PDG Consulting

Any Oracle System in the Microsoft Azure Cloud

PDG move any Oracle-based system to the Microsoft Azure Cloud and then deliver it to you “as a service”. We provide all Oracle-based services including DBA and Help Desk.

Features

  • All DBA Services Included
  • Service Desk Included
  • No need for in-house recourses
  • Monitoring included

Benefits

  • Cost Savings

Pricing

£25000 per unit

  • Education pricing available

Service documents

G-Cloud 9

338827649842431

PDG Consulting

Mark Smith

0870 870 2771

mark@pdg-consulting.com

Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to Oracle functional managed service, upgrades and implementations. We can integrate into any third party system, as part of our service.
Cloud deployment model Public cloud
Service constraints None
System requirements
  • Oracle Licenses
  • VPN or Direct Connection

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Monday to Friday 8am to 6pm as standard
Priority 1 Target Response Time 15 minutes Target Resolution Time 2 hours
Priority 2 Target Response Time 1 hour Target Resolution Time 4 hours
Priority 3 Target Response Time 4 hours Target Resolution Time 3 days
Priority 4 Target Response Time 8 hours Target Resolution Time 5 days
Priority 5 Target Response Time 3 days Target Resolution Time 10 days
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.0 AA or EN 301 549
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Onsite support
Support levels All of our support is provided at a premier level and priced based on the requirements of the customer. We provide a technical account manager who will visit the customer on a quarterly basis to review the service provided. A dedicated support engineer is provided who will manage weekly calls with the support team to review support tickets.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Users will be involved in the testing of the service, before it is used. This will allow them to become familiar with the service. If required, online training and user documentation will be provided for any new users to the service.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction As part of the off-boarding process, we will work with the users new service provider to provide any data extracts, so that they can migrate to a new service.
End-of-contract process The contract includes hosting and support services in the Cloud. If customers require further consultancy work, this can be included within the contract, as per customer requirements.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10+
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service For detailed updates, the desktop service will provide a more user friendly experience.
Accessibility standards WCAG 2.0 AA or EN 301 549
Accessibility testing None
API Yes
What users can and can't do using the API Our service desk system can be integrated into the customer third party service desk system, using the API. We can also integrate Oracle with any other third party software using API's.
API documentation Yes
API documentation formats PDF
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Application functionality can be customised, which includes, interface, extensions, reports, forms, as well as adding new fields or functionality. Users can customise through using personalisations for any look and feel change. Users can also update the application configuration themselves. For any technical development changes, this will be performed by our Cloud Development team.

Scaling

Scaling
Independence of resources We use an a resourcing system, which is integrated into our service desk system. This displays capacity of resources and availability, which is proactively managed. We ensure that there is always capacity within the team, to allow for any increased requests at any time.

Analytics

Analytics
Service usage metrics Yes
Metrics types We provide service metrics for both hosting and support services. The hosting service metrics include information on availability, capacity and performance, The support service metrics include information on number of incidents opened and closed per month, priority of incidents in the month, product categorisation of incidents in the month, age of incidents, service level agreement (SLA) compliance.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
  • Other locations
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
  • Other
Other data at rest protection approach Oracle Transparent Data Encryption (TDE)
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Data can be exported using standard Oracle tools such as Database Import/Export, Datapump and using the standard export function from the application.
Data export formats
  • CSV
  • Other
Other data export formats
  • Data pump
  • Oracle Import/Export
Data import formats
  • CSV
  • Other
Other data import formats
  • Data pump
  • Oracle Import/Export

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
  • Other
Other protection within supplier network Software firewalls Web application firewalls (WAF) Encrypted data at rest

Availability and resilience

Availability and resilience
Guaranteed availability Our SLA availability is based on our systems being available 99.95%. We provide service credits if this level of availability is not reached on a monthly basis.
Approach to resilience Available on request.
Outage reporting Our monitoring console provides information on outages, which can also be sent via email notifications, or text messages.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels Access to management consoles is based on specific user accounts with Multi Factor Authentication (MFA). We apply the least privileged user rule to all accounts and only the specific roles and responsibilities are allocated.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 QAS International
ISO/IEC 27001 accreditation date 14/01/2017
What the ISO/IEC 27001 doesn’t cover Not applicable.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security accreditations No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation Yes
Security governance standards ISO/IEC 27001
Information security policies and processes Our information security standards and practices are ISO27001 accredited. The governance of our processes to support these policies is managed by the PDG Client Delivery Manager, on a weekly basis. The security policy and our processes is audited annually by our external auditors, which we have repeatedly passed.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach All change is governed by our Change Advisory Board, where all security assessments will be made against our Security policy. All technical changes will be controlled in our source control system. We will be able to track any technical change that has triggered an error and apply the original change from the source control. In addition to this, we maintain a configuration log during, which tracks all changes needed and the reason why, plus the resource responsible for making the change. All change must be approved by our Project Manager and this approval date is recorded in the configuration log.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach We provide a proactive security vulnerability monitoring and prevention solution. Our solution scans for vulnerabilities and threats on a daily basis, throughout the day. Based on the severity of the threat, our solution can either patch automatically or recommend to patch. These patches can be deployed within minutes to protect the system.
We obtain our security threat information from a number of sources, including: Subscriptions to vulnerability research sources, such as OWASP - Open Web Application Security Project, software vendors such as Microsoft Active Protections Program (MAPP) Sources, including malware and attack information from customers and public information
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Our monitoring tools detect when thresholds are close to being reached and send notifications which create incidents in our service desk system.These incidents are then worked on as per the priority below. Priority 1 Target Response Time 15 minutes Target Resolution Time 2 hours Priority 2 Target Response Time 1 hour Target Resolution Time 4 hours Priority 3 Target Response Time 4 hours Target Resolution Time 3 days Priority 4 Target Response Time 8 hours Target Resolution Time 5 days Priority 5 Target Response Time 3 days Target Resolution Time 10 days
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Our Service Desk system is based on Remedyforce, which (per Gartner) is the market leading Service Desk system in the world. It is Cloud-based and we have had it configured specifically to support our customers. Our customers can contact us by email, telephone and through our self-service portal. Our RemedyForce Service Desk system and the processes surrounding it are based on ITIL best practice. Incident reports are provided through our self-service dashboards, which customers can access in real time. Weekly meetings are held to review the status of incidents and monthly reports are issued by the 10th of every month.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks Yes
Connected networks Public Services Network (PSN)

Pricing

Pricing
Price £25000 per unit
Discount for educational organisations Yes
Free trial available No

Documents

Documents
Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑