Factory73 Ltd

Cloud Connector CLDFAC22

Cloud Connector is flexible cloud-based marketplace solution that connects service users with service providers. Built to be flexible and scalable, it uses geolocation and postcode search to create detailed matching of service users and services.

Features

  • Integration with existing user/supplier databases
  • Location-based search
  • Fast and Agile Project Delivery
  • Online payment process integration
  • Umbraco Content Management
  • Tier 1 UK Based Data Center for Cloud Hosting

Benefits

  • Easy management of data
  • Quick add, delete or modify existing data
  • Flexible support options

Pricing

£400 to £600 per person per day

Service documents

G-Cloud 11

344457682009225

Factory73 Ltd

Graeme McClurkin

0141 416 0733

business@factory73.com

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints None
System requirements Windows Environment

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Response times for high priority tickets are 4 hours, medium priority tickets are 16 hours and low priority tickets are 24 hours. Responses to tickets at weekends can be arranged on a project-by-project basis.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Severity Level 1
CSMB Acknowledgement (not to exceed) One (1) hour
Resolution Plan Available (not to exceed) Four (4) hours
Resolution Target (not to exceed) Two (2) business days*

Severity Level 2
CSMB Acknowledgement (not to exceed) Two (2) hour
Resolution Plan Available (not to exceed) Eight (8) hours
Resolution Target (not to exceed) Four (4) business days

Severity Level 3
CSMB Acknowledgement (not to exceed) Three (3) hour
Resolution Plan Available (not to exceed) Two (2) business days
Resolution Target (not to exceed) Five (5) business days

Severity Level 4
CSMB Acknowledgement (not to exceed) Eight (8) hour
Resolution Plan Available (not to exceed) Four (4) business days
Resolution Target (not to exceed) as agreed by CSMB and CLIENT
*Where is it possible to resolve the issue.
Note 1: Work hours are 9.00 –17.30 Local UK Time, Monday to Friday, excluding English Public Holidays
Note 2: Apart from severity 1 calls, that will always be responded to via phone, the default response communication route will be the same as the incoming communication, unless the initial escalation request states a specific response requirement e.g. instant Message, telephones, e-mail or specific Client site contact point, etc.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started We provide our users with onsite training and a comprehensive user manual delivered in PDF format.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction Data is provided to users upon request whilst they are in contract.
End-of-contract process The users decide to continue to use the service or move away to another provider. If they move away, backups of data are provided.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service No difference in service between mobile and desktop.
API No
Customisation available No

Scaling

Scaling
Independence of resources Load balanced server environment with bandwidth which up scales on demand.

Analytics

Analytics
Service usage metrics No

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Staff screening not performed
Government security clearance None

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Supplier-defined controls
Penetration testing frequency Less than once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest Physical access control, complying with CSA CCM v3.0
Data sanitisation process No
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach There is an interface in the content management system.
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks Private network or public sector network
Data protection within supplier network IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability We utilise an ISO accredited cloud platform, which has been built using the latest technologies to ensure high availability and resilience across multiple UK data centres. Uptime is quoted at 99.99%. The Datacenter is ISO 27001 , ISO 14000, ISO 9001 accredited.
Approach to resilience All servers are hosted within a replicated load balanced environment. The environments are virtual allowing for rapid deployment either initially or in the event of a failure. The environment is replicated in real time to a second back up site location to allow for fail over in the event of a failure.
Outage reporting Email Alerts and Updates as well as a updating postings on the support portal.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels Usernames and Passwords have roles assigned to them. These roles control the elements of the service that are made available to that user. The Support portal is also access by username and password which in turn provides the permissioned user with information, the knowledge base and gives the ability to raise a support ticket.
Access restriction testing frequency At least every 6 months
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for Between 6 months and 12 months
Access to supplier activity audit information No audit information available
How long system logs are stored for Between 6 months and 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach Whilst we don't hold a BSI accreditation, our operations and solutions are delivered in line with BSI 9001, BSI 1400 and internal audits are carried out to ensure continued adherence to these standards.
Information security policies and processes We have an in house Information Security Policy that will be provided to prospective clients upon request. The policy covers all aspects of our business, and is reviewed quarterly in our management meetings. The policy includes: Introduction, Objectives, Aim and Scope, Objectives, Responsibilities for Information Security, Legislation, Policy Framework, Management of Security, Information Security Awareness Training, Security Control of Assets, Access Controls, User Access Controls, Computer Access Control, Application Access Control, Equipment Security, Computer and Network Procedures, Information Risk Assessment, Information security events and weaknesses, Classification of Sensitive Information, Protection from Malicious Software, User media, Monitoring System Access and Use, Accreditation of Information Systems, System Change Control, Intellectual Property Rights, Business Continuity and Disaster Recovery Plans, Reporting, Policy Audit.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach All changes are managed through an internal CRM / Support Desk system. Changes are evaluated, designed, built and tested. When available for deployment, scheduled maintenance windows are created and updates are deployed, all of which are audit tracked and documented in the CRM / Support Desk system.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Penetration testing by the data center and regular firewall updates are the primary method to protect against vulnerability. Monitoring of logs gives insight into the source of potential threats, if any are identified then any recommended updates or patches are deployed as a matter of urgency. Regular internet research is also used to locate domestic and global threats.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Spikes in traffic, increases on port blocks enable us to identify potential compromises. Any identification is dealt with immediately with senior management being involved in any responses to an incident.
Incident management type Supplier-defined controls
Incident management approach We have an incident and corrective action policy which outlines the internal process for dealing with an incident. The policy includes the escalation process, the communication process all based on a severity level. Incidents are reported via the Support portal and they are issued a severity level. Depending upon the severity level the correct escalation and response targets are assigned and then tracked against the initial support ticket that was raised. Regular updates are provided to clients for all incidents that are reported.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £400 to £600 per person per day
Discount for educational organisations No
Free trial available No

Service documents

pdf document: Pricing document pdf document: Terms and conditions
Service documents
Return to top ↑