Page 1 of 7
NCC Group Managed Security
Services Pricing
G-Cloud
Version 1.0
NCC Group
Manchester Technology Centre Oxford Road
Manchester M1 7EF
www.nccgroup.com
Contact Name: Shakeel Hassan
Email: [email protected]
Page 2 of 7
NCC Group Managed Security Services Pricing
The table below provides pricing for each of our managed security services.
NCC Group Services NCC Group Pricing & Notes
Managed Security Services – DDoS Assured
NCC Group‟s standard price for Managed Security Services – DDoS Assured is £1,500.
The service is delivered as a Managed Service (£1,500 based on 10 Bots with Approximately 200 Requests per second/per bot over a 4 hour duration targeting a web application).
Minimum 1 URL is required.
There is additional £2,000 price for 1U appliance.
Volume discounts available for larger numbers of URLs and/or larger bot net.
Managed Security Services – DDoS Fire Drill
NCC Group‟s standard price for Managed Security Services – DDoS Fire Drill is £1,500.
The service is delivered as a Managed Service (£1,500 based on 10 Bots with Approximately 200 Requests per second/per bot over a 4 hour duration targeting a web application).
Minimum 1 URL is required.
There is additional £2,000 price for 1U appliance.
Volume discounts available for larger numbers of URLs and/or larger bot net.
Managed Security Services – Minerva Services
NCC Group‟s standard unit price for Managed Security Services – Minerva Infrastructure Monitoring Services is £7 UKP.
The service is delivered as a Managed Service (£7/Week/IP Assuming 100 IPs to be scanned and monitored annually).
Minimum 1 IP is required.
There is additional £1,500 price for 1U appliance.
Volume discounts available for larger numbers of URLs.
Page 3 of 7 Managed Security Services – PCI
ASV Scanning
NCC Group‟s standard unit price for Managed Security Services – PCI ASV Scanning is £200.
There is a minimum of 10 IPs plus Associated URLs - Scans Conducted Quarterly with Free Retest after each scan if required.
Additional £1,500 costs for 1U appliance if internal PCI scanning is required
Volume discounts available for larger numbers of IPs/URLs
Managed Security Services – Web Application Scanning
NCC Group‟s standard unit price for Managed Security Services – Web Application Scanning is £90 UKP.
The service is delivered as a Managed Service (£90/Month/Web application assuming 20 Web Applications to be scanned on an annual basis). All web application scanning is un-authenticated.
Minimum 1 URL is required.
There is additional £1,500 price for 1U appliance.
Volume discounts available for larger numbers of URLs.
Pricing Notes:
NCC Group offers a range of volume discounts for our Managed Security Services. This can be shared with the customer upon request. There is sufficient saving available for large number of units purchased
NCC Group Managed Security Services price is based on product price, setup (if
required) and annual support price
Prices are in UK Pounds Sterling and exclusive of VAT, which will be added at the
prevailing rate at the time of invoice
Page 4 of 7
Appendix A - Quality Statement
NCC Group is a leading independent provider of IT Assurance, Security and Consultancy services. We are committed to the profitable provision of Consultancy, Escrow and Testing Solutions that exceed our clients' requirements and deliver excellent returns to our shareholders.
A minimum client satisfaction rating of 70% (where 50% equates to satisfactory) is the target for all work. Profitability is set for each area of our business each month in an annual plan. Our effectiveness is measured by how well we perform against this plan.
This policy is supported by detailed measurable objectives in the form of KPIs (Key Performance Indicators) at all levels in the organisation structure. Performance targets are reviewed on a regular basis by management to ensure quality standards are constantly met and improved.
NCC operates a quality system of standards and procedures, which manages and controls all our projects, products and service activities. The quality management system is based on the pertinent parts of the ISO9000 series of standards and is independently assessed for compliance.
The implementation of this policy is mandatory and is to be observed by all those who contribute to NCC Group's products and services.
Rob Cotton
Chief Executive Officer NCC Group
Page 5 of 7
Appendix B – Certificates and Accreditations
ISO 27001:2005
NCC Group is certified to ISO 27001:2005 and have been certified since 2005 (LRQ 0963077/A)
ISO 9001:2008
NCC Group services is accredited to ISO 9001:2008 and have held ISO 9001 status since 1994 (LRQ 0963077/A).
ISTQB® Certified Tester accredited training provider
NCC Group is accredited by the International Software Testing Qualifications Board to provide training for the Certified Tester scheme.
The ISTQB® has issued over 240,000 certifications in more than 70 countries world-wide (March 2012).
ISO 17025:2005
NCC Group is accredited to ISO 17025:2005 Testing and Calibration Laboratories under the United Kingdom Accreditation Service.
CESG CHECK
NCC Group is accredited under the Government‟s CESG Check scheme for network penetration and testing services. We have been classed as a „Green‟ service provider, the highest attainable standard, continuously since 2001. Unless specifically stated this assignment will not be performed under CHECK terms and conditions.
CESG Tailored Assurance Scheme Provider
NCC Group was selected as one of the first companies to provide the CESG Tailored Assurance Service (CTAS), a brand new service from CESG which is intended for a wide range of IT products and systems ranging from simple software components to national infrastructure networks.
CESG Listed Adviser Scheme
We have a team of CESG CLAS consultants. The CESG CLAS scheme is the accreditation for recognition of skills and experience in information security within the public sector.
Page 6 of 7
PCI Approved Scan Vendors/PCI Qualified Security Assessor
NCC Group is a Qualified Security Assessor (QSA) and an Approved Scan Vendor (ASV) regulated by the PCI Standards Council.
CREST Council of Registered Ethical Security Testers
NCC Group is an active member of CREST, the standards-based organisation for security assurance testing suppliers aimed at ensuring the very highest standards of leading-edge security testing.
London Stock Exchange Premium Accreditation
NCC Group is listed as part of the FTSE TECHMARK on the London Stock Exchange.
NSW Government Approved Supplier
NCC Group is an approved supplier by the NSW Procurement (NSWP), Department of Finance and Services, on behalf of the NSW Government.
Page 7 of 7
Appendix C – Client Testimonials
"Our teamwork has resulted in more secure products reaching our customers and NCC Group has proven to be an outstanding, reliable, capable and professional security consulting team." "When McAfee has a need for application security consulting, we turn to the experts at NCC Group. They bring a diverse background in security assessment and research that is unparalleled in the industry today."
“I am happy to recommend NCC Group because it has consistently been providing Royal Mail with a service which is highly critical to the assurance of our IT applications & infrastructures and which is delivered with expert, high quality and on time reporting and advice. I particularly like their engagement model, being highly responsive, reliable, dependable and professional”
“NCC Group have performed a number of IT Security Health Checks over the last 3 years. On all occasions they have provided a very high level of testing, I have been particularly impressed by the professional and flexible attitude of all consultants that have worked on our network. They have the ability to communicate technical information in a manner which is understood by our senior managers via daily wash up sessions and have always been on hand to answer any additional questions from our service provider”
“NCC Group’s communication throughout the project was the strongest point and the results were very professional.”
"The knowledge and professional skills of this team are probably unique in this very specialized area of security. They lead the world in security vulnerability research and apply that knowledge to their consultancy. In our experience we highly recommend their services."
"NCC Group’s interpreted complex operations and communicated progress and results in formats understandable by all levels of technical ability within our organisation significantly aiding key stakeholder buy in to improvement actions."
"SSE has worked with NCC Group for the past few years. NCC Group is flexible, responsive and accommodating to every request. The team are professional to work with and understanding to our needs. I would gladly recommend NCC Group to anyone."
“NCC Group understood the brief completely and provided superb support to the project, exemplified by a tireless commitment from the CHECK team in meeting tight deadlines , working with disparate organisations, knowledge and skills transfer – outstanding. All involved in delivering security testing services for this project were consummate professionals whose behaviour and commitment was exemplary. A credit at a personal level and to NCC Group The quality and expediency of report writing and submission is without equal in my experience. Well done and thank you”
"I hope we can continue to grow the relationship with NCC Group and work with your extremely bright and cunning team. Thanks for keeping the door shut to inquisitive kids the world over."
"'We have always found NCC Group to be approachable and helpful in all aspects of our network security, nothing is too much trouble for them. The quality of reporting and responses to questions & queries means I would actively recommend them to others.”
"NCC Group is providing CPNI with advance notification of software vulnerabilities in order to provide mitigation measures to Critical National Infrastructure (CNI) organisations. CPNI is looking forward to continuing this strong partnership with NCC Group."
