RDF GROUP PLC

RDF Cloud Hosting Services

RDF Group Cloud Hosting Services help organisations move from traditional legacy systems and infrastructure to cloud-based architectures and applications. We support our clients to deliver cloud-based systems and services that meet the UK Government Technology Code of Practice and Digital Service Standard.

Features

• overall cost and risk reduction
• change management
• cloud strategy and adoption services
• cloud managed service
• Business Analysis as a Service
• Developement as a Service
• Project Management as a Service
• DevOps as a Service
• Architecture as a Service
• Remote/On/Off site capability

Benefits

• reduce operational expense
• secure and low risk hosting services
• guided transition with the assistance of our consultants
• guided transition with the assistance of our consultants
• Gain the flexibility to address growing needs
• All resource employed permanently mitigating any IR35 Risk
• No utilisation or long term commitment needs
• Remote/Onsite Capability

£250.00 to £950.00 a person a day

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at iain.marr@rdfgroup.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

307290555827058

Contact

Iain Marr
01312202645
iain.marr@rdfgroup.com

Service scope

• Service constraints: RDF are able to expand our offering and services to scale to client needs. Each individual project is assessed for risk, resource need and capacity.; We do not use in-house penetration testing. We hire 3rd parties to maintain objectivity in our security assessment procedures.
• System requirements: System requirements will be specified during client engagement

User support

• Email or online ticketing support: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Onsite support
• Support levels: RDF Group can provide standard support Monday-Friday 8-6pm. A technical account manager or cloud support engineer will be appointed, as requested.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: To help users get started, RDF provides dedicated staff to train and set up accounts for access to documents and tutorials to help our clients begin using our service. In addition, clients can nominate higher responsibility individuals and provide bespoke one to one training on more critical tasks.; A dedicated team will be available to engage regularly at the client's request.; ; Should an organisation require additional support as part of the on-boarding process, such as project management, detailed technical design (etc) - this can be made arranged during client engagement
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Data can be extracted and supplied to users in whichever format they choose. RDF are flexible to suit our client's needs. If larger migrations are required then this can be performed with the assistance of our dedicated support team. Resource is made available on request.
• End-of-contract process: Where a client chooses to terminate their subscription with RDF, we are able to provide support for data extraction and/or migration where reasonable. We will agree a point of service termination with the client when the transition is complete. At this point, our dedicated support and technical teams will cease to provide any services. We will work to ensure that this transition is seamless.

Using the service

• Web browser interface: No
• API: No
• Command line interface: No

Scaling

• Scaling available: Yes
• Scaling type:
  • Automatic
  • Manual
• Independence of resources: Our key performance indicators, detailed in client agreements are constantly checked against SLA’s to ensure compliance and We have a dedicated team for each client ensuring that software is kept up to date and security updates are applied urgently, in addition to a dedicated technical support team. We also offer managed service dedicated teams, who are employed on a PAYE basis which mitigates any IR35 risk to end customer and can be used as augmented contract resource. Our resources can be provided as teams or as individuals covering specialisms such as project management, analysis, development and DevOps.
• Usage notifications: Yes
• Usage reporting:
  • API
  • Email
  • Other

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
• Reporting types:
  • API access
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2012
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Physical access control, complying with CSA CCM v3.0
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
  • Hardware containing data is completely destroyed
• Equipment disposal approach: A third-party destruction service

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • Documents
  • Emails, instant messaging conversations on in-house apps
  • Code, virtual machine data, databases
  • Call data
  • VOIP calls and data
• Backup controls: Schedules, content and structure of data are agreed with the client during our initial engagement. Our teams will work with the client to ensure that their data is stored securely and backed up in accordance with their needs.
• Datacentre setup: Single datacentre with multiple copies
• Scheduling backups: Supplier controls the whole backup schedule
• Backup recovery: Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: SLA subject to individual contract as required.
• Approach to resilience: Available on request
• Outage reporting: We are able to provide a live dashboard in addition to Email alerts. Additional measures can be agreed with the client during engagement.

Identity and authentication

• User authentication:
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: Access is only granted to users that have been approved by both RDF and the client. Any users not approved will not have access to the service and will not be given any log in details. Any approved users will be given credentials from the technical support team, and only given access to areas agreed with the client. Technical support team will only communicate with approved individuals. Any non-approved individuals will need to be approved by the nominated client management contact.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Devices users manage the service through:
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device on a government network (for example PSN)
  • Dedicated device over multiple services or networks
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)

Audit information for users

• Access to user activity audit information: Users receive audit information on a regular basis
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users receive audit information on a regular basis
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: ISO 27001. GCN. PSN. NCSC

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: RDF employ a third party to perform penetration testing and ensure that all software is up to date with the latest vulnerability patches analysed and implemented in an impartial manner. Gaps and vulnerabilities are logged and given a severity and urgency level, before being added to a backlog of high priority changes to be added to the system. Changes are performed in line with our SLA's with the client and reports are regularly generated to keep clients updated about changes and patches made to the system. We can also provide managed test teams to work on/offsite.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: RDF have a protective monitoring system where all logs are centralised and checked on a daily basis for security breaches using several key search filters. Alerts are sent out for high risk activity and are pro-actively responded to by the operations and security teams.
• Incident management type: Supplier-defined controls
• Incident management approach: Incident management processes are agreed with each client during engagement. Typically, incidents are logged with our support team and managed in accordance with our agreed SLA's. Incidents are marked with a severity and then progressed by our technical support teams.; Clients are regularly provided with reports regarding incidents, frequency and content of these reports are agreed with clients during engagement

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: No

Energy efficiency

• Energy-efficient datacentres: No

Pricing

• Price: £250.00 to £950.00 a person a day
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: 2 Weeks free trial of all our resources

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at iain.marr@rdfgroup.com. Tell them what format you need. It will help if you say what assistive technology you use.