Castleton Hosted Services
We deliver a range of services from fully managed Desktop as a Service to Backup as a Service/ Disaster Recovery as a Service. Our cloud services are delivered from our Tier 3 ISO 27001 accredited data-centres. We deliver flexible, bespoke solutions tailored to individual customer requirements
- Remote access to service any time, any day
- Remote access over the Internet from any device
- Fully managed platform
- Automatic software updates
- High Availability
- Real time monitoring
- Disaster recovery
- Data protection to include perimeter security to systems
- Backup management
- Out of Hours support cover
- Opex pricing model - No expensive infrastructure refresh costs
- Mobile working
- Subscription model - capital expenditure free
- Reduced Infrastructure costs and maintenance
- Document control of corporate data
- Scalability & Flexibility to increase of decrease resource requirements
- Environmentally friendly
- Access to latest Microsoft products
- Common desktop experience across multiple types of devices
- Ease of access to corporate date and sharing of information
£50 to £150 per user per month
- Education pricing available
Castleton Technology Plc
|Service constraints||Subject to software vendors application compatibility, where possible the latest releases of Microsoft and VMware licensing are to be deployed. Periodically and at approved time planned maintenance of the hosted environment will be undertaken with ensuring the platform and virtual machines are meeting each technologies and manufactures patching and operating levels. In the event of a critical notification from a manufacture the affected hardware or software will be addressed. On an annual basis the customer will be encouraged to undertake a recovery test by invoking a Disaster Recovery within our isolated environment|
|Email or online ticketing support||Email or online ticketing|
|Support response times||
All of Castleton’s support services are initially provided by our Service Desk, which is the first point of contact for any faults or IT requests. The standard features are:
Direct access to our UK based Service Desk team via telephone, email or self-service web portal. Email & web portal access is available 24/7. Available Monday to Friday 07:300 - 21:00, excluding weekends & Bank Holidays.
|User can manage status and priority of support tickets||No|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
As an experienced provider of services for the Social Housing sector, we have robust processes to provide support to our customers.
We provide full end to end support; 1st, 2nd & 3rd line IT support across 5 levels of SLA, from desktop user support, to infrastructure support, management and configuration. An example of 1st line would be a password reset for an end user, and an example of 4th line would be investigation into core service failure. All levels are included within the service cost.
A nominated Service Delivery Manager (SDM) reports against service deliverables and performance. Regular Reporting-Service Management is coordinated by an Account Manager, Service Delivery Manager (SDM) and a Technical Lead. Between them, they manage Commercial Change, Service Delivery and Technical Operations respectively. As individuals and as a joint group each member is responsible for managing the customers support services. This team works closely with the customer to manage service delivery and coordinate service improvements throughout the life of the service.
The option for a technical account manager is available but this is specified within the individual customer contract.
|Support available to third parties||No|
Onboarding and offboarding
The onboarding process is subject to the size of a clients infrastructure or desktop requirement. In most cases a staging server is located onsite that acts as a transport layer for migrating servers and associated data to our hosting platform. At an agreed date typically over a weekend the on-premise infrastructure will be powered down and hosted servers made live for user acceptance testing. Following successful testing all external services such as email delivery will be enabled.
For large organisation with many servers, the staging server environment will be transported to our data centre over an agreed weekend
We offer several levels of training
1. Onsite - To customer's ICT team on how to administrate a managed desktop to support their end users at a first line level
2. Onsite - Train the Trainer whereby we train "super users" within the business who in turn train the users
3. Onsite - Direct end user training
4. All processes are described within a documented procedure manual.
|Other documentation formats||MS Projects|
|End-of-contract data extraction||
The offboarding process is agreed individually with each customer and timescales will be subject to size of estate to be migrated, data will be extracted via SQL reporting.
Following consultation with the customers new service partner, an agreed method that follows industry best practice and standard formats for migrating data will be implemented. In all cases the data will be encrypted and provided to the new provider in person or by the means of a door to door delivery. All documentation to include passwords will be handed over during this transition process. Once the data has been received at the agreed date information being held on our platform will be destroyed using an approved removal tool and a copy of the removal notice confirmation will be issued to the customer.
Data is deleted and the service components are deactivated.
Data extraction is included within the price of the service.
Data migration would incur additional cost .
Using the service
|Web browser interface||Yes|
|Using the web interface||Users can log and assign tickets, use the web portal to add notes and updates and resolve the tickets.|
|Web interface accessibility standard||None or don’t know|
|How the web interface is accessible||Via a standard browser with secure login.|
|Web interface accessibility testing||None|
|What users can and can't do using the API||The API is mainly used for inputting information into the system but values can be pulled from it as well if configured properly. We are able to provide documentation regarding our API. Our API is documented in a PDF document that help explains the setup for it and the basics of how it can be configured.|
|API automation tools||Other|
|API documentation formats||
|Command line interface||No|
|Independence of resources||Yes. We monitor the services and scale our infrastructure as appropriate.|
|Infrastructure or application metrics||No|
|Supplier type||Not a reseller|
|Staff security clearance||Staff screening not performed|
|Government security clearance||None|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||No|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||Another external penetration testing organisation|
|Protecting data at rest||
|Other data at rest protection approach||Encryption of data using AES 256bit|
|Data sanitisation process||Yes|
|Data sanitisation type||Deleted data can’t be directly accessed|
|Equipment disposal approach||A third-party destruction service|
Backup and recovery
|Backup and recovery||Yes|
|What’s backed up||
Backups are managed by ourselves as part of the service. The following are agreed with the customer on a per server/application basis;
1. Backup interval (e.g hourly, daily)
2. Data retention (e.g 1 week, 1 month, 1 year)
|Datacentre setup||Multiple datacentres with disaster recovery|
|Scheduling backups||Users contact the support team to schedule backups|
|Backup recovery||Users contact the support team|
|Data protection between buyer and supplier networks||
|Data protection within supplier network||IPsec or TLS VPN gateway|
Availability and resilience
Individual SLA's are provided on a per contract basis.
Any service refunds are provided on a per contract basis based on service credits.
|Approach to resilience||Our service architecture is available on request.|
|Outage reporting||Service outages and scheduled maintenance are notified via email to designated account contacts.|
Identity and authentication
|Access restrictions in management interfaces and support channels||
No management interfaces are provided to customers.
Support interfaces are provided to individual users and restricted based on their standard logon credentials
|Access restriction testing frequency||Less than once a year|
|Management access authentication||
|Devices users manage the service through||
Audit information for users
|Access to user activity audit information||Users contact the support team to get audit information|
|How long user audit data is stored for||Between 1 month and 6 months|
|Access to supplier activity audit information||Users contact the support team to get audit information|
|How long supplier audit data is stored for||User-defined|
|How long system logs are stored for||User-defined|
Standards and certifications
|ISO/IEC 27001 certification||No|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||No|
|Named board-level person responsible for service security||No|
|Security governance certified||No|
|Security governance approach||
Whilst we maintain the systems on behalf of our customers, the customer remains the Data Owner and as such are responsible for the implementation of appropriate controls and ensuring their staff adhere to their security policy and processes.
We are responsible for the underlying architecture and are in the process of working to ISO27001 accreditation hence our processes are based on that framework.
The Datacentre adheres to ISO27001 for physical security.
|Information security policies and processes||
For our Front office system, the customers are their own data owners and as such are responsible for their own security policies and processes.
For our Back Office systems, all staff adhere to our security policy (available on request). All breaches are reported to the Functional Department Heads who are responsible for reporting to our Services Director.
Our Services Director is responsible for reviewing and enforcing our security policy
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||
Our change management process ensures that all changes are necessary, documented, efficiently implemented and with minimal disruption.
Each change is managed by a document which defines details of the change, the priority and impact of the change, the reason for change, risks associated with the change, a back out plan and effects of this not being implemented.
The document is submitted to our change team who review and agree if the change will go ahead based on all the above factors.
|Vulnerability management type||Undisclosed|
|Vulnerability management approach||
Vulnerabilities for our key platforms are monitored through vendor notification.
We undertake scheduled, periodic updates of patches to our systems. Patches for critical updates are assessed independently and may be implemented ahead of the period updates.
All patches are applied in line with our change management process.
|Protective monitoring type||Undisclosed|
|Protective monitoring approach||We collect and log data based on activities of both systems and users. These are then reviewed and audited in near real-time. Adding both prioritisation and intelligent base lining enabled critical alerts to be raised and actioned by the correct engineer at the right time.|
|Incident management type||Supplier-defined controls|
|Incident management approach||We have defined process for logging, recording and resolving incidents. We aim to restore the service to our customers as quickly as possible, often though a fix or a work around. For common events we used pre-defined knowledge bases to allow knowledge transfer across the team. Incidents can be reported in three ways; telephone, email or via our online portal. Incidents reports vary on a customer by customer bases and are designed to meet each individuals requirements.|
|Approach to secure software development best practice||Supplier-defined process|
Separation between users
|Virtualisation technology used to keep applications and users sharing the same infrastructure apart||Yes|
|Who implements virtualisation||Supplier|
|Virtualisation technologies used||VMware|
|How shared infrastructure is kept separate||
Each customer is delivered as a private tenant.
Each private tenant is provisioned with their own private network(s), secured by VMware virtual networking to ensure no communication between customers.
|Description of energy efficient datacentres||
The Castleton datacentre sources all data centre power from 100 per cent renewable sources including wind, hydro and solar.
Since 2010 our datacentre provision has led the industry in sourcing all mains connected power (180 MVA) from renewables and in 2014 became the UK’s first data centre operator to receive a Climate Change Agreement (CCA) from the Government.
|Price||£50 to £150 per user per month|
|Discount for educational organisations||Yes|
|Free trial available||No|