Training
|
- Pre-requisite: Staff list supplied in specified Excel format
- All user addition to or deletion from the program needs to be performed via our secure Insight portal only.
- The last date of adding a new user is 30 business days prior to the end of the contract
- Monthly Training progress reports and on-demand report available from the secure Insight portal.
|
Phishing
|
- Pre-requisite:
- Staff list supplied specified Excel format
- Whitelisting of phishing domains
- Campaigns will be conducted only once per quarter throughout the contract year (4 in total)
- Any new user(s) belonging to an existing Client or a new Client(s) added after the current quarterly phishing is completed will start with the next quarter phishing campaign
- Quarterly phishing reports available from the secure Insight portal.
|
Monthly Vulnerability Assessment
|
- Pre-requisite: Completion and return of Know Your Client (KYC) form
- Access to IT personnel responsible for network management
- All critical vulnerability discovered will be reported within 1 business day
- Monthly vulnerability reports available from the secure Insight portal.
|
IT Gap Assessment
|
- Access to IT personnel responsible for network management and supervisory staff responsible for business administration
- Expeditious response to online questionnaire and scheduling audit (when subscribed)
- Final report available from the secure Insight portal.
|
External Penetration Testing
|
- Pre-requisite to Service commencement: Completion and return of Know Your Client (KYC) form and Vendor Service Agreement (VSA) with signature
- Access to IT personnel responsible for network management
- All critical vulnerability discovered will be reported within 1 business day
- Annual report available from the secure Insight portal.
|
Internal Penetration Testing
|
- Pre-requisite to Service commencement: Completion and return of Know Your Client (KYC) form and Vendor Service Agreement (VSA) with signature
- Access to IT personnel responsible for network management
- Return of secure remote access device upon completion of testing
- All critical vulnerability discovered will be reported within 1 business day
- Annual report available from the secure Insight portal.
|
Business Impact & Recovery Strategy Analysis (BIA/RSA)
|
- All data gathering will be conducted by a fillable PDF worksheet.
- A client-designated person will coordinate all data gathering for the worksheet.
- Requested information and/or documentation will be provided within five working days. If requested information is not provided within five days of the information request the contractor may deliver final documents with gaps in information.
- The client will have five working days to review all BIA drafts and return comments. Should the five-day period expire without comment, the contractor will assume concurrence.
- The final BIA report will be delivered 24-48 hours after the final draft in our secure portal.
|
Business Continuity/ Disaster Recovery Plan & Table-top Exercise (BCP/TTE)
|
- This service should typically be performed less than 6-months after the final BIA report is delivered. The BCDRP will be based on the final BIA report.
- Table-top exercise needs to be agreed upon by the client and conducted within the service agreement period at a mutually agreed upon schedule. Should the client fail to comply, it would not hold up service completion.
- All client-designated personnel will be available at the appointed day and time for the testing.
- The client will make every effort to provide the consultant with 24 hours’ advance notice of any schedule changes.
- A client-designated person will coordinate this effort.
- The client will have five working days to review all BCP drafts and return comments. Should the five-day period expire without comment, the contractor will assume concurrence.
- The final BCDRP report will be delivered 24-48 hours after the final draft in our secure portal.
|