Securing business data
Call us today on 020 7592 8800

Managed Compliance Services 


CNS Mosaic COMPLY&SECURE Service can be tailored to meet and maintain compliance to a number of standards. CNS Group have created a bespoke set of Service Level Agreement and Operational Level Agreements, for each service module, to meet the specific mandatory and recommended requirements for the following standards:

PSN (Public Services Network)
ISO27001:2013
PCI-DSS
HMG (Cloud Security Principles)
HMG (Baseline Control Set (DETER) State)
CPNI Critical Security Controls
SEC OCIE Cyber Security Initiative
(SANS) Top20 Critical Security Controls
CESG GPG13 Protective Monitoring

For COMPLY & SECURE clients specific assistance is given regarding their chosen compliance regimes. CNS provides specialist information assurance, InfoSec & Solution based consultancy services. Through access to CNS Group specialist teams, customers are able to cover their basic need for expert advice and assistance in meeting Governance, Risk and Compliance, Threat Protection, Threat Mitigation and Solution Management requirements. This enables bridging the gap between IT Security, Information Security and Risk Management. This comes in the form of:

  • Assistance and advice back to compliance in the event of a failure
  • Evidence for 3rd Party Auditors of all Compliance Status, tasks and remediation
  • Single platform for the collation of relevant compliance data
  • Single interface for viewing real-time IT Security Compliance Status

Compliance as a Service: the complete service is delivered by one knowledgeable and expert company.  A CNS consultant scopes the customer compliance needs and offers best practice guidance for the managed service, alerts and responce to events.

  • Remediation Support:
    A CNS consultant visits post event to review and audit events and current security posture – looking for evidence of trends, helping with remediation and conducting a deep dive into incident causes.
  • Compliance against your baseline:
    whether it is PCI-DSS, GPG-13 or other mandates, the service operates against your baseline, explicitly monitoring the events that affect your compliance mandate.
  • Infinitely customisable:
    The service can be extended and tweaked to monitor and alert on a range of events that can be specific to your infrastructure and can be extended into security and network monitoring.
  • Reduced Cost of Compliance:
    Our CNS consultants know from experience how to design infrastructures and monitor them so that time and effort involved in implementing a solution is drastically reduced, allowing the local IT team to focus on additional activities.
  • Low upfront capital expense:
    we call this Compliance-as-a-Service.  The service provides all the hardware, software and activities necessary to implement compliance monitoring and response.
  • Improved Business Continuity:
    many compliance events are security events and implementing compliance monitoring improves our clients security posture and business continuity
  • Lifecycle compliance monitoring:
    Compliance should not be an annual one-off event it should be measured and monitored 24x7x365.  The service delivers full life-cycle compliance monitoring of your infrastructure.
  • Centralised management portal:
    authorised client contacts can access a central portal to inspect logs, view rules and run reports against the event catalogue and selected devices.
  • 24x7x365 service:
    there is no need to maintain a 24x7x365 IT response team in a NOC or SOC environment, CNS is performing this activity for you

________________________________________________________________________________________

Vulnerability & Patch Management

Make sure you know where you are with your patches and vulnerabilities at all times.

Read More

Build & Configuration Management

Maintain server build and device configuration compliance.

Read More

Scalable Outsourcing

Our security operations centre can be scaled to the needs of your organisation.

Round the clock
support

24/7 support from a dedicated UK team.

Mandatory Requirements

Conforms to best practice detailed in PSN Cabinet office Security Policy Framework, PCI-DSS, ISO27001, CPNI Top20.

Public Services Network

Our SOC has two tiers, with tier one supporting the private sector and tier two protecting public sector clients across the PSN.

SC Awards Winner - Best Managed Security Service

Are you compliant?

Use the CNS on-line questionnaire to see whether you are doing enough to achieve compliance to any given InfoSec standard.
Click Here

“from concept to implementation CNS have truly understood the requirements of our organisation. The Managed Compliance service means we can maintain a constant knowledge base that’s helped us focus our attentions on the areas that need it”.