Castleton Technology Plc

Castleton Hosted Services

We deliver a range of services from fully managed Desktop as a Service to Backup as a Service/ Disaster Recovery as a Service. Our cloud services are delivered from our Tier 3 ISO 27001 accredited data-centres. We deliver flexible, bespoke solutions tailored to individual customer requirements

Features

  • Remote access to service any time, any day
  • Remote access over the Internet from any device
  • Fully managed platform
  • Automatic software updates
  • High Availability
  • Real time monitoring
  • Disaster recovery
  • Data protection to include perimeter security to systems
  • Backup management
  • Out of Hours support cover

Benefits

  • Opex pricing model - No expensive infrastructure refresh costs
  • Mobile working
  • Subscription model - capital expenditure free
  • Reduced Infrastructure costs and maintenance
  • Document control of corporate data
  • Scalability & Flexibility to increase of decrease resource requirements
  • Environmentally friendly
  • Access to latest Microsoft products
  • Common desktop experience across multiple types of devices
  • Ease of access to corporate date and sharing of information

Pricing

£50 to £150 per user per month

  • Education pricing available

Service documents

G-Cloud 11

322845297214205

Castleton Technology Plc

Bid Support

08452410220

CMSBidSupport@castletonplc.com

Service scope

Service scope
Service constraints Subject to software vendors application compatibility, where possible the latest releases of Microsoft and VMware licensing are to be deployed. Periodically and at approved time planned maintenance of the hosted environment will be undertaken with ensuring the platform and virtual machines are meeting each technologies and manufactures patching and operating levels. In the event of a critical notification from a manufacture the affected hardware or software will be addressed. On an annual basis the customer will be encouraged to undertake a recovery test by invoking a Disaster Recovery within our isolated environment
System requirements
  • Suitable Internet connectivity speed
  • Suitable end user hardware - e.g Winterm, PC, Laptop, Tablet
  • Subscription to a desktop anti-virus product
  • Perimeter office firewall
  • Comms link redundancy subject to number of users per location
  • Robust LAN switches with redundancy subject to number of users
  • Structured cabling or a suitable wifi solution with adequate coverage
  • Mains protection of local devices, routers, firewalls and network switches
  • Adequate SLA with internet service provider to meet business needs
  • Asset register of connecting devices to include operating systems

User support

User support
Email or online ticketing support Email or online ticketing
Support response times All of Castleton’s support services are initially provided by our Service Desk, which is the first point of contact for any faults or IT requests. The standard features are:
Direct access to our UK based Service Desk team via telephone, email or self-service web portal. Email & web portal access is available 24/7. Available Monday to Friday 07:300 - 21:00, excluding weekends & Bank Holidays.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels As an experienced provider of services for the Social Housing sector, we have robust processes to provide support to our customers.
We provide full end to end support; 1st, 2nd & 3rd line IT support across 5 levels of SLA, from desktop user support, to infrastructure support, management and configuration. An example of 1st line would be a password reset for an end user, and an example of 4th line would be investigation into core service failure. All levels are included within the service cost.
A nominated Service Delivery Manager (SDM) reports against service deliverables and performance. Regular Reporting-Service Management is coordinated by an Account Manager, Service Delivery Manager (SDM) and a Technical Lead. Between them, they manage Commercial Change, Service Delivery and Technical Operations respectively. As individuals and as a joint group each member is responsible for managing the customers support services. This team works closely with the customer to manage service delivery and coordinate service improvements throughout the life of the service.
The option for a technical account manager is available but this is specified within the individual customer contract.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started The onboarding process is subject to the size of a clients infrastructure or desktop requirement. In most cases a staging server is located onsite that acts as a transport layer for migrating servers and associated data to our hosting platform. At an agreed date typically over a weekend the on-premise infrastructure will be powered down and hosted servers made live for user acceptance testing. Following successful testing all external services such as email delivery will be enabled.

For large organisation with many servers, the staging server environment will be transported to our data centre over an agreed weekend

We offer several levels of training
1. Onsite - To customer's ICT team on how to administrate a managed desktop to support their end users at a first line level

2. Onsite - Train the Trainer whereby we train "super users" within the business who in turn train the users

3. Onsite - Direct end user training

4. All processes are described within a documented procedure manual.
Service documentation Yes
Documentation formats
  • PDF
  • Other
Other documentation formats MS Projects
End-of-contract data extraction The offboarding process is agreed individually with each customer and timescales will be subject to size of estate to be migrated, data will be extracted via SQL reporting.

Following consultation with the customers new service partner, an agreed method that follows industry best practice and standard formats for migrating data will be implemented. In all cases the data will be encrypted and provided to the new provider in person or by the means of a door to door delivery. All documentation to include passwords will be handed over during this transition process. Once the data has been received at the agreed date information being held on our platform will be destroyed using an approved removal tool and a copy of the removal notice confirmation will be issued to the customer.
End-of-contract process Data is deleted and the service components are deactivated.
Data extraction is included within the price of the service.
Data migration would incur additional cost .

Using the service

Using the service
Web browser interface Yes
Using the web interface Users can log and assign tickets, use the web portal to add notes and updates and resolve the tickets.
Web interface accessibility standard None or don’t know
How the web interface is accessible Via a standard browser with secure login.
Web interface accessibility testing None
API Yes
What users can and can't do using the API The API is mainly used for inputting information into the system but values can be pulled from it as well if configured properly. We are able to provide documentation regarding our API. Our API is documented in a PDF document that help explains the setup for it and the basics of how it can be configured.
API automation tools Other
API documentation Yes
API documentation formats
  • PDF
  • Other
Command line interface No

Scaling

Scaling
Scaling available Yes
Scaling type Manual
Independence of resources Yes. We monitor the services and scale our infrastructure as appropriate.
Usage notifications Yes
Usage reporting Other

Analytics

Analytics
Infrastructure or application metrics No

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Staff screening not performed
Government security clearance None

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Other
Other data at rest protection approach Encryption of data using AES 256bit
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Backup and recovery

Backup and recovery
Backup and recovery Yes
What’s backed up
  • Virtual machines (image level)
  • Windows VSS consistent files & databases
Backup controls Backups are managed by ourselves as part of the service. The following are agreed with the customer on a per server/application basis;
1. Backup interval (e.g hourly, daily)
2. Data retention (e.g 1 week, 1 month, 1 year)
Datacentre setup Multiple datacentres with disaster recovery
Scheduling backups Users contact the support team to schedule backups
Backup recovery Users contact the support team

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability Individual SLA's are provided on a per contract basis.

Any service refunds are provided on a per contract basis based on service credits.
Approach to resilience Our service architecture is available on request.
Outage reporting Service outages and scheduled maintenance are notified via email to designated account contacts.

Identity and authentication

Identity and authentication
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google apps)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels No management interfaces are provided to customers.

Support interfaces are provided to individual users and restricted based on their standard logon credentials
Access restriction testing frequency Less than once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
Devices users manage the service through
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for Between 1 month and 6 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security No
Security governance certified No
Security governance approach Whilst we maintain the systems on behalf of our customers, the customer remains the Data Owner and as such are responsible for the implementation of appropriate controls and ensuring their staff adhere to their security policy and processes.

We are responsible for the underlying architecture and are in the process of working to ISO27001 accreditation hence our processes are based on that framework.

The Datacentre adheres to ISO27001 for physical security.
Information security policies and processes For our Front office system, the customers are their own data owners and as such are responsible for their own security policies and processes.

For our Back Office systems, all staff adhere to our security policy (available on request). All breaches are reported to the Functional Department Heads who are responsible for reporting to our Services Director.

Our Services Director is responsible for reviewing and enforcing our security policy

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Our change management process ensures that all changes are necessary, documented, efficiently implemented and with minimal disruption.

Each change is managed by a document which defines details of the change, the priority and impact of the change, the reason for change, risks associated with the change, a back out plan and effects of this not being implemented.

The document is submitted to our change team who review and agree if the change will go ahead based on all the above factors.
Vulnerability management type Undisclosed
Vulnerability management approach Vulnerabilities for our key platforms are monitored through vendor notification.

We undertake scheduled, periodic updates of patches to our systems. Patches for critical updates are assessed independently and may be implemented ahead of the period updates.

All patches are applied in line with our change management process.
Protective monitoring type Undisclosed
Protective monitoring approach We collect and log data based on activities of both systems and users. These are then reviewed and audited in near real-time. Adding both prioritisation and intelligent base lining enabled critical alerts to be raised and actioned by the correct engineer at the right time.
Incident management type Supplier-defined controls
Incident management approach We have defined process for logging, recording and resolving incidents. We aim to restore the service to our customers as quickly as possible, often though a fix or a work around. For common events we used pre-defined knowledge bases to allow knowledge transfer across the team. Incidents can be reported in three ways; telephone, email or via our online portal. Incidents reports vary on a customer by customer bases and are designed to meet each individuals requirements.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart Yes
Who implements virtualisation Supplier
Virtualisation technologies used VMware
How shared infrastructure is kept separate Each customer is delivered as a private tenant.

Each private tenant is provisioned with their own private network(s), secured by VMware virtual networking to ensure no communication between customers.

Energy efficiency

Energy efficiency
Energy-efficient datacentres Yes
Description of energy efficient datacentres The Castleton datacentre sources all data centre power from 100 per cent renewable sources including wind, hydro and solar.

Since 2010 our datacentre provision has led the industry in sourcing all mains connected power (180 MVA) from renewables and in 2014 became the UK’s first data centre operator to receive a Climate Change Agreement (CCA) from the Government.

Pricing

Pricing
Price £50 to £150 per user per month
Discount for educational organisations Yes
Free trial available No

Service documents

pdf document: Pricing document pdf document: Skills Framework for the Information Age rate card pdf document: Terms and conditions
Service documents
Return to top ↑