. For SaaS to be permitted on protectively marked Government networks, the supplier must satisfy the Accreditor that it meets information assurance standards and that mandatory accreditation documents are complete. We will lead you through the accreditation process, liaise with the accreditor, clarify security requirements and prepare accreditation documentation. SyFi Solutions and its associate network of CLAS consultants has been working with Government, Defence and commercial customers since 2008. Unlike many IT security businesses, in particular large consultancy companies and system integrators, SyFi Solutions targets customers needing short-term pieces of work, reusing our tried and tested assurance approach to deliver results faster. SyFi Solutions is able to supply CLAS consultants at lower than market rate prices because of our very low overheads and our preference for off-site and flexible working. We will of course meet you and your customer as needed, to advise on and agree the accreditation approach. Our CLAS consultants are provided on a per hour basis (as opposed to conventional ‘per day’ offered by most). A CESG Listed Advisor (CLAS) is a security consultant that provides information assurance services on behalf of the UK Government. SaaS Accreditation Support Services: Our Approach Orientation session (FREE OF CHARGE) This could be via a call, video conferenceor face-to-face. We will ask questions about the service to determine the most efficient approach. Accreditation strategy We will propose the most efficient approach to achieving accreditation and suggest an engagement strategy that minimises business interruption. E.g. in the case of the SaaS being hosted on an accredited platform, we may suggest the SaaS accreditation documentation set (RMADS) is provided as an annex to an existing PaaS RMADS. Engage with the Accreditor We will work with the Accreditor on your behalf to ensure they are happy with our approach. Documentation Accreditation is predominantly a paper exercise (although a penetration test may be required). We will tell you what technical documentation is required and we will prepare the accreditation documentation set (RMADS). Accreditation We will support you as necessary to the point where the service is accredited. A typical assignment supporting accreditation onto an already accredited PaaS platform would require approximately 40 hours effort. A quote will be provided during Orientation for more complex accreditations. SyFi Solutions Partner Network We have developed an extensive network of partner security companies and associate consultants. If necessary we can provide access to the network during project implementation. Our strategic partners Keysec Limited and Commensurate Limited offer information assurance consultancy. Contact Us 01256 698 085 gcloud@syfisolutions.co.uk Information Assurance All SyFi Solutions staff and associates are a minimum of Security Cleared (SC). Our CLAS associates are generally cleared to DV, meaning they can work on virtually any Government system. For G-Cloud SaaS assurance tasks, we have experience in supporting Impact Level 3 (IL3) requirements; typically systems requiring accreditation for RESTRICTED material. Our CLAS consultants work within Government, giving us a unique insight into the latest information security initiatives and policy. Pricing – “Security as a Service” SaaS Accreditation Support Services - CLAS Consultant: £90 per hour (Prices exclude VAT). The Price includes travel and subsistence for assignments within the M25. For UK based assignments outside the M25, we may request expenses reimbursed at cost. However we try to avoid charging any expenses and will agree all charges in advance. For more complex accreditations, a qualified Project Manager may be required to interface with all parties. SyFi Solutions provides Prince II practitioners experienced in delivering Government information assurance projects. Prince II Project Manager: £80 per hour (excluding VAT). Discounted rates: Our published rates are based on a 48 hour assignment or less. If an assignment is expected to take more effort and/or additional flexibility is agreed during Orientation, discounted rates will apply. Invoicing and Payment Services are billed for on a monthly in arrears basis. Payment terms are net 30 days on receipt of invoice. While Pan Government Accreditation is not essential to provide a SaaS service, local accreditaiton will normally be required by the end customer