AJACO

Cloud Hosting and Infrastructure Support Services

AJACO provide Cloud Hosting and Infrastructure Support Services. Our Services include Technical Assurance, Technical Trials, SharePoint end-to-end Administration, Security Assurance, Mobile Device and Threat Management, Quality Assurance, User Based and Performance Testing. AJACO and its service providers ensure projects are delivered in line with project requirements, budget and quality expectations.

Features

  • System Design and Assurance
  • Test Assurance including User Acceptance and Reporting
  • Programme and Project Planning
  • Technical Reassurance
  • Threat Management including early Identification and Reporting
  • Security Compliance in accordance with CESG guidelines
  • Cloud Administration and Technical Support
  • Data Migration, Data Transformation and Data Reporting Services
  • Defect, Issue and Observation Management
  • System and Service Troubleshooting

Benefits

  • Shared Content across PC, Laptop and Mobile Devices
  • Increased productivity by promoting flexibility in working practices
  • Greater scalability with improved management control of IT costs
  • Improved control of maintenance and upgrade paths
  • Enables effective Business Continuity minimising downtime and loss of productivity
  • Enabling Virtualisation, connectivity to information from anywhere and at anytime
  • Improved control of Network Security and Issue reporting
  • Collaboration between pre-approved user communities
  • Improved formatting and real-time reporting or information
  • Encourages Team Building and Communication between users

Pricing

£300 to £900 per person per day

Service documents

G-Cloud 10

402188091749025

AJACO

Ajay Nehra

01344630900

services@ajaco.uk

Service scope

Service scope
Service constraints Our services do not have any constraints.
System requirements
  • Provision of Software license to use Microsoft Project
  • Provision of Software license to use Microsoft Visio
  • Provision of Software license to Microsoft Office Products

User support

User support
Email or online ticketing support No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels The following support levels are provided:
Account Manager - £900 per day (regularity to be mutually agreed with Client)
Programme Manager - £850 per day;
Senior Project Manager - £780 per day
Project Manager - £725 per day
Communications Manager - £600 per day
Project Management Office Support - £520 per day
Technical Architect - £700 per day
Digital Development Operatative (Digital DevOps) - £650 per day
SharePoint Administrator - £500 per day
SharePoint Support - £400 per day
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started All Software or Systems delivered as part of the services we provide to our clients are supported by End User Guidance and Frequently Answered Questions documentation. In addition to this documentation AJACO would encourage End User Communications to compliment any such documentation produced by AJACO.
Service documentation Yes
Documentation formats
  • PDF
  • Other
Other documentation formats
  • Microsoft Word
  • Microsoft Excel
  • Microsoft Powerpoint
  • Microsoft Project
End-of-contract data extraction At the end of the contract AJACO produce a report in Microsoft Excel, listing all costs incurred on a month by month basis including a total amount incurred as a result of providing services to the client. AJACO also report what was originally agreed with the client, communicating the variance (both positive or negative). At the end of each month (in arrears) AJACO produce an equivalent report and on this basis are able to provide forecasts based on current programme and project status.
End-of-contract process At the end of the Contract, all reports including completion statements and a Lessons Learned report are produced within the price of the contract. This also includes to the transition of any services to Business As Usual including the migration of all users so long at these activities fall within the agreed contract period. Subject to Client agreement AJACO would submit a follow on Memorandum of Understanding to support any future work subject to Commercial, Portfolio and Programme management approval.

Using the service

Using the service
Web browser interface No
API No
Command line interface No

Scaling

Scaling
Scaling available Yes
Scaling type Manual
Independence of resources It is paramount that the services we provide is of the highest quality and is not affected by the demand of other users. Regular internal quality reviews are carried out to ensure all risks and issues are identified and effectively communicated to the client. Resourcing is maintained within the scope of AJACO's agreement with the client. Any external project or programme risk will be maintained by supporting the client by determining whether any external factors should be addressed by a separate agreement as agreed with the Client. Prioritisation of such risk will be progressed once agreed with the client.
Usage notifications Yes
Usage reporting
  • Email
  • Other

Analytics

Analytics
Infrastructure or application metrics Yes
Metrics types
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Supplier-defined controls
Penetration testing frequency At least once a year
Penetration testing approach In-house
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach In-house destruction process

Backup and recovery

Backup and recovery
Backup and recovery No

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • Bonded fibre optic connections
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability AJACO guarantee to provide Professional Quality Consultancy services. Our operating hours are Monday to Friday 9am to 6pm. Our SLA when dealing with any queries and issues outside of these times is within a timely manner and within a Professional Working Day. Timely manner would depend on the severity of the issue raised. A Severity 1 issue would result in a response within 2 hours of the issue being raised. However if the issue is raised outside of a Professional Working day a response will be returned by 9am the following business day. If we are unable to meet guaranteed levels of availability then we will compensate the client by providing an agreed amount of extended consultancy time at either a reduced or at no cost.
Approach to resilience AJACO's approach to resilience is based on identifying levels of risk when faced with the likelihood of a disturbance, surprise or uncertainty with a service provided. AJACO encourages solution providers to ensure reliability and system resilience by introducing backup systems, mirrored hardware, load balancing, correctly scoped hardware and correctly configured software to maximise resilience and to prevent system hardware or software failure. From a Testing and Test Support Services perspective AJACO ensure its services are resilient by ensuring consultants are equipped with correct resources in order to fulfill buyer objectives. AJACO also ensure consultants are able to be substituted subject to establishing a mutual agreement with the buyer, providing substituted consultants with a suitable project handover as required by both the buyer and the project(s) being affected.
Outage reporting Outage reports are issued via email alerts, face to face notifications, remotely by telephone and via associated suppliers (where and as required by the buyer).

Identity and authentication

Identity and authentication
User authentication 2-factor authentication
Access restrictions in management interfaces and support channels Access restrictions in management interfaces and support channels would be approached by initially implementing protective marking and password protection if the nature of the the interfaces are documentation related. If system related then such systems would need to be restricted to specific end user groups, which include users who have the correct level of security clearance to access such information. Time restrictions must also be considered for system related interfaces. Such systems should be restricted to business hours where support is usually more readily available.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
Devices users manage the service through Dedicated device on a government network (for example PSN)

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications Ability to adhere to CESG guidelines

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach All our Consultants either have Security Clearance (SC) or Developed Vetting (DV) level clearance. Where consultants on appointment fall shorty of SC clearance, SC clearance will be applied for as advised and supported by the client and in accordance to the security level they are to be exposed to. As a minimum, if any of our consultants are neither SC or DV cleared we ensure they have been successfully DBS checked.
Information security policies and processes AJACO ensures that all consultants adhere to best practice, recognising information security practices as set or/and adhered by the buyer. All AJACO consultants apply the correct level of security control to their day to day activities in line with good practice and applicable regulation and legislation. All documentation is formatted, controlled and distributed in line with buyer requirements. AJACO carry out regular peer reviews to ensure compliance is regulated and monitored. Any issues of non-compliance, information risks or incidents are raised with the Buyer through an agreed escalation path and via the relevant Security departments as required. AJACO adheres to the following acts: - HMG Security Policy Framework. - ISO27001:2005 / ISO/IEC17799:2000. Information Technology – Information - Security management systems requirements. - ISO27002:2005. Code of practice for information security management systems. - ISO27005:2008. Information Security Risk Management. - Freedom of Information Act 2000. - Data Protection Act 1998. - Regulation of Investigatory Powers Act 2000. - Computer Misuse Act 1990.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach 1) Request for Change - clarifying objectives and goals.
2) Impact Analysis - identifying resources that will facilitate the process through to delivery and completion. To determine the level of buy-in from the client and all parties involved. To assess from respective Security and Information Assurance impact to the proposed change.
3) Approve / Deny
4) Implement Change - To involve all parties required to deliver.
5) Review / Reporting - To assess how successful the delivery was in line with the goals and objectives of the change. To promote regular communication at all stages of the Change Management Process.
Vulnerability management type Supplier-defined controls
Vulnerability management approach All public service contract related information is either held on client provided devices or client shared drives. All secure information is maintained on client supplied equipment. These services are supported by client suppliers. The only information held on AJACO specific devices are timesheet or audit information for the purpose of AJACO only, As part of our services any vulnerabilities are reported immediately, captured on a RAID log recorded as part of our weekly reporting procedures. Such potential threats are obtained from public sector users of client services or from suppliers who are currently supporting client services.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach AJACO adheres to the buyer's business processes to oversee how products and services are used and also abused and in doing so:
a) seeks to adhere to and adopt an organisation-wide strategy
b) identify specifics as to how requirements will be delivered to each project
c) recognise and promote the value and benefits brought to the business
d) furnish the infrastructure needed to support requirements
e) ensure skilled consultants are able to adequately operate the infrastructure
f) to conduct reviews to ensure that the processes are performing to requirements
g) immediately report to the buyer any potential compromises identified.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach All incidents identified by AJACO, the buyers and supporting suppliers are maintained on a single spreadsheet clearly specifying the date identified, summary of issue, description, environmental condition, severity, priority, assignee and status. These incident reports are regularly communicated to all relevant parties within a project team and are reviewed internally within both AJACO, buyer and respective suppliers. All common events for example installation related are generally routed to Suppliers to resolve. User guidance notes are generally shared with the Communication Manager. All Severity 1 and 2 incidents are reported immediately to the assigned Project Managers appointed by the buyer.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart Yes
Who implements virtualisation Supplier
Virtualisation technologies used Citrix XenServer
How shared infrastructure is kept separate No infrastructure is shared. All infrastructure provided is done so by pre-agreement with the end-client. Technically, all infrastructure is appropriately positioned behind a suitable end-client approved firewall and penetration tested.

Energy efficiency

Energy efficiency
Energy-efficient datacentres Yes

Pricing

Pricing
Price £300 to £900 per person per day
Discount for educational organisations No
Free trial available No

Documents

Documents
Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑