Calligo Limited

Calligo Cloudcore

CloudCore offers a tailored service, with a utility based cost model for compute, storage and network infrastructure, performance guarantees and guaranteed SLAs.

Features

  • Public or hybrid IaaS
  • All solid state disks delivers guaranteed performance
  • 256 bit encryption throughout: storage, networks, backups, etc.
  • Proprietary management portal
  • 24/7 Support
  • Managed services also available - monitoring, patching, etc.
  • Industry leading service level agreements backed by contractual guarantees
  • Choice of data centre locations
  • GDPR aligned solution and service
  • Underpins Backup / DR and Storage as a service

Benefits

  • Transparent pricing model makes it easy to understand costs
  • Proprietary software enables management of resources through a single portal.
  • Highly secure computing environment ensures your data is always safe.
  • Solid State Drives mean fastest performance whatever the workload.
  • Single supplier providing IaaS and complementary managed services
  • You can concentrate your resources on value add services
  • GDPR compliance accelerator, deploy applications according to their risk profile.
  • Improvded Business Continuity and Data recovery

Pricing

£250 per unit per month

  • Free trial available

Service documents

G-Cloud 9

406048476211062

Calligo Limited

Ross Worthington

0330 124 2500

gcloud@calligo.cloud

Service scope

Service scope
Service constraints None
System requirements None

User support

User support
Email or online ticketing support Email or online ticketing
Support response times We provide 24/7/365 support for our services
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support Web chat
Web chat support availability 24 hours, 7 days a week
Web chat support accessibility standard None or don’t know
How the web chat support is accessible Please refer to the service definition document
Web chat accessibility testing Please refer to the service definition document
Onsite support Yes, at extra cost
Support levels We provide 24/7/365 support for our services, additional managed services can be purchased in addition to the standard support services. The support desk function has an integrated Service Delivery Manager function/role.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started We provide a fully managed migration service to commence using the various solutions. The onboarding team develop a project plan in agreement with the client to ensure smooth integration into the Cloud services. Key milestones are agreed and Project Management is included.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction We have an offboarding commitment to our clients, depending on the type of service contracted for this can be supplemented by an escrow service for all the clients data.
End-of-contract process The client would be contacted prior to contract end to plan for the service termination, it would be agreed how they require their data to be provided.

Using the service

Using the service
Web browser interface Yes
Using the web interface Please refer to the service definition document
Web interface accessibility standard None or don’t know
How the web interface is accessible Please refer to the service definition document
Web interface accessibility testing Please refer to the service definition document
API Yes
What users can and can't do using the API Please refer to the service definition document
API automation tools Other
Other API automation tools Please refer to the service definition document
API documentation No
Command line interface No

Scaling

Scaling
Scaling available Yes
Scaling type
  • Automatic
  • Manual
Independence of resources We operate segregated virtual data centres and place Quality of Service levels around these, the ability to control the resources at a granular level enables us to provide service guarantees.
Usage notifications Yes
Usage reporting API

Analytics

Analytics
Infrastructure or application metrics Yes
Metrics types
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
Reporting types
  • API access
  • Reports on request

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Managed by a third party
Penetration testing frequency At least every 6 months
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach A third-party destruction service

Backup and recovery

Backup and recovery
Backup and recovery Yes
What’s backed up
  • Files
  • Databases
Backup controls By request
Datacentre setup Single datacentre with multiple copies
Scheduling backups Supplier controls the whole backup schedule
Backup recovery Users contact the support team

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability We offer 99.99 SLA which is underpinned by a contractual commitment, service credits are detailed in each Master Services Agreement.
Approach to resilience This is available upon request
Outage reporting Multi level alerting feeds back to Client Dashboards and provides email alerting.

Identity and authentication

Identity and authentication
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
Access restrictions in management interfaces and support channels Via role based access control, each user is allocated access rights and permissions to computer systems and data.

Access to admin level permissions is only allocated to individuals whose roles require them and who have received sufficient training to understand the implications of their use.

The use of user accounts with privileged access in automated routines such as batch or interface jobs is avoided where possible, and privileges kept to a minimum.

The use of generic and shared privileged service accounts is prohibited unless it is specifically required for functional and system administration.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
Devices users manage the service through
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device over multiple services or networks

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 Need answer
ISO/IEC 27001 accreditation date Need answer
What the ISO/IEC 27001 doesn’t cover Need answer
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security accreditations Yes
Any other security accreditations Externally assured SOC 2 Type 1 (Security & Availability Principles)

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation Yes
Security governance standards ISO/IEC 27001
Information security policies and processes We have a Security and Compliance department dedicated to this. We are ISO27001, SOC2/1 and GDPR F and P qualified in line with ISO 17024.

More information on our Security Policies and Procedures can be provided on request.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach The CMDB contains configuration-items that reference all the virtual and physical components that make up our cloud-services. This contains details of all parent-and-child relationships and links to supporting documentation. Security risks and service impacts are documented and reviewed in any RFC, which is linked to one of more CIs. Change-Approval Board-members are able to consider the change in the context of any negative effects it may have on our services. The CAB will ultimately decide if a formal “Go/No-Go’ decision is required within a change, and this will be based on the impact, risk and overall complexity of the change.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach Routine patching is performed in line with vendor release schedules. A search for vulnerabilities and released updates or patches is performed monthly and vulnerabilities found are registered. Where a specific vulnerability has been brought to our attention, an assessment of the vulnerability is taken and if applicable an emergency patch is applied within 24 hours. Identified vulnerabilities will be assessed with respect to patching; turning off/removing services affected by the vulnerability; adapting or adding access controls; increased monitoring; awareness raising. A record of technical vulnerabilities are kept. Information on potential threats is sourced from Platform technology Vendors and CVE website.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Using the predefined reports and alerts within our SIEM tool, which captures events from all manner of sources, we are able to identify potential compromises and act accordingly. If the event detected is a potential compromise then emergency changes are raised to respond and block.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Predefined incident, major incident and service request processes are automated and documented. Incidents and service requests are raised via a variety of methods such as by phone, email, or support-portal. An Incident Manager will create or approve an Incident Report within two working days of the incident being closed. This will typically cover: Timeline of the incident, the impact of the incident, the root cause of the incident, the actions taken to resolve the incident and any ongoing actions or plans to prevent a re-occurrence.Where relevant, details of personally identifiable information loss, disclosure or alteration are included.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart Yes
Who implements virtualisation Third-party
Third-party virtualisation provider Need answer
How shared infrastructure is kept separate We operate segregated virtual data centres

Energy efficiency

Energy efficiency
Energy-efficient datacentres Yes

Pricing

Pricing
Price £250 per unit per month
Discount for educational organisations No
Free trial available Yes
Description of free trial Contact us for more information

Documents

Documents
Pricing document View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑