XMA Limited

XMA Altero Managed Cloud Backup

A fully managed cloud backup solution integrated with Altero backup software.
Allow backups to be stored in a Microsoft Azure datacenter located in the UK. All backups are replicated within the site and all traffic between the school and the remote data center will be encrypted.


  • Proactive Service and threshold monitoring
  • All cloud storage costs
  • Service desk support direct with XMA
  • Customer facing web dashboard


  • Fully managed service
  • Uses cheap, highly durable elastic cloud storage
  • Replaces expensive tape storage options
  • Allows for a cost effective and reliable DR recovery option
  • Long term archivalstorage maintaining fast recovery time


£180 per unit per month

  • Education pricing available

Service documents

G-Cloud 10


XMA Limited

Nancy Clayton-Schofield

0115 846 4000


Service scope

Service scope
Service constraints XMA Altero Managed Cloud Backup requires the customer to be running the latest release of the Altero software with a current support package.
System requirements
  • Must be running the latest release of the Altero software
  • Must have a support agreement with Altero

User support

User support
Email or online ticketing support Email or online ticketing
Support response times 24/7 acknowledgement
Average response based on 8.00 to 18.00 Monday to Friday (excluding bank holidays)
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels XMA will provide a tiered support level based on customer Service level agreements and severity level matrices
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Our service includes a consultation phase that will result in an implementation plan. Optional costs for a full setup and configuration service.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction All Parties confidential information will be returned at the end
of the call-off contract term. This includes confidential information stored on back-up media.
End-of-contract process We provide an exit service that returns all data as per the requirements of the call off contract

Using the service

Using the service
Web browser interface Yes
Using the web interface Customers can set up a user and review status of back up and services
Web interface accessibility standard None or don’t know
How the web interface is accessible The interface is available from any device that runs a standard browser
Web interface accessibility testing Not applicable
Command line interface No


Scaling available Yes
Scaling type Manual
Independence of resources Our service is not capacity reliant and sand boxed with a dedicated resource for each customer
Usage notifications Yes
Usage reporting Email


Infrastructure or application metrics No


Supplier type Reseller providing extra support
Organisation whose services are being resold Altero

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process No
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery
Backup and recovery Yes
What’s backed up
  • Virtual machine images
  • File systems
  • Databases
Backup controls Users control backup types through a local web interface
Datacentre setup Multiple datacentres with disaster recovery
Scheduling backups Users schedule backups through a web interface
Backup recovery Users can recover backups themselves, for example through a web interface

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability 99.9%
Approach to resilience Information is available upon request or as part of the scoping of a project
Outage reporting Email alerts

Identity and authentication

Identity and authentication
User authentication Username or password
Access restrictions in management interfaces and support channels Management interfaces have restricted access through our engineers. All data or customer information is subject to ISO 27001 policies
Access restriction testing frequency At least every 6 months
Management access authentication Username or password
Devices users manage the service through Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 163458-2014-AIS-GBR-UKAS
ISO/IEC 27001 accreditation date 22/8/2011
What the ISO/IEC 27001 doesn’t cover Not applicable
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes We have a fully implemented, audited and certified Information Security Management System that complies to ISO 27001. All process management and policies are governed via the ISMS

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Our configuration and change management process is managed via ISO 27001 policies
Vulnerability management type Supplier-defined controls
Vulnerability management approach Our vulnerability management approach is managed via ISO 27001 policies
Protective monitoring type Supplier-defined controls
Protective monitoring approach We deploy a protective monitoring solution governed by ISO 27001 policies
Incident management type Supplier-defined controls
Incident management approach We manage incident management through ISO 27001 policies

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart No

Energy efficiency

Energy efficiency
Energy-efficient datacentres Yes


Price £180 per unit per month
Discount for educational organisations Yes
Free trial available No


Pricing document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑