Platform as a Service OFFICIAL and OFFICIAL SENSITIVE
Assured, OFFICIAL and OFFICIAL SENSITIVE UK Private Cloud hosting, highly resilient, secure IL2, IL3, PSNP and PASF accredited.
On-demand, configurable hosting, proprietary and open source application and data services including OS (Windows, Linux, etc),Middleware (Biztalk, integration services, etc) and runtime environments (.Net, Azure, LAMP stack, etc).
- Managed applications-OS, middleware, runtime environments
- Automated patching and updates with physical and software security
- Two Factor / Dual Factor Authentication(2FA) available for systems access
- Private and Hybrid Cloud options with very high availability
- Established rapid on-boarding and off-boarding process
- ISO20000 and ITILv3 service Management aligned with pro-active monitoring
- OFFICIAL SENSITIVE, PSN, ISO27001, ISO22301 and PASF
- Fully managed PaaS environment
- Highly resilient infrastructure with no single point of failure
- Private-cloud protecting the storage/transfer of sensitive data
- Low cost secure hosting
- Reduce or eliminate traditional licence and maintenance upgrade costs
- Productivity improvements through high availability of the underlying platform
- Rapid on-boarding and off-boarding including migration and transition services
- Decreased deployment time for new resources and pre-built images
- Dynamic scaling matches demand to minimise total cost of service
- Instant access for users across multiple locations
- Protected data via high redundancy levels and stringent security
- UK datacentres providing a platform for compliance and accreditation
£5.73 per virtual machine per day
- Free trial available
- Pricing document
- Skills Framework for the Information Age rate card
- Service definition document
- Terms and conditions
- Modern Slavery statement
Capita Business Services Limited
Capita Business Services Ltd
|Email or online ticketing support||Email or online ticketing|
|Support response times||
"Targets are measured and reported monthly across the entire hosting platform
Calls answered within 20 seconds >=80%
Calls answered within 60 seconds >=90%
P1 Incidents, response within 30 mins, 95% resolved within 4 working hours.
P2 Incidents, response within 60 mins, 95% resolved within 8 working hours.
P3 Incidents, response within 4hours, 95% resolved within 8 working hours.
P4 Incidents, response within 4 hours, 95% resolved within 3 working days.
Incident management, escalations and Emergency operations are described further in our Service Definition Document. "
|User can manage status and priority of support tickets||No|
|Phone support availability||24 hours, 7 days a week|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
|Support levels||Please refer to the service description|
|Support available to third parties||Yes|
Onboarding and offboarding
|Getting started||Please engage with Capita IT Services to ensure the correct service and options are identified. We will supply a full statement of works and proof of concept (if required). All customers are onboarded by our TDA, providing a Statement of works detailing the work required prior to BAU.|
|End-of-contract data extraction||Customers will be responsible for extracting data prior to the end of contract.|
|End-of-contract process||Please see Service Definition Document|
Using the service
|Web browser interface||No|
|Command line interface||No|
|Infrastructure or application metrics||Yes|
|Other metrics||Real-time management information|
|Supplier type||Not a reseller|
|Staff security clearance||Conforms to BS7858:2012|
|Government security clearance||Up to Developed Vetting (DV)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||No|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||Another external penetration testing organisation|
|Protecting data at rest||
|Data sanitisation process||No|
|Equipment disposal approach||Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001|
Backup and recovery
|Backup and recovery||Yes|
|What’s backed up||Please see Service Definition Document|
|Backup controls||Selected at the start of the agreement, automated backup processes put in place.|
|Scheduling backups||Users schedule backups through a web interface|
|Backup recovery||Users contact the support team|
|Data protection between buyer and supplier networks||
|Data protection within supplier network||
Availability and resilience
|Guaranteed availability||Please see Service Definition document|
|Approach to resilience||Available on request|
|Outage reporting||Email alerts, notification from Service Desk|
Identity and authentication
|Other user authentication||User authorisation process will be established and followed as part of service take-on.|
|Access restrictions in management interfaces and support channels||Access to administrator functions are restricted, only being available to those individuals that have been granted permissions.|
|Access restriction testing frequency||At least once a year|
|Management access authentication||Other|
|Description of management access authentication||
Management access is granted by the use of separate administrative username & (strong) passwords, using Microsoft and/or Linux Directory Services.
Where access is required on an occasional basis, we would recommend that customers also take Service Desk services from Capita, to allow us to disable Administrative accounts when access is no longer required and re-enable when needed.
We also strongly recommend 2FA always be used in conjunction with administrative accounts, even when security or compliance levels do not mandate this.
|Devices users manage the service through||
Audit information for users
|Access to user activity audit information||Users contact the support team to get audit information|
|How long user audit data is stored for||User-defined|
|Access to supplier activity audit information||Users contact the support team to get audit information|
|How long supplier audit data is stored for||User-defined|
|How long system logs are stored for||User-defined|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||BSI|
|ISO/IEC 27001 accreditation date||24/02/2017|
|What the ISO/IEC 27001 doesn’t cover||Anything NOT mentioned here: Information Security relating to hardware, software, networking, paper documentation, personnel and supporting media for client facing information, client owned and supplied information, remote access, internal and data processing facilities. The management of 3rd Party Service Providers. In accordance with the Statement of Applicability version 4.0.|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Who accredited the PCI DSS certification||We host customers solutions that have been accredited to PCI.|
|PCI DSS accreditation date||.|
|What the PCI DSS doesn’t cover||We host customers solutions that have been accredited to PCI. Compliance is customers responsibility to Audit.|
|Other security certifications||Yes|
|Any other security certifications||
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||ISO/IEC 27001|
|Information security policies and processes||ISO/IEC 27001 / Other|
|Configuration and change management standard||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Configuration and change management approach||ITIL Change and Config Management, please engage with Capita IT Services for further information|
|Vulnerability management type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Vulnerability management approach||Please engage with Capita IT Services for further information|
|Protective monitoring type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Protective monitoring approach||Please engage with Capita IT Services for further information|
|Incident management type||Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402|
|Incident management approach||Please engage with Capita IT Services for further information|
|Approach to secure software development best practice||Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)|
Separation between users
|Virtualisation technology used to keep applications and users sharing the same infrastructure apart||Yes|
|Who implements virtualisation||Supplier|
|Virtualisation technologies used||Hyper-V|
|How shared infrastructure is kept separate||NA|
|Description of energy efficient datacentres||
Capita-ARK Data Centres has implemented and exceeded processes aligned to HMG Greening Strategy and are an EU Code of Conduct for Data Centre Efficiency participant.
Direct air-cooled DC’s use compressor-less cooling for more than 99% of the year, re-using heat to condition air.
The DC’s Construction teams recycle in excess of 90% of construction-waste, whilst utilizing carbon efficient building practises.
The full building PUE (constantly monitored & measured), of the Ark DC’s is 1.2, with partial PUE of data rooms at lower values. PUE is. Ark are PUE v2 Level 3 (Advanced) capable and source carbon-free power favouring renewable energy.
Ark Data Centres comply with the energy efficiency targets as part of the CCA for Data Centres and has contractually committed to fix the PUE to 1.25 against specified occupancy, potentially saving £1.65m in electricity and 9000 Carbon tonnes pa (versus the global average PUE).
Ark consolidates rack-space & uses Match Technology to increase energy efficiency & allow for high density racks to sit alongside low density.
Our sites have Waste Management Plans that are monitored, measured and accredited to ISO 14001. These include compliance with WEEE and ROHS regulations. Building rooves house solar electricity generation and harvest rainwater.
|Price||£5.73 per virtual machine per day|
|Discount for educational organisations||No|
|Free trial available||Yes|
|Description of free trial||Basic functionality as a proof of concept.|