GOV.UK
Managed Cloud Services - Trusted Zone
Sungard AS’s Managed Cloud Services for UK Government (Trusted Zone) service is designed to process data marked as Official (Official-Sensitive) via Internet connected Virtual Data Centres. Each customer is assigned one or more Virtual Data Centre(s) with managed compute, network, storage resources and operating system.
Features
- Hosted within Sungard Availability Services UK datacentres
- Fully redundant multi-tenancy multi-site enterprise infrastructure
- Fully redundant Internet & Private Connectivity options
- Up to 99.95% Availability Service Level Agreement (SLA)
- Aligned with the CESG Cloud Security Principles
Benefits
- Fully Managed Services
- Reduction in overall costs and compliance risks
- Flexibility in computing demands
- Consume infrastructure within an OPEX-based financial model
Pricing
£75 per virtual machine per month
Service documents
- Pricing document
- Skills Framework for the Information Age rate card
- Service definition document
- Terms and conditions
- Modern Slavery statement
Framework
G-Cloud 11
Service ID
300928262739767
Contact
Sungard Availability Services (UK) Ltd
Sungard Availability Services
0800 143 413
Service scope
| Service constraints | Planned maintenance windows are agreed with the customers. |
| System requirements |
|
User support
| Email or online ticketing support | Email or online ticketing |
| Support response times |
Critical - 15mins; High - 15mins; Medium - 60 mins; Low - 24 hours. This is applicable 24 by 7, 365 days a year. |
| User can manage status and priority of support tickets | No |
| Phone support | Yes |
| Phone support availability | 24 hours, 7 days a week |
| Web chat support | No |
| Onsite support | No |
| Support levels |
Sungard AS offers several support functions – NOC, Service Desk, resolver teams etc. as part of its management services for ticketing. 24/7/365 support for the Service Desk. Support teams are arranged in a first, second and third line of support with escalation to third party suppliers if required. Service affecting outages are escalated through the Sungard AS management process in line with the ITIL methodologies. Standard support activity costs are included within the subscription to the service. |
| Support available to third parties | Yes |
Onboarding and offboarding
| Getting started |
As a fully managed service, we provide full on-boarding services through our consulting and operational teams. Both on-boarding and off-boarding provides options of data migration ingress/ egress through a broad tool-set. We have user documentation such as on-boarding and service management documentation covering how to raise tickets, service request, change, escalations etc. We can also offer customers with onsite training at additional cost. |
| Service documentation | Yes |
| Documentation formats |
|
| Other documentation formats |
|
| End-of-contract data extraction |
Sungard AS provide a range of options to extract data at contract end. Depending on the exact requirement this may range from attaching storage devices for manual copying of data through to a fully managed migration service. Migration services are scoped and priced based upon the exact configuration of the virtual estate at the time of migration and the target configuration. |
| End-of-contract process | At the point of termination, all your data (including backups), accounts and access will be securely deleted; there will be no mechanism to subsequently recover data after this point. |
Using the service
| Web browser interface | Yes |
| Using the web interface | We provide customers access to a web portal that allows them to raise incident tickets, and service and change requests. |
| Web interface accessibility standard | None or don’t know |
| How the web interface is accessible |
Our web portal is accessible through a standard internet browser. Sungard AS is making every effort to ensure Viewpoint is compatible with modern browser releases, is optimised for use on iPad and Android tablets and is mobile-friendly. Optimal browsers for use include: - Chrome in the Windows, Macintosh, and Linux environments - Firefox in the Windows, Macintosh, and Linux environments - Internet Explorer 9 or above in the Microsoft Windows environment* - Safari in the Macintosh environment * Earlier versions of Internet Explorer (IE 8, 7, 6, 5) are not supported. From Ticketing, to access the following you must use Internet Explorer 9 or above and you will be required to re-authenticate. |
| Web interface accessibility testing | No assistive technology users have been used to test the web interface. |
| API | No |
| Command line interface | No |
Scaling
| Scaling available | No |
| Independence of resources | VMs have a 6:1 CPU ratio, and scale in 1 vCPU/ 2GB RAM multiples. RAM is not contended. |
| Usage notifications | Yes |
| Usage reporting |
|
Analytics
| Infrastructure or application metrics | Yes |
| Metrics types |
|
| Other metrics |
|
| Reporting types |
|
Resellers
| Supplier type | Not a reseller |
Staff security
| Staff security clearance | Conforms to BS7858:2012 |
| Government security clearance | Up to Security Clearance (SC) |
Asset protection
| Knowledge of data storage and processing locations | Yes |
| Data storage and processing locations | United Kingdom |
| User control over data storage and processing locations | Yes |
| Datacentre security standards | Complies with a recognised standard (for example CSA CCM version 3.0) |
| Penetration testing frequency | At least once a year |
| Penetration testing approach | Another external penetration testing organisation |
| Protecting data at rest |
|
| Other data at rest protection approach |
Sungard AS provides “known locations for storage, processing and management” of the service and all data within. All Sungard AS UK Ltd contracts are with a UK registered Company and are governed under UK Law. Sungard AS data centres conform to a recognised standard. The operating locations which host and manage Sungard AS's Managed Cloud Services for UK Government (Official) are certified to ISO27001. All UK Data Centres undergo an annual review against ISAE 3402 Type II. Storage, including removable media, is retained in a secure location until securely destroyed. |
| Data sanitisation process | Yes |
| Data sanitisation type |
|
| Equipment disposal approach | Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001 |
Backup and recovery
| Backup and recovery | Yes |
| What’s backed up |
|
| Backup controls |
Through initial backup policy capture during on-boarding from a list of options and through service request during in-life service. This is available to different VMs. Sungard AS vaulting services provide scheduled backups. Self-service restoration and manual execution of backups is supported. |
| Datacentre setup | Multiple datacentres with disaster recovery |
| Scheduling backups | Supplier controls the whole backup schedule |
| Backup recovery |
|
Data-in-transit protection
| Data protection between buyer and supplier networks |
|
| Data protection within supplier network |
|
| Other protection within supplier network |
Sungard AS implements IPsec VPNs for the protection of administrative traffic. All vendor patch downloads and imports and protected via TLS. Sungard AS Customer portal is protected via TLS |
Availability and resilience
| Guaranteed availability | Upto 99.95% availability assured by contractual commitment |
| Approach to resilience |
Sungard AS offers an SLA for customers for Service availability. Single-site service availability for a customer is 99.5%. Dual-site service availability is provides on a SLA backed 4 hour recovery time objective (RTO) and 30 minute recovery point objective (RPO). The SLA is subject to testing on a six-month interval. All service elements within a single site are resilient and are redundant between sites, catering for high availability services. This extends to backup and network services beyond the boundaries of the virtualised infrastructure. Two copies of backup data are created in geographically discreet data centres and are available for immediate retrieval to service data restores. |
| Outage reporting | Email alerts. |
Identity and authentication
| User authentication |
|
| Access restrictions in management interfaces and support channels | Sungard AS personnel have access granted as per necessary access control permission whilst customers have to adhere to the Customer Procedures. |
| Access restriction testing frequency | At least once a year |
| Management access authentication |
|
| Devices users manage the service through |
|
Audit information for users
| Access to user activity audit information | Users contact the support team to get audit information |
| How long user audit data is stored for | At least 12 months |
| Access to supplier activity audit information | Users contact the support team to get audit information |
| How long supplier audit data is stored for | At least 12 months |
| How long system logs are stored for | At least 12 months |
Standards and certifications
| ISO/IEC 27001 certification | Yes |
| Who accredited the ISO/IEC 27001 | Lloyd's Register Quality Assurance |
| ISO/IEC 27001 accreditation date | 3/12/2013 |
| What the ISO/IEC 27001 doesn’t cover | The following is what is covered. The management of the processes, the people and assets operating out of our LTC ,TC2, TC3, TC4 and TC5 data centres, and supporting functions (Finance, Procurement, Legal and HR functions) within our Theale and LTC A offices are covered by the ISO/IEC 27001 certification. |
| ISO 28000:2007 certification | No |
| CSA STAR certification | No |
| PCI certification | Yes |
| Who accredited the PCI DSS certification | Schellman and Company |
| PCI DSS accreditation date | 02/11/2018 |
| What the PCI DSS doesn’t cover | Managed Services that were assessed as part of the PCI accreditation were Systems Security Services and IT Support. |
| Other security certifications | Yes |
| Any other security certifications |
|
Security governance
| Named board-level person responsible for service security | Yes |
| Security governance certified | Yes |
| Security governance standards | ISO/IEC 27001 |
| Information security policies and processes | Sungard AS has an information security management system that certifies to ISO27001 which includes an overall security policy. Adherance to the policies is regularity audited by an independent external provider. |
Operational security
| Configuration and change management standard | Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402 |
| Configuration and change management approach |
Sungard AS has a governance process in place to track all assets and to review and manage change to the platform. This process is encompassed within the Sungard AS ISO27001 certification. All changes are reviewed and approved including impact from a security perspective before implementation. |
| Vulnerability management type | Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402 |
| Vulnerability management approach |
As a requirement of Sungard AS's PCI-DSS assessment, penetration and vulnerability assessments are performed across our platforms within the scope of the assessment. A vulnerability assessment identifies and reports noted vulnerabilities, whereas a penetration test attempts to exploit the vulnerabilities. Penetration testing should include network and application layer testing as well as controls and processes around the networks and applications, and occurs from both the external testing and internal networks. Sungard AS has a documented Patch Management process in place which is endorsed by Corporate Compliance. Threats are managed using information from multiple organisations. |
| Protective monitoring type | Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402 |
| Protective monitoring approach | Regular on-going compliance monitoring activities are performed covering [customer] information with control deficiencies tracked and managed via a formal remediation process. This is assessed as part of our ISAE3402, ISO27001, BS25999 and ISO9001 certification. |
| Incident management type | Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402 |
| Incident management approach | A formal Security Incident Management process is in place which is tested on an annual basis and forms part of our ISO 27001 certification. Notifications of incidents are made through the Service Desk function who provide regular updates to resolution. |
Secure development
| Approach to secure software development best practice | Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0) |
Separation between users
| Virtualisation technology used to keep applications and users sharing the same infrastructure apart | Yes |
| Who implements virtualisation | Supplier |
| Virtualisation technologies used | VMware |
| How shared infrastructure is kept separate |
Sungard AS use virtualisation technologies to provide separation between customer workloads. Compute separation is enabled through the VMware product configured to allow hard partitioning. Customers may implement physical devices as part of their service, separation of these is provided through network separation. Network separation between customers is achieved through virtual routing and forwarding (VRF) technologies and virtual networking capabilities provided by Cisco ASA and Cisco Nexus switching. Network separation within a customers service is provided by virtual LANs (VLANs). Storage separation is enabled through VMWare storage architecture. |
Energy efficiency
| Energy-efficient datacentres | No |
Pricing
| Price | £75 per virtual machine per month |
| Discount for educational organisations | No |
| Free trial available | No |