Softcat Limited

Arcserve Business Continuity Cloud (BaaS & DRaaS)

The only sovereign direct-to-cloud backup and disaster recovery as a service (BaaS & DRaaS) offering comprehensive data protection with consumer-grade usability– we can support environments with laptops, desktop and appliances or ones without any hardware on-premises. Scalable and flexible BaaS and DRaaS for always-on continuity with industry-best RTOs and RPOs


  • No hardware
  • Direct to Cloud
  • Secure Cloud Connectivity
  • Near-Zero Data Loss
  • Support physical and virtual environments
  • Windows & Linux
  • Centralised Management
  • Multiple Recovery Options
  • Complete failback and failover options
  • 27/7/365 Helpdesk Support


  • Failback from the Arcserve Cloud to the onpremise environment.
  • Leverage different optimised VPN options- securely connect to recovered environment
  • View backup and recovery activity reports- Your account, multiple tenants
  • After initial full-backup, only changed data will send to cloud.
  • Agent creates complete server image, including OS/files/directories, and applications
  • Local install agent replicates data in its native file format
  • Anywhere, anytime recovery with sub 15 minute RPO
  • Hassle-free management
  • Risk mitigation for business critical applications
  • Reliable high performance technology with positive ROI


£1144 per unit

Service documents


G-Cloud 11

Service ID

1 6 3 8 9 3 1 4 9 6 3 2 6 2 3


Softcat Limited

Charles Harrison


Service scope

Software add-on or extension
Cloud deployment model
Public cloud
Service constraints
Bare metal recovery is not supported
System requirements
  • Recommended bandwidth, 1Mbs upload
  • Windows Server 2003 (older agent) to 2019
  • Windows workstation XP (older agent) to 10
  • Web browser
  • Internet connection using SSL (port 443)

User support

Email or online ticketing support
Email or online ticketing
Support response times
2hr response to email tickets
User can manage status and priority of support tickets
Online ticketing support accessibility
None or don’t know
Phone support
Phone support availability
24 hours, 7 days a week
Web chat support
Web chat
Web chat support availability
24 hours, 7 days a week
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
The chat process is a text chat and customers can type their queries and response will be through text chat visible to customers. (no audio / video )
Web chat accessibility testing
Onsite support
Support levels
"Cloud Direct support team provides L1 and L2, additionally engineering if often involved. L1 Engineer makes the first contact with the customer. L1 Engineer reviews the customer environment, understand the problem, defines the scope of the reported issue and starts investigating. L1 Engineer gets necessary logs related to the problem, analyse the logs, narrow down the issue and provides resolution to the customer for most of the cases opened.

L2 Engineer is a product expert who is proficient in real time log analysis and advanced debugging. They apply advanced debugging techniques to narrow down a specific problem. If a problem reported is complex based on analysis done by L1, L2 engineer is involved . If need be, L2 Engineer contacts engineering team to address complex issues. In case, an issue is referred to engineering for further investigation, L2 engineer serves as the face of support, helping engineering with necessary details of the issue, verify if the solution recommended by engineering can resolve the actual issue and collaborate with the customer."
Support available to third parties

Onboarding and offboarding

Getting started
Our platform has been designed to be user friendly, enabling a user to easily provision a back up policy and recover it. However, we can provide full training on how to use the platform effectively along with an online knowledge base with manuals, how to go guides and frequently answered questions.
Service documentation
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Users have up to 30 extra day to download their data using the Agent, performing a simple "restore". Alternatively we can offer a 'physical' extraction onto approved media which we can send by courier to the customer.
End-of-contract process
In the event of termination of this Agreement for any reason during the Standard Term, Arcserve will: (i) make not less than a commercially reasonable effort to provide Customer access to all Customer Data stored on the Arcserve equipment for up to 30 days (or such longer period as mutually agreed to by the parties, and unless specifically requested to delete Customer Data sooner); and (ii) use commercially reasonable efforts to transfer, at Customer’s sole expense, such Customer Data to Customer or Customer’s designated service provider. Notwithstanding any terms to the contrary in this Agreement, after such period, Arcserve will have the right (but not the obligation) to destroy all such Customer Data. Notwithstanding any terms to the contrary in this Agreement, if Arcserve receives a notice from Customer requesting the deletion of Customer Data during the Trial Term or the Standard Term, Arcserve will use commercially reasonable efforts to promptly delete such Customer Data

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
Compatible operating systems
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
Designed for use on mobile devices
Service interface
Description of service interface
A web portal is accessible from everywhere in the world. It provides acces to the customer instance via a web browser.
Accessibility standards
None or don’t know
Description of accessibility
A web portal is accessible from everywhere in the world. It provides acces to the customer instance via a web browser.
Accessibility testing
What users can and can't do using the API
Users could use our API for integrating PSA (ConnectWise and Autotask), additionally some API could be shared to generate reports.
API documentation
API documentation formats
  • Open API (also known as Swagger)
  • HTML
API sandbox or test environment
Customisation available
Description of customisation
Users could customise the access portal with their logo, they can have customised emails and even branding the Agent using their own colour palette.


Independence of resources
Every user has one or more volumes, each of them logically separated and accessible uniquely by that user.


Service usage metrics
Metrics types
Daily digest are sent every day to clearly state on previous day backup status. Additional reports (backup, restore, data transfer, account activity) could be configured. Each report can be customized, selecting all or part of the protected systems, frequency and users who will receive them (even if not registered in the portal account).
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type
Reseller providing extra support
Organisation whose services are being resold

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
  • United Kingdom
  • Other locations
User control over data storage and processing locations
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
At least every 6 months
Penetration testing approach
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
Data sanitisation process
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
Users are able to download data directly from the portal to whatever on premise device (having an Internet connection). Additionally entire restore points or just single files could be easily retrieved using the restore wizard in the portal, so the destination needs to have the Agent installed on it.
Data export formats
Other data export formats
  • Original format of data
  • Windows image task is converted into a .vhdx
Data import formats
Other data import formats
Original Format

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
Other protection within supplier network
"There are several layers of encryption that we use. At the Highest level we have the ""site master key"" This key is kept in our secured safe and access to that safe is given to our CTO and CEO.
The next level down we have encryption keys for customer volumes. These keys are kept in an encrypted volume and which is unlocked by the site master key. The site master key is rotated on a regular basis.
Arcserve Cloud Direct follows RBAC ( Role Based Access Control ) and this is strictly enforced by the Arcserve Security Committee.

Availability and resilience

Guaranteed availability
Our cloud colocation offers 99.99999% of availability. If we fail to meet our obligations for service levels, we provide “service credits” which equals the pro-rated amount a monthly payment equivalent to the amount of downtime not achieved within the SLA. This Service Credit may be applied to the next months service invoice.
Approach to resilience
Information available on Request
Outage reporting
Daily Digest email and reports alerts could easily provide immediate information of the status of backups. Additionally accessing the protal will provide a detailed view on the systems. For planned outages we give prior notice directly via email to the end user at least 2 weeks in advance.

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
Access restrictions in management interfaces and support channels
Arcserve implement a VPN/Firewall and user authentication to restrict access to cloud instances. Multi-tenancy is included to create multiple sub-archives for separate departments, divisions or countries. Username and password are unique to each user, so their authentication restirct acess to portal and actions they can do in the portal (different roles are configurable)
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
Available upon request
ISO/IEC 27001 accreditation date
Available upon request
What the ISO/IEC 27001 doesn’t cover
Available upon request
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Who accredited the PCI DSS certification
Available upon request
PCI DSS accreditation date
Available upon request
What the PCI DSS doesn’t cover
Available upon request
Other security certifications
Any other security certifications
  • GDPR

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
ISO 14001:2015
ISO 22301
ISO 50001
ISO 9001:2015
OHSAS 18001
SOC 1 Type II
SOC 2 Type II
Information security policies and processes
We follow the policies and processes in-line with ISO27001.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
All Cloud products are SSAE-16 complaint. All production changes are submitted via change control process and approved by the security committee prior to being released into production.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
All Cloud products are SSAE-16 complaint. All production changes are submitted via change control process and approved by the security committee prior to being released into production.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Proactive monitoring - Cloud Direct has daily monitoring of the site from a third party. The third party ranks issues on a scale of 1–5. Any level 4-5 issues are immediately reviewed and escalated should they be deemed harmful to the site.
Any attack upon the site is captured by our monitoring utilities. These issues are brought to the attention of the NOC and the NOC will then take action. If warranted, the issues will be escalated to the security team for further investigation, if necessary.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
We have an incident management process in place that the internal team use according to ITIL. This contains customer’s contact list by geographic region. The process for incidents is tested. The customer contact list has been used to notify customers for pending change management windows thus far. We are pleased to say incidents have not occurred against the site since the service began.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
Connected networks
Public Services Network (PSN)


£1144 per unit
Discount for educational organisations
Free trial available
Description of free trial
Cloud Direct can be tested for a limited period (15 days extendible) but with unlimited storage usage in the cloud (unlimited systems and/or volumes).
Link to free trial

Service documents

Return to top ↑