Equiniti offers a Cloud-based SQL Server-based solution, server as a service, a comprehensive application hosting service which will provide the SQL Server-based solution within a private virtual cloud with dedicated virtual servers running the complete range of services required. Available as Official or Official-Sensitive
- Database Systems Architecture and Design
- Database Implementation and Configuration
- Software Development around the SQL Server Database
- SQL Server based application hosting
- Data Migration
- Database Administration Services
- SQL Server delivers comprehensive high-end datacentre capabilities
- Complex database and business intelligence requirements
- High Availability design
- Scale on demand from devices to datacenter to cloud
- Support for reporting services
£1150 to £2635 per unit per month
|Service constraints||No constraints identified|
|Email or online ticketing support||Email or online ticketing|
|Support response times||
4 hours critical, one working day for other enquiries/issues.
Support is provided in standard office hours.
|User can manage status and priority of support tickets||No|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
Standard Equiniti support and maintenance agreements provide guaranteed acknowledgement or resolution of issues within the agreed service level.
Equiniti’s standard response times are as follows:
• Response time target for accessing screens of the system will be within 3 seconds for a minimum 99% of the time.
• Response time target for simple searches for information and displaying results within the system will be within 5 seconds 95% of the time (response times exclude network latency)
• Standard system availability target of the service is 99.99%.
We provide a single contact point for all problems including advice on all aspects of the solution, be it hardware or software.
|Support available to third parties||No|
Onboarding and offboarding
Equiniti works closely with the customer to produce an implementation plan which incorporates:
• Timescales and resource requirements
• System configuration including user setup and organisation specific static data and content
• System verification
• User training on the system
• Project management and governance
• Communication to users and stakeholders
We provide the necessary expertise and guidance to ensure a smooth implementation and go-live, and subsequently to provide ongoing system support and service management.
|End-of-contract data extraction||Data extraction is carried out by Equiniti|
The exit process will focus essentially on the transfer of information from the service provider’s systems to the new service provider. We can commit the following:
a) The necessary resources will be available to ensure that the migration data is in an industry standard form (e.g. csv) such that it can be adopted by the replacement service provider. These resources are part of the Service Provider’s technical team and the structure of the data and the nature of our software enables the extract of data in this format to be readily achievable.
b) the Service Provider will work with the Customer and the replacement provider in ensuring that the relevant documentation and procedures are available. Additional documentation other than that already provided by the Service Provider as part of the Agreement will be produced and charged for on a time and materials basis.
Using the service
|Web browser interface||No|
|Command line interface||No|
|Independence of resources||Server CPU, Memory and network activities are continually monitored. System administrators will be alerted if a threshold is breached allowing the appropriate action to be taken.|
|Infrastructure or application metrics||Yes|
|Supplier type||Not a reseller|
|Staff security clearance||Conforms to BS7858:2012|
|Government security clearance||Up to Security Clearance (SC)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||No|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||‘IT Health Check’ performed by a CHECK service provider|
|Protecting data at rest||
|Other data at rest protection approach||At rest data encrypted on SAN|
|Data sanitisation process||Yes|
|Data sanitisation type||Hardware containing data is completely destroyed|
|Equipment disposal approach||A third-party destruction service|
Backup and recovery
|Backup and recovery||Yes|
|What’s backed up||
|Backup controls||Users do not control backups - this is a System Administrator function.|
|Datacentre setup||Multiple datacentres with disaster recovery|
|Scheduling backups||Supplier controls the whole backup schedule|
|Backup recovery||Users contact the support team|
|Data protection between buyer and supplier networks||
|Data protection within supplier network||TLS (version 1.2 or above)|
Availability and resilience
|Guaranteed availability||We have high availability SLA's (up to 99.99%) agreed with clients and refund through a service credit regime where we don’t meet guaranteed levels of availability.|
|Approach to resilience||
2 data centres, 1 production and 1 DR. SAN performs real time replication of data between sites.
Hyper-V Clusters with minimum of 4 nodes per cluster.
|Outage reporting||Email alerts|
Identity and authentication
|Other user authentication||Microsoft Active Directory Services|
|Access restrictions in management interfaces and support channels||Access is restricted through the use of Microsoft Active Directory Services and firewall rules.|
|Access restriction testing frequency||At least once a year|
|Management access authentication||
|Devices users manage the service through||Dedicated device on a segregated network (providers own provision)|
Audit information for users
|Access to user activity audit information||Users contact the support team to get audit information|
|How long user audit data is stored for||Between 6 months and 12 months|
|Access to supplier activity audit information||Users contact the support team to get audit information|
|How long supplier audit data is stored for||Between 6 months and 12 months|
|How long system logs are stored for||Between 6 months and 12 months|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||SGS United Kingdom Limited|
|ISO/IEC 27001 accreditation date||12/02/2017|
|What the ISO/IEC 27001 doesn’t cover||Temp|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security accreditations||Yes|
|Any other security accreditations||ISAE 3402|
|Named board-level person responsible for service security||Yes|
|Security governance accreditation||Yes|
|Security governance standards||ISO/IEC 27001|
|Information security policies and processes||Equiniti Group Information Security Policy - all staff are mandated to complete policy compliance training annually.|
|Configuration and change management standard||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Configuration and change management approach||Equiniti follows a change management approval process. Changes are assessed as a part of this process, which includes all potential security impacts.|
|Vulnerability management type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Vulnerability management approach||
The data centres are accredited to ISO/IEC 27001 standard.
Regular assessment of threats are carried out through ITHC, risk assessments, user event tracking.
System Centre 2012 is used for operating system patch deployment. All patches are approved and then deployed using automated and scheduled processes. The patching schedules are agreed with clients.
Vulnerabilities to the service are reviewed and patches are applied in accordance with the vendor’s best practices.
Information concerning potential threats are sourced from Microsoft, HP Equipment, Government and Security blogs.
|Protective monitoring type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Protective monitoring approach||
A SIEM product is used to collate and analyse log files as part of their audit policies. Server logs, SQL Audit Logs, WAF logs and firewall logs are sent to the SIEM Server which is configured to alert and report as required. Reports are generated using GPG13 guides.
Potential compromised are reported to the IT Security Management team who will assess the incident and issue guidance on the next action.
|Incident management type||Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402|
|Incident management approach||Equiniti has a defined approached to major IT incident management which may be escalated to the Crisis Management Team, which includes incident management and incident communication. This is invoked and owned by Equiniti IT Service management overseen by Equiniti senior management. The team nterfaces with Information security incident and all Equiniti support teams.|
|Approach to secure software development best practice||Conforms to a recognised standard, but self-assessed|
Separation between users
|Virtualisation technology used to keep applications and users sharing the same infrastructure apart||Yes|
|Who implements virtualisation||Supplier|
|Virtualisation technologies used||Hyper-V|
|How shared infrastructure is kept separate||
Separate VLAN for each organisation.
Separate SAN CSV Disks presented to Hyper-V Host servers.
Firewall rules restrict access to VLANs.
|Price||£1150 to £2635 per unit per month|
|Discount for educational organisations||No|
|Free trial available||No|
|Pricing document||View uploaded document|
|Skills Framework for the Information Age rate card||View uploaded document|
|Service definition document||View uploaded document|
|Terms and conditions document||View uploaded document|