Khipu Networks Limited

KARMA™ - Managed Services

KARMA (KHIPU Automated Remote Monitoring Application) monitors, alerts and reports on the health of customers infrastructure including Wi-Fi, LAN and Firewalls. This managed service supports all leading manufacturers, and provides a pro-active approach to supporting and managing mission critical networks.


  • Real-Time Reporting of the health and performance of customers infrastructure.
  • Historic Reporting / Trend Analysis of customers infrastructure
  • Can enable Managed Services (Secure Remote Access to infrastructure)
  • Supports - SNMPv1/v2/v3, SSH, Telnet, API, syslog, custom scripts
  • Supports - Custom Alerts, Email, SMS


  • 24x7x365 Monitoring - Tailorable alerts and technical support as required.
  • Enhances an organisations existing monitoring and technical support teams
  • Monitoring of KHIPU supplied infrastructure and other 3rd party products
  • KHIPU uses own trained engineers, not outsourced
  • Flexible and scalable service, simple to expand
  • Reduces overheads on customers own support team


£4176.47 per unit per year

  • Education pricing available
  • Free trial available

Service documents

G-Cloud 10


Khipu Networks Limited

Imai Pragadish


Service scope

Service scope
Service constraints KARMA requires internet access to enable the secure VPN between the customer KARMA remote data collector and the KHIPU datacentre. Implementation of KARMA may require a technical review with a customers security / network team depending upon the customer requirements. KARMA is scalable and multiple remote data options are available.
System requirements
  • KHIPU will provide, licence and maintain secure remote data servers
  • Internet Access is required

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Khipu can tailor support packages for end users on response times, where we provide faster response times on support calls relating to mission critical systems, for example. If the end user has a support contract with Khipu which also entitles them to weekend support, response times would not differ. Response times can vary from 30 minutes, to 4 hours, depending on the severity of the Support call logged.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Yes, at extra cost
Support levels KHIPUs ethos is to provide ‘outstanding’ technical and after sales support to its customers, during and after a project implementation. To prove this, we have a number of exceptional customer references should end-users wish to speak with them. With all of our supplied solutions, we provide maintenance and support services.

All of the proposed equipment will be supported and maintained by KHIPU based upon the appropriate level of cover as required by each individual end user. The following is included within our available support/maintenance services;

• 9am to 5pm Monday to Friday, or 24x7x365(366) Telephone, Email and Remote Access Support
• “Pro-Active” Monitoring, Alerting and Support “KARMA”
• Advanced hardware replacement (with or without an engineer)
• Upgrades / Software Releases (major and minor)
• Quarterly Health Checks
• Co-Managed Services; “adds/moves/changes/deletes” via end-user Helpdesk tickets

KHIPU would also assign a technical account manager to every end-user, who would be responsible for ensuring that SLA's are met should end-users call upon the agreed support service.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started For every project implementation, Khipu follow our Scope of Work process which has the following stages:

• Stage 1 – Pre-Installation
• Stage 2 – Installation
• Stage 3 – Post-Installation
• Stage 4 – Maintenance

This process is Khipu’s way of providing an effective service to implement your project efficiently and to a high standard in accordance with our ISO accreditations.

During Stage 1, we setup a call is to discuss the implementation of your solution, what will take place, and any pre-requisites that will be needed. This will also give end-users the opportunity to speak to one of our fully qualified engineers to discuss all aspects of the installation and any questions you may have. A Scope of Work document is then created based upon the discussion.

During Stage 2, end-users will have the opportunity to shadow our engineer so that end-users understand the solution and why it has been installed in the way that it has. After installation, we conduct a formal knowledge transfer session on administering the product, its features and its configuration changes, which can be conducted onsite or online. User manuals are also provided after installation.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
  • Other
Other documentation formats
  • Word
  • Visio
End-of-contract data extraction KHIPU will provide a final set of data to the customer on request at the end of the contract.
End-of-contract process The end user will however be notified 90 days in advance of their contract expiring and will be given a quotation with the option to extend the service (pre-paid). At the end of the contract, KHIPU will ask the customer to return any remote data servers and all monitoring and reporting will cease.

Using the service

Using the service
Web browser interface No
Command line interface No


Scaling available Yes
Scaling type Manual
Independence of resources Each service that Khipu provide to its customers are separate dedicated services which have guaranteed performance levels unaffected by other users/customers.
Usage notifications Yes
Usage reporting
  • Email
  • SMS
  • Other


Infrastructure or application metrics Yes
Metrics types
  • CPU
  • Disk
  • Memory
  • Network
  • Number of active instances
Reporting types
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations No
Datacentre security standards Supplier-defined controls
Penetration testing frequency At least every 6 months
Penetration testing approach In-house
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery
Backup and recovery Yes
What’s backed up
  • Files
  • Virtual Machines
  • Databases
Backup controls This is a fully automated service, therefore Khipu controls the whole backup schedule. Full system backups will be made on a frequent automated schedule however the end user can recover backups by contacting our Support helpdesk, who will provide this.
Datacentre setup Multiple datacentres with disaster recovery
Scheduling backups Supplier controls the whole backup schedule
Backup recovery Users contact the support team

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability Managed services are run at an agreed time with the customer, this is on a 24*7*365(6) schedule. The service has a targeted 99.9% availability on a quarterly basis, excluding scheduled maintenance windows. Should Khipu not meet the guaranteed levels of availability, service credits are issued in the form of “service tokens”. A service token entitles the user to call upon the professional services of Khipu Networks for work outside of their standard maintenance contract. Service credits are issued and discussed during quarterly service review meetings, based upon the number of failures in the prior quarter. Up to 5 service credits are capped per quarter for each end-user.
Approach to resilience This information is available upon request.
Outage reporting The service reports any outages via email alerts and telephone calls.

Identity and authentication

Identity and authentication
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels Access to the management platform is controlled by dual factor authentication and is only available to a small set of personal.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Devices users manage the service through
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device on a government network (for example PSN)
  • Dedicated device over multiple services or networks
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Audit information for users
Access to user activity audit information Users receive audit information on a regular basis
How long user audit data is stored for User-defined
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 Lloyd's Register Quality Assurance
ISO/IEC 27001 accreditation date Original Approval: 6th May 2010, Current Expiry: 5th May 2019
What the ISO/IEC 27001 doesn’t cover All areas of Khipu's business is covered under ISO27001 certification.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes Khipu adhere to ISO policies and procedures. We are certified to ISO9001 (Quality Management) and ISO27001 (Information Security Management).

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach All changes to the configuration of the service are managed through a change control process. This looks at, technical suitability, security risks and impact to service. This provides an audit trail and ensures all aspects of the change are considered.
Vulnerability management type Supplier-defined controls
Vulnerability management approach We work closely with the manufacturers of the services deployed, to ensure that any reported/disclosed vulnerabilities are patched in the next maintenance window. In the event of a major flaw, an emergency change process would be invoked to patch the service within 48Hrs. In the event of multiple vulnerabilities, they are addressed in severity order (highest first), until all mitigated.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Potential compromises are detected via various means, monitoring tools, manual checks, service degradation, reported issues along with regular vulnerability assessments. In the event of a suspected compromise, they are acted upon with a high priority until they are proven benign or corrective action need to be taken to mitigate against the compromise. These procedures are inline with our ISO27001 processes.
Incident management type Supplier-defined controls
Incident management approach As part of our support/managed service procedures, the customer is provided with full details of how to log a support call. This includes all logging methods (i.e. email, call, web) and the information required so that the servicedesk team can respond accordingly. Once the call has been logged, depending on its severity level (major issue = service affecting, minor issue = query), it is then managed by the team under the supervision of the servicedesk manager. All service affecting calls are escalated accordingly to the 2nd/ 3rd line teams including the assigned account and technical manager. Escalations procedures are provided.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart No

Energy efficiency

Energy efficiency
Energy-efficient datacentres Yes


Price £4176.47 per unit per year
Discount for educational organisations Yes
Free trial available Yes
Description of free trial Khipu provide a 30 day free trial of the service that is tailored to the end-users requirements in order for them to test the service accordingly against their success criteria.


Pricing document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑