PROTECTIVE MARKING GCloud Services 5 – RJD Technology Ltd Service Definition Document RM1557v Lot 4 - Specialist Cloud Services Cyber Mission Impact Assessment CMIA© Issue: 1 RJD Ref: 02/03/832/2 4 April 2014 RJD Technology Limited 8 The Green, Rowlands Castle Hampshire, UK, PO9 6BN Tel: +44 (0)2392 410044 Fax: +44 (0)2392 413107 Page i PROTECTIVE MARKING List of Contents 1 RJD GCloud Service Definition Document - Cyber Mission Impact Assessment CMIA© ....................................... 1 Introduction .............................................................................................................................................................. 1 Description of Service .............................................................................................................................................. 1 What we offer ........................................................................................................................................................... 1 Whole life cost.......................................................................................................................................................... 1 Non-functional characteristics .................................................................................................................................. 2 Information assurance ............................................................................................................................................. 2 Quality ...................................................................................................................................................................... 2 Management of RJD Services ................................................................................................................................. 2 Service constraints................................................................................................................................................... 2 All information contained in this document is strictly confidential and should be used only for the purpose for which it was supplied. Copyright © 2014 RJD Technology Limited RJD Technology Ltd Page ii PROTECTIVE MARKING 1 RJD GCloud Service Definition Document - Cyber Mission Impact Assessment CMIA© Introduction This document provides details of RJD’s GCloud Service for Cyber Mission Impact Assessment CMIA© to support to Cloud projects and enterprises. The service is offered under the SCS category and has the characteristics described in the following paragraphs. Description of Service We provide deep systems engineering expertise and tools that allow a rigorous, robust and repeatable analysis of a business enterprise across all categories of Cloud enterprise (as defined in NIST guidance) to achieve the detection and preemption of, and response to, Cyber and Resilience threats. A System of Systems approach based on our mature methodologies and proven toolsets is used CMIA©. We pre-emptively address issues such as data security, cyber security and system outages to ensure continued, secure and reliable operations across a business enterprise. Our companion Otus© solution is also capable of dynamically assessing and resolving cyber risk across an enterprise’s ICT/CIS networks. Further details on the characteristics of this service and how they fit into the Cloud environment are described in the supporting Fact Sheet document. What we offer RJD provides CMIA© and Otus© primarily as a service but we can also provide skills transfer through handbooks and training courses for departments that want to become self-sustaining in their use. Examples of ways we have previously engaged are as follows, but please contact us to discuss any alternative needs: Quicklook assessment – Man-day rates for a high level assessment of your enterprise along with a scope and cost for recommended further work. Specific Cyber Vulnerability Analysis need – Firm Price or Man Day rates to address, for example, Cyber Risk, Business Vulnerabilities, Key Information Flows, Supporting IT impacts. Based on a prior dialogue to establish scope, followed by a proposal. Tool Production – Delivery a tool for the customer to conduct further ‘what if’ analysis on data gathered above. Training in the use of the Dataset or associated tools. Whole life cost This service is normally provided on a Man Day basis under the SCS category and Whole-Project costs are therefore dependent on the length of the project and the amount of support required. We have provided an SFIA document to enable customers to obtain a comparison between our service and alternatives and this RJD Technology Ltd Page 1 provides man day rates for a variety of skill sets. RJD would also be pleased to discuss Firm Price contracts where the scope can be agreed in advance. Non-functional characteristics Information assurance This service is offered under Lot 4 – Specialist Cloud Services and does not include infrastructure, platforms, or software products. It therefore has no accredited Impact Level (IL) per se. Our Service is however, provided by personnel who hold at least SC clearances, and many also hold Developed Vetting clearance or the equivalent from other Government departments. This enables them to work in areas and on systems at the very highest levels of security. Our internal Company Information Assurance process accredited to ISO27001:2005 standards and our systems are accredited by CESG to process all levels from OFFICIAL to SECRET. A high proportion of personnel are cleared to work at the TOP SECRET level. Quality RJD holds full accreditation to ISO 9001:2008 and this provides assurance on Quality processes. We also have in place a business continuity plan that provides routines backup and disaster recovery facility so that any customer concerning our Service that is processed on RJF IT equipment is protected against loss. Management of RJD Services RJD follows project management principles taken from MSP and PRINCE methodologies and our policy is therefore to employ internal checkpoint and highlight reporting in order to ensure that any Service remains on track. These principles are embedded within our Quality process, backed up by ISO9001:2008 certification and available for inspection at any time of required. The practical means by which we conduct management of tasks of this type is that, in addition to the technical resources proposed, and as part of company overhead, RJD deploys elements of our HQ management team to fulfil project control, management, technical and quality assurance functions. These services are not charged to projects but are delivered by Management Board scrutiny, specifically by the persons below: Operations Manager/Commercial Manager/Project Manager – operational control of resources and point of contact for customer commercial matters. Managing and Technical Directors – Oversight in the role of Senior Supplier/ Senior User. Service constraints Our Service is entirely tailored to customer requirements and thus has no fixed service constraints. The following aspects will be agreed at time of order to define any project-specific service constraints: RJD Technology Ltd Scope of Service – defined either in Man Days with rates or Firm Price Deliverables Page 2 Specific resources to be provided Key deliverables and performance indicators Timescale for delivery Government Furnished Assets/Information required Any Specific Terms and Conditions for the task Ordering and invoicing process The Service is offered through the following process: Customer makes initial contact via either Cloudstore or directly via the RJD identified point of contact Discussion between customer and RJD technical staff to agree nature and scope of the specific Service, along with invoicing plan RJD submits detailed, project-specific Service definition with either Man Days or Firm Price, as required by the customer Customer issues tasking/purchase order Deliverables made/accepted RJD issues invoice Customer responsibilities During the scope discussion process, RJD will identify any supporting actions needed from the customer. These are likely to include: Provision of supporting Information Arrangement of appropriate access to sites/buildings Facilitation of stakeholder contact Details of any trial service available. In some circumstances, RJD may be able to offer access to previous work for illustration of our methods and techniques, or initial assessment of a new business area, as a trial for our Service. This is on a Case-by case basis and we are happy to discuss at any time. RJD Technology Ltd Page 3
© Copyright 2024 ExpyDoc
